summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2025-11-07 13:31:53 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2025-11-07 13:31:53 +0000
commit8c22ff0d8b70d9b12f0487ef696a7e915b9e3173 (patch)
treeefdc32587159d0050a69009bdf2330a531727d95 /meta/recipes-connectivity
parentd412d2747595c1cc4a5e3ca975e3adc31b2f7891 (diff)
downloadpoky-8c22ff0d8b70d9b12f0487ef696a7e915b9e3173.tar.gz
The poky repository master branch is no longer being updated.
You can either: a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs b) use the new bitbake-setup You can find information about either approach in our documentation: https://docs.yoctoproject.org/ Note that "poky" the distro setting is still available in meta-yocto as before and we continue to use and maintain that. Long live Poky! Some further information on the background of this change can be found in: https://lists.openembedded.org/g/openembedded-architecture/message/2179 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb38
-rw-r--r--meta/recipes-connectivity/avahi/avahi_0.8.bb200
-rw-r--r--meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch45
-rw-r--r--meta/recipes-connectivity/avahi/files/00avahi-autoipd10
-rw-r--r--meta/recipes-connectivity/avahi/files/99avahi-autoipd10
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch58
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch48
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch65
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch59
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch52
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch73
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch52
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch46
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch110
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch228
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch104
-rw-r--r--meta/recipes-connectivity/avahi/files/handle-hup.patch41
-rw-r--r--meta/recipes-connectivity/avahi/files/initscript.patch51
-rw-r--r--meta/recipes-connectivity/avahi/files/invalid-service.patch29
-rw-r--r--meta/recipes-connectivity/avahi/files/local-ping.patch153
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch24
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch34
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch46
-rw-r--r--meta/recipes-connectivity/bind/bind/bind92
-rw-r--r--meta/recipes-connectivity/bind/bind/conf.patch381
-rw-r--r--meta/recipes-connectivity/bind/bind/generate-rndc-key.sh8
-rw-r--r--meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch65
-rw-r--r--meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch41
-rw-r--r--meta/recipes-connectivity/bind/bind/named.service22
-rw-r--r--meta/recipes-connectivity/bind/bind_9.20.15.bb109
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc158
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch29
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch25
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/init61
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/run-ptest31
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5_5.84.bb74
-rw-r--r--meta/recipes-connectivity/connman/connman-conf.bb20
-rw-r--r--meta/recipes-connectivity/connman/connman-conf/main.conf2
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch277
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch35
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch187
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.pngbin490 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.pngbin496 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.pngbin492 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.pngbin470 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.pngbin419 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch36
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome_0.7.bb32
-rwxr-xr-xmeta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch50
-rw-r--r--meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch85
-rw-r--r--meta/recipes-connectivity/connman/connman/connman45
-rw-r--r--meta/recipes-connectivity/connman/connman/no-version-scripts.patch48
-rw-r--r--meta/recipes-connectivity/connman/connman_1.45.bb237
-rw-r--r--meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb67
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch79
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch43
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch42
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/dhcpcd.service11
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service16
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils20
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils23
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils21
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils13
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils19
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils_2.6.bb216
-rw-r--r--meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch24
-rw-r--r--meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb112
-rw-r--r--meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch41
-rw-r--r--meta/recipes-connectivity/iw/iw/separate-objdir.patch50
-rw-r--r--meta/recipes-connectivity/iw/iw_6.17.bb31
-rw-r--r--meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch53
-rw-r--r--meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch348
-rw-r--r--meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch123
-rw-r--r--meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch54
-rw-r--r--meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch26
-rw-r--r--meta/recipes-connectivity/kea/files/CVE-2025-11232.patch474
-rw-r--r--meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch104
-rw-r--r--meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch30
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server46
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service13
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp4-server46
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp4.service14
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp6-server47
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp6.service14
-rw-r--r--meta/recipes-connectivity/kea/kea_3.0.1.bb90
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb43
-rw-r--r--meta/recipes-connectivity/libuv/libuv_1.51.0.bb20
-rw-r--r--meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb15
-rw-r--r--meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch35
-rw-r--r--meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch36
-rw-r--r--meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch30
-rw-r--r--meta/recipes-connectivity/neard/neard/neard.in54
-rw-r--r--meta/recipes-connectivity/neard/neard_0.19.bb48
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch36
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch38
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch42
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon279
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver135
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb159
-rw-r--r--meta/recipes-connectivity/ofono/ofono/ofono42
-rw-r--r--meta/recipes-connectivity/ofono/ofono_2.18.bb46
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch59
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch35
-rw-r--r--meta/recipes-connectivity/openssh/openssh/init90
-rwxr-xr-xmeta/recipes-connectivity/openssh/openssh/run-ptest60
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config48
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd10
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.service18
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.socket12
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd@.service10
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys78
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config119
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service9
-rw-r--r--meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd2
-rw-r--r--meta/recipes-connectivity/openssh/openssh_10.1p1.bb227
-rw-r--r--meta/recipes-connectivity/openssl/files/environment.d-openssl.sh24
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch367
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch39
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch82
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl/run-ptest19
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.5.4.bb289
-rw-r--r--meta/recipes-connectivity/ppp-dialin/files/host-peer11
-rw-r--r--meta/recipes-connectivity/ppp-dialin/files/ppp-dialin3
-rw-r--r--meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb27
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch98
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch33
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch75
-rw-r--r--meta/recipes-connectivity/ppp/ppp/08setupdns12
-rw-r--r--meta/recipes-connectivity/ppp/ppp/92removedns5
-rwxr-xr-xmeta/recipes-connectivity/ppp/ppp/init57
-rwxr-xr-xmeta/recipes-connectivity/ppp/ppp/ip-down43
-rwxr-xr-xmeta/recipes-connectivity/ppp/ppp/ip-up44
-rw-r--r--meta/recipes-connectivity/ppp/ppp/pap22
-rw-r--r--meta/recipes-connectivity/ppp/ppp/poff26
-rw-r--r--meta/recipes-connectivity/ppp/ppp/pon9
-rw-r--r--meta/recipes-connectivity/ppp/ppp/ppp@.service9
-rw-r--r--meta/recipes-connectivity/ppp/ppp/ppp_on_boot21
-rw-r--r--meta/recipes-connectivity/ppp/ppp/provider35
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.5.2.bb81
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch37
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf4
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb65
-rw-r--r--meta/recipes-connectivity/slirp/libslirp_4.9.1.bb14
-rw-r--r--meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch62
-rw-r--r--meta/recipes-connectivity/socat/socat_1.8.0.3.bb53
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_keybin805 -> 0 bytes
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key9
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub1
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key7
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub1
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key38
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub1
-rw-r--r--meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb23
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch53
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant1
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch79
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch70
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh86
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf690
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane7
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb139
162 files changed, 0 insertions, 10684 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb
deleted file mode 100644
index d45c06357d..0000000000
--- a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb
+++ /dev/null
@@ -1,38 +0,0 @@
1SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
2HOMEPAGE = "https://github.com/lathiat/nss-mdns"
3DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local."
4SECTION = "libs"
5
6LICENSE = "LGPL-2.1-or-later"
7LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
8
9DEPENDS = "avahi"
10
11SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \
12 "
13
14SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633"
15
16inherit autotools pkgconfig
17
18COMPATIBLE_HOST:libc-musl = 'null'
19
20EXTRA_OECONF = "--libdir=${base_libdir}"
21
22RDEPENDS:${PN} = "avahi-daemon"
23RPROVIDES:${PN} = "libnss-mdns"
24
25pkg_postinst:${PN} () {
26 sed '
27 /^hosts:/ !b
28 /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
29 s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g
30 ' -i $D${sysconfdir}/nsswitch.conf
31}
32
33pkg_prerm:${PN} () {
34 sed '
35 /^hosts:/ !b
36 s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
37 ' -i $D${sysconfdir}/nsswitch.conf
38}
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
deleted file mode 100644
index 4fe8ba4d28..0000000000
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ /dev/null
@@ -1,200 +0,0 @@
1SUMMARY = "Avahi IPv4LL network address configuration daemon"
2DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \
3allows programs to publish and discover services and hosts running on a local network \
4with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \
5IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
6configuration from the link-local 169.254.0.0/16 range without the need for a central \
7server.'
8HOMEPAGE = "http://avahi.org"
9BUGTRACKER = "https://github.com/avahi/avahi/issues"
10SECTION = "network"
11
12# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and
13# python scripts are under GPL-2.0-or-later
14LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
15LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
16 file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
17 file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
18 file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
19 file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
20
21SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
22 file://00avahi-autoipd \
23 file://99avahi-autoipd \
24 file://initscript.patch \
25 file://0001-Fix-opening-etc-resolv.conf-error.patch \
26 file://handle-hup.patch \
27 file://local-ping.patch \
28 file://invalid-service.patch \
29 file://CVE-2023-1981.patch \
30 file://CVE-2023-38469-1.patch \
31 file://CVE-2023-38469-2.patch \
32 file://CVE-2023-38470-1.patch \
33 file://CVE-2023-38470-2.patch \
34 file://CVE-2023-38471-1.patch \
35 file://CVE-2023-38471-2.patch \
36 file://CVE-2023-38472.patch \
37 file://CVE-2023-38473.patch \
38 file://CVE-2024-52616.patch \
39 file://CVE-2024-52615.patch \
40 "
41
42GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
43SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
44
45CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
46
47DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native"
48
49# For gtk related PACKAGECONFIGs: gtk, gtk3
50AVAHI_GTK ?= ""
51
52PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}"
53PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
54PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
55PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
56PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
57PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent"
58PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase"
59
60inherit autotools pkgconfig gettext gobject-introspection github-releases
61
62EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
63 --disable-stack-protector \
64 --disable-gdbm \
65 --disable-dbm \
66 --disable-mono \
67 --disable-monodoc \
68 --disable-qt3 \
69 --disable-qt4 \
70 --disable-python \
71 --disable-doxygen-doc \
72 --enable-manpages \
73 ${EXTRA_OECONF_SYSVINIT} \
74 ${EXTRA_OECONF_SYSTEMD} \
75 "
76
77# The distro choice determines what init scripts are installed
78EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
79EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}"
80
81do_configure:prepend() {
82 # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
83 rm "${S}/common/introspection.m4" || true
84}
85
86do_compile:prepend() {
87 export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
88}
89
90RRECOMMENDS:${PN}:append:libc-glibc = " avahi-libnss-mdns"
91
92do_install() {
93 autotools_do_install
94 rm -rf ${D}/run
95 test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
96 rm -rf ${D}${libdir}/avahi
97
98 # Move example service files out of /etc/avahi/services so we don't
99 # advertise ssh & sftp-ssh by default
100 install -d ${D}${docdir}/avahi
101 mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi
102}
103
104PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
105
106FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
107
108RPROVIDES:libavahi-compat-libdnssd = "libdns-sd"
109
110inherit update-rc.d systemd useradd
111
112PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui"
113
114FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*"
115FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \
116 ${datadir}/avahi/interfaces/avahi-discover.ui \
117 ${bindir}/avahi-discover-standalone \
118 "
119
120LICENSE:libavahi-gobject = "LGPL-2.1-or-later"
121LICENSE:avahi-daemon = "LGPL-2.1-or-later"
122LICENSE:libavahi-common = "LGPL-2.1-or-later"
123LICENSE:libavahi-core = "LGPL-2.1-or-later"
124LICENSE:libavahi-client = "LGPL-2.1-or-later"
125LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later"
126LICENSE:libavahi-glib = "LGPL-2.1-or-later"
127LICENSE:avahi-autoipd = "LGPL-2.1-or-later"
128LICENSE:avahi-utils = "LGPL-2.1-or-later"
129
130# As avahi doesn't put any files into PN, clear the files list to avoid problems
131# if extra libraries appear.
132FILES:${PN} = ""
133FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \
134 ${sysconfdir}/avahi/avahi-autoipd.action \
135 ${sysconfdir}/dhcp/*/avahi-autoipd \
136 ${sysconfdir}/udhcpc.d/00avahi-autoipd \
137 ${sysconfdir}/udhcpc.d/99avahi-autoipd"
138FILES:libavahi-common = "${libdir}/libavahi-common.so.*"
139FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
140FILES:avahi-daemon = "${sbindir}/avahi-daemon \
141 ${sysconfdir}/avahi/avahi-daemon.conf \
142 ${sysconfdir}/avahi/hosts \
143 ${sysconfdir}/avahi/services \
144 ${sysconfdir}/dbus-1 \
145 ${sysconfdir}/init.d/avahi-daemon \
146 ${datadir}/dbus-1/interfaces \
147 ${datadir}/avahi/avahi-service.dtd \
148 ${datadir}/avahi/service-types \
149 ${datadir}/dbus-1/system-services"
150FILES:libavahi-client = "${libdir}/libavahi-client.so.*"
151FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
152 ${sysconfdir}/avahi/avahi-dnsconfd.action \
153 ${sysconfdir}/init.d/avahi-dnsconfd"
154FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*"
155FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib"
156FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*"
157
158DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
159DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
160RDEPENDS:${PN}-dnsconfd = "${PN}-daemon"
161
162RRECOMMENDS:avahi-daemon:append:libc-glibc = " avahi-libnss-mdns"
163
164CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
165
166USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
167USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \
168 --no-create-home --shell /bin/false \
169 --user-group avahi"
170
171USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \
172 --no-create-home --shell /bin/false \
173 --user-group \
174 -c \"Avahi autoip daemon\" \
175 avahi-autoipd"
176
177INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
178INITSCRIPT_NAME:avahi-daemon = "avahi-daemon"
179INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19"
180INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd"
181INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19"
182
183SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
184SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service"
185SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service"
186
187do_install:append() {
188 install -d ${D}${sysconfdir}/udhcpc.d
189 install ${UNPACKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
190 install ${UNPACKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
191}
192
193# At the time the postinst runs, dbus might not be setup so only restart if running
194# Don't exit early, because update-rc.d needs to run subsequently.
195pkg_postinst:avahi-daemon () {
196if [ -z "$D" ]; then
197 killall -q -HUP dbus-daemon || true
198fi
199}
200
diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
deleted file mode 100644
index cb8b83fd23..0000000000
--- a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Wed, 20 Jun 2018 13:57:35 +0800
4Subject: [PATCH] Fix opening /etc/resolv.conf error
5
6Fix to start avahi-daemon after systemd-resolved.service. This is because
7/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is
8a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf
9is created by systemd-resolved.service by default in current OE's systemd
10based systems.
11
12This fixes errro like below.
13
14 Failed to open /etc/resolv.conf: Invalid argument
15
16In fact, handling of /etc/resolv.conf is quite distro specific. So this patch
17is marked as OE specific.
18
19Upstream-Status: Inappropriate [OE Specific]
20
21Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
22
23When connman installed to image, /etc/resolv.conf is link to
24/etc/resolv-conf.connman. So launch avahi-daemon after connman too.
25
26Signed-off-by: Kai Kang <kai.kang@windriver.com>
27---
28 avahi-daemon/avahi-daemon.service.in | 1 +
29 1 file changed, 1 insertion(+)
30
31diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in
32index 548c834..63e28e4 100644
33--- a/avahi-daemon/avahi-daemon.service.in
34+++ b/avahi-daemon/avahi-daemon.service.in
35@@ -18,6 +18,7 @@
36 [Unit]
37 Description=Avahi mDNS/DNS-SD Stack
38 Requires=avahi-daemon.socket
39+After=systemd-resolved.service connman.service
40
41 [Service]
42 Type=dbus
43--
442.11.0
45
diff --git a/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/meta/recipes-connectivity/avahi/files/00avahi-autoipd
deleted file mode 100644
index a0ab814603..0000000000
--- a/meta/recipes-connectivity/avahi/files/00avahi-autoipd
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/sh
2
3[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
4
5case "$1" in
6
7 deconfig|renew|bound)
8 /usr/sbin/avahi-autoipd -k $interface 2> /dev/null
9 ;;
10esac
diff --git a/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/meta/recipes-connectivity/avahi/files/99avahi-autoipd
deleted file mode 100644
index 234cdaa3eb..0000000000
--- a/meta/recipes-connectivity/avahi/files/99avahi-autoipd
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/sh
2
3[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
4
5case "$1" in
6
7 leasefail)
8 /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null
9 ;;
10esac
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
deleted file mode 100644
index 4d7924d13a..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
+++ /dev/null
@@ -1,58 +0,0 @@
1From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Thu, 17 Nov 2022 01:51:53 +0100
4Subject: [PATCH] Emit error if requested service is not found
5
6It currently just crashes instead of replying with error. Check return
7value and emit error instead of passing NULL pointer to reply.
8
9Fixes #375
10
11Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security
12Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
13CVE: CVE-2023-1981
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
17 1 file changed, 14 insertions(+), 6 deletions(-)
18
19diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
20index 70d7687bc..406d0b441 100644
21--- a/avahi-daemon/dbus-protocol.c
22+++ b/avahi-daemon/dbus-protocol.c
23@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
24 }
25
26 t = avahi_alternative_host_name(n);
27- avahi_dbus_respond_string(c, m, t);
28- avahi_free(t);
29+ if (t) {
30+ avahi_dbus_respond_string(c, m, t);
31+ avahi_free(t);
32
33- return DBUS_HANDLER_RESULT_HANDLED;
34+ return DBUS_HANDLER_RESULT_HANDLED;
35+ } else {
36+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
37+ }
38 }
39
40 static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
41@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
42 }
43
44 t = avahi_alternative_service_name(n);
45- avahi_dbus_respond_string(c, m, t);
46- avahi_free(t);
47+ if (t) {
48+ avahi_dbus_respond_string(c, m, t);
49+ avahi_free(t);
50
51- return DBUS_HANDLER_RESULT_HANDLED;
52+ return DBUS_HANDLER_RESULT_HANDLED;
53+ } else {
54+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
55+ }
56 }
57
58 static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
deleted file mode 100644
index a078f66102..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Mon, 23 Oct 2023 20:29:31 +0000
4Subject: [PATCH] avahi: core: reject overly long TXT resource records
5
6Closes https://github.com/lathiat/avahi/issues/455
7
8Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
9CVE: CVE-2023-38469
10
11Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
12---
13 avahi-core/rr.c | 9 ++++++++-
14 1 file changed, 8 insertions(+), 1 deletion(-)
15
16diff --git a/avahi-core/rr.c b/avahi-core/rr.c
17index 7fa0bee..b03a24c 100644
18--- a/avahi-core/rr.c
19+++ b/avahi-core/rr.c
20@@ -32,6 +32,7 @@
21 #include <avahi-common/malloc.h>
22 #include <avahi-common/defs.h>
23
24+#include "dns.h"
25 #include "rr.h"
26 #include "log.h"
27 #include "util.h"
28@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
29 case AVAHI_DNS_TYPE_TXT: {
30
31 AvahiStringList *strlst;
32+ size_t used = 0;
33
34- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
35+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
36 if (strlst->size > 255 || strlst->size <= 0)
37 return 0;
38
39+ used += 1+strlst->size;
40+ if (used > AVAHI_DNS_RDATA_MAX)
41+ return 0;
42+ }
43+
44 return 1;
45 }
46 }
47--
482.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
deleted file mode 100644
index f8f60ddca1..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
+++ /dev/null
@@ -1,65 +0,0 @@
1From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Wed, 25 Oct 2023 18:15:42 +0000
4Subject: [PATCH] tests: pass overly long TXT resource records
5
6to make sure they don't crash avahi any more.
7It reproduces https://github.com/lathiat/avahi/issues/455
8
9Canonical notes:
10nickgalanis> removed first hunk since there is no .github dir in this release
11
12Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security
13Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237]
14CVE: CVE-2023-38469
15Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
16---
17 avahi-client/client-test.c | 14 ++++++++++++++
18 1 files changed, 14 insertions(+)
19
20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -22,6 +22,7 @@
25 #endif
26
27 #include <stdio.h>
28+#include <string.h>
29 #include <assert.h>
30
31 #include <avahi-client/client.h>
32@@ -33,6 +34,8 @@
33 #include <avahi-common/malloc.h>
34 #include <avahi-common/timeval.h>
35
36+#include <avahi-core/dns.h>
37+
38 static const AvahiPoll *poll_api = NULL;
39 static AvahiSimplePoll *simple_poll = NULL;
40
41@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
42 uint32_t cookie;
43 struct timeval tv;
44 AvahiAddress a;
45+ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1];
46+ AvahiStringList *txt = NULL;
47+ int r;
48
49 simple_poll = avahi_simple_poll_new();
50 poll_api = avahi_simple_poll_get(simple_poll);
51@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
52 printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
53 printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
54
55+ memset(rdata, 1, sizeof(rdata));
56+ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt);
57+ assert(r >= 0);
58+ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata));
59+ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt);
60+ assert(error == AVAHI_ERR_INVALID_RECORD);
61+ avahi_string_list_free(txt);
62+
63 avahi_entry_group_commit (group);
64
65 domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
deleted file mode 100644
index 91f9e677ac..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Tue, 11 Apr 2023 15:29:59 +0200
4Subject: [PATCH] avahi: Ensure each label is at least one byte long
5
6The only allowed exception is single dot, where it should return empty
7string.
8
9Fixes #454.
10
11Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c]
12CVE: CVE-2023-38470
13
14Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
15---
16 avahi-common/domain-test.c | 14 ++++++++++++++
17 avahi-common/domain.c | 2 +-
18 2 files changed, 15 insertions(+), 1 deletion(-)
19
20diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
21index cf763ec..3acc1c1 100644
22--- a/avahi-common/domain-test.c
23+++ b/avahi-common/domain-test.c
24@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
25 printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
26 avahi_free(s);
27
28+ printf("%s\n", s = avahi_normalize_name_strdup("."));
29+ avahi_free(s);
30+
31+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
32+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
33+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
34+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
35+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
36+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
37+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
38+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
39+ "}.?.?.?.}.=.?.?.}");
40+ assert(s == NULL);
41+
42 printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
43 printf("%i\n", avahi_domain_equal("A", "a"));
44
45diff --git a/avahi-common/domain.c b/avahi-common/domain.c
46index 3b1ab68..e66d241 100644
47--- a/avahi-common/domain.c
48+++ b/avahi-common/domain.c
49@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
50 }
51
52 if (!empty) {
53- if (size < 1)
54+ if (size < 2)
55 return NULL;
56
57 *(r++) = '.';
58--
592.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
deleted file mode 100644
index e0736bf210..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Tue, 19 Sep 2023 03:21:25 +0000
4Subject: [PATCH] [common] bail out when escaped labels can't fit into ret
5
6Fixes:
7```
8==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8
9READ of size 1110 at 0x7f9e76f14c16 thread T0
10 #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba)
11 #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12
12 #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12
13```
14and
15```
16fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed.
17==101571== ERROR: libFuzzer: deadly signal
18 #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
19 #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
20 #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
21 #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
22 #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
23 #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
24 #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
25 #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
26 #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
27 #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9
28```
29
30It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c
31
32Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security
33CVE: CVE-2023-38470 #Follow-up patch
34Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
35---
36 avahi-common/domain.c | 3 ++-
37 1 file changed, 2 insertions(+), 1 deletion(-)
38
39Index: avahi-0.8/avahi-common/domain.c
40===================================================================
41--- avahi-0.8.orig/avahi-common/domain.c
42+++ avahi-0.8/avahi-common/domain.c
43@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s
44 } else
45 empty = 0;
46
47- avahi_escape_label(label, strlen(label), &r, &size);
48+ if (!(avahi_escape_label(label, strlen(label), &r, &size)))
49+ return NULL;
50 }
51
52 return ret_s;
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
deleted file mode 100644
index b3f716495d..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
+++ /dev/null
@@ -1,73 +0,0 @@
1From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Mon, 23 Oct 2023 13:38:35 +0200
4Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label()
5
6Previously we could create invalid escape sequence when we split the
7string on dot. For example, from valid host name "foo\\.bar" we have
8created invalid name "foo\\" and tried to set that as the host name
9which crashed the daemon.
10
11Fixes #453
12
13Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09]
14CVE: CVE-2023-38471
15
16Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
17---
18 avahi-core/server.c | 27 +++++++++++++++++++++------
19 1 file changed, 21 insertions(+), 6 deletions(-)
20
21diff --git a/avahi-core/server.c b/avahi-core/server.c
22index e507750..40f1d68 100644
23--- a/avahi-core/server.c
24+++ b/avahi-core/server.c
25@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) {
26 }
27
28 int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
29- char *hn = NULL;
30+ char label_escaped[AVAHI_LABEL_MAX*4+1];
31+ char label[AVAHI_LABEL_MAX];
32+ char *hn = NULL, *h;
33+ size_t len;
34+
35 assert(s);
36
37 AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME);
38@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
39 else
40 hn = avahi_normalize_name_strdup(host_name);
41
42- hn[strcspn(hn, ".")] = 0;
43+ h = hn;
44+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
45+ avahi_free(h);
46+ return AVAHI_ERR_INVALID_HOST_NAME;
47+ }
48+
49+ avahi_free(h);
50+
51+ h = label_escaped;
52+ len = sizeof(label_escaped);
53+ if (!avahi_escape_label(label, strlen(label), &h, &len))
54+ return AVAHI_ERR_INVALID_HOST_NAME;
55
56- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) {
57- avahi_free(hn);
58+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
59 return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
60- }
61
62 withdraw_host_rrs(s);
63
64 avahi_free(s->host_name);
65- s->host_name = hn;
66+ s->host_name = avahi_strdup(label_escaped);
67+ if (!s->host_name)
68+ return AVAHI_ERR_NO_MEMORY;
69
70 update_fqdn(s);
71
72--
732.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
deleted file mode 100644
index 44737bfc2e..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Tue, 24 Oct 2023 22:04:51 +0000
4Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
5
6It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
7
8Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security
9Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
10CVE: CVE-2023-38471 #Follow-up Patch
11Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
12---
13 avahi-core/server.c | 9 ++++++---
14 1 file changed, 6 insertions(+), 3 deletions(-)
15
16Index: avahi-0.8/avahi-core/server.c
17===================================================================
18--- avahi-0.8.orig/avahi-core/server.c
19+++ avahi-0.8/avahi-core/server.c
20@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ
21 else
22 hn = avahi_normalize_name_strdup(host_name);
23
24+ if (!hn)
25+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
26+
27 h = hn;
28 if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
29 avahi_free(h);
30- return AVAHI_ERR_INVALID_HOST_NAME;
31+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
32 }
33
34 avahi_free(h);
35@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ
36 h = label_escaped;
37 len = sizeof(label_escaped);
38 if (!avahi_escape_label(label, strlen(label), &h, &len))
39- return AVAHI_ERR_INVALID_HOST_NAME;
40+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
41
42 if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
43 return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
44@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ
45 avahi_free(s->host_name);
46 s->host_name = avahi_strdup(label_escaped);
47 if (!s->host_name)
48- return AVAHI_ERR_NO_MEMORY;
49+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
50
51 update_fqdn(s);
52
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
deleted file mode 100644
index 85dbded73b..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Thu, 19 Oct 2023 17:36:44 +0200
4Subject: [PATCH] core: make sure there is rdata to process before parsing it
5
6Fixes #452
7
8CVE-2023-38472
9
10Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security
11Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
12CVE: CVE-2023-38472
13Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 avahi-client/client-test.c | 3 +++
17 avahi-daemon/dbus-entry-group.c | 2 +-
18 2 files changed, 4 insertions(+), 1 deletion(-)
19
20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
25 assert(error == AVAHI_ERR_INVALID_RECORD);
26 avahi_string_list_free(txt);
27
28+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
29+ assert(error != AVAHI_OK);
30+
31 avahi_entry_group_commit (group);
32
33 domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
34Index: avahi-0.8/avahi-daemon/dbus-entry-group.c
35===================================================================
36--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c
37+++ avahi-0.8/avahi-daemon/dbus-entry-group.c
38@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
39 if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
40 return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
41
42- if (avahi_rdata_parse (r, rdata, size) < 0) {
43+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
44 avahi_record_unref (r);
45 return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
46 }
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
deleted file mode 100644
index 707acb60fe..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
+++ /dev/null
@@ -1,110 +0,0 @@
1From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Wed, 11 Oct 2023 17:45:44 +0200
4Subject: [PATCH] avahi: common: derive alternative host name from its
5 unescaped version
6
7Normalization of input makes sure we don't have to deal with special
8cases like unescaped dot at the end of label.
9
10Fixes #451 #487
11
12Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]
13CVE: CVE-2023-38473
14
15Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
16---
17 avahi-common/alternative-test.c | 3 +++
18 avahi-common/alternative.c | 27 +++++++++++++++++++--------
19 2 files changed, 22 insertions(+), 8 deletions(-)
20
21diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c
22index 9255435..681fc15 100644
23--- a/avahi-common/alternative-test.c
24+++ b/avahi-common/alternative-test.c
25@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
26 const char* const test_strings[] = {
27 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
28 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü",
29+ ").",
30+ "\\.",
31+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\",
32 "gurke",
33 "-",
34 " #",
35diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c
36index b3d39f0..a094e6d 100644
37--- a/avahi-common/alternative.c
38+++ b/avahi-common/alternative.c
39@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) {
40 }
41
42 char *avahi_alternative_host_name(const char *s) {
43+ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
44+ char *alt, *r, *ret;
45 const char *e;
46- char *r;
47+ size_t len;
48
49 assert(s);
50
51 if (!avahi_is_valid_host_name(s))
52 return NULL;
53
54- if ((e = strrchr(s, '-'))) {
55+ if (!avahi_unescape_label(&s, label, sizeof(label)))
56+ return NULL;
57+
58+ if ((e = strrchr(label, '-'))) {
59 const char *p;
60
61 e++;
62@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) {
63
64 if (e) {
65 char *c, *m;
66- size_t l;
67 int n;
68
69 n = atoi(e)+1;
70 if (!(m = avahi_strdup_printf("%i", n)))
71 return NULL;
72
73- l = e-s-1;
74+ len = e-label-1;
75
76- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
77- l = AVAHI_LABEL_MAX-1-strlen(m)-1;
78+ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
79+ len = AVAHI_LABEL_MAX-1-strlen(m)-1;
80
81- if (!(c = avahi_strndup(s, l))) {
82+ if (!(c = avahi_strndup(label, len))) {
83 avahi_free(m);
84 return NULL;
85 }
86@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) {
87 } else {
88 char *c;
89
90- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
91+ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
92 return NULL;
93
94 drop_incomplete_utf8(c);
95@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) {
96 avahi_free(c);
97 }
98
99+ alt = alternative;
100+ len = sizeof(alternative);
101+ ret = avahi_escape_label(r, strlen(r), &alt, &len);
102+
103+ avahi_free(r);
104+ r = avahi_strdup(ret);
105+
106 assert(avahi_is_valid_host_name(r));
107
108 return r;
109--
1102.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
deleted file mode 100644
index 9737f52837..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
+++ /dev/null
@@ -1,228 +0,0 @@
1From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Wed, 27 Nov 2024 18:07:32 +0100
4Subject: [PATCH] core/wide-area: fix for CVE-2024-52615
5
6CVE: CVE-2024-52615
7Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]
8
9Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
10---
11 avahi-core/wide-area.c | 128 ++++++++++++++++++++++-------------------
12 1 file changed, 69 insertions(+), 59 deletions(-)
13
14diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
15index 00a15056e..06df7afc6 100644
16--- a/avahi-core/wide-area.c
17+++ b/avahi-core/wide-area.c
18@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup {
19
20 AvahiAddress dns_server_used;
21
22+ int fd;
23+ AvahiWatch *watch;
24+ AvahiProtocol proto;
25+
26 AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups);
27 AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key);
28 };
29@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup {
30 struct AvahiWideAreaLookupEngine {
31 AvahiServer *server;
32
33- int fd_ipv4, fd_ipv6;
34- AvahiWatch *watch_ipv4, *watch_ipv6;
35-
36 /* Cache */
37 AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
38 AvahiHashmap *cache_by_key;
39@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i
40 return l;
41 }
42
43+static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata);
44+
45 static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) {
46+ AvahiWideAreaLookupEngine *e;
47 AvahiAddress *a;
48+ AvahiServer *s;
49+ AvahiWatch *w;
50+ int r;
51
52 assert(l);
53 assert(p);
54
55- if (l->engine->n_dns_servers <= 0)
56+ e = l->engine;
57+ assert(e);
58+
59+ s = e->server;
60+ assert(s);
61+
62+ if (e->n_dns_servers <= 0)
63 return -1;
64
65- assert(l->engine->current_dns_server < l->engine->n_dns_servers);
66+ assert(e->current_dns_server < e->n_dns_servers);
67
68- a = &l->engine->dns_servers[l->engine->current_dns_server];
69+ a = &e->dns_servers[e->current_dns_server];
70 l->dns_server_used = *a;
71
72- if (a->proto == AVAHI_PROTO_INET) {
73+ if (l->fd >= 0) {
74+ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */
75+ s->poll_api->watch_free(l->watch);
76+ l->watch = NULL;
77
78- if (l->engine->fd_ipv4 < 0)
79- return -1;
80+ close(l->fd);
81+ l->fd = -EBADF;
82+ }
83
84- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT);
85+ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6);
86
87- } else {
88- assert(a->proto == AVAHI_PROTO_INET6);
89+ if (a->proto == AVAHI_PROTO_INET)
90+ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
91+ else
92+ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
93
94- if (l->engine->fd_ipv6 < 0)
95- return -1;
96+ if (r < 0) {
97+ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup");
98+ return -1;
99+ }
100
101- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
102+ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l);
103+ if (!w) {
104+ close(r);
105+ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup");
106+ return -1;
107 }
108+
109+ l->fd = r;
110+ l->watch = w;
111+ l->proto = a->proto;
112+
113+ return a->proto == AVAHI_PROTO_INET ?
114+ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT):
115+ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
116 }
117
118 static void next_dns_server(AvahiWideAreaLookupEngine *e) {
119@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
120 l->dead = 0;
121 l->key = avahi_key_ref(key);
122 l->cname_key = avahi_key_new_cname(l->key);
123+ l->fd = -EBADF;
124+ l->watch = NULL;
125+ l->proto = AVAHI_PROTO_UNSPEC;
126 l->callback = callback;
127 l->userdata = userdata;
128
129@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) {
130 if (l->cname_key)
131 avahi_key_unref(l->cname_key);
132
133+ if (l->watch)
134+ l->engine->server->poll_api->watch_free(l->watch);
135+
136+ if (l->fd >= 0)
137+ close(l->fd);
138+
139 avahi_free(l);
140 }
141
142@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) {
143 }
144
145 static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) {
146- AvahiWideAreaLookupEngine *e = userdata;
147+ AvahiWideAreaLookup *l = userdata;
148+ AvahiWideAreaLookupEngine *e = l->engine;
149 AvahiDnsPacket *p = NULL;
150
151- if (fd == e->fd_ipv4)
152- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL);
153+ assert(l);
154+ assert(e);
155+ assert(l->fd == fd);
156+
157+ if (l->proto == AVAHI_PROTO_INET)
158+ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL);
159 else {
160- assert(fd == e->fd_ipv6);
161- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL);
162+ assert(l->proto == AVAHI_PROTO_INET6);
163+
164+ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL);
165 }
166
167 if (p) {
168@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
169 e->server = s;
170 e->cleanup_dead = 0;
171
172- /* Create sockets */
173- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
174- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
175-
176- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) {
177- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno));
178-
179- if (e->fd_ipv6 >= 0)
180- close(e->fd_ipv6);
181-
182- if (e->fd_ipv4 >= 0)
183- close(e->fd_ipv4);
184-
185- avahi_free(e);
186- return NULL;
187- }
188-
189- /* Create watches */
190-
191- e->watch_ipv4 = e->watch_ipv6 = NULL;
192-
193- if (e->fd_ipv4 >= 0)
194- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e);
195- if (e->fd_ipv6 >= 0)
196- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
197-
198 e->n_dns_servers = e->current_dns_server = 0;
199
200 /* Initialize cache */
201@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) {
202 avahi_hashmap_free(e->lookups_by_id);
203 avahi_hashmap_free(e->lookups_by_key);
204
205- if (e->watch_ipv4)
206- e->server->poll_api->watch_free(e->watch_ipv4);
207-
208- if (e->watch_ipv6)
209- e->server->poll_api->watch_free(e->watch_ipv6);
210-
211- if (e->fd_ipv6 >= 0)
212- close(e->fd_ipv6);
213-
214- if (e->fd_ipv4 >= 0)
215- close(e->fd_ipv4);
216-
217 avahi_free(e);
218 }
219
220@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres
221
222 if (a) {
223 for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--)
224- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0))
225+ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6)
226 e->dns_servers[e->n_dns_servers++] = *a;
227 } else {
228 assert(n == 0);
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
deleted file mode 100644
index a156f98728..0000000000
--- a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
+++ /dev/null
@@ -1,104 +0,0 @@
1From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Mon, 11 Nov 2024 00:56:09 +0100
4Subject: [PATCH] Properly randomize query id of DNS packets
5
6CVE: CVE-2024-52616
7Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]
8
9Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
10---
11 avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
12 configure.ac | 3 ++-
13 2 files changed, 30 insertions(+), 9 deletions(-)
14
15diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
16index 971f5e714..00a15056e 100644
17--- a/avahi-core/wide-area.c
18+++ b/avahi-core/wide-area.c
19@@ -40,6 +40,13 @@
20 #include "addr-util.h"
21 #include "rr-util.h"
22
23+#ifdef HAVE_SYS_RANDOM_H
24+#include <sys/random.h>
25+#endif
26+#ifndef HAVE_GETRANDOM
27+# define getrandom(d, len, flags) (-1)
28+#endif
29+
30 #define CACHE_ENTRIES_MAX 500
31
32 typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
33@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
34 int fd_ipv4, fd_ipv6;
35 AvahiWatch *watch_ipv4, *watch_ipv6;
36
37- uint16_t next_id;
38-
39 /* Cache */
40 AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
41 AvahiHashmap *cache_by_key;
42@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
43 avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
44 }
45
46+static uint16_t get_random_uint16(void) {
47+ uint16_t next_id;
48+
49+ if (getrandom(&next_id, sizeof(next_id), 0) == -1)
50+ next_id = (uint16_t) rand();
51+ return next_id;
52+}
53+
54+static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
55+ uint16_t next_id;
56+
57+ next_id = get_random_uint16();
58+ while (find_lookup(e, next_id)) {
59+ /* This ID is already used, get new. */
60+ next_id = get_random_uint16();
61+ }
62+ return next_id;
63+}
64+
65+
66 AvahiWideAreaLookup *avahi_wide_area_lookup_new(
67 AvahiWideAreaLookupEngine *e,
68 AvahiKey *key,
69@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
70 /* If more than 65K wide area quries are issued simultaneously,
71 * this will break. This should be limited by some higher level */
72
73- for (;; e->next_id++)
74- if (!find_lookup(e, e->next_id))
75- break; /* This ID is not yet used. */
76-
77- l->id = e->next_id++;
78+ l->id = avahi_wide_area_next_id(e);
79
80 /* We keep the packet around in case we need to repeat our query */
81 l->packet = avahi_dns_packet_new(0);
82@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
83 e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
84
85 e->n_dns_servers = e->current_dns_server = 0;
86- e->next_id = (uint16_t) rand();
87
88 /* Initialize cache */
89 AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
90diff --git a/configure.ac b/configure.ac
91index a3211b80e..31bce3d76 100644
92--- a/configure.ac
93+++ b/configure.ac
94@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
95 # whether libc's malloc does too. (Same for realloc.)
96 #AC_FUNC_MALLOC
97 #AC_FUNC_REALLOC
98-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
99+AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
100+AC_CHECK_HEADERS([sys/random.h])
101
102 AC_FUNC_CHOWN
103 AC_FUNC_STAT
104
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch
deleted file mode 100644
index 26632e5443..0000000000
--- a/meta/recipes-connectivity/avahi/files/handle-hup.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1CVE: CVE-2021-3468
2Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330]
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
6From: Riccardo Schirone <sirmy15@gmail.com>
7Date: Fri, 26 Mar 2021 11:50:24 +0100
8Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
9 client_work
10
11If a client fills the input buffer, client_work() disables the
12AVAHI_WATCH_IN event, thus preventing the function from executing the
13`read` syscall the next times it is called. However, if the client then
14terminates the connection, the socket file descriptor receives a HUP
15event, which is not handled, thus the kernel keeps marking the HUP event
16as occurring. While iterating over the file descriptors that triggered
17an event, the client file descriptor will keep having the HUP event and
18the client_work() function is always called with AVAHI_WATCH_HUP but
19without nothing being done, thus entering an infinite loop.
20
21See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
22---
23 avahi-daemon/simple-protocol.c | 5 +++++
24 1 file changed, 5 insertions(+)
25
26diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
27index 3e0ebb11..6c0274d6 100644
28--- a/avahi-daemon/simple-protocol.c
29+++ b/avahi-daemon/simple-protocol.c
30@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
31 }
32 }
33
34+ if (events & AVAHI_WATCH_HUP) {
35+ client_free(c);
36+ return;
37+ }
38+
39 c->server->poll_api->watch_update(
40 watch,
41 (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch
deleted file mode 100644
index e1176888df..0000000000
--- a/meta/recipes-connectivity/avahi/files/initscript.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1Note: upcoming avahi 0.9 drops debian initscripts altogether,
2so any version update would probably have to copy the last
3upstream versions into oe-core, and install them from the recipe.
4
5Upstream-Status: Inappropriate [upstream removed the files]
6
7Index: avahi-0.7/initscript/debian/avahi-daemon.in
8===================================================================
9--- avahi-0.7.orig/initscript/debian/avahi-daemon.in
10+++ avahi-0.7/initscript/debian/avahi-daemon.in
11@@ -1,5 +1,17 @@
12 #!/bin/sh
13-
14+### BEGIN INIT INFO
15+# Provides: avahi
16+# Required-Start: $remote_fs dbus
17+# Required-Stop: $remote_fs dbus
18+# Should-Start: $syslog
19+# Should-Stop: $syslog
20+# Default-Start: 2 3 4 5
21+# Default-Stop: 0 1 6
22+# Short-Description: Avahi mDNS/DNS-SD Daemon
23+# Description: Zeroconf daemon for configuring your network
24+# automatically
25+### END INIT INFO
26+#
27 # This file is part of avahi.
28 #
29 # avahi is free software; you can redistribute it and/or modify it
30Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in
31===================================================================
32--- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in
33+++ avahi-0.7/initscript/debian/avahi-dnsconfd.in
34@@ -1,4 +1,17 @@
35 #!/bin/sh
36+### BEGIN INIT INFO
37+# Provides: avahi-dnsconfd
38+# Required-Start: $remote_fs avahi
39+# Required-Stop: $remote_fs avahi
40+# Should-Start: $syslog
41+# Should-Stop: $syslog
42+# Default-Start: 2 3 4 5
43+# Default-Stop: 0 1 6
44+# Short-Description: Avahi mDNS/DNS-SD DNS configuration
45+# Description: Zeroconf daemon for configuring your network
46+# automatically
47+### END INIT INFO
48+#
49
50 # This file is part of avahi.
51 #
diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch
deleted file mode 100644
index 8f188aff2c..0000000000
--- a/meta/recipes-connectivity/avahi/files/invalid-service.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001
2From: Asger Hautop Drewsen <asger@princh.com>
3Date: Mon, 9 Aug 2021 14:25:08 +0200
4Subject: [PATCH] Fix avahi-browse: Invalid service type
5
6Invalid service types will stop the browse from completing, or
7in simple terms "my washing machine stops me from printing".
8
9Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472]
10Signed-off-by: Ross Burton <ross.burton@arm.com>
11---
12 avahi-core/browse-service.c | 4 +++-
13 1 file changed, 3 insertions(+), 1 deletion(-)
14
15diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
16index 63e0275a..ac3d2ecb 100644
17--- a/avahi-core/browse-service.c
18+++ b/avahi-core/browse-service.c
19@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare(
20 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL);
21 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME);
22 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS);
23- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE);
24+
25+ if (!avahi_is_valid_service_type_generic(service_type))
26+ service_type = "_invalid._tcp";
27
28 if (!domain)
29 domain = server->domain_name;
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
deleted file mode 100644
index 29c192d296..0000000000
--- a/meta/recipes-connectivity/avahi/files/local-ping.patch
+++ /dev/null
@@ -1,153 +0,0 @@
1CVE: CVE-2021-36217
2CVE: CVE-2021-3502
3Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@arm.com>
5
6From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
7From: Tommi Rantala <tommi.t.rantala@nokia.com>
8Date: Mon, 8 Feb 2021 11:04:43 +0200
9Subject: [PATCH] Fix NULL pointer crashes from #175
10
11avahi-daemon is crashing when running "ping .local".
12The crash is due to failing assertion from NULL pointer.
13Add missing NULL pointer checks to fix it.
14
15Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
16---
17 avahi-core/browse-dns-server.c | 5 ++++-
18 avahi-core/browse-domain.c | 5 ++++-
19 avahi-core/browse-service-type.c | 3 +++
20 avahi-core/browse-service.c | 3 +++
21 avahi-core/browse.c | 3 +++
22 avahi-core/resolve-address.c | 5 ++++-
23 avahi-core/resolve-host-name.c | 5 ++++-
24 avahi-core/resolve-service.c | 5 ++++-
25 8 files changed, 29 insertions(+), 5 deletions(-)
26
27diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
28index 049752e9..c2d914fa 100644
29--- a/avahi-core/browse-dns-server.c
30+++ b/avahi-core/browse-dns-server.c
31@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
32 AvahiSDNSServerBrowser* b;
33
34 b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
35+ if (!b)
36+ return NULL;
37+
38 avahi_s_dns_server_browser_start(b);
39
40 return b;
41-}
42\ No newline at end of file
43+}
44diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
45index f145d56a..06fa70c0 100644
46--- a/avahi-core/browse-domain.c
47+++ b/avahi-core/browse-domain.c
48@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
49 AvahiSDomainBrowser *b;
50
51 b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
52+ if (!b)
53+ return NULL;
54+
55 avahi_s_domain_browser_start(b);
56
57 return b;
58-}
59\ No newline at end of file
60+}
61diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
62index fdd22dcd..b1fc7af8 100644
63--- a/avahi-core/browse-service-type.c
64+++ b/avahi-core/browse-service-type.c
65@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
66 AvahiSServiceTypeBrowser *b;
67
68 b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
69+ if (!b)
70+ return NULL;
71+
72 avahi_s_service_type_browser_start(b);
73
74 return b;
75diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
76index 5531360c..63e0275a 100644
77--- a/avahi-core/browse-service.c
78+++ b/avahi-core/browse-service.c
79@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
80 AvahiSServiceBrowser *b;
81
82 b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
83+ if (!b)
84+ return NULL;
85+
86 avahi_s_service_browser_start(b);
87
88 return b;
89diff --git a/avahi-core/browse.c b/avahi-core/browse.c
90index 2941e579..e8a915e9 100644
91--- a/avahi-core/browse.c
92+++ b/avahi-core/browse.c
93@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
94 AvahiSRecordBrowser *b;
95
96 b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
97+ if (!b)
98+ return NULL;
99+
100 avahi_s_record_browser_start_query(b);
101
102 return b;
103diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
104index ac0b29b1..e61dd242 100644
105--- a/avahi-core/resolve-address.c
106+++ b/avahi-core/resolve-address.c
107@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
108 AvahiSAddressResolver *b;
109
110 b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
111+ if (!b)
112+ return NULL;
113+
114 avahi_s_address_resolver_start(b);
115
116 return b;
117-}
118\ No newline at end of file
119+}
120diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
121index 808b0e72..4e8e5973 100644
122--- a/avahi-core/resolve-host-name.c
123+++ b/avahi-core/resolve-host-name.c
124@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
125 AvahiSHostNameResolver *b;
126
127 b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
128+ if (!b)
129+ return NULL;
130+
131 avahi_s_host_name_resolver_start(b);
132
133 return b;
134-}
135\ No newline at end of file
136+}
137diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
138index 66bf3cae..43771763 100644
139--- a/avahi-core/resolve-service.c
140+++ b/avahi-core/resolve-service.c
141@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
142 AvahiSServiceResolver *b;
143
144 b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
145+ if (!b)
146+ return NULL;
147+
148 avahi_s_service_resolver_start(b);
149
150 return b;
151-}
152\ No newline at end of file
153+}
diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
deleted file mode 100644
index dda94c14e7..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
+++ /dev/null
@@ -1,24 +0,0 @@
1From 7128d079b0c315414410c4bcfb18b445cd7afda2 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Mon, 15 Oct 2018 16:55:09 +0800
4Subject: [PATCH] avoid start failure with bind user
5
6Upstream-Status: Pending
7
8Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9---
10 init.d | 1 +
11 1 file changed, 1 insertion(+)
12
13diff --git a/init.d b/init.d
14index 95e8909..771d349 100644
15--- a/init.d
16+++ b/init.d
17@@ -57,6 +57,7 @@ case "$1" in
18 modprobe capability >/dev/null 2>&1 || true
19 if [ ! -f /etc/bind/rndc.key ]; then
20 /usr/sbin/rndc-confgen -a -b 512
21+ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
22 chmod 0640 /etc/bind/rndc.key
23 fi
24 if [ -f /var/run/named/named.pid ]; then
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
deleted file mode 100644
index 5d3bd682f4..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From 56249e557c820a743f1390174bd93104698e70f2 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Mon, 27 Aug 2018 21:24:20 +0800
4Subject: [PATCH] `named/lwresd -V' and start log hide build options
5
6The build options expose build path directories, so hide them.
7[snip]
8$ named -V
9|built by make with *** (options are hidden)
10[snip]
11
12Upstream-Status: Inappropriate [oe-core specific]
13
14Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
15
16Refreshed for 9.16.0
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18---
19 configure.ac | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/configure.ac b/configure.ac
23index 295bfd6..5c7d7fb 100644
24--- a/configure.ac
25+++ b/configure.ac
26@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par
27 AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING])
28 AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git])
29
30-bind_CONFIGARGS="${ac_configure_args:-default}"
31+bind_CONFIGARGS="(removed for reproducibility)"
32 AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options])
33
34 AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio])
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
deleted file mode 100644
index 9bbe0998c6..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From fe34ede0bbb0c60624cc281c938b9ca784505f5a Mon Sep 17 00:00:00 2001
2From: Paul Gortmaker <paul.gortmaker@windriver.com>
3Date: Tue, 9 Jun 2015 11:22:00 -0400
4Subject: [PATCH] bind: ensure searching for json headers searches sysroot
5
6Bind can fail configure by detecting headers w/o libs[1], or
7it can fail the host contamination check as per below:
8
9ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
10Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build'
11ERROR: Function failed: do_qa_configure
12ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242
13ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1'
14NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed.
15No currently running tasks (773 of 781)
16
17Summary: 1 task failed:
18 /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure
19
20One way to fix it would be to unconditionally disable json in bind
21configure[2] but here we fix it by using the path to where we would
22put the header if we had json in the sysroot, in case someone wants
23to make use of the combination some day.
24
25[1] https://trac.macports.org/ticket/45305
26[2] https://trac.macports.org/changeset/126406
27
28Upstream-Status: Inappropriate [OE Specific]
29Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
30---
31 configure.ac | 2 +-
32 1 file changed, 1 insertion(+), 1 deletion(-)
33
34diff --git a/configure.ac b/configure.ac
35index 6ee5459..295bfd6 100644
36--- a/configure.ac
37+++ b/configure.ac
38@@ -863,7 +863,7 @@ AS_CASE([$with_lmdb],
39 [no],[],
40 [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb],
41 [ac_lib_lmdb_found=yes],
42- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do
43+ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do
44 AX_LIB_LMDB([$ac_lib_lmdb_path],
45 [ac_lib_lmdb_found=yes
46 break])
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind/bind9
deleted file mode 100644
index 968679ff7f..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind9
+++ /dev/null
@@ -1,2 +0,0 @@
1# startup options for the server
2OPTIONS="-u bind"
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch
deleted file mode 100644
index 8a45667fc4..0000000000
--- a/meta/recipes-connectivity/bind/bind/conf.patch
+++ /dev/null
@@ -1,381 +0,0 @@
1From 24452a9a46ba21233925218e4fca066b338ba70d Mon Sep 17 00:00:00 2001
2From: Qing He <qing.he@intel.com>
3Date: Tue, 30 Nov 2010 13:35:42 +0800
4Subject: [PATCH] bind: add new recipe
5
6Upstream-Status: Inappropriate [configuration]
7
8the patch is imported from openembedded project
9
1011/30/2010 - Qing He <qing.he@intel.com>
11---
12 conf/db.0 | 12 +++++++
13 conf/db.127 | 13 ++++++++
14 conf/db.255 | 12 +++++++
15 conf/db.empty | 14 +++++++++
16 conf/db.local | 13 ++++++++
17 conf/db.root | 45 ++++++++++++++++++++++++++
18 conf/named.conf | 49 +++++++++++++++++++++++++++++
19 conf/named.conf.local | 8 +++++
20 conf/named.conf.options | 24 ++++++++++++++
21 conf/zones.rfc1918 | 20 ++++++++++++
22 init.d | 70 +++++++++++++++++++++++++++++++++++++++++
23 11 files changed, 280 insertions(+)
24 create mode 100644 conf/db.0
25 create mode 100644 conf/db.127
26 create mode 100644 conf/db.255
27 create mode 100644 conf/db.empty
28 create mode 100644 conf/db.local
29 create mode 100644 conf/db.root
30 create mode 100644 conf/named.conf
31 create mode 100644 conf/named.conf.local
32 create mode 100644 conf/named.conf.options
33 create mode 100644 conf/zones.rfc1918
34 create mode 100644 init.d
35
36diff --git a/conf/db.0 b/conf/db.0
37new file mode 100644
38index 0000000..e3aabdb
39--- /dev/null
40+++ b/conf/db.0
41@@ -0,0 +1,12 @@
42+;
43+; BIND reverse data file for broadcast zone
44+;
45+$TTL 604800
46+@ IN SOA localhost. root.localhost. (
47+ 1 ; Serial
48+ 604800 ; Refresh
49+ 86400 ; Retry
50+ 2419200 ; Expire
51+ 604800 ) ; Negative Cache TTL
52+;
53+@ IN NS localhost.
54diff --git a/conf/db.127 b/conf/db.127
55new file mode 100644
56index 0000000..cd05bef
57--- /dev/null
58+++ b/conf/db.127
59@@ -0,0 +1,13 @@
60+;
61+; BIND reverse data file for local loopback interface
62+;
63+$TTL 604800
64+@ IN SOA localhost. root.localhost. (
65+ 1 ; Serial
66+ 604800 ; Refresh
67+ 86400 ; Retry
68+ 2419200 ; Expire
69+ 604800 ) ; Negative Cache TTL
70+;
71+@ IN NS localhost.
72+1.0.0 IN PTR localhost.
73diff --git a/conf/db.255 b/conf/db.255
74new file mode 100644
75index 0000000..16cd819
76--- /dev/null
77+++ b/conf/db.255
78@@ -0,0 +1,12 @@
79+;
80+; BIND reserve data file for broadcast zone
81+;
82+$TTL 604800
83+@ IN SOA localhost. root.localhost. (
84+ 1 ; Serial
85+ 604800 ; Refresh
86+ 86400 ; Retry
87+ 2419200 ; Expire
88+ 604800 ) ; Negative Cache TTL
89+;
90+@ IN NS localhost.
91diff --git a/conf/db.empty b/conf/db.empty
92new file mode 100644
93index 0000000..8a12858
94--- /dev/null
95+++ b/conf/db.empty
96@@ -0,0 +1,14 @@
97+; BIND reverse data file for empty rfc1918 zone
98+;
99+; DO NOT EDIT THIS FILE - it is used for multiple zones.
100+; Instead, copy it, edit named.conf, and use that copy.
101+;
102+$TTL 86400
103+@ IN SOA localhost. root.localhost. (
104+ 1 ; Serial
105+ 604800 ; Refresh
106+ 86400 ; Retry
107+ 2419200 ; Expire
108+ 86400 ) ; Negative Cache TTL
109+;
110+@ IN NS localhost.
111diff --git a/conf/db.local b/conf/db.local
112new file mode 100644
113index 0000000..66b4892
114--- /dev/null
115+++ b/conf/db.local
116@@ -0,0 +1,13 @@
117+;
118+; BIND data file for local loopback interface
119+;
120+$TTL 604800
121+@ IN SOA localhost. root.localhost. (
122+ 1 ; Serial
123+ 604800 ; Refresh
124+ 86400 ; Retry
125+ 2419200 ; Expire
126+ 604800 ) ; Negative Cache TTL
127+;
128+@ IN NS localhost.
129+@ IN A 127.0.0.1
130diff --git a/conf/db.root b/conf/db.root
131new file mode 100644
132index 0000000..01c20f0
133--- /dev/null
134+++ b/conf/db.root
135@@ -0,0 +1,45 @@
136+
137+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
138+;; global options: printcmd
139+;; Got answer:
140+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
141+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
142+
143+;; QUESTION SECTION:
144+;. IN NS
145+
146+;; ANSWER SECTION:
147+. 518400 IN NS A.ROOT-SERVERS.NET.
148+. 518400 IN NS B.ROOT-SERVERS.NET.
149+. 518400 IN NS C.ROOT-SERVERS.NET.
150+. 518400 IN NS D.ROOT-SERVERS.NET.
151+. 518400 IN NS E.ROOT-SERVERS.NET.
152+. 518400 IN NS F.ROOT-SERVERS.NET.
153+. 518400 IN NS G.ROOT-SERVERS.NET.
154+. 518400 IN NS H.ROOT-SERVERS.NET.
155+. 518400 IN NS I.ROOT-SERVERS.NET.
156+. 518400 IN NS J.ROOT-SERVERS.NET.
157+. 518400 IN NS K.ROOT-SERVERS.NET.
158+. 518400 IN NS L.ROOT-SERVERS.NET.
159+. 518400 IN NS M.ROOT-SERVERS.NET.
160+
161+;; ADDITIONAL SECTION:
162+A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
163+B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
164+C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
165+D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
166+E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
167+F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
168+G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
169+H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
170+I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
171+J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
172+K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
173+L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
174+M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
175+
176+;; Query time: 81 msec
177+;; SERVER: 198.41.0.4#53(a.root-servers.net.)
178+;; WHEN: Sun Feb 1 11:27:14 2004
179+;; MSG SIZE rcvd: 436
180+
181diff --git a/conf/named.conf b/conf/named.conf
182new file mode 100644
183index 0000000..95829cf
184--- /dev/null
185+++ b/conf/named.conf
186@@ -0,0 +1,49 @@
187+// This is the primary configuration file for the BIND DNS server named.
188+//
189+// If you are just adding zones, please do that in /etc/bind/named.conf.local
190+
191+include "/etc/bind/named.conf.options";
192+
193+// prime the server with knowledge of the root servers
194+zone "." {
195+ type hint;
196+ file "/etc/bind/db.root";
197+};
198+
199+// be authoritative for the localhost forward and reverse zones, and for
200+// broadcast zones as per RFC 1912
201+
202+zone "localhost" {
203+ type master;
204+ file "/etc/bind/db.local";
205+};
206+
207+zone "127.in-addr.arpa" {
208+ type master;
209+ file "/etc/bind/db.127";
210+};
211+
212+zone "0.in-addr.arpa" {
213+ type master;
214+ file "/etc/bind/db.0";
215+};
216+
217+zone "255.in-addr.arpa" {
218+ type master;
219+ file "/etc/bind/db.255";
220+};
221+
222+// zone "com" { type delegation-only; };
223+// zone "net" { type delegation-only; };
224+
225+// From the release notes:
226+// Because many of our users are uncomfortable receiving undelegated answers
227+// from root or top level domains, other than a few for whom that behaviour
228+// has been trusted and expected for quite some length of time, we have now
229+// introduced the "root-delegations-only" feature which applies delegation-only
230+// logic to all top level domains, and to the root domain. An exception list
231+// should be specified, including "MUSEUM" and "DE", and any other top level
232+// domains from whom undelegated responses are expected and trusted.
233+// root-delegation-only exclude { "DE"; "MUSEUM"; };
234+
235+include "/etc/bind/named.conf.local";
236diff --git a/conf/named.conf.local b/conf/named.conf.local
237new file mode 100644
238index 0000000..7a57b10
239--- /dev/null
240+++ b/conf/named.conf.local
241@@ -0,0 +1,8 @@
242+//
243+// Do any local configuration here
244+//
245+
246+// Consider adding the 1918 zones here, if they are not used in your
247+// organization
248+//include "/etc/bind/zones.rfc1918";
249+
250diff --git a/conf/named.conf.options b/conf/named.conf.options
251new file mode 100644
252index 0000000..813193d
253--- /dev/null
254+++ b/conf/named.conf.options
255@@ -0,0 +1,24 @@
256+options {
257+ directory "/var/cache/bind";
258+
259+ // If there is a firewall between you and nameservers you want
260+ // to talk to, you might need to uncomment the query-source
261+ // directive below. Previous versions of BIND always asked
262+ // questions using port 53, but BIND 8.1 and later use an unprivileged
263+ // port by default.
264+
265+ // query-source address * port 53;
266+
267+ // If your ISP provided one or more IP addresses for stable
268+ // nameservers, you probably want to use them as forwarders.
269+ // Uncomment the following block, and insert the addresses replacing
270+ // the all-0's placeholder.
271+
272+ // forwarders {
273+ // 0.0.0.0;
274+ // };
275+
276+ auth-nxdomain no; # conform to RFC1035
277+
278+};
279+
280diff --git a/conf/zones.rfc1918 b/conf/zones.rfc1918
281new file mode 100644
282index 0000000..03b5546
283--- /dev/null
284+++ b/conf/zones.rfc1918
285@@ -0,0 +1,20 @@
286+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
287+
288+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
289+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
290+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
291+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
292+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
293+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
294+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
295+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
296+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
297+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
298+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
299+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
300+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
301+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
302+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
303+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
304+
305+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
306diff --git a/init.d b/init.d
307new file mode 100644
308index 0000000..2ef2277
309--- /dev/null
310+++ b/init.d
311@@ -0,0 +1,70 @@
312+#!/bin/sh
313+
314+PATH=/sbin:/bin:/usr/sbin:/usr/bin
315+
316+# for a chrooted server: "-u bind -t /var/lib/named"
317+# Don't modify this line, change or create /etc/default/bind9.
318+OPTIONS=""
319+
320+test -f /etc/default/bind9 && . /etc/default/bind9
321+
322+test -x /usr/sbin/rndc || exit 0
323+
324+case "$1" in
325+ start)
326+ echo -n "Starting domain name service: named"
327+
328+ modprobe capability >/dev/null 2>&1 || true
329+ if [ ! -f /etc/bind/rndc.key ]; then
330+ /usr/sbin/rndc-confgen -a -b 512
331+ chmod 0640 /etc/bind/rndc.key
332+ fi
333+ if [ -f /var/run/named/named.pid ]; then
334+ ps `cat /var/run/named/named.pid` > /dev/null && exit 1
335+ fi
336+
337+ # dirs under /var/run can go away on reboots.
338+ mkdir -p /var/run/named
339+ mkdir -p /var/cache/bind
340+ chmod 775 /var/run/named
341+ chown root:bind /var/run/named >/dev/null 2>&1 || true
342+
343+ if [ ! -x /usr/sbin/named ]; then
344+ echo "named binary missing - not starting"
345+ exit 1
346+ fi
347+ if start-stop-daemon --start --quiet --exec /usr/sbin/named \
348+ --pidfile /var/run/named/named.pid -- $OPTIONS; then
349+ if [ -x /sbin/resolvconf ] ; then
350+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
351+ fi
352+ fi
353+ echo "."
354+ ;;
355+
356+ stop)
357+ echo -n "Stopping domain name service: named"
358+ if [ -x /sbin/resolvconf ]; then
359+ /sbin/resolvconf -d lo
360+ fi
361+ /usr/sbin/rndc stop >/dev/null 2>&1
362+ echo "."
363+ ;;
364+
365+ reload)
366+ /usr/sbin/rndc reload
367+ ;;
368+
369+ restart|force-reload)
370+ $0 stop
371+ sleep 2
372+ $0 start
373+ ;;
374+
375+ *)
376+ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
377+ exit 1
378+ ;;
379+esac
380+
381+exit 0
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
deleted file mode 100644
index 633e29c0e6..0000000000
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ /dev/null
@@ -1,8 +0,0 @@
1#!/bin/sh
2
3if [ ! -s /etc/bind/rndc.key ]; then
4 echo -n "Generating /etc/bind/rndc.key:"
5 /usr/sbin/rndc-confgen -a -b 512
6 chown root:bind /etc/bind/rndc.key
7 chmod 0640 /etc/bind/rndc.key
8fi
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
deleted file mode 100644
index 97fac429dd..0000000000
--- a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
+++ /dev/null
@@ -1,65 +0,0 @@
1From 2fb98a36b3b35aeaa4852bd8bc268fbf66d0ad2d Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 27 Mar 2014 02:34:41 +0000
4Subject: [PATCH] init.d: add support for read-only rootfs
5
6Upstream-Status: Inappropriate [oe specific]
7
8Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9---
10 init.d | 40 ++++++++++++++++++++++++++++++++++++++++
11 1 file changed, 40 insertions(+)
12
13diff --git a/init.d b/init.d
14index 2ef2277..95e8909 100644
15--- a/init.d
16+++ b/init.d
17@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
18 # Don't modify this line, change or create /etc/default/bind9.
19 OPTIONS=""
20
21+test -f /etc/default/rcS && . /etc/default/rcS
22 test -f /etc/default/bind9 && . /etc/default/bind9
23
24+# This function is here because it's possible that /var and / are on different partitions.
25+is_on_read_only_partition () {
26+ DIRECTORY=$1
27+ dir=`readlink -f $DIRECTORY`
28+ while true; do
29+ if [ ! -d "$dir" ]; then
30+ echo "ERROR: $dir is not a directory"
31+ exit 1
32+ else
33+ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \
34+ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do
35+ [ "$flag" = "FOUND" ] && partition="read-write"
36+ [ "$flag" = "ro" ] && { partition="read-only"; break; }
37+ done
38+ if [ "$dir" = "/" -o -n "$partition" ]; then
39+ break
40+ else
41+ dir=`dirname $dir`
42+ fi
43+ fi
44+ done
45+ [ "$partition" = "read-only" ] && echo "yes" || echo "no"
46+}
47+
48+bind_mount () {
49+ olddir=$1
50+ newdir=$2
51+ mkdir -p $olddir
52+ cp -a $newdir/* $olddir
53+ mount --bind $olddir $newdir
54+}
55+
56+# Deal with read-only rootfs
57+if [ "$ROOTFS_READ_ONLY" = "yes" ]; then
58+ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs"
59+ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind
60+ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named
61+fi
62+
63 test -x /usr/sbin/rndc || exit 0
64
65 case "$1" in
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
deleted file mode 100644
index 3adb694eaa..0000000000
--- a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1From 3f18a00d627ec06d26d189e7ef1818d2c237274b Mon Sep 17 00:00:00 2001
2From: Roy Li <rongqing.li@windriver.com>
3Date: Thu, 15 Nov 2012 02:27:54 +0000
4Subject: [PATCH] bind: make "/etc/init.d/bind stop" work
5
6Upstream-Status: Inappropriate [configuration]
7
8Add some configurations, make rndc command be able to controls
9the named daemon.
10
11Signed-off-by: Roy Li <rongqing.li@windriver.com>
12---
13 conf/named.conf | 5 +++++
14 conf/rndc.conf | 5 +++++
15 2 files changed, 10 insertions(+)
16 create mode 100644 conf/rndc.conf
17
18diff --git a/conf/named.conf b/conf/named.conf
19index 95829cf..021dbca 100644
20--- a/conf/named.conf
21+++ b/conf/named.conf
22@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" {
23 // root-delegation-only exclude { "DE"; "MUSEUM"; };
24
25 include "/etc/bind/named.conf.local";
26+include "/etc/bind/rndc.key" ;
27+controls {
28+ inet 127.0.0.1 allow { localhost; }
29+ keys { rndc-key; };
30+};
31diff --git a/conf/rndc.conf b/conf/rndc.conf
32new file mode 100644
33index 0000000..4b43a3d
34--- /dev/null
35+++ b/conf/rndc.conf
36@@ -0,0 +1,5 @@
37+include "/etc/bind/rndc.key";
38+options {
39+ default-server localhost;
40+ default-key rndc-key;
41+};
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind/named.service
deleted file mode 100644
index cda56ef015..0000000000
--- a/meta/recipes-connectivity/bind/bind/named.service
+++ /dev/null
@@ -1,22 +0,0 @@
1[Unit]
2Description=Berkeley Internet Name Domain (DNS)
3Wants=nss-lookup.target
4Before=nss-lookup.target
5After=network.target
6
7[Service]
8Type=forking
9EnvironmentFile=-/etc/default/bind9
10PIDFile=/run/named/named.pid
11
12ExecStartPre=@SBINDIR@/generate-rndc-key.sh
13ExecStart=@SBINDIR@/named $OPTIONS
14
15ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID'
16
17ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID'
18
19PrivateTmp=true
20
21[Install]
22WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/bind/bind_9.20.15.bb b/meta/recipes-connectivity/bind/bind_9.20.15.bb
deleted file mode 100644
index 1195b5bdc3..0000000000
--- a/meta/recipes-connectivity/bind/bind_9.20.15.bb
+++ /dev/null
@@ -1,109 +0,0 @@
1SUMMARY = "ISC Internet Domain Name Server"
2HOMEPAGE = "https://www.isc.org/bind/"
3DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
4SECTION = "console/network"
5
6LICENSE = "MPL-2.0"
7LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43"
8
9DEPENDS = "openssl libcap zlib libuv liburcu"
10
11SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
12 file://conf.patch \
13 file://named.service \
14 file://bind9 \
15 file://generate-rndc-key.sh \
16 file://make-etc-initd-bind-stop-work.patch \
17 file://init.d-add-support-for-read-only-rootfs.patch \
18 file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
19 file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
20 file://0001-avoid-start-failure-with-bind-user.patch \
21 "
22
23SRC_URI[sha256sum] = "d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb"
24
25UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
26# follow the ESV versions divisible by 2
27UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
28
29inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
30
31# PACKAGECONFIGs readline and libedit should NOT be set at same time
32PACKAGECONFIG ?= "readline"
33PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2"
34PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
35PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
36PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
37
38EXTRA_OECONF = " --disable-auto-validation \
39 --with-gssapi=no --with-lmdb=no --with-zlib \
40 --sysconfdir=${sysconfdir}/bind \
41 --with-openssl=${STAGING_DIR_HOST}${prefix} \
42 "
43LDFLAGS += "-lz"
44
45# dhcp needs .la so keep them
46REMOVE_LIBTOOL_LA = "0"
47
48USERADD_PACKAGES = "${PN}"
49USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
50 --user-group bind"
51
52INITSCRIPT_NAME = "bind"
53INITSCRIPT_PARAMS = "defaults"
54
55SYSTEMD_SERVICE:${PN} = "named.service"
56
57do_install:append() {
58
59 install -d -o bind "${D}${localstatedir}/cache/bind"
60 install -d "${D}${sysconfdir}/bind"
61 install -d "${D}${sysconfdir}/init.d"
62 install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
63 install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
64
65 # Install systemd related files
66 install -d ${D}${sbindir}
67 install -m 755 ${UNPACKDIR}/generate-rndc-key.sh ${D}${sbindir}
68 install -d ${D}${systemd_system_unitdir}
69 install -m 0644 ${UNPACKDIR}/named.service ${D}${systemd_system_unitdir}
70 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
71 -e 's,@SBINDIR@,${sbindir},g' \
72 ${D}${systemd_system_unitdir}/named.service
73
74 install -d ${D}${sysconfdir}/default
75 install -m 0644 ${UNPACKDIR}/bind9 ${D}${sysconfdir}/default
76
77 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
78 install -d ${D}${sysconfdir}/tmpfiles.d
79 echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
80 fi
81}
82
83CONFFILES:${PN} = " \
84 ${sysconfdir}/bind/named.conf \
85 ${sysconfdir}/bind/named.conf.local \
86 ${sysconfdir}/bind/named.conf.options \
87 ${sysconfdir}/bind/db.0 \
88 ${sysconfdir}/bind/db.127 \
89 ${sysconfdir}/bind/db.empty \
90 ${sysconfdir}/bind/db.local \
91 ${sysconfdir}/bind/db.root \
92 "
93
94ALTERNATIVE:${PN}-utils = "nslookup"
95ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
96ALTERNATIVE_PRIORITY = "100"
97
98PACKAGE_BEFORE_PN += "${PN}-utils"
99FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
100FILES:${PN}-dev += "${bindir}/isc-config.h"
101FILES:${PN} += "${sbindir}/generate-rndc-key.sh"
102
103PACKAGE_BEFORE_PN += "${PN}-libs"
104# special arrangement below due to
105# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88
106FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
107FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
108
109DEV_PKG_DEPENDENCY = ""
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
deleted file mode 100644
index aac38a54a9..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ /dev/null
@@ -1,158 +0,0 @@
1SUMMARY = "Linux Bluetooth Stack Userland V5"
2DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries."
3HOMEPAGE = "http://www.bluez.org"
4SECTION = "libs"
5LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
6LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
7 file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
8 file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac"
9DEPENDS = "dbus glib-2.0"
10PROVIDES += "bluez-hcidump"
11RPROVIDES:${PN} += "bluez-hcidump"
12
13PACKAGECONFIG ??= "obex-profiles \
14 readline \
15 ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
16 a2dp-profiles \
17 avrcp-profiles \
18 bap-profiles \
19 bass-profiles \
20 mcp-profiles \
21 ccp-profiles \
22 vcp-profiles \
23 micp-profiles \
24 csip-profiles \
25 asha-profiles \
26 network-profiles \
27 hid-profiles \
28 hog-profiles \
29 tools \
30 deprecated \
31 udev \
32"
33PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
34PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
35PACKAGECONFIG[testing] = "--enable-testing,--disable-testing"
36PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib"
37PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
38PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups"
39PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
40PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
41PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
42PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
43PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
44PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
45PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
46PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health"
47PACKAGECONFIG[bap-profiles] = "--enable-bap,--disable-bap"
48PACKAGECONFIG[bass-profiles] = "--enable-bass,--disable-bass"
49PACKAGECONFIG[mcp-profiles] = "--enable-mcp,--disable-mcp"
50PACKAGECONFIG[ccp-profiles] = "--enable-ccp,--disable-ccp"
51PACKAGECONFIG[vcp-profiles] = "--enable-vcp,--disable-vcp"
52PACKAGECONFIG[micp-profiles] = "--enable-micp,--disable-micp"
53PACKAGECONFIG[csip-profiles] = "--enable-csip,--disable-csip"
54PACKAGECONFIG[asha-profiles] = "--enable-asha,--disable-asha"
55PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
56PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
57PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
58PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
59PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
60PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
61PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native"
62
63SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
64 file://init \
65 file://run-ptest \
66 file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
67 file://0001-media-fix-pac_config_cb-error-code-return.patch \
68 "
69S = "${UNPACKDIR}/bluez-${PV}"
70
71CVE_PRODUCT = "bluez"
72
73inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data
74
75EXTRA_OECONF = "\
76 --enable-test \
77 --enable-datafiles \
78 --enable-library \
79 --enable-pie \
80 --without-zsh-completion-dir \
81"
82
83CFLAGS += "-DFIRMWARE_DIR='"${nonarch_base_libdir}/firmware"'"
84
85# bluez5 builds a large number of useful utilities but does not
86# install them. Specify which ones we want put into ${PN}-noinst-tools.
87NOINST_TOOLS_READLINE ??= ""
88NOINST_TOOLS_TESTING ??= ""
89NOINST_TOOLS_BT ??= ""
90NOINST_TOOLS = " \
91 ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \
92 ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \
93 ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
94"
95
96do_install:append() {
97 install -d ${D}${INIT_D_DIR}
98 install -m 0755 ${UNPACKDIR}/init ${D}${INIT_D_DIR}/bluetooth
99
100 if [ -f ${D}${sysconfdir}/init.d/bluetooth ]; then
101 sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${sysconfdir}/init.d/bluetooth
102 fi
103
104 # Install desired tools that upstream leaves in build area
105 for f in ${NOINST_TOOLS} ; do
106 install -m 755 ${B}/$f ${D}${bindir}
107 done
108}
109
110PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
111
112FILES:${PN} += " \
113 ${libdir}/bluetooth/plugins/*.so \
114 ${systemd_unitdir}/ ${datadir}/dbus-1 \
115 ${libdir}/cups \
116"
117FILES:${PN}-dev += " \
118 ${libdir}/bluetooth/plugins/*.la \
119"
120
121FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \
122 ${exec_prefix}/lib/systemd/user/obex.service \
123 ${systemd_system_unitdir}/obex.service \
124 ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
125 ${datadir}/dbus-1/services/org.bluez.obex.service \
126 ${sysconfdir}/dbus-1/system.d/obexd.conf \
127 "
128SYSTEMD_SERVICE:${PN}-obex = "obex.service"
129
130FILES:${PN}-testtools = "${libdir}/bluez/test/*"
131
132def get_noinst_tools_paths (d, bb, tools):
133 s = list()
134 bindir = d.getVar("bindir")
135 for bdp in tools.split():
136 f = os.path.basename(bdp)
137 s.append("%s/%s" % (bindir, f))
138 return "\n".join(s)
139
140FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
141
142RDEPENDS:${PN}-testtools += "python3-core python3-dbus"
143RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
144
145SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
146INITSCRIPT_PACKAGES = "${PN}"
147INITSCRIPT_NAME:${PN} = "bluetooth"
148
149do_compile_ptest() {
150 oe_runmake buildtests
151}
152
153do_install_ptest() {
154 cp -r ${B}/unit/ ${D}${PTEST_PATH}
155 rm -f ${D}${PTEST_PATH}/unit/*.o
156}
157
158RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch
deleted file mode 100644
index a67fd07137..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From d7966dbb7bcf39f9615c906c47ef7ad895796756 Mon Sep 17 00:00:00 2001
2From: Pauli Virtanen <pav@iki.fi>
3Date: Thu, 18 Sep 2025 20:19:35 +0300
4Subject: [PATCH] media: fix pac_config_cb() error code return
5
6Fixes: a887b1a1b91f ("audio: Add support for specific error codes for A2DP configuration")
7
8Upstream-Status: Backport [https://github.com/bluez/bluez/commit/6b0a08776ae44a9102d7c6875a77e83dc6a11a37]
9Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
10---
11 profiles/audio/media.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/profiles/audio/media.c b/profiles/audio/media.c
15index 332f643bb..deb321e6c 100644
16--- a/profiles/audio/media.c
17+++ b/profiles/audio/media.c
18@@ -1110,7 +1110,7 @@ static void pac_config_cb(struct media_endpoint *endpoint, void *ret, int size,
19 if (!transport)
20 return;
21
22- data->cb(data->stream, error_code == 0 ? 0 : -EINVAL);
23+ data->cb(data->stream, (error_code && *error_code == 0) ? 0 : -EINVAL);
24 }
25
26 static struct media_transport *pac_ucast_config(struct bt_bap_stream *stream,
27--
282.43.0
29
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
deleted file mode 100644
index cea7c10c3d..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
+++ /dev/null
@@ -1,25 +0,0 @@
1From d8bbdd8e7166f481429b4999f520cd8306685f03 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Fri, 1 Apr 2016 17:07:34 +0300
4Subject: [PATCH] tests: add a target for building tests without running them
5
6Upstream-Status: Inappropriate [oe specific]
7Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
8---
9 Makefile.am | 3 +++
10 1 file changed, 3 insertions(+)
11
12diff --git a/Makefile.am b/Makefile.am
13index 94f625d..a3c3512 100644
14--- a/Makefile.am
15+++ b/Makefile.am
16@@ -725,6 +725,9 @@ endif
17 TESTS = $(unit_tests)
18 AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69
19
20+# This allows building tests without running them
21+buildtests: $(TESTS)
22+
23 if DBUS_RUN_SESSION
24 AM_TESTS_ENVIRONMENT += dbus-run-session --
25 endif
diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init
deleted file mode 100644
index ca9fa18549..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/init
+++ /dev/null
@@ -1,61 +0,0 @@
1#!/bin/sh
2
3# Source function library
4. /etc/init.d/functions
5
6PATH=/sbin:/bin:/usr/sbin:/usr/bin
7DESC=bluetooth
8
9DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd
10
11# If you want to be ignore error of "org.freedesktop.hostname1",
12# please enable NOPLUGIN_OPTION.
13# NOPLUGIN_OPTION="--noplugin=hostname"
14NOPLUGIN_OPTION=""
15SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION"
16
17test -f $DAEMON || exit 0
18
19# FIXME: any of the sourced files may fail if/with syntax errors
20test -f /etc/default/bluetooth && . /etc/default/bluetooth
21test -f /etc/default/rcS && . /etc/default/rcS
22
23set -e
24
25case $1 in
26 start)
27 echo -n "Starting $DESC: "
28 if test "$BLUETOOTH_ENABLED" = 0; then
29 echo "disabled (see /etc/default/bluetooth)."
30 exit 0
31 fi
32 start-stop-daemon --start --background $SSD_OPTIONS
33 echo "${DAEMON##*/}."
34 ;;
35 stop)
36 echo -n "Stopping $DESC: "
37 if test "$BLUETOOTH_ENABLED" = 0; then
38 echo "disabled (see /etc/default/bluetooth)."
39 exit 0
40 fi
41 start-stop-daemon --stop $SSD_OPTIONS
42 echo "${DAEMON##*/}."
43 ;;
44 restart|force-reload)
45 $0 stop
46 sleep 1
47 $0 start
48 ;;
49 status)
50 status ${DAEMON} || exit $?
51 ;;
52 *)
53 N=/etc/init.d/bluetooth
54 echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
55 exit 1
56 ;;
57esac
58
59exit 0
60
61# vim:noet
diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
deleted file mode 100644
index 0335e68e48..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest
+++ /dev/null
@@ -1,31 +0,0 @@
1#! /bin/sh
2
3cd unit
4
5failed=0
6all=0
7
8for f in test-*; do
9 "./$f" -q
10 case "$?" in
11 0)
12 echo "PASS: $f"
13 all=$((all + 1))
14 ;;
15 77)
16 echo "SKIP: $f"
17 ;;
18 *)
19 echo "FAIL: $f"
20 failed=$((failed + 1))
21 all=$((all + 1))
22 ;;
23 esac
24done
25
26if [ "$failed" -eq 0 ] ; then
27 echo "All $all tests passed"
28else
29 echo "$failed of $all tests failed"
30fi
31
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb b/meta/recipes-connectivity/bluez5/bluez5_5.84.bb
deleted file mode 100644
index 874db9df64..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb
+++ /dev/null
@@ -1,74 +0,0 @@
1require bluez5.inc
2
3SRC_URI[sha256sum] = "5ba73d030f7b00087d67800b0e321601aec0f892827c72e5a2c8390d8c886b11"
4
5CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
6
7# noinst programs in Makefile.tools that are conditional on READLINE
8# support
9NOINST_TOOLS_READLINE ?= " \
10 ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \
11 tools/obex-client-tool \
12 tools/obex-server-tool \
13 tools/bluetooth-player \
14 tools/obexctl \
15 tools/btmgmt \
16"
17
18# noinst programs in Makefile.tools that are conditional on TESTING
19# support
20NOINST_TOOLS_TESTING ?= " \
21 emulator/btvirt \
22 emulator/b1ee \
23 emulator/hfp \
24 peripheral/btsensor \
25 tools/3dsp \
26 tools/mgmt-tester \
27 tools/gap-tester \
28 tools/l2cap-tester \
29 tools/sco-tester \
30 tools/smp-tester \
31 tools/hci-tester \
32 tools/rfcomm-tester \
33 tools/bnep-tester \
34 tools/userchan-tester \
35 tools/iso-tester \
36 tools/mesh-tester \
37 tools/ioctl-tester \
38"
39
40# noinst programs in Makefile.tools that are conditional on TOOLS
41# support
42NOINST_TOOLS_BT ?= " \
43 tools/bdaddr \
44 tools/avinfo \
45 tools/avtest \
46 tools/scotest \
47 tools/hwdb \
48 tools/hcieventmask \
49 tools/hcisecfilter \
50 tools/btinfo \
51 tools/btconfig \
52 tools/btsnoop \
53 tools/btproxy \
54 tools/btiotest \
55 tools/bneptest \
56 tools/mcaptest \
57 tools/cltest \
58 tools/oobtest \
59 tools/advtest \
60 tools/seq2bseq \
61 tools/nokfw \
62 tools/rtlfw \
63 tools/bcmfw \
64 tools/create-image \
65 tools/eddystone \
66 tools/ibeacon \
67 tools/btgatt-client \
68 tools/btgatt-server \
69 tools/test-runner \
70 tools/check-selftest \
71 tools/gatt-service \
72 profiles/iap/iapd \
73 ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient tools/btpclientctl', '', d)} \
74"
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
deleted file mode 100644
index 854e1f1f29..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ /dev/null
@@ -1,20 +0,0 @@
1SUMMARY = "Connman config to ignore wired interface on qemu machines"
2DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \
3network interface inside qemu machines."
4LICENSE = "GPL-2.0-only"
5LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
6
7SRC_URI = "file://main.conf \
8 "
9
10S = "${UNPACKDIR}"
11
12PACKAGE_ARCH = "${MACHINE_ARCH}"
13
14FILES:${PN} = "${sysconfdir}/*"
15
16# Kernel IP-Config is perfectly capable of setting up networking passed in via ip=
17do_install:append:qemuall() {
18 mkdir -p ${D}${sysconfdir}/connman
19 cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf
20}
diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf
deleted file mode 100644
index 3c9dd396f6..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/main.conf
+++ /dev/null
@@ -1,2 +0,0 @@
1[General]
2NetworkInterfaceBlacklist = eth,en
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
deleted file mode 100644
index c93e9b4654..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
+++ /dev/null
@@ -1,277 +0,0 @@
1From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001
2From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Wed, 2 Mar 2016 15:47:49 +0200
4Subject: [PATCH] Port to Gtk3
5
6Some unused (or not useful) code was removed, functionality should stay
7the same.
8
9Code still contains quite a few uses of deprecated API.
10
11Upstream-Status: Submitted
12Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
13---
14 applet/agent.c | 3 +--
15 applet/main.c | 43 -------------------------------------------
16 applet/status.c | 8 --------
17 configure.ac | 3 +--
18 properties/ethernet.c | 14 +++++++-------
19 properties/main.c | 2 +-
20 properties/wifi.c | 12 ++++++------
21 7 files changed, 16 insertions(+), 69 deletions(-)
22
23diff --git a/applet/agent.c b/applet/agent.c
24index 65bed08..04fe86a 100644
25--- a/applet/agent.c
26+++ b/applet/agent.c
27@@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request,
28 gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
29 gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
30 gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE);
31- gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE);
32 input->dialog = dialog;
33
34 gtk_dialog_add_button(GTK_DIALOG(dialog),
35@@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request,
36 gtk_table_set_row_spacings(GTK_TABLE(table), 4);
37 gtk_table_set_col_spacings(GTK_TABLE(table), 20);
38 gtk_container_set_border_width(GTK_CONTAINER(table), 12);
39- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
40+ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table);
41
42 label = gtk_label_new(_("Please provide some network information:"));
43 gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
44diff --git a/applet/main.c b/applet/main.c
45index f12d371..cd16285 100644
46--- a/applet/main.c
47+++ b/applet/main.c
48@@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name,
49 }
50 }
51
52-static void open_uri(GtkWindow *parent, const char *uri)
53-{
54- GtkWidget *dialog;
55- GdkScreen *screen;
56- GError *error = NULL;
57- gchar *cmdline;
58-
59- screen = gtk_window_get_screen(parent);
60-
61- cmdline = g_strconcat("xdg-open ", uri, NULL);
62-
63- if (gdk_spawn_command_line_on_screen(screen,
64- cmdline, &error) == FALSE) {
65- dialog = gtk_message_dialog_new(parent,
66- GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
67- GTK_BUTTONS_CLOSE, "%s", error->message);
68- gtk_dialog_run(GTK_DIALOG(dialog));
69- gtk_widget_destroy(dialog);
70- g_error_free(error);
71- }
72-
73- g_free(cmdline);
74-}
75-
76-static void about_url_hook(GtkAboutDialog *dialog,
77- const gchar *url, gpointer data)
78-{
79- open_uri(GTK_WINDOW(dialog), url);
80-}
81-
82-static void about_email_hook(GtkAboutDialog *dialog,
83- const gchar *email, gpointer data)
84-{
85- gchar *uri;
86-
87- uri = g_strconcat("mailto:", email, NULL);
88- open_uri(GTK_WINDOW(dialog), uri);
89- g_free(uri);
90-}
91-
92 static void about_callback(GtkWidget *item, gpointer user_data)
93 {
94 const gchar *authors[] = {
95@@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data)
96 NULL
97 };
98
99- gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL);
100- gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL);
101-
102 gtk_show_about_dialog(NULL, "version", VERSION,
103 "copyright", "Copyright \xc2\xa9 2008 Intel Corporation",
104 "comments", _("A connection manager for the GNOME desktop"),
105diff --git a/applet/status.c b/applet/status.c
106index aed6f1e..015ff29 100644
107--- a/applet/status.c
108+++ b/applet/status.c
109@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation,
110 {
111 available = TRUE;
112
113- gtk_status_icon_set_tooltip(statusicon, NULL);
114-
115 animation->start = start;
116 animation->end = (end == 0) ? animation->count - 1 : end;
117
118@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation)
119 {
120 available = TRUE;
121
122- gtk_status_icon_set_tooltip(statusicon, NULL);
123-
124 if (animation->id > 0)
125 g_source_remove(animation->id);
126
127@@ -251,8 +247,6 @@ void status_unavailable(void)
128 available = FALSE;
129
130 gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier);
131- gtk_status_icon_set_tooltip(statusicon,
132- "Connection Manager daemon is not running");
133
134 gtk_status_icon_set_visible(statusicon, TRUE);
135 }
136@@ -299,7 +293,6 @@ static void set_ready(gint signal)
137
138 if (signal < 0) {
139 gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired);
140- gtk_status_icon_set_tooltip(statusicon, NULL);
141 return;
142 }
143
144@@ -311,7 +304,6 @@ static void set_ready(gint signal)
145 index = 4;
146
147 gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]);
148- gtk_status_icon_set_tooltip(statusicon, NULL);
149 }
150
151 struct timeout_data {
152diff --git a/configure.ac b/configure.ac
153index b972e07..a4dad5d 100644
154--- a/configure.ac
155+++ b/configure.ac
156@@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS)
157 DBUS_BINDING_TOOL="dbus-binding-tool"
158 AC_SUBST(DBUS_BINDING_TOOL)
159
160-PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes,
161- AC_MSG_ERROR(gtk+ >= 2.8 is required))
162+PKG_CHECK_MODULES(GTK, gtk+-3.0)
163 AC_SUBST(GTK_CFLAGS)
164 AC_SUBST(GTK_LIBS)
165
166diff --git a/properties/ethernet.c b/properties/ethernet.c
167index 31db7a0..0b6b423 100644
168--- a/properties/ethernet.c
169+++ b/properties/ethernet.c
170@@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
171 gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
172 gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
173
174- table = gtk_table_new(1, 1, TRUE);
175+ table = gtk_table_new(1, 1, FALSE);
176 gtk_table_set_row_spacings(GTK_TABLE(table), 10);
177 gtk_table_set_col_spacings(GTK_TABLE(table), 10);
178 gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
179@@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
180 gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
181 gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
182
183- table = gtk_table_new(5, 5, TRUE);
184+ table = gtk_table_new(5, 5, FALSE);
185 gtk_table_set_row_spacings(GTK_TABLE(table), 10);
186 gtk_table_set_col_spacings(GTK_TABLE(table), 10);
187 gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
188@@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
189 label = gtk_label_new(_("Configuration:"));
190 gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1);
191
192- combo = gtk_combo_box_new_text();
193- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
194- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL");
195+ combo = gtk_combo_box_text_new();
196+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
197+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL");
198 gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
199 separator_function, NULL, NULL);
200 gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1);
201@@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
202 case CONNMAN_POLICY_DHCP:
203 gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
204 for (i = 0; i < 3; i++) {
205- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
206+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
207 gtk_widget_set_sensitive(entry[i], 0);
208 gtk_entry_set_text(GTK_ENTRY(entry[i]), _(""));
209 }
210@@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
211 case CONNMAN_POLICY_MANUAL:
212 gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
213 for (i = 0; i < 3; i++) {
214- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
215+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
216 gtk_widget_set_sensitive(entry[i], 1);
217 }
218 break;
219diff --git a/properties/main.c b/properties/main.c
220index c05f443..6f76361 100644
221--- a/properties/main.c
222+++ b/properties/main.c
223@@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window)
224
225 scrolled = gtk_scrolled_window_new(NULL, NULL);
226 gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled),
227- GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
228+ GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC);
229 gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled),
230 GTK_SHADOW_OUT);
231 gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0);
232diff --git a/properties/wifi.c b/properties/wifi.c
233index bd325ef..a5827e0 100644
234--- a/properties/wifi.c
235+++ b/properties/wifi.c
236@@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
237 gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
238 gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
239
240- table = gtk_table_new(1, 1, TRUE);
241+ table = gtk_table_new(1, 1, FALSE);
242 gtk_table_set_row_spacings(GTK_TABLE(table), 10);
243 gtk_table_set_col_spacings(GTK_TABLE(table), 10);
244 gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
245@@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte
246 gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4);
247 data->ipv4.label[0] = label;
248
249- combo = gtk_combo_box_new_text();
250- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
251- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual");
252+ combo = gtk_combo_box_text_new();
253+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
254+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual");
255
256 gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
257 separator_function, NULL, NULL);
258@@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy)
259 case CONNMAN_POLICY_DHCP:
260 gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
261 for (i = 0; i < 3; i++) {
262- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
263+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
264 gtk_widget_set_sensitive(entry[i], 0);
265 }
266 break;
267 case CONNMAN_POLICY_MANUAL:
268 gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
269 for (i = 0; i < 3; i++) {
270- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
271+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
272 gtk_widget_set_sensitive(entry[i], 1);
273 }
274 break;
275--
2762.8.1
277
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
deleted file mode 100644
index 7957500dcf..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001
2From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
3Date: Mon, 17 Dec 2012 14:01:18 +0200
4Subject: [PATCH] Removed icon from connman-gnome "about" applet
5
6The connman-gnome "about" applet showed a picture that
7can not be displayed. There is no designated picture
8in connman-gnome to be used in the about section, so
9it was removed.
10
11[OE-Core #2509]
12
13Upstream-Status: Pending
14
15Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
16---
17 applet/main.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/applet/main.c b/applet/main.c
21index f12d371..c7b3c7f 100644
22--- a/applet/main.c
23+++ b/applet/main.c
24@@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data)
25 "comments", _("A connection manager for the GNOME desktop"),
26 "authors", authors,
27 "translator-credits", _("translator-credits"),
28- "logo-icon-name", "network-wireless", NULL);
29+ NULL);
30 }
31
32 static void settings_callback(GtkWidget *item, gpointer user_data)
33--
341.7.9.5
35
diff --git a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
deleted file mode 100644
index f4049fa3e2..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
+++ /dev/null
@@ -1,187 +0,0 @@
1connman-gnome: fix dbus interface name
2
3This patch resolves following error:
4
5"connman-dbus.xml": "connman" is not a valid D-Bus interface name
6
7https://502552.bugs.gentoo.org/attachment.cgi?id=380652
8
9Upstream-Status: Backport
10
11Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
12---
13 common/connman-client.c | 24 ++++++++++++------------
14 common/connman-client.h | 4 ++--
15 common/connman-dbus.c | 6 +++---
16 common/connman-dbus.xml | 2 +-
17 4 files changed, 18 insertions(+), 18 deletions(-)
18
19diff --git a/common/connman-client.c b/common/connman-client.c
20index c55e25c..9d818b2 100644
21--- a/common/connman-client.c
22+++ b/common/connman-client.c
23@@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
24
25 g_value_init(&value, DBUS_TYPE_G_DICTIONARY);
26 g_value_set_boxed(&value, ipv4);
27- ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
28+ ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
29
30 g_object_unref(proxy);
31
32@@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
33 g_value_set_boolean(&value, powered);
34
35 error = NULL;
36- connman_set_property(proxy, "Powered", &value, &error);
37+ net_connman_set_property(proxy, "Powered", &value, &error);
38 if( error )
39 fprintf (stderr, "error: %s\n", error->message);
40
41@@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
42 }
43
44 void connman_client_scan(ConnmanClient *client, const gchar *device,
45- connman_scan_reply callback, gpointer user_data)
46+ net_connman_scan_reply callback, gpointer user_data)
47 {
48 ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
49 DBusGProxy *proxy;
50@@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device,
51 if (proxy == NULL)
52 return;
53
54- connman_scan_async(proxy, callback, user_data);
55+ net_connman_scan_async(proxy, callback, user_data);
56
57 g_object_unref(proxy);
58 }
59@@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client)
60
61 DBG("client %p", client);
62
63- ret = connman_get_properties(priv->manager, &hash, NULL);
64+ ret = net_connman_get_properties(priv->manager, &hash, NULL);
65
66 if (ret == FALSE)
67 goto done;
68@@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status)
69 g_value_init(&value, G_TYPE_BOOLEAN);
70 g_value_set_boolean(&value, status);
71
72- connman_set_property(priv->manager, "OfflineMode", &value, NULL);
73+ net_connman_set_property(priv->manager, "OfflineMode", &value, NULL);
74 }
75
76 static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
77@@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
78 return TRUE;
79
80 if (type == CONNMAN_TYPE_WIFI)
81- connman_disconnect(proxy, NULL);
82+ net_connman_disconnect(proxy, NULL);
83
84 g_object_unref(proxy);
85
86@@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network)
87 if (proxy == NULL)
88 return;
89
90- connman_connect(proxy, NULL);
91+ net_connman_connect(proxy, NULL);
92
93 g_object_unref(proxy);
94 }
95
96 void connman_client_connect_async(ConnmanClient *client, const gchar *network,
97- connman_connect_reply callback, gpointer userdata)
98+ net_connman_connect_reply callback, gpointer userdata)
99 {
100 ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
101 DBusGProxy *proxy;
102@@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
103 if (proxy == NULL)
104 goto done;
105
106- connman_connect_async(proxy, callback, userdata);
107+ net_connman_connect_async(proxy, callback, userdata);
108
109 done:
110 return;
111@@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network)
112 if (proxy == NULL)
113 return;
114
115- connman_disconnect(proxy, NULL);
116+ net_connman_disconnect(proxy, NULL);
117
118 g_object_unref(proxy);
119 }
120@@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network)
121 if (proxy == NULL)
122 return;
123
124- connman_remove(proxy, NULL);
125+ net_connman_remove(proxy, NULL);
126
127 g_object_unref(proxy);
128 }
129diff --git a/common/connman-client.h b/common/connman-client.h
130index 9e2e6d5..98241de 100644
131--- a/common/connman-client.h
132+++ b/common/connman-client.h
133@@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
134 gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
135 struct ipv4_config *ipv4_config);
136 void connman_client_scan(ConnmanClient *client, const gchar *device,
137- connman_scan_reply callback, gpointer user_data);
138+ net_connman_scan_reply callback, gpointer user_data);
139
140 void connman_client_connect(ConnmanClient *client, const gchar *network);
141 void connman_client_disconnect(ConnmanClient *client, const gchar *network);
142 gchar *connman_client_get_security(ConnmanClient *client, const gchar *network);
143 void connman_client_connect_async(ConnmanClient *client, const gchar *network,
144- connman_connect_reply callback, gpointer userdata);
145+ net_connman_connect_reply callback, gpointer userdata);
146 void connman_client_set_remember(ConnmanClient *client, const gchar *network,
147 gboolean remember);
148
149diff --git a/common/connman-dbus.c b/common/connman-dbus.c
150index b82b3e1..543eb43 100644
151--- a/common/connman-dbus.c
152+++ b/common/connman-dbus.c
153@@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn,
154
155 DBG("getting manager properties");
156
157- connman_get_properties_async(proxy, manager_properties, store);
158+ net_connman_get_properties_async(proxy, manager_properties, store);
159
160 DBG("getting technologies");
161
162- connman_get_technologies_async(proxy, manager_technologies, store);
163+ net_connman_get_technologies_async(proxy, manager_technologies, store);
164
165 DBG("getting services");
166
167- connman_get_services_async(proxy, manager_services, store);
168+ net_connman_get_services_async(proxy, manager_services, store);
169
170 return proxy;
171 }
172diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml
173index 56b9582..0199d52 100644
174--- a/common/connman-dbus.xml
175+++ b/common/connman-dbus.xml
176@@ -1,7 +1,7 @@
177 <?xml version="1.0" encoding="UTF-8" ?>
178
179 <node name="/">
180- <interface name="connman">
181+ <interface name="net.connman">
182 <method name="GetProperties">
183 <arg type="a{sv}" direction="out"/>
184 </method>
185--
1861.9.1
187
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
deleted file mode 100644
index 33247c1e2d..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
deleted file mode 100644
index a94fb952ff..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
deleted file mode 100644
index b5eb405a90..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
deleted file mode 100644
index be54419fa7..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
deleted file mode 100644
index 1c40ac9a10..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
deleted file mode 100644
index 0421cda0b2..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1In networks that don't have a DHCP server configured, ipv4 address
2allocation fails and the ipv4 structure doesn't get populated. When
3the GUI is trying to read the ipv4_config.method field to see whether
4it contains "dhcp" string, a segmentation fault is generated.
5
6Ethernet manual configuration behavior remains unchanged after this fix.
7
8Upstream-Status: Pending
9
10Signed-off-by: Emilia Ciobanu <emilia.maria.silvia.ciobanu@intel.com>
11Index: git/properties/ethernet.c
12===================================================================
13--- git.orig/properties/ethernet.c
14+++ git/properties/ethernet.c
15@@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai
16
17 data->button = button;
18
19- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
20+ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
21 update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP);
22 else
23 update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL);
24Index: git/properties/wifi.c
25===================================================================
26--- git.orig/properties/wifi.c
27+++ git/properties/wifi.c
28@@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab
29
30 data->ipv4_config = ipv4_config;
31
32- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
33+ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
34 update_wifi_ipv4(data, CONNMAN_POLICY_DHCP);
35 else
36 update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL);
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
deleted file mode 100644
index 8bfc1540b3..0000000000
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ /dev/null
@@ -1,32 +0,0 @@
1SUMMARY = "GTK+ frontend for the ConnMan network connection manager"
2HOMEPAGE = "http://connman.net/"
3SECTION = "libs/network"
4LICENSE = "GPL-2.0-only & LGPL-2.1-only"
5LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
6 file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
7 file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
8
9DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
10
11# 0.7 tag
12SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
13SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \
14 file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
15 file://null_check_for_ipv4_config.patch \
16 file://images/ \
17 file://connman-gnome-fix-dbus-interface-name.patch \
18 file://0001-Port-to-Gtk3.patch \
19 "
20
21inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
22ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
23
24RDEPENDS:${PN} = "connman"
25
26do_install:append() {
27 install -m 0644 ${UNPACKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
28}
29
30# http://errors.yoctoproject.org/Errors/Details/766926/
31# connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types]
32CFLAGS += "-Wno-error=incompatible-pointer-types"
diff --git a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch b/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch
deleted file mode 100755
index 3b7b5a096e..0000000000
--- a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From eac489c872c775c88bbd85b4cec6c1d47ad9e6a6 Mon Sep 17 00:00:00 2001
2From: Peter Tatrai <peter.tatrai.ext@siemens.com>
3Date: Sun, 7 Sep 2025 09:25:20 +0200
4Subject: [PATCH] connman, vpn: avoid hiding implementation-reserved symbols
5
6When using 'local: *;' in the version script, all symbols, including those
7reserved for the implementation (such as _IO_stdin_used), are hidden. This
8causes glibc's libio to misdetect the libc version, leading to a crash when
9glibc prints to stdout (e.g., with connmand --help) on PowerPC.
10
11Change 'local: *;' to 'local: [!_]*;' to avoid hiding symbols starting with an
12underscore, as recommended in glibc bug 17908
13(https://sourceware.org/bugzilla/show_bug.cgi?id=17908). This ensures libio can
14correctly detect the libc version and prevents the crash.
15
16Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=17908
17
18Upstream-Status: Submitted [https://lore.kernel.org/connman/20250907081844.1558-1-peter.tatrai.ext@siemens.com/]
19
20Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com>
21---
22 src/connman.ver | 2 +-
23 vpn/vpn.ver | 2 +-
24 2 files changed, 2 insertions(+), 2 deletions(-)
25
26diff --git a/src/connman.ver b/src/connman.ver
27index 03a0eec..b75e90d 100644
28--- a/src/connman.ver
29+++ b/src/connman.ver
30@@ -3,5 +3,5 @@
31 connman_*;
32 g_dbus_*;
33 local:
34- *;
35+ [!_]*;
36 };
37diff --git a/vpn/vpn.ver b/vpn/vpn.ver
38index b887706..5cad344 100644
39--- a/vpn/vpn.ver
40+++ b/vpn/vpn.ver
41@@ -4,5 +4,5 @@
42 vpn_*;
43 g_dbus_*;
44 local:
45- *;
46+ [!_]*;
47 };
48--
492.47.2
50
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
deleted file mode 100644
index 2c612039ee..0000000000
--- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ /dev/null
@@ -1,85 +0,0 @@
1From 4e726a5aaa75d60fab6a56bc37dbec48be53ff79 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 6 Apr 2015 23:02:21 -0700
4Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to
5 __RES
6
7Not all libc implementation have those functions, and the way to determine
8if they do is to check __RES which is explained in resolv.h thusly:
9
10/*
11 * Revision information. This is the release date in YYYYMMDD format.
12 * It can change every day so the right thing to do with it is use it
13 * in preprocessor commands such as "#if (__RES > 19931104)". Do not
14 * compare for equality; rather, use it to determine whether your resolver
15 * is new enough to contain a certain feature.
16 */
17
18Indeed, it needs to be at least 19991006.
19
20The portion of the patch that implements a fallback is ported from
21Alpine Linux:
22http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
23
24Upstream-Status: Submitted [to connman@lists.linux.dev,marcel@holtmann.org]
25
26Signed-off-by: Khem Raj <raj.khem@gmail.com>
27---
28 gweb/gresolv.c | 21 +++++++++++++++++++++
29 1 file changed, 21 insertions(+)
30
31diff --git a/gweb/gresolv.c b/gweb/gresolv.c
32index 8101d71..9f1477c 100644
33--- a/gweb/gresolv.c
34+++ b/gweb/gresolv.c
35@@ -879,7 +879,9 @@ GResolv *g_resolv_new(int index)
36 resolv->index = index;
37 resolv->nameserver_list = NULL;
38
39+#if (__RES >= 19991006)
40 res_ninit(&resolv->res);
41+#endif
42
43 return resolv;
44 }
45@@ -920,7 +922,9 @@ void g_resolv_unref(GResolv *resolv)
46
47 flush_nameservers(resolv);
48
49+#if (__RES >= 19991006)
50 res_nclose(&resolv->res);
51+#endif
52
53 g_free(resolv);
54 }
55@@ -1024,6 +1028,7 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
56 debug(resolv, "hostname %s", hostname);
57
58 if (!resolv->nameserver_list) {
59+#if (__RES >= 19991006)
60 int i;
61
62 for (i = 0; i < resolv->res.nscount; i++) {
63@@ -1043,6 +1048,22 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
64 if (inet_ntop(family, sa_addr, buf, sizeof(buf)))
65 g_resolv_add_nameserver(resolv, buf, 53, 0);
66 }
67+#else
68+ FILE *f = fopen("/etc/resolv.conf", "r");
69+ if (f) {
70+ char line[256], *s;
71+ int i;
72+ while (fgets(line, sizeof(line), f)) {
73+ if (strncmp(line, "nameserver", 10) || !isspace(line[10]))
74+ continue;
75+ for (s = &line[11]; isspace(s[0]); s++);
76+ for (i = 0; s[i] && !isspace(s[i]); i++);
77+ s[i] = 0;
78+ g_resolv_add_nameserver(resolv, s, 53, 0);
79+ }
80+ fclose(f);
81+ }
82+#endif
83
84 if (!resolv->nameserver_list)
85 g_resolv_add_nameserver(resolv, "127.0.0.1", 53, 0);
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman
deleted file mode 100644
index adb5d44fed..0000000000
--- a/meta/recipes-connectivity/connman/connman/connman
+++ /dev/null
@@ -1,45 +0,0 @@
1#!/bin/sh
2
3DAEMON=/usr/sbin/connmand
4PIDFILE=/var/run/connmand.pid
5DESC="Connection Manager"
6
7if [ -f /etc/default/connman ] ; then
8 . /etc/default/connman
9fi
10
11set -e
12
13do_start() {
14 if [ -f @DATADIR@/connman/wired-setup ] ; then
15 . @DATADIR@/connman/wired-setup
16 fi
17 $DAEMON
18}
19
20do_stop() {
21 start-stop-daemon --stop --oknodo --name connmand --quiet
22}
23
24case "$1" in
25 start)
26 echo "Starting $DESC"
27 do_start
28 ;;
29 stop)
30 echo "Stopping $DESC"
31 do_stop
32 ;;
33 restart|force-reload)
34 echo "Restarting $DESC"
35 do_stop
36 sleep 1
37 do_start
38 ;;
39 *)
40 echo "Usage: $0 {start|stop|restart|force-reload}" >&2
41 exit 1
42 ;;
43esac
44
45exit 0
diff --git a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
deleted file mode 100644
index c96ab311e5..0000000000
--- a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 67f37aafcc8ef5d2eb006387e7bec21f74518727 Mon Sep 17 00:00:00 2001
2From: Ross Burton <ross.burton@intel.com>
3Date: Tue, 9 Aug 2016 12:12:02 +0100
4Subject: [PATCH] connman: disable version-scripts to fix crashes at startup
5
6With binutils 2.27 on at least PowerPC, connmand will crash on `connmand --help`.
7This appears to be due to the symbol visibilty scripts hiding symbols that stdio
8looks up at runtime, resulting in it segfaulting.
9
10This certainly appears to be a bug in binutils 2.27 although the problem has
11been known about for some time:
12
13https://sourceware.org/bugzilla/show_bug.cgi?id=17908
14
15As the version scripts are only used to hide symbols from plugins we can safely
16remove the scripts to work around the problem until binutils is fixed.
17
18Upstream-Status: Inappropriate
19Signed-off-by: Ross Burton <ross.burton@intel.com>
20Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com>
21---
22 Makefile.am | 6 ++----
23 1 file changed, 2 insertions(+), 4 deletions(-)
24
25diff --git a/Makefile.am b/Makefile.am
26index 3dc3bb5..3be5ccb 100644
27--- a/Makefile.am
28+++ b/Makefile.am
29@@ -143,8 +143,7 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
30 @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \
31 -lresolv -ldl -lrt
32
33-src_connmand_LDFLAGS = -Wl,--export-dynamic \
34- -Wl,--version-script=$(srcdir)/src/connman.ver
35+src_connmand_LDFLAGS = -Wl,--export-dynamic
36
37 src_connmand_wait_online_SOURCES = src/connmand-wait-online.c
38
39@@ -187,8 +186,7 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
40 @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \
41 -lresolv -ldl
42
43-vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
44- -Wl,--version-script=$(srcdir)/vpn/vpn.ver
45+vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic
46 endif
47
48 BUILT_SOURCES = $(local_headers) src/builtin.h $(service_files) \
diff --git a/meta/recipes-connectivity/connman/connman_1.45.bb b/meta/recipes-connectivity/connman/connman_1.45.bb
deleted file mode 100644
index ca0337b4d3..0000000000
--- a/meta/recipes-connectivity/connman/connman_1.45.bb
+++ /dev/null
@@ -1,237 +0,0 @@
1SUMMARY = "A daemon for managing internet connections within embedded devices"
2DESCRIPTION = "The ConnMan project provides a daemon for managing \
3internet connections within embedded devices running the Linux \
4operating system. The Connection Manager is designed to be slim and \
5to use as few resources as possible, so it can be easily integrated. \
6It is a fully modular system that can be extended, through plug-ins, \
7to support all kinds of wired or wireless technologies. Also, \
8configuration methods, like DHCP and domain name resolving, are \
9implemented using plug-ins."
10HOMEPAGE = "https://web.git.kernel.org/pub/scm/network/connman/connman.git/about/"
11LICENSE = "GPL-2.0-only"
12LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
13 file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
14
15inherit autotools pkgconfig systemd update-rc.d update-alternatives
16
17CVE_PRODUCT = "connman connection_manager"
18
19DEPENDS = "dbus glib-2.0"
20
21SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
22 file://connman \
23 file://no-version-scripts.patch \
24 file://0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch \
25 file://0002-resolve-musl-does-not-implement-res_ninit.patch \
26 "
27
28SRC_URI[sha256sum] = "77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913"
29
30RRECOMMENDS:${PN} = "connman-conf"
31RCONFLICTS:${PN} = "networkmanager"
32
33EXTRA_OECONF += "\
34 ac_cv_path_IP6TABLES_SAVE=${sbindir}/ip6tables-save \
35 ac_cv_path_IPTABLES_SAVE=${sbindir}/iptables-save \
36 ac_cv_path_PPPD=${sbindir}/pppd \
37 ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \
38 --enable-debug \
39 --enable-loopback \
40 --enable-ethernet \
41 --enable-tools \
42 --disable-polkit \
43 --runstatedir='${runtimedir}' \
44 --with-dns-backend='${@bb.utils.contains("DISTRO_FEATURES", "systemd-resolved", "systemd-resolved", "internal", d)}' \
45"
46# For smooth operation it would be best to start only one wireless daemon at a time.
47# If wpa-supplicant is running, connman will use it preferentially.
48# Select either wpa-supplicant or iwd
49WIRELESS_DAEMON ??= "wpa-supplicant"
50
51PACKAGECONFIG ??= "wispr iptables client\
52 ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \
53 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
54 ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \
55"
56
57# If you want ConnMan to support VPN, add following statement into
58# local.conf or distro config
59# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp"
60
61PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
62PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi"
63PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
64PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
65PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant"
66PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd"
67PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
68PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
69PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc"
70PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,ppp,xl2tpd"
71PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,ppp,pptp-linux"
72# WISPr support for logging into hotspots, requires TLS
73PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
74PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat,iptables"
75PACKAGECONFIG[iptables] = "--with-firewall=iptables,,iptables,,,nftables"
76PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
77PACKAGECONFIG[client] = "--enable-client,--disable-client,readline"
78PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl"
79
80INITSCRIPT_NAME = "connman"
81INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
82
83python __anonymous () {
84 systemd_packages = "${PN} ${PN}-wait-online"
85 pkgconfig = d.getVar('PACKAGECONFIG')
86 if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
87 systemd_packages += " ${PN}-vpn"
88 d.setVar('SYSTEMD_PACKAGES', systemd_packages)
89}
90
91SYSTEMD_SERVICE:${PN} = "connman.service"
92SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service"
93SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service"
94
95ALTERNATIVE_PRIORITY = "${@bb.utils.contains('DISTRO_FEATURES','systemd-resolved','10','100',d)}"
96ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
97ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
98ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
99
100do_install:append() {
101 if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
102 install -d ${D}${sysconfdir}/init.d
103 install -m 0755 ${UNPACKDIR}/connman ${D}${sysconfdir}/init.d/connman
104 sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman
105 fi
106
107 install -d ${D}${bindir}
108 install -m 0755 ${B}/tools/*-test ${D}${bindir}
109 if [ -e ${B}/tools/wispr ]; then
110 install -m 0755 ${B}/tools/wispr ${D}${bindir}
111 fi
112
113 # We don't need to package an empty directory
114 rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
115
116 # Automake 1.12 won't install empty directories, but we need the
117 # plugins directory to be present for ownership
118 mkdir -p ${D}${libdir}/connman/plugins
119
120 # For read-only filesystem, do not create links during bootup
121 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
122 install -d ${D}${sysconfdir}
123 ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
124 fi
125}
126
127# These used to be plugins, but now they are core
128RPROVIDES:${PN} = "\
129 connman-plugin-loopback \
130 connman-plugin-ethernet \
131 ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \
132 ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \
133 ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \
134 "
135
136PACKAGES_DYNAMIC += "^${PN}-plugin-.*"
137
138def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
139 plugintype = pkg.split( '-' )[-1]
140 if plugintype in depmap:
141 rdepends = map(lambda x: multilib_prefix + x, \
142 depmap[plugintype].split())
143 d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends))
144 if add_insane_skip:
145 d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so")
146
147python populate_packages:prepend() {
148 depmap = dict(pppd="ppp")
149 multilib_prefix = (d.getVar("MLPREFIX") or "")
150
151 hook = lambda file,pkg,x,y,z: \
152 add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
153 plugin_dir = d.expand('${libdir}/connman/plugins/')
154 plugin_name = d.expand('${PN}-plugin-%s')
155 do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
156 '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
157
158 hook = lambda file,pkg,x,y,z: \
159 add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
160 plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
161 plugin_name = d.expand('${PN}-plugin-vpn-%s')
162 do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
163 '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
164}
165
166PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
167
168FILES:${PN}-tools = "${bindir}/wispr"
169RDEPENDS:${PN}-tools = "${PN}"
170
171FILES:${PN}-tests = "${bindir}/*-test"
172RDEPENDS:${PN}-tests = "${@bb.utils.contains('PACKAGECONFIG', 'iptables', 'iptables', '', d)}"
173
174FILES:${PN}-client = "${bindir}/connmanctl"
175RDEPENDS:${PN}-client = "${PN}"
176
177FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
178 ${libdir}/connman/plugins \
179 ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
180 ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
181 ${datadir}/dbus-1/system-services/* \
182 ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
183
184FILES:${PN}-dev += "${libdir}/connman/*/*.la"
185
186PACKAGES =+ "${PN}-vpn ${PN}-wait-online"
187
188SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
189DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \
190managing VPN connections within embedded devices running the Linux \
191operating system. The connman-vpnd handles all the VPN connections \
192and starts/stops VPN client processes when necessary. The connman-vpnd \
193provides a DBus API for managing VPN connections. All the different \
194VPN technogies are implemented using plug-ins."
195FILES:${PN}-vpn += "${sbindir}/connman-vpnd \
196 ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \
197 ${datadir}/dbus-1/system-services/net.connman.vpn.service \
198 ${systemd_system_unitdir}/connman-vpn.service"
199
200SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
201DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \
202the system waits until a network connection is established."
203FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \
204 ${systemd_system_unitdir}/connman-wait-online.service"
205
206SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
207DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
208to create a VPN connection to OpenVPN server."
209FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
210 ${libdir}/connman/plugins-vpn/openvpn.so"
211RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn"
212RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
213
214SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
215DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
216to create a VPN connection to Cisco3000 VPN Concentrator."
217FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
218 ${libdir}/connman/plugins-vpn/vpnc.so \
219 ${libdir}/connman/scripts/vpn-script"
220RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn"
221RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
222
223SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
224DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
225to create a VPN connection to L2TP server."
226FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
227 ${libdir}/connman/plugins-vpn/l2tp.so"
228RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn"
229RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
230
231SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
232DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
233to create a VPN connection to PPTP server."
234FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
235 ${libdir}/connman/plugins-vpn/pptp.so"
236RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn"
237RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb
deleted file mode 100644
index bfb24aa58c..0000000000
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb
+++ /dev/null
@@ -1,67 +0,0 @@
1SECTION = "console/network"
2SUMMARY = "dhcpcd - a DHCP client"
3DESCRIPTION = "dhcpcd runs on your machine and silently configures your \
4 computer to work on the attached networks without trouble \
5 and mostly without configuration."
6
7HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/"
8
9LICENSE = "BSD-2-Clause"
10LIC_FILES_CHKSUM = "file://LICENSE;md5=4dda5beb433a809f2e0aeffbf9da3d91"
11
12SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \
13 file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
14 file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
15 file://dhcpcd.service \
16 file://dhcpcd@.service \
17 file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
18 "
19
20SRCREV = "93df2b254caf9639f9ffb66e0fe2b584eeba6220"
21
22# Doesn't use automake so we can't do out-of-tree builds
23inherit pkgconfig autotools-brokensep systemd useradd
24
25SYSTEMD_SERVICE:${PN} = "dhcpcd.service"
26
27PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
28
29PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev"
30PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6"
31# ntp conflicts with chrony
32PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp"
33PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony"
34PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt"
35
36# add option to override DBDIR location
37DBDIR ?= "${localstatedir}/lib/${BPN}"
38
39EXTRA_OECONF = "--enable-ipv4 \
40 --dbdir=${DBDIR} \
41 --sbindir=${base_sbindir} \
42 --runstatedir=/run \
43 --enable-privsep \
44 --privsepuser=dhcpcd \
45 --with-hooks \
46 --with-eghooks \
47 "
48
49USERADD_PACKAGES = "${PN}"
50USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd"
51
52# This isn't autoconf but is instead a configure script that tries to look like
53# autoconf, so just run it directly.
54do_configure() {
55 oe_runconf
56}
57
58do_install:append () {
59 # install systemd unit files
60 install -d ${D}${systemd_system_unitdir}
61 install -m 0644 ${UNPACKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir}
62
63 chmod 700 ${D}${DBDIR}
64 chown dhcpcd:dhcpcd ${D}${DBDIR}
65}
66
67FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug"
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
deleted file mode 100644
index 512e33aebf..0000000000
--- a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
+++ /dev/null
@@ -1,79 +0,0 @@
1From d1581ce103db0a5db0b1761907fff9ddd6b55a8a Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Wed, 9 Nov 2022 16:33:18 +0800
4Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd
5
6systemd's resolvconf implementation ignores the protocol part.
7See https://github.com/systemd/systemd/issues/25032.
8
9When using 'dhcp server + dns server + dhcpcd + systemd', we
10get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra',
11yet systemd's resolvconf treats it as eth0. This will delete the
12DNS information set by 'resolvconf -a eth0.dhcp'.
13
14Fortunately, 20-resolv.conf has the ability to build the resolv.conf
15file contents itself. We can just pass the generated contents to
16systemd's resolvconf. This way, the DNS information is not incorrectly
17deleted. Also, it does not cause behavior regression for dhcpcd
18in other cases.
19
20Upstream-Status: Inappropriate [OE Specific]
21This patch has been rejected by dhcpcd upstream.
22See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152
23
24Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
25---
26 hooks/20-resolv.conf | 17 +++++++++++++----
27 1 file changed, 13 insertions(+), 4 deletions(-)
28
29diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf
30index bd0b0df5..9c7721de 100644
31--- a/hooks/20-resolv.conf
32+++ b/hooks/20-resolv.conf
33@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming"
34 NL="
35 "
36 : ${resolvconf:=resolvconf}
37+resolvconf_from_systemd=false
38 if command -v "$resolvconf" >/dev/null 2>&1; then
39 have_resolvconf=true
40+ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then
41+ resolvconf_from_systemd=true
42+ fi
43 else
44 have_resolvconf=false
45 fi
46@@ -69,8 +73,13 @@ build_resolv_conf()
47 else
48 echo "# /etc/resolv.conf.tail can replace this line" >> "$cf"
49 fi
50- if change_file /etc/resolv.conf "$cf"; then
51- chmod 644 /etc/resolv.conf
52+ if $resolvconf_from_systemd; then
53+ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
54+ "$resolvconf" -a "$ifname" <"$cf"
55+ else
56+ if change_file /etc/resolv.conf "$cf"; then
57+ chmod 644 /etc/resolv.conf
58+ fi
59 fi
60 rm -f "$cf"
61 }
62@@ -179,7 +188,7 @@ add_resolv_conf()
63 for x in ${new_domain_name_servers}; do
64 conf="${conf}nameserver $x$NL"
65 done
66- if $have_resolvconf; then
67+ if $have_resolvconf && ! $resolvconf_from_systemd; then
68 [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
69 printf %s "$conf" | "$resolvconf" -a "$ifname"
70 return $?
71@@ -195,7 +204,7 @@ add_resolv_conf()
72
73 remove_resolv_conf()
74 {
75- if $have_resolvconf; then
76+ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then
77 "$resolvconf" -d "$ifname" -f
78 else
79 if [ -e "$resolv_conf_dir/$ifname" ]; then
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
deleted file mode 100644
index 484b84f94a..0000000000
--- a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1From e9b1376c59b15e7b03611429187d9d89167154b5 Mon Sep 17 00:00:00 2001
2From: Lei Maohui <leimaohui@fujitsu.com>
3Date: Fri, 10 Mar 2023 03:48:46 +0000
4Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib.
5
6Error: Transaction test error:
7 file /usr/share/man/man8/dhcpcd.8 conflicts between attempted
8 installs of dhcpcd-doc-9.4.1-r0.cortexa57 and
9 lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon
10
11The differences between the two files are as follows:
12@@ -821,7 +821,7 @@
13 If you always use the same options, put them here.
14 .It Pa /usr/libexec/dhcpcd-run-hooks
15 Bourne shell script that is run to configure or de-configure an interface.
16-.It Pa /usr/lib64/dhcpcd/dev
17+.It Pa /usr/lib/dhcpcd/dev
18 Linux
19 .Pa /dev
20 management modules.
21
22It is just a man file, there is no necessary to manage multiple
23versions.
24
25Upstream-Status: Inappropriate [oe specific]
26Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
27---
28 src/dhcpcd.8.in | 2 +-
29 1 file changed, 1 insertion(+), 1 deletion(-)
30
31diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
32index 91fdde2c..b467dc3b 100644
33--- a/src/dhcpcd.8.in
34+++ b/src/dhcpcd.8.in
35@@ -826,7 +826,7 @@ Configuration file for dhcpcd.
36 If you always use the same options, put them here.
37 .It Pa @SCRIPT@
38 Bourne shell script that is run to configure or de-configure an interface.
39-.It Pa @LIBDIR@/dhcpcd/dev
40+.It Pa /usr/<libdir>/dhcpcd/dev
41 Linux
42 .Pa /dev
43 management modules.
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
deleted file mode 100644
index fd3fae7e7e..0000000000
--- a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1From c2ebc32112e0cd29390b4dc951b65efae36d607b Mon Sep 17 00:00:00 2001
2From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
3Date: Sun, 13 Jan 2019 01:50:52 +0100
4Subject: [PATCH] remove INCLUDEDIR to prevent build issues
5
6Upstream-Status: Pending
7
8Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
9---
10 configure | 5 -----
11 1 file changed, 5 deletions(-)
12
13diff --git a/configure b/configure
14index a60da137..3673de8b 100755
15--- a/configure
16+++ b/configure
17@@ -26,7 +26,6 @@ BUILD=
18 HOST=
19 HOSTCC=
20 TARGET=
21-INCLUDEDIR=
22 DEBUG=
23 FORK=
24 STATIC=
25@@ -89,7 +88,6 @@ for x do
26 --mandir) MANDIR=$var;;
27 --datadir) DATADIR=$var;;
28 --with-ccopts|CFLAGS) CFLAGS=$var;;
29- -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";;
30 CC) CC=$var;;
31 CPPFLAGS) CPPFLAGS=$var;;
32 PKG_CONFIG) PKG_CONFIG=$var;;
33@@ -346,9 +344,6 @@ if [ -n "$CPPFLAGS" ]; then
34 echo "CPPFLAGS=" >>$CONFIG_MK
35 echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK
36 fi
37-if [ -n "$INCLUDEDIR" ]; then
38- echo "CPPFLAGS+= $INCLUDEDIR" >>$CONFIG_MK
39-fi
40 if [ -n "$LDFLAGS" ]; then
41 echo "LDFLAGS=" >>$CONFIG_MK
42 echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
deleted file mode 100644
index 6c967ddaf0..0000000000
--- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
+++ /dev/null
@@ -1,11 +0,0 @@
1[Unit]
2Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support
3Wants=network.target
4Before=network.target
5Conflicts=connman.service
6
7[Service]
8ExecStart=/sbin/dhcpcd -q --nobackground
9
10[Install]
11WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
deleted file mode 100644
index 845b83b9e5..0000000000
--- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
+++ /dev/null
@@ -1,16 +0,0 @@
1[Unit]
2Description=dhcpcd on %I
3Wants=network.target
4Before=network.target
5BindsTo=sys-subsystem-net-devices-%i.device
6After=sys-subsystem-net-devices-%i.device
7Conflicts=connman.service
8
9[Service]
10Type=forking
11PIDFile=/run/dhcpcd/%I.pid
12ExecStart=/sbin/dhcpcd -q %I
13ExecStop=/sbin/dhcpcd -x %I
14
15[Install]
16WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
deleted file mode 100644
index 30e81ef450..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
+++ /dev/null
@@ -1,20 +0,0 @@
1# default: off
2# description:
3# Rexecd is the server for the rexec program. The server provides remote
4# execution facilities with authentication based on user names and
5# passwords.
6#
7service exec
8{
9 socket_type = stream
10 protocol = tcp
11 flags = NAMEINARGS
12 wait = no
13 user = root
14 group = root
15 log_on_success += USERID
16 log_on_failure += USERID
17 server = @SBINDIR@/tcpd
18 server_args = @SBINDIR@/in.rexecd
19 disable = yes
20}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
deleted file mode 100644
index 21b55da9a9..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
+++ /dev/null
@@ -1,23 +0,0 @@
1# default: off
2# description:
3# Rlogind is a server for the rlogin program. The server provides remote
4# execution with authentication based on privileged port numbers from trusted
5# host
6#
7service login
8{
9 socket_type = stream
10 protocol = tcp
11 flags = NAMEINARGS
12 wait = no
13 user = root
14 group = root
15 log_on_success += USERID
16 log_on_failure += USERID
17 server = @SBINDIR@/tcpd
18 server_args = @SBINDIR@/in.rlogind -a
19 disable = yes
20}
21
22
23
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
deleted file mode 100644
index 2b894a74bd..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
+++ /dev/null
@@ -1,21 +0,0 @@
1# default: off
2# description:
3# The rshd server is a server for the rcmd(3) routine and,
4# consequently, for the rsh(1) program. The server provides
5# remote execution facilities with authentication based on
6# privileged port numbers from trusted hosts.
7#
8service shell
9{
10 socket_type = stream
11 protocol = tcp
12 flags = NAMEINARGS
13 wait = no
14 user = root
15 group = root
16 log_on_success += USERID
17 log_on_failure += USERID
18 server = @SBINDIR@/tcpd
19 server_args = @SBINDIR@/in.rshd -aL
20 disable = yes
21}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
deleted file mode 100644
index 2d9a0408c0..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
+++ /dev/null
@@ -1,13 +0,0 @@
1# default: on
2# description: The telnet server serves telnet sessions; it uses \
3# unencrypted username/password pairs for authentication.
4service telnet
5{
6 disable = no
7 flags = REUSE
8 socket_type = stream
9 wait = no
10 user = root
11 server = @SBINDIR@/in.telnetd
12 log_on_failure += USERID
13}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
deleted file mode 100644
index 67b44c43e8..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
+++ /dev/null
@@ -1,19 +0,0 @@
1# default: off
2# description:
3# Tftpd is a server which supports the Internet Trivial File Transfer
4# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
5# in the tftp service description; see services(5).
6#
7service tftp
8{
9 disable = yes
10 socket_type = dgram
11 protocol = udp
12 flags = IPv6
13 wait = yes
14 user = root
15 group = root
16 server = @SBINDIR@/in.tftpd
17 server_args = /tftpboot
18}
19
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb b/meta/recipes-connectivity/inetutils/inetutils_2.6.bb
deleted file mode 100644
index 6e03195f2d..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb
+++ /dev/null
@@ -1,216 +0,0 @@
1SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers."
2DESCRIPTION = "The GNU inetutils are a collection of common \
3networking utilities and servers including ftp, ftpd, rcp, \
4rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
5talkd, telnet, telnetd, tftp, tftpd, and uucpd."
6HOMEPAGE = "http://www.gnu.org/software/inetutils"
7SECTION = "net"
8DEPENDS = "ncurses netbase readline virtual/crypt"
9
10LICENSE = "GPL-3.0-only"
11
12LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
13
14SRC_URI[sha256sum] = "68bedbfeaf73f7d86be2a7d99bcfbd4093d829f52770893919ae174c0b2357ca"
15SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
16 file://rexec.xinetd.inetutils \
17 file://rlogin.xinetd.inetutils \
18 file://rsh.xinetd.inetutils \
19 file://telnet.xinetd.inetutils \
20 file://tftpd.xinetd.inetutils \
21 "
22
23inherit autotools gettext update-alternatives texinfo
24
25PACKAGECONFIG ??= "ftp uucpd \
26 ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
27 ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
28 "
29PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
30PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
31PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
32PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
33PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
34
35EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
36 --with-libreadline-prefix=${STAGING_LIBDIR} \
37 --enable-rpath=no \
38 --with-path-login=${base_bindir}/login \
39 --with-path-cp=${base_bindir}/cp \
40 --with-path-uucico=${libexecdir}/uuico \
41 --with-path-procnet-dev=/proc/net/dev \
42 "
43
44EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx"
45
46# These are horrible for security, disable them
47EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
48 --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
49
50# The configure script guesses many paths in cross builds, check for this happening
51do_configure_cross_check() {
52 if grep "may be incorrect because of cross-compilation" ${B}/config.log; then
53 bberror Default path values used, these must be set explicitly
54 fi
55}
56do_configure[postfuncs] += "do_configure_cross_check"
57
58# The --with-path options are not actually options, so this check needs to be silenced
59ERROR_QA:remove = "unknown-configure-option"
60
61do_configure:prepend () {
62 export HELP2MAN='true'
63}
64
65do_install:append () {
66 install -m 0755 -d ${D}${base_sbindir}
67 install -m 0755 -d ${D}${sbindir}
68 install -m 0755 -d ${D}${sysconfdir}/xinetd.d
69 if [ "${base_bindir}" != "${bindir}" ] ; then
70 install -m 0755 -d ${D}${base_bindir}
71 mv ${D}${bindir}/ping* ${D}${base_bindir}/
72 mv ${D}${bindir}/hostname ${D}${base_bindir}/
73 mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/
74 fi
75 mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
76 mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
77 mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
78 mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
79 if [ -e ${D}${libexecdir}/rexecd ]; then
80 mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
81 cp ${UNPACKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
82 fi
83 if [ -e ${D}${libexecdir}/rlogind ]; then
84 mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
85 cp ${UNPACKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
86 fi
87 if [ -e ${D}${libexecdir}/rshd ]; then
88 mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
89 cp ${UNPACKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
90 fi
91 if [ -e ${D}${libexecdir}/talkd ]; then
92 mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
93 fi
94 mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
95 mv ${D}${libexecdir}/* ${D}${bindir}/
96 cp ${UNPACKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet
97 cp ${UNPACKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd
98
99 sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
100 if [ -e ${D}${libdir}/charset.alias ]; then
101 rm -rf ${D}${libdir}/charset.alias
102 fi
103 rm -rf ${D}${libexecdir}/
104 # remove usr/lib if empty
105 rmdir ${D}${libdir} || true
106}
107
108PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
109${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
110${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
111${PN}-rsh ${PN}-rshd"
112
113# The packages tftpd, telnetd and rshd conflict with the ones
114# provided by netkit, so add the corresponding -dbg packages
115# for them to avoid the confliction between the dbg package
116# of inetutils and netkit.
117PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
118NOAUTOPACKAGEDEBUG = "1"
119
120ALTERNATIVE_PRIORITY = "79"
121ALTERNATIVE:${PN} = "whois dnsdomainname"
122ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd"
123ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname"
124
125ALTERNATIVE_PRIORITY_${PN}-logger = "60"
126ALTERNATIVE:${PN}-logger = "logger"
127ALTERNATIVE:${PN}-syslogd = "syslogd"
128ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
129
130ALTERNATIVE:${PN}-ftp = "ftp"
131ALTERNATIVE:${PN}-ftpd = "ftpd"
132ALTERNATIVE:${PN}-tftp = "tftp"
133ALTERNATIVE:${PN}-tftpd = "tftpd"
134ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
135ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd"
136
137ALTERNATIVE:${PN}-telnet = "telnet"
138ALTERNATIVE:${PN}-telnetd = "telnetd"
139ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
140ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
141
142ALTERNATIVE:${PN}-inetd = "inetd"
143ALTERNATIVE:${PN}-traceroute = "traceroute"
144
145ALTERNATIVE:${PN}-hostname = "hostname"
146ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
147ALTERNATIVE_PRIORITY[hostname] = "100"
148
149ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
150 tftpd.8 tftp.1 telnetd.8"
151ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
152ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
153ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
154ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
155ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
156ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
157ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
158
159ALTERNATIVE:${PN}-ifconfig = "ifconfig"
160ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
161
162ALTERNATIVE:${PN}-ping = "ping"
163ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
164
165ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
166ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6"
167
168FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
169FILES:${PN}-ping = "${base_bindir}/ping.${BPN}"
170FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
171FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}"
172FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
173FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}"
174FILES:${PN}-logger = "${bindir}/logger.${BPN}"
175
176FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
177RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
178
179FILES:${PN}-ftp = "${bindir}/ftp.${BPN}"
180
181FILES:${PN}-tftp = "${bindir}/tftp.${BPN}"
182FILES:${PN}-telnet = "${bindir}/telnet.${BPN}"
183
184# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
185# alternatives method as this leads to packaging QA issues when using
186# musl as that library does not provide what these applications need to
187# build.
188FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
189RCONFLICTS:${PN}-rsh += "netkit-rsh-client"
190RPROVIDES:${PN}-rsh = "rsh"
191
192FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
193 ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
194FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
195RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers"
196RCONFLICTS:${PN}-rshd += "netkit-rshd-server"
197RPROVIDES:${PN}-rshd = "rshd"
198
199FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}"
200FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
201RDEPENDS:${PN}-ftpd += "xinetd"
202
203FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
204FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
205RCONFLICTS:${PN}-tftpd += "netkit-tftpd"
206RDEPENDS:${PN}-tftpd += "xinetd"
207
208FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
209FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
210RCONFLICTS:${PN}-telnetd += "netkit-telnet"
211RPROVIDES:${PN}-telnetd = "telnetd"
212RDEPENDS:${PN}-telnetd += "xinetd"
213
214FILES:${PN}-inetd = "${bindir}/inetd.${BPN}"
215
216RDEPENDS:${PN} = "xinetd"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch
deleted file mode 100644
index c4dea39676..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch
+++ /dev/null
@@ -1,24 +0,0 @@
1From 9e427aa1c647f741b08a1f0c44483ea974c7fc61 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Sat, 24 Aug 2024 15:32:25 +0200
4Subject: [PATCH] include/libnetlink.h: add missing include for htobe64
5 definitions
6
7Upstream-Status: Submitted [by email to stephen@networkplumber.org netdev@vger.kernel.org]
8Signed-off-by: Alexander Kanavin <alex@linutronix.de>
9---
10 include/libnetlink.h | 1 +
11 1 file changed, 1 insertion(+)
12
13diff --git a/include/libnetlink.h b/include/libnetlink.h
14index 7074e91..3dbfa42 100644
15--- a/include/libnetlink.h
16+++ b/include/libnetlink.h
17@@ -13,6 +13,7 @@
18 #include <linux/neighbour.h>
19 #include <linux/netconf.h>
20 #include <arpa/inet.h>
21+#include <endian.h>
22
23 struct rtnl_handle {
24 int fd;
diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb
deleted file mode 100644
index dc7106902c..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb
+++ /dev/null
@@ -1,112 +0,0 @@
1SUMMARY = "TCP / IP networking and traffic control utilities"
2DESCRIPTION = "Iproute2 is a collection of utilities for controlling \
3TCP / IP networking and traffic control in Linux. Of the utilities ip \
4and tc are the most important. ip controls IPv4 and IPv6 \
5configuration and tc stands for traffic control."
6HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
7SECTION = "base"
8LICENSE = "GPL-2.0-or-later"
9LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
10 "
11
12DEPENDS = "flex-native bison-native libcap"
13
14SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
15 file://0001-include-libnetlink.h-add-missing-include-for-htobe64.patch \
16 "
17
18SRC_URI[sha256sum] = "5900ccc15f9ac3bf7b7eae81deb5937123df35e99347a7f11a22818482f0a8d0"
19
20inherit update-alternatives bash-completion pkgconfig
21
22PACKAGECONFIG ??= "tipc elf devlink iptables"
23PACKAGECONFIG[tipc] = ",,libmnl,"
24PACKAGECONFIG[elf] = ",,elfutils,"
25PACKAGECONFIG[devlink] = ",,libmnl,"
26PACKAGECONFIG[iptables] = ",,iptables"
27PACKAGECONFIG[rdma] = ",,libmnl,"
28PACKAGECONFIG[selinux] = ",,libselinux"
29
30IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}"
31
32# This is needed with GCC-14 and musl
33CFLAGS += "-Wno-error=incompatible-pointer-types"
34# CFLAGS are computed in Makefile and reference CCOPTS
35#
36EXTRA_OEMAKE = "\
37 CC='${CC}' \
38 KERNEL_INCLUDE=${STAGING_INCDIR} \
39 DOCDIR=${docdir}/iproute2 \
40 SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \
41 SBINDIR='${base_sbindir}' \
42 CONF_USR_DIR='${libdir}/iproute2' \
43 LIBDIR='${libdir}' \
44 CCOPTS='${CFLAGS}' \
45"
46
47do_configure:append () {
48 sh configure ${STAGING_INCDIR}
49 # Explicitly disable ATM support
50 sed -i -e '/TC_CONFIG_ATM/d' config.mk
51}
52
53do_install () {
54 oe_runmake DESTDIR=${D} install
55 mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2
56 install -d ${D}${datadir}
57 mv ${D}/share/* ${D}${datadir}/ || true
58 rm ${D}/share -rf || true
59
60 # Remove support fot ipt and xt in tc. So tc library directory is not needed.
61 rm ${D}${libdir}/tc -rf
62}
63
64# The .so files in iproute2-tc are modules, not traditional libraries
65INSANE_SKIP:${PN}-tc = "dev-so"
66
67IPROUTE2_PACKAGES =+ "\
68 ${PN}-bridge \
69 ${PN}-devlink \
70 ${PN}-genl \
71 ${PN}-ifstat \
72 ${PN}-ip \
73 ${PN}-lnstat \
74 ${PN}-nstat \
75 ${PN}-routel \
76 ${PN}-rtacct \
77 ${PN}-ss \
78 ${PN}-tc \
79 ${PN}-tipc \
80 ${PN}-rdma \
81"
82
83PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}"
84RDEPENDS:${PN} += "${PN}-ip"
85
86FILES:${PN}-tc = "${base_sbindir}/tc* \
87 ${libdir}/tc/*.so"
88FILES:${PN}-lnstat = "${base_sbindir}/lnstat \
89 ${base_sbindir}/ctstat \
90 ${base_sbindir}/rtstat"
91FILES:${PN}-ifstat = "${base_sbindir}/ifstat"
92FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2"
93FILES:${PN}-genl = "${base_sbindir}/genl"
94FILES:${PN}-rtacct = "${base_sbindir}/rtacct"
95FILES:${PN}-nstat = "${base_sbindir}/nstat"
96FILES:${PN}-ss = "${base_sbindir}/ss"
97FILES:${PN}-tipc = "${base_sbindir}/tipc"
98FILES:${PN}-devlink = "${base_sbindir}/devlink"
99FILES:${PN}-rdma = "${base_sbindir}/rdma"
100FILES:${PN}-routel = "${base_sbindir}/routel"
101FILES:${PN}-bridge = "${base_sbindir}/bridge"
102
103RDEPENDS:${PN}-routel = "python3-core"
104
105ALTERNATIVE:${PN}-ip = "ip"
106ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
107ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
108ALTERNATIVE_PRIORITY = "100"
109
110ALTERNATIVE:${PN}-tc = "tc"
111ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
112ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
deleted file mode 100644
index 715b88d466..0000000000
--- a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1Subject: [PATCH] iw: version.sh: don't use git describe for versioning
2
3It will detect top-level git repositories like the Angstrom setup-scripts and break.
4
5Upstream-Status: Pending
6
7Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
8Signed-off-by: Maxin B. John <maxin.john@intel.com>
9---
10diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh
11--- iw-4.7-orig/version.sh 2016-05-31 12:52:46.000000000 +0300
12+++ iw-4.7/version.sh 2016-06-01 11:21:58.307409060 +0300
13@@ -15,27 +15,7 @@
14 SRC_DIR=$(cd ${SRC_DIR}; pwd)
15 cd "${SRC_DIR}"
16
17-v=""
18-if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then
19- git update-index --refresh --unmerged > /dev/null
20- descr=$(git describe --match=v* 2>/dev/null)
21- if [ $? -eq 0 ]; then
22- # on git builds check that the version number above
23- # is correct...
24- if [ "${descr%%-*}" = "v$VERSION" ]; then
25- v="${descr#v}"
26- if git diff-index --name-only HEAD | read dummy ; then
27- v="$v"-dirty
28- fi
29- fi
30- fi
31-fi
32-
33-# set to the default version when failed to get the version
34-# information with git
35-if [ -z "${v}" ]; then
36- v="$VERSION"
37-fi
38+v="$VERSION"
39
40 echo '#include "iw.h"' > "$OUT"
41 echo "const char iw_version[] = \"$v\";" >> "$OUT"
diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
deleted file mode 100644
index 179fd90124..0000000000
--- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001
2From: Changhyeok Bae <changhyeok.bae@gmail.com>
3Date: Mon, 27 Jan 2020 22:48:03 +0100
4Subject: [PATCH] Support separation of SRCDIR and OBJDIR
5
6Typical use of VPATH to locate the sources.
7
8Upstream-Status: Pending
9
10Signed-off-by: Christopher Larson <chris_larson@mentor.com>
11Signed-off-by: Maxin B. John <maxin.john@intel.com>
12---
13 Makefile | 8 ++++++--
14 1 file changed, 6 insertions(+), 2 deletions(-)
15
16diff --git a/Makefile b/Makefile
17index 90f2251..714cdb9 100644
18--- a/Makefile
19+++ b/Makefile
20@@ -1,5 +1,9 @@
21 MAKEFLAGS += --no-print-directory
22
23+SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
24+OBJDIR ?= $(PWD)
25+VPATH = $(SRCDIR)
26+
27 PREFIX ?= /usr
28 SBINDIR ?= $(PREFIX)/sbin
29 MANDIR ?= $(PREFIX)/share/man
30@@ -92,7 +96,7 @@ all: $(ALL)
31 version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
32 $(wildcard .git/index .git/refs/tags)
33 @$(NQ) ' GEN ' $@
34- $(Q)./version.sh $@
35+ $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
36
37 nl80211-commands.inc: nl80211.h
38 @$(NQ) ' GEN ' $@
39@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h
40
41 %.o: %.c iw.h nl80211.h nl80211-commands.inc
42 @$(NQ) ' CC ' $@
43- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
44+ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
45
46 ifeq ($(IW_ANDROID_BUILD),)
47 iw: $(OBJS)
48--
492.23.0
50
diff --git a/meta/recipes-connectivity/iw/iw_6.17.bb b/meta/recipes-connectivity/iw/iw_6.17.bb
deleted file mode 100644
index a9a4695d39..0000000000
--- a/meta/recipes-connectivity/iw/iw_6.17.bb
+++ /dev/null
@@ -1,31 +0,0 @@
1SUMMARY = "nl80211 based CLI configuration utility for wireless devices"
2DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \
3wireless devices. It supports almost all new drivers that have been added \
4to the kernel recently. "
5HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw"
6SECTION = "base"
7LICENSE = "ISC"
8LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
9
10DEPENDS = "libnl"
11
12SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
13 file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
14 file://separate-objdir.patch \
15"
16
17SRC_URI[sha256sum] = "aebdcfa3691aa5065a9b0d7def66c761c8b01a59dd81bc315d0305e05c3b04de"
18
19inherit pkgconfig
20
21EXTRA_OEMAKE = "\
22 -f '${S}/Makefile' \
23 \
24 'PREFIX=${prefix}' \
25 'SBINDIR=${sbindir}' \
26 'MANDIR=${mandir}' \
27"
28
29do_install() {
30 oe_runmake 'DESTDIR=${D}' install
31}
diff --git a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch b/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch
deleted file mode 100644
index fba2f5a573..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch
+++ /dev/null
@@ -1,53 +0,0 @@
1From cf6af9219ba688fcd01d73a392dd1306d2b7a9e6 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Wed, 27 Aug 2025 22:20:09 -0700
4Subject: [PATCH] build: boost 1.89.0 fixes
5
6Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/merge_requests/2771/]
7Signed-off-by: Khem Raj <raj.khem@gmail.com>
8---
9 meson.build | 2 +-
10 src/lib/asiodns/io_fetch.cc | 1 +
11 src/lib/asiolink/interval_timer.cc | 1 +
12 3 files changed, 3 insertions(+), 1 deletion(-)
13
14--- a/meson.build
15+++ b/meson.build
16@@ -189,7 +189,7 @@ message(f'Detected system "@SYSTEM@".')
17
18 #### Dependencies
19
20-boost_dep = dependency('boost', version: '>=1.66', modules: ['system'])
21+boost_dep = dependency('boost', version: '>=1.66')
22 dl_dep = dependency('dl')
23 threads_dep = dependency('threads')
24 add_project_dependencies(boost_dep, dl_dep, threads_dep, language: ['cpp'])
25@@ -1094,7 +1094,7 @@ pkg.generate(
26 if TARGETS_GEN_MESSAGES.length() > 0
27 alias_target('messages', TARGETS_GEN_MESSAGES)
28 else
29- error(
30+ warning(
31 'No messages to generate. This is probably an error in the meson.build files.',
32 )
33 endif
34--- a/src/lib/asiodns/io_fetch.cc
35+++ b/src/lib/asiodns/io_fetch.cc
36@@ -22,6 +22,7 @@
37 #include <dns/rcode.h>
38 #include <util/io.h>
39
40+#include <boost/asio/deadline_timer.hpp>
41 #include <boost/scoped_ptr.hpp>
42 #include <boost/date_time/posix_time/posix_time_types.hpp>
43
44--- a/src/lib/asiolink/interval_timer.cc
45+++ b/src/lib/asiolink/interval_timer.cc
46@@ -9,6 +9,7 @@
47 #include <asiolink/interval_timer.h>
48 #include <asiolink/io_service.h>
49
50+#include <boost/asio/deadline_timer.hpp>
51 #include <boost/enable_shared_from_this.hpp>
52 #include <boost/noncopyable.hpp>
53 #include <boost/shared_ptr.hpp>
diff --git a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch b/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch
deleted file mode 100644
index 6facc4d32d..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch
+++ /dev/null
@@ -1,348 +0,0 @@
1From e3a0d181a279334c7d7a10c5b09fd1610384101c Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Wed, 3 Sep 2025 12:52:51 -0700
4Subject: [PATCH] d2/dhcp[46]/radius/dhcpsrv: Avoid Boost lexical_cast on enums
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Clang with libc++ hardening (-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST)
10rejects Boost's enum trait probe used by `boost::lexical_cast`:
11`boost::type_traits::is_signed/is_unsigned` defines
12`static const T minus_one = (T)-1;`, which is ill-formed for scoped/limited
13enums whose valid range does not include −1 (e.g. enums with values [0..3]).
14When an enum is passed to `lexical_cast<std::string>`, this triggers errors like:
15
16 error: in-class initializer for static data member is not a constant expression
17 ... minus_one = (static_cast<no_cv_t>(-1));
18
19In Kea this surfaced via logging `.arg(enum_value)` and when writing
20`Lease6::type_` to CSV.
21
22This change makes all such call sites avoid `lexical_cast` on enums:
23
24* d2 transactions (`check_exists_*`, `nc_*`, `simple_*`):
25 cast `getDnsUpdateStatus()` to `int` before passing to `.arg(...)`.
26
27* d2 queue manager (`d2_queue_mgr.cc`):
28 cast `mgr_state_` to `int` before logging.
29
30* DHCPv4/6 servers (`dhcp4_srv.cc`, `dhcp6_srv.cc`):
31 cast `dhcp_ddns::NameChangeSender::Result` to `int` before logging.
32
33* RADIUS hook (`radius_accounting.cc`):
34 cast `env.event_` to `int` for the numeric field; we still log the textual
35 form via `eventToText(event_)` in the next argument.
36
37* DHCPv6 CSV writer (`csv_lease_file6.cc`):
38 write `lease_type` using `isc::dhcp::Lease::typeToText(lease.type_)`
39 instead of passing the enum directly. This is human-readable and uses Kea’s
40 own canonical stringifier, while avoiding the Boost enum path entirely.
41
42why:
43
44- Prevents Boost from instantiating enum trait checks that cast −1 to an enum.
45- Unblocks builds with recent Clang/libc++ hardening.
46- Keeps log output stable (numeric codes retained) and improves CSV clarity
47 for lease type by using the provided textual converter.
48
49No functional/ABI changes; only formatting of certain log/CSV values.
50If a downstream consumer expects a numeric `lease_type`, it can be adjusted
51to parse the textual value or the change can be trivially flipped to
52`static_cast<unsigned>(lease.type_)`.
53
54Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4100]
55Signed-off-by: Khem Raj <raj.khem@gmail.com>
56---
57 src/bin/d2/check_exists_add.cc | 6 +++---
58 src/bin/d2/check_exists_remove.cc | 6 +++---
59 src/bin/d2/d2_queue_mgr.cc | 2 +-
60 src/bin/d2/nc_add.cc | 6 +++---
61 src/bin/d2/nc_remove.cc | 6 +++---
62 src/bin/d2/simple_add.cc | 4 ++--
63 src/bin/d2/simple_add_without_dhcid.cc | 4 ++--
64 src/bin/d2/simple_remove.cc | 4 ++--
65 src/bin/d2/simple_remove_without_dhcid.cc | 4 ++--
66 src/bin/dhcp4/dhcp4_srv.cc | 2 +-
67 src/bin/dhcp6/dhcp6_srv.cc | 2 +-
68 src/hooks/dhcp/radius/radius_accounting.cc | 2 +-
69 src/lib/dhcpsrv/csv_lease_file6.cc | 2 +-
70 13 files changed, 25 insertions(+), 25 deletions(-)
71
72diff --git a/src/bin/d2/check_exists_add.cc b/src/bin/d2/check_exists_add.cc
73index 11bb29f..edfef31 100644
74--- a/src/bin/d2/check_exists_add.cc
75+++ b/src/bin/d2/check_exists_add.cc
76@@ -270,7 +270,7 @@ CheckExistsAddTransaction::addingFwdAddrsHandler() {
77 // bigger is wrong.
78 LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS)
79 .arg(getRequestId())
80- .arg(getDnsUpdateStatus())
81+ .arg(static_cast<int>(getDnsUpdateStatus()))
82 .arg(getNcr()->getFqdn())
83 .arg(getCurrentServer()->toText());
84
85@@ -397,7 +397,7 @@ CheckExistsAddTransaction::replacingFwdAddrsHandler() {
86 LOG_ERROR(d2_to_dns_logger,
87 DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS)
88 .arg(getRequestId())
89- .arg(getDnsUpdateStatus())
90+ .arg(static_cast<int>(getDnsUpdateStatus()))
91 .arg(getNcr()->getFqdn())
92 .arg(getCurrentServer()->toText());
93
94@@ -541,7 +541,7 @@ CheckExistsAddTransaction::replacingRevPtrsHandler() {
95 LOG_ERROR(d2_to_dns_logger,
96 DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS)
97 .arg(getRequestId())
98- .arg(getDnsUpdateStatus())
99+ .arg(static_cast<int>(getDnsUpdateStatus()))
100 .arg(getNcr()->getFqdn())
101 .arg(getCurrentServer()->toText());
102
103diff --git a/src/bin/d2/check_exists_remove.cc b/src/bin/d2/check_exists_remove.cc
104index 8ae5296..8b6b221 100644
105--- a/src/bin/d2/check_exists_remove.cc
106+++ b/src/bin/d2/check_exists_remove.cc
107@@ -268,7 +268,7 @@ CheckExistsRemoveTransaction::removingFwdAddrsHandler() {
108 LOG_ERROR(d2_to_dns_logger,
109 DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS)
110 .arg(getRequestId())
111- .arg(getDnsUpdateStatus())
112+ .arg(static_cast<int>(getDnsUpdateStatus()))
113 .arg(getNcr()->getFqdn())
114 .arg(getCurrentServer()->toText());
115
116@@ -404,7 +404,7 @@ CheckExistsRemoveTransaction::removingFwdRRsHandler() {
117 LOG_ERROR(d2_to_dns_logger,
118 DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS)
119 .arg(getRequestId())
120- .arg(getDnsUpdateStatus())
121+ .arg(static_cast<int>(getDnsUpdateStatus()))
122 .arg(getNcr()->getFqdn())
123 .arg(getCurrentServer()->toText());
124
125@@ -556,7 +556,7 @@ CheckExistsRemoveTransaction::removingRevPtrsHandler() {
126 LOG_ERROR(d2_to_dns_logger,
127 DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS)
128 .arg(getRequestId())
129- .arg(getDnsUpdateStatus())
130+ .arg(static_cast<int>(getDnsUpdateStatus()))
131 .arg(getNcr()->getFqdn())
132 .arg(getCurrentServer()->toText());
133
134diff --git a/src/bin/d2/d2_queue_mgr.cc b/src/bin/d2/d2_queue_mgr.cc
135index f902b22..effa56b 100644
136--- a/src/bin/d2/d2_queue_mgr.cc
137+++ b/src/bin/d2/d2_queue_mgr.cc
138@@ -78,7 +78,7 @@ D2QueueMgr::operator()(const dhcp_ddns::NameChangeListener::Result result,
139 // this is unexpected so we will treat it as a receive error.
140 // This is most likely an unforeseen programmatic issue.
141 LOG_ERROR(dhcp_to_d2_logger, DHCP_DDNS_QUEUE_MGR_UNEXPECTED_STOP)
142- .arg(mgr_state_);
143+ .arg(static_cast<int>(mgr_state_));
144 stopListening(STOPPED_RECV_ERROR);
145 }
146
147diff --git a/src/bin/d2/nc_add.cc b/src/bin/d2/nc_add.cc
148index 7bffc16..1d17bb2 100644
149--- a/src/bin/d2/nc_add.cc
150+++ b/src/bin/d2/nc_add.cc
151@@ -272,7 +272,7 @@ NameAddTransaction::addingFwdAddrsHandler() {
152 // bigger is wrong.
153 LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS)
154 .arg(getRequestId())
155- .arg(getDnsUpdateStatus())
156+ .arg(static_cast<int>(getDnsUpdateStatus()))
157 .arg(getNcr()->getFqdn())
158 .arg(getCurrentServer()->toText());
159
160@@ -399,7 +399,7 @@ NameAddTransaction::replacingFwdAddrsHandler() {
161 LOG_ERROR(d2_to_dns_logger,
162 DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS)
163 .arg(getRequestId())
164- .arg(getDnsUpdateStatus())
165+ .arg(static_cast<int>(getDnsUpdateStatus()))
166 .arg(getNcr()->getFqdn())
167 .arg(getCurrentServer()->toText());
168
169@@ -542,7 +542,7 @@ NameAddTransaction::replacingRevPtrsHandler() {
170 LOG_ERROR(d2_to_dns_logger,
171 DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS)
172 .arg(getRequestId())
173- .arg(getDnsUpdateStatus())
174+ .arg(static_cast<int>(getDnsUpdateStatus()))
175 .arg(getNcr()->getFqdn())
176 .arg(getCurrentServer()->toText());
177
178diff --git a/src/bin/d2/nc_remove.cc b/src/bin/d2/nc_remove.cc
179index 874e43b..182343c 100644
180--- a/src/bin/d2/nc_remove.cc
181+++ b/src/bin/d2/nc_remove.cc
182@@ -268,7 +268,7 @@ NameRemoveTransaction::removingFwdAddrsHandler() {
183 LOG_ERROR(d2_to_dns_logger,
184 DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS)
185 .arg(getRequestId())
186- .arg(getDnsUpdateStatus())
187+ .arg(static_cast<int>(getDnsUpdateStatus()))
188 .arg(getNcr()->getFqdn())
189 .arg(getCurrentServer()->toText());
190
191@@ -404,7 +404,7 @@ NameRemoveTransaction::removingFwdRRsHandler() {
192 LOG_ERROR(d2_to_dns_logger,
193 DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS)
194 .arg(getRequestId())
195- .arg(getDnsUpdateStatus())
196+ .arg(static_cast<int>(getDnsUpdateStatus()))
197 .arg(getNcr()->getFqdn())
198 .arg(getCurrentServer()->toText());
199
200@@ -555,7 +555,7 @@ NameRemoveTransaction::removingRevPtrsHandler() {
201 LOG_ERROR(d2_to_dns_logger,
202 DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS)
203 .arg(getRequestId())
204- .arg(getDnsUpdateStatus())
205+ .arg(static_cast<int>(getDnsUpdateStatus()))
206 .arg(getNcr()->getFqdn())
207 .arg(getCurrentServer()->toText());
208
209diff --git a/src/bin/d2/simple_add.cc b/src/bin/d2/simple_add.cc
210index 6113b4d..73aa5b4 100644
211--- a/src/bin/d2/simple_add.cc
212+++ b/src/bin/d2/simple_add.cc
213@@ -259,7 +259,7 @@ SimpleAddTransaction::replacingFwdAddrsHandler() {
214 // bigger is wrong.
215 LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS)
216 .arg(getRequestId())
217- .arg(getDnsUpdateStatus())
218+ .arg(static_cast<int>(getDnsUpdateStatus()))
219 .arg(getNcr()->getFqdn())
220 .arg(getCurrentServer()->toText());
221
222@@ -404,7 +404,7 @@ SimpleAddTransaction::replacingRevPtrsHandler() {
223 LOG_ERROR(d2_to_dns_logger,
224 DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS)
225 .arg(getRequestId())
226- .arg(getDnsUpdateStatus())
227+ .arg(static_cast<int>(getDnsUpdateStatus()))
228 .arg(getNcr()->getFqdn())
229 .arg(getCurrentServer()->toText());
230
231diff --git a/src/bin/d2/simple_add_without_dhcid.cc b/src/bin/d2/simple_add_without_dhcid.cc
232index ccea83a..97918ad 100644
233--- a/src/bin/d2/simple_add_without_dhcid.cc
234+++ b/src/bin/d2/simple_add_without_dhcid.cc
235@@ -260,7 +260,7 @@ SimpleAddWithoutDHCIDTransaction::replacingFwdAddrsHandler() {
236 // bigger is wrong.
237 LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS)
238 .arg(getRequestId())
239- .arg(getDnsUpdateStatus())
240+ .arg(static_cast<int>(getDnsUpdateStatus()))
241 .arg(getNcr()->getFqdn())
242 .arg(getCurrentServer()->toText());
243
244@@ -406,7 +406,7 @@ SimpleAddWithoutDHCIDTransaction::replacingRevPtrsHandler() {
245 LOG_ERROR(d2_to_dns_logger,
246 DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS)
247 .arg(getRequestId())
248- .arg(getDnsUpdateStatus())
249+ .arg(static_cast<int>(getDnsUpdateStatus()))
250 .arg(getNcr()->getFqdn())
251 .arg(getCurrentServer()->toText());
252
253diff --git a/src/bin/d2/simple_remove.cc b/src/bin/d2/simple_remove.cc
254index e1d9a78..14f416b 100644
255--- a/src/bin/d2/simple_remove.cc
256+++ b/src/bin/d2/simple_remove.cc
257@@ -272,7 +272,7 @@ SimpleRemoveTransaction::removingFwdRRsHandler() {
258 LOG_ERROR(d2_to_dns_logger,
259 DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS)
260 .arg(getRequestId())
261- .arg(getDnsUpdateStatus())
262+ .arg(static_cast<int>(getDnsUpdateStatus()))
263 .arg(getNcr()->getFqdn())
264 .arg(getCurrentServer()->toText());
265
266@@ -423,7 +423,7 @@ SimpleRemoveTransaction::removingRevPtrsHandler() {
267 LOG_ERROR(d2_to_dns_logger,
268 DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS)
269 .arg(getRequestId())
270- .arg(getDnsUpdateStatus())
271+ .arg(static_cast<int>(getDnsUpdateStatus()))
272 .arg(getNcr()->getFqdn())
273 .arg(getCurrentServer()->toText());
274
275diff --git a/src/bin/d2/simple_remove_without_dhcid.cc b/src/bin/d2/simple_remove_without_dhcid.cc
276index 04fe4df..cefdda8 100644
277--- a/src/bin/d2/simple_remove_without_dhcid.cc
278+++ b/src/bin/d2/simple_remove_without_dhcid.cc
279@@ -273,7 +273,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingFwdRRsHandler() {
280 LOG_ERROR(d2_to_dns_logger,
281 DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS)
282 .arg(getRequestId())
283- .arg(getDnsUpdateStatus())
284+ .arg(static_cast<int>(getDnsUpdateStatus()))
285 .arg(getNcr()->getFqdn())
286 .arg(getCurrentServer()->toText());
287
288@@ -425,7 +425,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingRevPtrsHandler() {
289 LOG_ERROR(d2_to_dns_logger,
290 DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS)
291 .arg(getRequestId())
292- .arg(getDnsUpdateStatus())
293+ .arg(static_cast<int>(getDnsUpdateStatus()))
294 .arg(getNcr()->getFqdn())
295 .arg(getCurrentServer()->toText());
296
297diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc
298index 0701ed4..471e94c 100644
299--- a/src/bin/dhcp4/dhcp4_srv.cc
300+++ b/src/bin/dhcp4/dhcp4_srv.cc
301@@ -5101,7 +5101,7 @@ Dhcpv4Srv::d2ClientErrorHandler(const
302 dhcp_ddns::NameChangeSender::Result result,
303 dhcp_ddns::NameChangeRequestPtr& ncr) {
304 LOG_ERROR(ddns4_logger, DHCP4_DDNS_REQUEST_SEND_FAILED).
305- arg(result).arg((ncr ? ncr->toText() : " NULL "));
306+ arg(static_cast<int>(result)).arg((ncr ? ncr->toText() : " NULL "));
307 // We cannot communicate with kea-dhcp-ddns, suspend further updates.
308 /// @todo We may wish to revisit this, but for now we will simply turn
309 /// them off.
310diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
311index 417960b..818046d 100644
312--- a/src/bin/dhcp6/dhcp6_srv.cc
313+++ b/src/bin/dhcp6/dhcp6_srv.cc
314@@ -5054,7 +5054,7 @@ Dhcpv6Srv::d2ClientErrorHandler(const
315 dhcp_ddns::NameChangeSender::Result result,
316 dhcp_ddns::NameChangeRequestPtr& ncr) {
317 LOG_ERROR(ddns6_logger, DHCP6_DDNS_REQUEST_SEND_FAILED).
318- arg(result).arg((ncr ? ncr->toText() : " NULL "));
319+ arg(static_cast<int>(result)).arg((ncr ? ncr->toText() : " NULL "));
320 // We cannot communicate with kea-dhcp-ddns, suspend further updates.
321 /// @todo We may wish to revisit this, but for now we will simply turn
322 /// them off.
323diff --git a/src/hooks/dhcp/radius/radius_accounting.cc b/src/hooks/dhcp/radius/radius_accounting.cc
324index 30eb07e..31f6d5e 100644
325--- a/src/hooks/dhcp/radius/radius_accounting.cc
326+++ b/src/hooks/dhcp/radius/radius_accounting.cc
327@@ -760,7 +760,7 @@ RadiusAccounting::terminate(RadiusAcctEnv env, int result) {
328 if (result != OK_RC) {
329 LOG_ERROR(radius_logger, RADIUS_ACCOUNTING_ERROR)
330 .arg(env.session_id_)
331- .arg(env.event_)
332+ .arg(static_cast<int>(env.event_))
333 .arg(eventToText(env.event_))
334 .arg(result)
335 .arg(exchangeRCtoText(result));
336diff --git a/src/lib/dhcpsrv/csv_lease_file6.cc b/src/lib/dhcpsrv/csv_lease_file6.cc
337index 830d2e5..a899aef 100644
338--- a/src/lib/dhcpsrv/csv_lease_file6.cc
339+++ b/src/lib/dhcpsrv/csv_lease_file6.cc
340@@ -51,7 +51,7 @@ CSVLeaseFile6::append(const Lease6& lease) {
341 row.writeAt(getColumnIndex("expire"), static_cast<uint64_t>(lease.cltt_) + lease.valid_lft_);
342 row.writeAt(getColumnIndex("subnet_id"), lease.subnet_id_);
343 row.writeAt(getColumnIndex("pref_lifetime"), lease.preferred_lft_);
344- row.writeAt(getColumnIndex("lease_type"), lease.type_);
345+ row.writeAt(getColumnIndex("lease_type"), isc::dhcp::Lease::typeToText(lease.type_));
346 row.writeAt(getColumnIndex("iaid"), lease.iaid_);
347 row.writeAt(getColumnIndex("prefix_len"),
348 static_cast<int>(lease.prefixlen_));
diff --git a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch b/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch
deleted file mode 100644
index 44fe82bce0..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch
+++ /dev/null
@@ -1,123 +0,0 @@
1From 5ec5e08edc059ed0c0d430dc8e02cd64bebc8d1c Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Thu, 28 Aug 2025 17:02:49 -0700
4Subject: [PATCH] meson: use a runtime-safe interpreter string
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9In cross builds, python.find_installation() (what
10PYTHON usually comes from) must be a native
11interpreter (since Meson runs it during configure),
12but you don’t want that absolute native path baked
13into target files. You want a runtime/target path
14such as /usr/bin/env python3 (portable) or
15/usr/bin/python3
16
17Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087]
18Signed-off-by: Khem Raj <raj.khem@gmail.com>
19---
20 doc/sphinx/meson.build | 8 +++++++-
21 meson.build | 8 +++++++-
22 src/bin/shell/tests/meson.build | 8 +++++++-
23 src/lib/util/python/meson.build | 8 +++++++-
24 4 files changed, 28 insertions(+), 4 deletions(-)
25
26--- a/doc/sphinx/meson.build
27+++ b/doc/sphinx/meson.build
28@@ -70,7 +70,13 @@ doc_conf.set('builddir', meson.current_b
29 doc_conf.set('srcdir', meson.current_source_dir())
30 doc_conf.set('sphinxbuilddir', sphinxbuilddir)
31 doc_conf.set('abs_sphinxbuilddir', abs_sphinxbuilddir)
32-doc_conf.set('PYTHON', PYTHON.full_path())
33+# During cross builds, avoid embedding the native Python path into target artifacts.
34+# Use a runtime-safe interpreter path for the target.
35+py_for_runtime = '/usr/bin/env python3'
36+if not meson.is_cross_build()
37+ py_for_runtime = PYTHON.full_path()
38+endif
39+doc_conf.set('PYTHON', py_for_runtime)
40 doc_conf.set('TOP_SOURCE_DIR', TOP_SOURCE_DIR)
41 if PDFLATEX.found()
42 doc_conf.set('HAVE_PDFLATEX', 'yes')
43--- a/meson.build
44+++ b/meson.build
45@@ -638,9 +638,13 @@ link_args = []
46 # Also, Meson might use it by default, but might not use it on all systems, so lots of variables...
47 # EXECUTABLE_RPATH = f'$ORIGIN/../@LIBDIR@'
48 # HOOK_RPATH = '$ORIGIN/../..'
49-
50+if not meson.is_cross_build()
51 BUILD_RPATH = TOP_BUILD_DIR / 'src/lib'
52 INSTALL_RPATH = LIBDIR_INSTALLED
53+else
54+BUILD_RPATH = ''
55+INSTALL_RPATH = ''
56+endif
57
58 # Add rpaths for NETCONF dependencies.
59 if NETCONF_DEP.found()
60@@ -759,7 +763,13 @@ report_conf_data.set('CXX_ARGS', ' '.joi
61 report_conf_data.set('LD_ID', cpp.get_linker_id())
62 link_args += get_option('cpp_link_args')
63 report_conf_data.set('LD_ARGS', ' '.join(link_args))
64-report_conf_data.set('PYTHON_PATH', PYTHON.full_path())
65+# During cross builds, avoid embedding the native Python path into target artifacts.
66+# Use a runtime-safe interpreter path for the target.
67+py_for_runtime = '/usr/bin/env python3'
68+if not meson.is_cross_build()
69+ py_for_runtime = PYTHON.full_path()
70+endif
71+report_conf_data.set('PYTHON_PATH', py_for_runtime)
72 report_conf_data.set('PYTHON_VERSION', PYTHON.version())
73 report_conf_data.set('PKGPYTHONDIR', PKGPYTHONDIR)
74 result = cpp.run(
75--- a/src/bin/shell/tests/meson.build
76+++ b/src/bin/shell/tests/meson.build
77@@ -3,7 +3,13 @@ if not TESTS_OPT.enabled()
78 endif
79
80 shell_tests_conf_data = configuration_data()
81-shell_tests_conf_data.set('PYTHON', PYTHON.full_path())
82+# During cross builds, avoid embedding the native Python path into target artifacts.
83+# Use a runtime-safe interpreter path for the target.
84+py_for_runtime = '/usr/bin/env python3'
85+if not meson.is_cross_build()
86+ py_for_runtime = PYTHON.full_path()
87+endif
88+shell_tests_conf_data.set('PYTHON', py_for_runtime)
89 shell_tests_conf_data.set('abs_top_builddir', TOP_BUILD_DIR)
90 shell_tests_conf_data.set('abs_top_srcdir', TOP_SOURCE_DIR)
91 shell_unittest = configure_file(
92--- a/src/lib/util/python/meson.build
93+++ b/src/lib/util/python/meson.build
94@@ -4,7 +4,13 @@ endif
95
96 configure_file(input: 'const2hdr.py', output: 'const2hdr.py', copy: true)
97 util_python_conf_data = configuration_data()
98-util_python_conf_data.set('PYTHON', PYTHON.full_path())
99+# During cross builds, avoid embedding the native Python path into target artifacts.
100+# Use a runtime-safe interpreter path for the target.
101+py_for_runtime = '/usr/bin/env python3'
102+if not meson.is_cross_build()
103+ py_for_runtime = PYTHON.full_path()
104+endif
105+util_python_conf_data.set('PYTHON', py_for_runtime)
106 configure_file(
107 input: 'gen_wiredata.py.in',
108 output: 'gen_wiredata.py',
109--- a/src/bin/shell/meson.build
110+++ b/src/bin/shell/meson.build
111@@ -1,5 +1,11 @@
112 kea_shell_conf_data = configuration_data()
113-kea_shell_conf_data.set('PYTHON', PYTHON.full_path())
114+# During cross builds, avoid embedding the native Python path into target artifacts.
115+# Use a runtime-safe interpreter path for the target.
116+py_for_runtime = '/usr/bin/env python3'
117+if not meson.is_cross_build()
118+ py_for_runtime = PYTHON.full_path()
119+endif
120+kea_shell_conf_data.set('PYTHON', py_for_runtime)
121 kea_shell_conf_data.set('PACKAGE_VERSION', PROJECT_VERSION)
122 kea_shell_conf_data.set(
123 'EXTENDED_VERSION',
diff --git a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch b/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch
deleted file mode 100644
index 521fac4629..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch
+++ /dev/null
@@ -1,54 +0,0 @@
1From c8a1f0b9c17c8485bdeac045e5afdcd4467c1c14 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Thu, 28 Aug 2025 17:31:39 -0700
4Subject: [PATCH] mk_cfgrpt.sh: strip prefixes
5
6Add support for a STRIP_PREFIXES env var (colon-separated list).
7The script will pipe its output through sed to remove any of those prefixes.
8
9Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087]
10Signed-off-by: Khem Raj <raj.khem@gmail.com>
11---
12 tools/mk_cfgrpt.sh | 22 +++++++++++++++++++++-
13 1 file changed, 21 insertions(+), 1 deletion(-)
14
15diff --git a/tools/mk_cfgrpt.sh b/tools/mk_cfgrpt.sh
16index bc0cc41..8f41ce1 100755
17--- a/tools/mk_cfgrpt.sh
18+++ b/tools/mk_cfgrpt.sh
19@@ -43,6 +43,26 @@ then
20 exit 2
21 fi
22
23+# Optional: strip absolute path prefixes from generated output to make
24+# cross-builds reproducible (e.g. Yocto sysroot/work dirs).
25+# Provide colon-separated prefixes via STRIP_PREFIXES.
26+strip_paths() {
27+ if [ -z "${STRIP_PREFIXES:-}" ]; then
28+ cat
29+ return
30+ fi
31+ # Build a sed script that removes each prefix wherever it appears.
32+ SED_SCRIPT=
33+ IFS=':'; for p in $STRIP_PREFIXES; do
34+ [ -n "$p" ] || continue
35+ # Escape forward slashes
36+ ep=$(printf '%s' "$p" | sed 's,/,\\/,g')
37+ SED_SCRIPT="${SED_SCRIPT}s/${ep}//g;"
38+ done
39+ IFS=' '
40+ sed -e "$SED_SCRIPT"
41+}
42+
43 # Header
44 cat >> "${dest}" << END
45 // config_report.cc. Generated from config.report by tools/mk_cfgrpt.sh
46@@ -55,7 +75,7 @@ END
47
48 # Body: escape '\'s and '"'s, preprend ' ";;;; ' and append '",'
49 sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/ ";;;; /' -e 's/$/",/' \
50- < "${report_file}" >> "${dest}"
51+ < "${report_file}" | strip_paths >> "${dest}"
52
53 # Trailer
54 cat >> "${dest}" <<END
diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
deleted file mode 100644
index 1ab09e39a2..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Tue, 10 Nov 2020 15:57:03 +0000
4Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build
5 path into binary
6
7This breaks reproducibility and is needed only in unit testing.
8
9Upstream-Status: Inappropriate [oe-core specific]
10Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
11
12---
13 src/lib/log/logger_unittest_support.cc | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16--- a/src/lib/log/logger_unittest_support.cc
17+++ b/src/lib/log/logger_unittest_support.cc
18@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity sever
19 const char* localfile = getenv("KEA_LOGGER_LOCALMSG");
20
21 // Set a directory for creating lockfiles when running tests
22- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
23+ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
24
25 // Initialize logging
26 initLogger(root, severity, dbglevel, localfile);
diff --git a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch b/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch
deleted file mode 100644
index 659627deba..0000000000
--- a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch
+++ /dev/null
@@ -1,474 +0,0 @@
1From 92b65b2345e07d826b56ffd65cf47538f1c7a271 Mon Sep 17 00:00:00 2001
2From: Thomas Markwalder <tmark@isc.org>
3Date: Tue, 7 Oct 2025 14:41:16 -0400
4Subject: [PATCH] [#4155] Backport #4142 to v3_0
5
6Invalid characters cause assert
7
8To trigger the issue, three configuration parameters must have
9specific settings: "hostname-char-set" must be left at the default
10setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must
11be empty (the default); and "ddns-qualifying-suffix" must NOT be empty
12(the default is empty). DDNS updates do not need to be enabled for
13this issue to manifest. A client that sends certain option content
14would then cause kea-dhcp4 to exit unexpectedly.
15
16CVE: CVE-2025-11232
17Upstream-Status: Backport [https://github.com/isc-projects/kea/commit/92b65b2345e07d826b56ffd65cf47538f1c7a271]
18Signed-off-by: Ross Burton <ross.burton@arm.com>
19
20new file: changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname
21modified: src/bin/dhcp4/dhcp4_messages.cc
22modified: src/bin/dhcp4/dhcp4_messages.h
23modified: src/bin/dhcp4/dhcp4_messages.mes
24modified: src/bin/dhcp4/dhcp4_srv.cc
25modified: src/bin/dhcp4/tests/fqdn_unittest.cc
26modified: src/bin/dhcp6/dhcp6_messages.cc
27modified: src/bin/dhcp6/dhcp6_messages.h
28modified: src/bin/dhcp6/dhcp6_messages.mes
29modified: src/bin/dhcp6/dhcp6_srv.cc
30modified: src/bin/dhcp6/tests/fqdn_unittest.cc
31modified: src/lib/dhcpsrv/d2_client_mgr.cc
32modified: src/lib/dhcpsrv/d2_client_mgr.h
33modified: src/lib/dhcpsrv/tests/d2_client_unittest.cc
34---
35 ...-2025-11232-catch-empty-sanitized-hostname | 6 +++
36 src/bin/dhcp4/dhcp4_messages.cc | 4 ++
37 src/bin/dhcp4/dhcp4_messages.h | 2 +
38 src/bin/dhcp4/dhcp4_messages.mes | 14 +++++
39 src/bin/dhcp4/dhcp4_srv.cc | 21 ++++++--
40 src/bin/dhcp4/tests/fqdn_unittest.cc | 54 ++++++++++++++++++-
41 src/bin/dhcp6/dhcp6_messages.cc | 2 +
42 src/bin/dhcp6/dhcp6_messages.h | 1 +
43 src/bin/dhcp6/dhcp6_messages.mes | 7 +++
44 src/bin/dhcp6/dhcp6_srv.cc | 9 +++-
45 src/bin/dhcp6/tests/fqdn_unittest.cc | 23 ++++++++
46 src/lib/dhcpsrv/d2_client_mgr.cc | 9 +++-
47 src/lib/dhcpsrv/d2_client_mgr.h | 19 ++++++-
48 src/lib/dhcpsrv/tests/d2_client_unittest.cc | 42 +++++++++++++++
49 14 files changed, 205 insertions(+), 8 deletions(-)
50 create mode 100644 changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname
51
52diff --git a/src/bin/dhcp4/dhcp4_messages.cc b/src/bin/dhcp4/dhcp4_messages.cc
53index e06ce6a121..5c6a334bad 100644
54--- a/src/bin/dhcp4/dhcp4_messages.cc
55+++ b/src/bin/dhcp4/dhcp4_messages.cc
56@@ -26,9 +26,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED = "DHCP4_CLASS_UNCONFI
57 extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES = "DHCP4_CLIENTID_IGNORED_FOR_LEASES";
58 extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA = "DHCP4_CLIENT_FQDN_DATA";
59 extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS = "DHCP4_CLIENT_FQDN_PROCESS";
60+extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY";
61 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA = "DHCP4_CLIENT_HOSTNAME_DATA";
62 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED = "DHCP4_CLIENT_HOSTNAME_MALFORMED";
63 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS = "DHCP4_CLIENT_HOSTNAME_PROCESS";
64+extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY";
65 extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL = "DHCP4_CLIENT_NAME_PROC_FAIL";
66 extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE = "DHCP4_CONFIG_COMPLETE";
67 extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL = "DHCP4_CONFIG_LOAD_FAIL";
68@@ -206,9 +208,11 @@ const char* values[] = {
69 "DHCP4_CLIENTID_IGNORED_FOR_LEASES", "%1: not using client identifier for lease allocation for subnet %2",
70 "DHCP4_CLIENT_FQDN_DATA", "%1: Client sent FQDN option: %2",
71 "DHCP4_CLIENT_FQDN_PROCESS", "%1: processing Client FQDN option",
72+ "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string",
73 "DHCP4_CLIENT_HOSTNAME_DATA", "%1: client sent Hostname option: %2",
74 "DHCP4_CLIENT_HOSTNAME_MALFORMED", "%1: client hostname option malformed: %2",
75 "DHCP4_CLIENT_HOSTNAME_PROCESS", "%1: processing client's Hostname option",
76+ "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY", "%1: sanitizing client's Hostname option '%2' yielded an empty string",
77 "DHCP4_CLIENT_NAME_PROC_FAIL", "%1: failed to process the fqdn or hostname sent by a client: %2",
78 "DHCP4_CONFIG_COMPLETE", "DHCPv4 server has completed configuration: %1",
79 "DHCP4_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2",
80diff --git a/src/bin/dhcp4/dhcp4_messages.h b/src/bin/dhcp4/dhcp4_messages.h
81index 9a4d0cda21..6e45c63053 100644
82--- a/src/bin/dhcp4/dhcp4_messages.h
83+++ b/src/bin/dhcp4/dhcp4_messages.h
84@@ -27,9 +27,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED;
85 extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES;
86 extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA;
87 extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS;
88+extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY;
89 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA;
90 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED;
91 extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS;
92+extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY;
93 extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL;
94 extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE;
95 extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL;
96diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes
97index 1deb2e6074..b359d09616 100644
98--- a/src/bin/dhcp4/dhcp4_messages.mes
99+++ b/src/bin/dhcp4/dhcp4_messages.mes
100@@ -164,6 +164,20 @@ This debug message is issued when the server starts processing the Hostname
101 option sent in the client's query. The argument includes the client and
102 transaction identification information.
103
104+% DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY %1: sanitizing client's Hostname option '%2' yielded an empty string
105+Logged at debug log level 50.
106+This debug message is issued when the result of sanitizing the
107+hostname option(12) sent by the client is an empty string. When this occurs
108+the server will ignore the hostname option. The arguments include the
109+client and the hostname option it sent.
110+
111+% DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string
112+Logged at debug log level 50.
113+This debug message is issued when the result of sanitizing the
114+FQDN option(81) sent by the client is an empty string. When this occurs
115+the server will ignore the FQDN option. The arguments include the
116+client and the FQDN option it sent.
117+
118 % DHCP4_CLIENT_NAME_PROC_FAIL %1: failed to process the fqdn or hostname sent by a client: %2
119 Logged at debug log level 55.
120 This debug message is issued when the DHCP server was unable to process the
121diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc
122index 0701ed41e9..a6be662889 100644
123--- a/src/bin/dhcp4/dhcp4_srv.cc
124+++ b/src/bin/dhcp4/dhcp4_srv.cc
125@@ -2714,8 +2714,15 @@ Dhcpv4Srv::processClientFqdnOption(Dhcpv4Exchange& ex) {
126 } else {
127 // Adjust the domain name based on domain name value and type sent by the
128 // client and current configuration.
129- d2_mgr.adjustDomainName<Option4ClientFqdn>(*fqdn, *fqdn_resp,
130- *(ex.getContext()->getDdnsParams()));
131+ try {
132+ d2_mgr.adjustDomainName<Option4ClientFqdn>(*fqdn, *fqdn_resp,
133+ *(ex.getContext()->getDdnsParams()));
134+ } catch (const FQDNScrubbedEmpty& scrubbed) {
135+ LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY)
136+ .arg(ex.getQuery()->getLabel())
137+ .arg(scrubbed.what());
138+ return;
139+ }
140 }
141
142 // Add FQDN option to the response message. Note that, there may be some
143@@ -2857,7 +2864,15 @@ Dhcpv4Srv::processHostnameOption(Dhcpv4Exchange& ex) {
144 ex.getContext()->getDdnsParams()->getHostnameSanitizer();
145
146 if (sanitizer) {
147- hostname = sanitizer->scrub(hostname);
148+ auto tmp = sanitizer->scrub(hostname);
149+ if (tmp.empty()) {
150+ LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY)
151+ .arg(ex.getQuery()->getLabel())
152+ .arg(hostname);
153+ return;
154+ }
155+
156+ hostname = tmp;
157 }
158
159 // Convert hostname to lower case.
160diff --git a/src/bin/dhcp4/tests/fqdn_unittest.cc b/src/bin/dhcp4/tests/fqdn_unittest.cc
161index a5d3e4c21a..18e4c6d4b9 100644
162--- a/src/bin/dhcp4/tests/fqdn_unittest.cc
163+++ b/src/bin/dhcp4/tests/fqdn_unittest.cc
164@@ -2253,7 +2253,7 @@ TEST_F(NameDhcpv4SrvTest, sanitizeHostDefault) {
165 },
166 {
167 "qualified host name with nuls",
168- std::string("four-ok-host\000.other.org",23),
169+ std::string("four-ok-host\000.other.org", 23),
170 "four-ok-host.other.org"
171 }
172 };
173@@ -3203,4 +3203,56 @@ TEST_F(NameDhcpv4SrvTest, poolDdnsParametersTest) {
174 }
175 }
176
177+// Verifies that when the FQDN option is scrubbed empty it is logged
178+// and ignored.
179+TEST_F(NameDhcpv4SrvTest, hostnameScrubbedEmpty) {
180+ Dhcp4Client client(srv_, Dhcp4Client::SELECTING);
181+
182+ // Configure DHCP server.
183+ configure(CONFIGS[2], *client.getServer());
184+
185+ // Set the hostname option.
186+ ASSERT_NO_THROW(client.includeHostname("___"));
187+
188+ // Send the DHCPDISCOVER and make sure that the server responded.
189+ ASSERT_NO_THROW(client.doDiscover());
190+ auto resp = client.getContext().response_;
191+ ASSERT_TRUE(resp);
192+ ASSERT_EQ(DHCPOFFER, static_cast<int>(resp->getType()));
193+
194+ // Should have logged that it was scrubbed empty.
195+ std::string log = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY";
196+ EXPECT_EQ(1, countFile(log));
197+
198+ // Hostname should not be in the response.
199+ ASSERT_FALSE(resp->getOption(DHO_HOST_NAME));
200+}
201+
202+// Verifies that when the FQDN option is scrubbed empty it is logged
203+// and ignored.
204+TEST_F(NameDhcpv4SrvTest, fqdnScrubbedEmpty) {
205+ Dhcp4Client client(srv_, Dhcp4Client::SELECTING);
206+
207+ // Configure DHCP server.
208+ configure(CONFIGS[2], *client.getServer());
209+
210+ // Include the Client FQDN option.
211+ ASSERT_NO_THROW(client.includeFQDN(Option4ClientFqdn::FLAG_S | Option4ClientFqdn::FLAG_E,
212+ "___", Option4ClientFqdn::PARTIAL));
213+
214+ // Send the DHCPDISCOVER and make sure that the server responded.
215+ ASSERT_NO_THROW(client.doDiscover());
216+ auto resp = client.getContext().response_;
217+ ASSERT_TRUE(resp);
218+ ASSERT_EQ(DHCPOFFER, static_cast<int>(resp->getType()));
219+
220+ // Should have logged that it was scrubbed empty.
221+ std::string log = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY";
222+ EXPECT_EQ(1, countFile(log));
223+
224+ // Hostname should not be in the response.
225+ ASSERT_FALSE(resp->getOption(DHO_FQDN));
226+}
227+
228+
229 } // end of anonymous namespace
230diff --git a/src/bin/dhcp6/dhcp6_messages.cc b/src/bin/dhcp6/dhcp6_messages.cc
231index 229ba74450..9619481aba 100644
232--- a/src/bin/dhcp6/dhcp6_messages.cc
233+++ b/src/bin/dhcp6/dhcp6_messages.cc
234@@ -27,6 +27,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED = "DHCP6_CLASSES_ASSIGNE
235 extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION = "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION";
236 extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED = "DHCP6_CLASS_ASSIGNED";
237 extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED = "DHCP6_CLASS_UNCONFIGURED";
238+extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY";
239 extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE = "DHCP6_CONFIG_COMPLETE";
240 extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL = "DHCP6_CONFIG_LOAD_FAIL";
241 extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE = "DHCP6_CONFIG_PACKET_QUEUE";
242@@ -203,6 +204,7 @@ const char* values[] = {
243 "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION", "%1: client packet has been assigned to the following classes: %2",
244 "DHCP6_CLASS_ASSIGNED", "%1: client packet has been assigned to the following class: %2",
245 "DHCP6_CLASS_UNCONFIGURED", "%1: client packet belongs to an unconfigured class: %2",
246+ "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string",
247 "DHCP6_CONFIG_COMPLETE", "DHCPv6 server has completed configuration: %1",
248 "DHCP6_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2",
249 "DHCP6_CONFIG_PACKET_QUEUE", "DHCPv6 packet queue info after configuration: %1",
250diff --git a/src/bin/dhcp6/dhcp6_messages.h b/src/bin/dhcp6/dhcp6_messages.h
251index 186f7d557a..7af56e716a 100644
252--- a/src/bin/dhcp6/dhcp6_messages.h
253+++ b/src/bin/dhcp6/dhcp6_messages.h
254@@ -28,6 +28,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED;
255 extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION;
256 extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED;
257 extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED;
258+extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY;
259 extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE;
260 extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL;
261 extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE;
262diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes
263index fff50ed367..79fc984ff5 100644
264--- a/src/bin/dhcp6/dhcp6_messages.mes
265+++ b/src/bin/dhcp6/dhcp6_messages.mes
266@@ -1167,3 +1167,10 @@ such modification. The clients will remember previous server-id, and will
267 use it to extend their leases. As a result, they will have to go through
268 a rebinding phase to re-acquire their leases and associate them with a
269 new server id.
270+
271+% DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string
272+Logged at debug log level 50.
273+This debug message is issued when the result of sanitizing the
274+FQDN option(39) sent by the client is an empty string. When this occurs
275+the server will ignore the FQDN option. The arguments include the
276+client and the FQDN option it sent.
277diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
278index 417960b126..f999c3178f 100644
279--- a/src/bin/dhcp6/dhcp6_srv.cc
280+++ b/src/bin/dhcp6/dhcp6_srv.cc
281@@ -2332,7 +2332,14 @@ Dhcpv6Srv::processClientFqdn(const Pkt6Ptr& question, const Pkt6Ptr& answer,
282 } else {
283 // Adjust the domain name based on domain name value and type sent by
284 // the client and current configuration.
285- d2_mgr.adjustDomainName<Option6ClientFqdn>(*fqdn, *fqdn_resp, *ddns_params);
286+ try {
287+ d2_mgr.adjustDomainName<Option6ClientFqdn>(*fqdn, *fqdn_resp, *ddns_params);
288+ } catch(const FQDNScrubbedEmpty& scrubbed) {
289+ LOG_DEBUG(ddns6_logger, DBG_DHCP6_DETAIL, DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY)
290+ .arg(question->getLabel())
291+ .arg(scrubbed.what());
292+ return;
293+ }
294 }
295
296 // Once we have the FQDN setup to use it for the lease hostname. This
297diff --git a/src/bin/dhcp6/tests/fqdn_unittest.cc b/src/bin/dhcp6/tests/fqdn_unittest.cc
298index ca51856e67..7891c1f5e6 100644
299--- a/src/bin/dhcp6/tests/fqdn_unittest.cc
300+++ b/src/bin/dhcp6/tests/fqdn_unittest.cc
301@@ -2425,4 +2425,27 @@ TEST_F(FqdnDhcpv6SrvTest, poolDdnsParametersTest) {
302 }
303 }
304
305+// Verify an FQDN with all invalid chars is ignored.
306+TEST_F(FqdnDhcpv6SrvTest, fqdnScrubbedEmpty) {
307+ // Create the query.
308+ Pkt6Ptr question = generateMessage(DHCPV6_SOLICIT, Option6ClientFqdn::FLAG_S,
309+ "___" , Option6ClientFqdn::FULL, true);
310+ ASSERT_TRUE(getClientFqdnOption(question));
311+ subnet_->setHostnameCharReplacement("");
312+
313+ // Create the response with an "assigned" lease.
314+ // Set the selected subnet so ddns params get returned correctly.
315+ AllocEngine::ClientContext6 ctx;
316+ ctx.subnet_ = subnet_;
317+ Pkt6Ptr answer = generateMessageWithIds(DHCPV6_ADVERTISE);
318+ addIA(1234, IOAddress("2001:db8:1::1"), answer, ctx);
319+
320+ // Process the client's FQDN.
321+ ASSERT_NO_THROW(srv_->processClientFqdn(question, answer, ctx));
322+
323+ // Should not have an FQDN option in the answer.
324+ EXPECT_FALSE(answer->getOption(D6O_CLIENT_FQDN));
325+ countFile("DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY");
326+}
327+
328 } // end of anonymous namespace
329diff --git a/src/lib/dhcpsrv/d2_client_mgr.cc b/src/lib/dhcpsrv/d2_client_mgr.cc
330index 84ee11d9fb..54c815176e 100644
331--- a/src/lib/dhcpsrv/d2_client_mgr.cc
332+++ b/src/lib/dhcpsrv/d2_client_mgr.cc
333@@ -186,10 +186,15 @@ std::string
334 D2ClientMgr::qualifyName(const std::string& partial_name,
335 const DdnsParams& ddns_params,
336 const bool trailing_dot) const {
337+ if (partial_name.empty()) {
338+ isc_throw(BadValue, "D2ClientMgr::qualifyName"
339+ " - partial_name cannot be an empty string");
340+ }
341+
342 std::ostringstream gen_name;
343 gen_name << partial_name;
344 std::string suffix = ddns_params.getQualifyingSuffix();
345- if (!suffix.empty() && partial_name.back() != '.') {
346+ if (!suffix.empty() && (partial_name.back() != '.')) {
347 bool suffix_present = true;
348 std::string str = gen_name.str();
349 auto suffix_rit = suffix.rbegin();
350@@ -241,7 +246,7 @@ D2ClientMgr::qualifyName(const std::string& partial_name,
351 // If the trailing dot should not be appended but it is present,
352 // remove it.
353 if ((len > 0) && (str[len - 1] == '.')) {
354- gen_name.str(str.substr(0,len-1));
355+ gen_name.str(str.substr(0, len-1));
356 }
357
358 }
359diff --git a/src/lib/dhcpsrv/d2_client_mgr.h b/src/lib/dhcpsrv/d2_client_mgr.h
360index 7344f19a40..238fd0a415 100644
361--- a/src/lib/dhcpsrv/d2_client_mgr.h
362+++ b/src/lib/dhcpsrv/d2_client_mgr.h
363@@ -30,6 +30,14 @@
364 namespace isc {
365 namespace dhcp {
366
367+/// @brief Exception thrown when host name sanitizing reduces
368+/// the domain name to an empty string.
369+class FQDNScrubbedEmpty : public Exception {
370+public:
371+ FQDNScrubbedEmpty(const char* file, size_t line, const char* what) :
372+ isc::Exception(file, line, what) { }
373+};
374+
375 /// @brief Defines the type for D2 IO error handler.
376 /// This callback is invoked when a send to kea-dhcp-ddns completes with a
377 /// failed status. This provides the application layer (Kea) with a means to
378@@ -197,6 +205,7 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler,
379 /// suffix itself is empty (i.e. "").
380 ///
381 /// @return std::string containing the qualified name.
382+ /// @throw BadValue if partial_name is empty.
383 std::string qualifyName(const std::string& partial_name,
384 const DdnsParams& ddns_params,
385 const bool trailing_dot) const;
386@@ -264,6 +273,9 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler,
387 /// @param ddns_params DDNS behavioral configuration parameters
388 /// @tparam T FQDN Option class containing the FQDN data such as
389 /// dhcp::Option4ClientFqdn or dhcp::Option6ClientFqdn
390+ ///
391+ /// @throw FQDNScrubbedEmpty if hostname sanitizing reduces the input domain
392+ /// name to an empty string.
393 template <class T>
394 void adjustDomainName(const T& fqdn, T& fqdn_resp,
395 const DdnsParams& ddns_params);
396@@ -515,7 +527,12 @@ D2ClientMgr::adjustDomainName(const T& fqdn, T& fqdn_resp, const DdnsParams& ddn
397 ss << sanitizer->scrub(label);
398 }
399
400- client_name = ss.str();
401+ std::string clean_name = ss.str();
402+ if (clean_name.empty() || clean_name == ".") {
403+ isc_throw(FQDNScrubbedEmpty, client_name);
404+ }
405+
406+ client_name = clean_name;
407 }
408
409 // If the supplied name is partial, qualify it by adding the suffix.
410diff --git a/src/lib/dhcpsrv/tests/d2_client_unittest.cc b/src/lib/dhcpsrv/tests/d2_client_unittest.cc
411index 68ad2189d6..00375d0066 100644
412--- a/src/lib/dhcpsrv/tests/d2_client_unittest.cc
413+++ b/src/lib/dhcpsrv/tests/d2_client_unittest.cc
414@@ -9,6 +9,7 @@
415 #include <dhcp/option6_client_fqdn.h>
416 #include <dhcpsrv/d2_client_mgr.h>
417 #include <testutils/test_to_element.h>
418+#include <testutils/gtest_utils.h>
419 #include <exceptions/exceptions.h>
420 #include <util/str.h>
421
422@@ -627,6 +628,10 @@ TEST_F(D2ClientMgrParamsTest, qualifyName) {
423 qualified_name = mgr.qualifyName(partial_name, *ddns_params_, do_not_dot);
424 EXPECT_EQ("somehost.suffix.com", qualified_name);
425
426+ // Verify that an empty name throws.
427+ partial_name = "";
428+ ASSERT_THROW(mgr.qualifyName(partial_name, *ddns_params_, do_not_dot), BadValue);
429+
430 // Verify that an empty suffix and false flag, does not change the name
431 subnet_->setDdnsQualifyingSuffix("");
432 partial_name = "somehost";
433@@ -1257,4 +1262,41 @@ TEST_F(D2ClientMgrParamsTest, sanitizeFqdnV6) {
434 }
435 }
436
437+/// @brief Tests adjustDomainName template method with Option4ClientFqdn
438+/// when sanitizing scrubs input name empty.
439+TEST_F(D2ClientMgrParamsTest, adjustDomainNameV4ScrubbedEmpty) {
440+ D2ClientMgr mgr;
441+
442+ // Create enabled configuration
443+ subnet_->setDdnsSendUpdates(false);
444+ subnet_->setDdnsQualifyingSuffix("suffix.com");
445+ subnet_->setHostnameCharSet("[^A-Za-z0-9.-]");
446+ subnet_->setHostnameCharReplacement("");
447+
448+ Option4ClientFqdn request(0, Option4ClientFqdn::RCODE_CLIENT(),
449+ "___", Option4ClientFqdn::FULL);
450+
451+ Option4ClientFqdn response(request);
452+ ASSERT_THROW_MSG(mgr.adjustDomainName<Option4ClientFqdn>(request, response, *ddns_params_),
453+ FQDNScrubbedEmpty, "___.");
454+}
455+
456+/// @brief Tests adjustDomainName template method with Option4ClientFqdn
457+/// when sanitizing scrubs input name empty.
458+TEST_F(D2ClientMgrParamsTest, adjustDomainNameV6ScrubbedEmpty) {
459+ D2ClientMgr mgr;
460+
461+ // Create enabled configuration
462+ subnet_->setDdnsSendUpdates(false);
463+ subnet_->setDdnsQualifyingSuffix("suffix.com");
464+ subnet_->setHostnameCharSet("[^A-Za-z0-9.-]");
465+ subnet_->setHostnameCharReplacement("");
466+
467+ Option6ClientFqdn request(0, "___", Option6ClientFqdn::FULL);
468+
469+ Option6ClientFqdn response(request);
470+ ASSERT_THROW_MSG(mgr.adjustDomainName<Option6ClientFqdn>(request, response, *ddns_params_),
471+ FQDNScrubbedEmpty, "___.");
472+}
473+
474 } // end of anonymous namespace
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
deleted file mode 100644
index 68a566773a..0000000000
--- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
+++ /dev/null
@@ -1,104 +0,0 @@
1From cdef313bd34c5abd897b80f25554b0c66737ed05 Mon Sep 17 00:00:00 2001
2From: Kai Kang <kai.kang@windriver.com>
3Date: Tue, 14 Oct 2025 01:37:35 +0000
4Subject: [PATCH] There are conflict of config files between
5 kea and lib32-kea:
6
7| Error: Transaction test error:
8| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of
9 lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
10| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of
11 lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
12| file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of
13 lib32-kea-2.6.1-r0.core2_32 and kea-2.6.1-r0.core2_64
14
15Because they are all commented out, replace the expanded libdir path with
16'$libdir' in the config files to avoid conflict.
17
18Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602]
19Signed-off-by: Kai Kang <kai.kang@windriver.com>
20Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
21Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
22---
23 src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++-
24 src/bin/keactrl/kea-dhcp4.conf.pre | 6 +++---
25 src/bin/keactrl/kea-dhcp6.conf.pre | 6 +++---
26 3 files changed, 8 insertions(+), 7 deletions(-)
27
28diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
29index 29d8111..de71f41 100644
30--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
31+++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
32@@ -85,7 +85,8 @@
33 // Agent will fail to start.
34 "hooks-libraries": [
35 // {
36-// "library": "@libdir@/kea/hooks/control-agent-commands.so",
37+// // Replace $libdir with real library path /usr/lib or /usr/lib64
38+// "library": "$libdir/kea/hooks/control-agent-commands.so",
39 // "parameters": {
40 // "param1": "foo"
41 // }
42diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre
43index 2a58507..86b5abf 100644
44--- a/src/bin/keactrl/kea-dhcp4.conf.pre
45+++ b/src/bin/keactrl/kea-dhcp4.conf.pre
46@@ -255,7 +255,7 @@
47 // // of all devices serviced by Kea, including their identifiers
48 // // (like MAC address), their location in the network, times
49 // // when they were active etc.
50- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so",
51+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so",
52 // "parameters": {
53 // "base-name": "kea-forensic4"
54 // }
55@@ -271,14 +271,14 @@
56 // // of specific options or perhaps even a combination of several
57 // // options and fields to uniquely identify a client. Those scenarios
58 // // are addressed by the Flexible Identifiers hook application.
59- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so",
60+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so",
61 // "parameters": {
62 // "identifier-expression": "relay4[2].hex"
63 // }
64 // },
65 // {
66 // // the MySQL host backend hook library required for host storage.
67- // "library": "@libdir@/kea/hooks/libdhcp_mysql.so"
68+ // "library": "$libdir/kea/hooks/libdhcp_mysql.so"
69 // }
70 // ],
71
72diff --git a/src/bin/keactrl/kea-dhcp6.conf.pre b/src/bin/keactrl/kea-dhcp6.conf.pre
73index c69a508..2bb488f 100644
74--- a/src/bin/keactrl/kea-dhcp6.conf.pre
75+++ b/src/bin/keactrl/kea-dhcp6.conf.pre
76@@ -201,7 +201,7 @@
77 // // of all devices serviced by Kea, including their identifiers
78 // // (like MAC address), their location in the network, times
79 // // when they were active etc.
80- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so",
81+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so",
82 // "parameters": {
83 // "base-name": "kea-forensic6"
84 // }
85@@ -217,14 +217,14 @@
86 // // of specific options or perhaps even a combination of several
87 // // options and fields to uniquely identify a client. Those scenarios
88 // // are addressed by the Flexible Identifiers hook application.
89- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so",
90+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so",
91 // "parameters": {
92 // "identifier-expression": "relay6[0].option[37].hex"
93 // }
94 // },
95 // {
96 // // the MySQL host backend hook library required for host storage.
97- // "library": "@libdir@/kea/hooks/libdhcp_mysql.so"
98+ // "library": "$libdir/kea/hooks/libdhcp_mysql.so"
99 // }
100 // ],
101
102--
1032.43.0
104
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
deleted file mode 100644
index 9cc91bdddf..0000000000
--- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
+++ /dev/null
@@ -1,30 +0,0 @@
1From f5125725e4e2e250ccc78a17a8b77431100e7c15 Mon Sep 17 00:00:00 2001
2From: Armin kuster <akuster808@gmail.com>
3Date: Wed, 14 Oct 2020 22:48:31 -0700
4Subject: [PATCH] Busybox does not support ps -p so use pgrep
5
6Upstream-Status: Inappropriate [embedded specific]
7Based on changes from Diego Sueiro <Diego.Sueiro@arm.com>
8
9Signed-off-by: Armin kuster <akuster808@gmail.com>
10
11Refresh to apply on top of 2.6.1.
12
13Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
14---
15 src/bin/keactrl/keactrl.in | 4 ++--
16 1 file changed, 2 insertions(+), 2 deletions(-)
17
18--- a/src/bin/keactrl/keactrl.in
19+++ b/src/bin/keactrl/keactrl.in
20@@ -157,8 +157,8 @@ check_running() {
21 # Get the PID from the PID file (if it exists)
22 get_pid_from_file "${proc_name}"
23 if [ "${_pid}" -gt 0 ]; then
24- # Use ps to check if PID is alive
25- if ps -p "${_pid}" 1>/dev/null; then
26+ # Use pgrep and grep to check if PID is alive
27+ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then
28 # No error, so PID IS ALIVE
29 _running=1
30 fi
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
deleted file mode 100644
index 50fe40d439..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
+++ /dev/null
@@ -1,46 +0,0 @@
1#!/bin/sh
2### BEGIN INIT INFO
3# Provides: kea-dhcp-ddns-server
4# Required-Start: $local_fs $network $remote_fs $syslog
5# Required-Stop: $local_fs $network $remote_fs $syslog
6# Default-Start: 2 3 4 5
7# Default-Stop: 0 1 6
8# Short-Description: ISC KEA DHCP IPv6 Server
9### END INIT INFO
10
11PATH=/sbin:/usr/sbin:/bin:/usr/bin
12DESC="kea-dhcp-ddns-server"
13NAME=kea-dhcp-ddns
14DAEMON=/usr/sbin/keactrl
15DAEMON_ARGS=" -s dhcp_ddns"
16
17set -e
18
19# Exit if the package is not installed
20[ -x "$DAEMON" ] || exit 0
21
22# Source function library.
23. /etc/init.d/functions
24
25case "$1" in
26 start)
27 echo -n "Starting $DESC: "
28 start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
29 echo "done."
30 ;;
31 stop)
32 echo -n "Stopping $DESC: "
33 kpid=`pidof $NAME`
34 kill $kpid
35 echo "done."
36 ;;
37 restart|force-reload)
38 #
39 $0 stop
40 $0 start
41 ;;
42 *)
43 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
44 exit 1
45 ;;
46esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
deleted file mode 100644
index aec6446f0e..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
+++ /dev/null
@@ -1,13 +0,0 @@
1[Unit]
2Description=Kea DHCP-DDNS Server
3Wants=network-online.target
4After=network-online.target
5After=time-sync.target
6
7[Service]
8ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
9ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
10ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
11
12[Install]
13WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server
deleted file mode 100644
index e83e51025d..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp4-server
+++ /dev/null
@@ -1,46 +0,0 @@
1#!/bin/sh
2### BEGIN INIT INFO
3# Provides: kea-dhcp4-server
4# Required-Start: $local_fs $network $remote_fs $syslog
5# Required-Stop: $local_fs $network $remote_fs $syslog
6# Default-Start: 2 3 4 5
7# Default-Stop: 0 1 6
8# Short-Description: ISC KEA DHCP IPv6 Server
9### END INIT INFO
10
11PATH=/sbin:/usr/sbin:/bin:/usr/bin
12DESC="kea-dhcp4-server"
13NAME=kea-dhcp4
14DAEMON=/usr/sbin/keactrl
15DAEMON_ARGS=" -s dhcp4"
16
17set -e
18
19# Exit if the package is not installed
20[ -x "$DAEMON" ] || exit 0
21
22# Source function library.
23. /etc/init.d/functions
24
25case "$1" in
26 start)
27 echo -n "Starting $DESC: "
28 start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
29 echo "done."
30 ;;
31 stop)
32 echo -n "Stopping $DESC: "
33 kpid=`pidof $NAME`
34 kill $kpid
35 echo "done."
36 ;;
37 restart|force-reload)
38 #
39 $0 stop
40 $0 start
41 ;;
42 *)
43 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
44 exit 1
45 ;;
46esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
deleted file mode 100644
index a2ed4edb59..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp4.service
+++ /dev/null
@@ -1,14 +0,0 @@
1[Unit]
2Description=Kea DHCPv4 Server
3Wants=network-online.target
4After=network-online.target
5After=time-sync.target
6
7[Service]
8ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
9ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
10ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
11ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
12
13[Install]
14WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server
deleted file mode 100644
index 10f2d22641..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp6-server
+++ /dev/null
@@ -1,47 +0,0 @@
1#!/bin/sh
2### BEGIN INIT INFO
3# Provides: kea-dhcp6-server
4# Required-Start: $local_fs $network $remote_fs $syslog
5# Required-Stop: $local_fs $network $remote_fs $syslog
6# Default-Start: 2 3 4 5
7# Default-Stop: 0 1 6
8# Short-Description: ISC KEA DHCP IPv6 Server
9### END INIT INFO
10
11# PATH should only include /usr/* if it runs after the mountnfs.sh script
12PATH=/sbin:/usr/sbin:/bin:/usr/bin
13DESC="kea-dhcp6-server"
14NAME=kea-dhcp6
15DAEMON=/usr/sbin/keactrl
16DAEMON_ARGS=" -s dhcp6"
17
18set -e
19
20# Exit if the package is not installed
21[ -x "$DAEMON" ] || exit 0
22
23# Source function library.
24. /etc/init.d/functions
25
26case "$1" in
27 start)
28 echo -n "Starting $DESC: "
29 start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
30 echo "done."
31 ;;
32 stop)
33 echo -n "Stopping $DESC: "
34 kpid=`pidof $NAME`
35 kill $kpid
36 echo "done."
37 ;;
38 restart|force-reload)
39 #
40 $0 stop
41 $0 start
42 ;;
43 *)
44 echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
45 exit 1
46 ;;
47esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
deleted file mode 100644
index ed6e017d0c..0000000000
--- a/meta/recipes-connectivity/kea/files/kea-dhcp6.service
+++ /dev/null
@@ -1,14 +0,0 @@
1[Unit]
2Description=Kea DHCPv6 Server
3Wants=network-online.target
4After=network-online.target
5After=time-sync.target
6
7[Service]
8ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
9ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
10ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
11ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
12
13[Install]
14WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/kea_3.0.1.bb b/meta/recipes-connectivity/kea/kea_3.0.1.bb
deleted file mode 100644
index 8729b1162e..0000000000
--- a/meta/recipes-connectivity/kea/kea_3.0.1.bb
+++ /dev/null
@@ -1,90 +0,0 @@
1SUMMARY = "ISC Kea DHCP Server"
2DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS."
3HOMEPAGE = "http://kea.isc.org"
4SECTION = "connectivity"
5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://COPYING;md5=fb634ed1d923b8b8fd1ed7ffc9b70ae4"
7
8DEPENDS = "boost log4cplus openssl"
9
10SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.xz \
11 file://kea-dhcp4.service \
12 file://kea-dhcp6.service \
13 file://kea-dhcp-ddns.service \
14 file://kea-dhcp4-server \
15 file://kea-dhcp6-server \
16 file://kea-dhcp-ddns-server \
17 file://fix-multilib-conflict.patch \
18 file://fix_pid_keactrl.patch \
19 file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
20 file://0001-build-boost-1.89.0-fixes.patch \
21 file://0001-meson-use-a-runtime-safe-interpreter-string.patch \
22 file://0001-mk_cfgrpt.sh-strip-prefixes.patch \
23 file://0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch \
24 file://CVE-2025-11232.patch \
25 "
26SRC_URI[sha256sum] = "ec84fec4bb7f6b9d15a82e755a571e9348eb4d6fbc62bb3f6f1296cd7a24c566"
27
28inherit meson pkgconfig systemd update-rc.d upstream-version-is-even
29
30EXTRA_OEMESON += "-Dcrypto=openssl -Drunstatedir=${runtimedir} -Dkrb5=disabled -Dnetconf=disabled --install-umask=0022"
31
32INITSCRIPT_NAME = "kea-dhcp4-server"
33INITSCRIPT_PARAMS = "defaults 30"
34
35SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service"
36SYSTEMD_AUTO_ENABLE = "disable"
37
38DEBUG_OPTIMIZATION:remove:mips = " -Og"
39DEBUG_OPTIMIZATION:append:mips = " -O"
40BUILD_OPTIMIZATION:remove:mips = " -Og"
41BUILD_OPTIMIZATION:append:mips = " -O"
42
43DEBUG_OPTIMIZATION:remove:mipsel = " -Og"
44DEBUG_OPTIMIZATION:append:mipsel = " -O"
45BUILD_OPTIMIZATION:remove:mipsel = " -Og"
46BUILD_OPTIMIZATION:append:mipsel = " -O"
47
48CXXFLAGS:remove = "-fvisibility-inlines-hidden"
49
50do_configure:prepend() {
51 # replace abs_top_builddir to avoid introducing the build path
52 # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target
53 find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g"
54 sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
55 export STRIP_PREFIXES="${RECIPE_SYSROOT_NATIVE}:${RECIPE_SYSROOT}:${WORKDIR}:${B}"
56}
57
58# patch out build host paths for reproducibility
59do_compile:prepend:class-target() {
60 sed -i -e "s,${WORKDIR},,g" ${B}/config.report
61}
62
63do_install:append() {
64 install -d ${D}${sysconfdir}/init.d
65 install -d ${D}${systemd_system_unitdir}
66
67 install -m 0644 ${UNPACKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir}
68 install -m 0755 ${UNPACKDIR}/kea-*-server ${D}${sysconfdir}/init.d
69 sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \
70 -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \
71 ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl
72 sed -i -e "s:${B}:@abs_top_builddir_placeholder@:g" \
73 -e "s:${S}:@abs_top_srcdir_placeholder@:g" \
74 ${D}${sbindir}/kea-admin
75 rm -rf ${D}${datadir}/${BPN}/meson-info
76 rm -rf ${D}${runtimedir}
77}
78
79do_install:append() {
80 rm -rf "${D}${localstatedir}"
81}
82
83CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf"
84
85PACKAGES =+ "${PN}-python"
86FILES:${PN}-python = "${nonarch_libdir}/python*/site-packages/*"
87RDEPENDS:${PN}-python = "python3"
88
89FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a"
90FILES:${PN} += "${libdir}/hooks/*.so"
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb
deleted file mode 100644
index 7ad52acd06..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb
+++ /dev/null
@@ -1,43 +0,0 @@
1SUMMARY = "Interface for user-level network packet capture"
2DESCRIPTION = "Libpcap provides a portable framework for low-level network \
3monitoring. Libpcap can provide network statistics collection, \
4security monitoring and network debugging."
5HOMEPAGE = "http://www.tcpdump.org/"
6BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
7SECTION = "libs/network"
8LICENSE = "BSD-3-Clause"
9LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
10 file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
11DEPENDS = "flex-native bison-native"
12
13SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz"
14SRC_URI[sha256sum] = "84fa89ac6d303028c1c5b754abff77224f45eca0a94eb1a34ff0aa9ceece3925"
15
16inherit autotools binconfig-disabled pkgconfig
17
18BINCONFIG = "${bindir}/pcap-config"
19
20# Explicitly disable dag support. We don't have recipe for it and if enabled here,
21# configure script poisons the include dirs with /usr/local/include even when the
22# support hasn't been detected. Do the same thing for DPDK.
23EXTRA_OECONF = " \
24 --with-pcap=linux \
25 --without-dag \
26 --without-dpdk \
27 "
28EXTRA_AUTORECONF += "--exclude=aclocal"
29
30PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
31 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
32"
33PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
34PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
35PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
36PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
37
38do_configure:prepend () {
39 #remove hardcoded references to /usr/include
40 sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
41}
42
43BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb b/meta/recipes-connectivity/libuv/libuv_1.51.0.bb
deleted file mode 100644
index 9ff9cf35e2..0000000000
--- a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb
+++ /dev/null
@@ -1,20 +0,0 @@
1SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
2HOMEPAGE = "https://github.com/libuv/libuv"
3DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others."
4BUGTRACKER = "https://github.com/libuv/libuv/issues"
5LICENSE = "MIT"
6LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \
7 file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324"
8
9SRCREV = "5152db2cbfeb5582e9c27c5ea1dba2cd9e10759b"
10SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https;tag=v${PV}"
11UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
12
13inherit autotools
14
15do_configure() {
16 ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
17 oe_runconf
18}
19
20BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb
deleted file mode 100644
index 72663c7e0a..0000000000
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb
+++ /dev/null
@@ -1,15 +0,0 @@
1SUMMARY = "Mobile Broadband Service Provider Database"
2HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
3DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there"
4SECTION = "network"
5LICENSE = "PD"
6LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
7
8PE = "1"
9
10SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main;tag=${PV}"
11SRCREV = "2a1b409491a531aedcf3eb3ba907929d96bd181a"
12
13inherit meson
14
15DEPENDS += "libxslt-native"
diff --git a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
deleted file mode 100644
index d8e8a5e5da..0000000000
--- a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001
2From: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Fri, 17 Mar 2017 14:24:29 +0200
4Subject: [PATCH] Add header dependency to nciattach.o
5
6This can happen when compiling nciattach.o:
7
8| In file included from ../neard-0.16/tools/nciattach.c:47:0:
9| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such
10file or directory
11| #include <near/nfc_copy.h>
12
13Add the missing dependency to local headers.
14
15Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
16Upstream-Status: Submitted [mailinglist]
17---
18 Makefile.am | 1 +
19 1 file changed, 1 insertion(+)
20
21diff --git a/Makefile.am b/Makefile.am
22index fa552ee..acef6ba 100644
23--- a/Makefile.am
24+++ b/Makefile.am
25@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources)
26
27 $(src_neard_OBJECTS) \
28 $(tools_nfctool_nfctool_OBJECTS) \
29+$(tools_nciattach_OBJECTS) \
30 $(plugin_objects) \
31 $(se_seeld_OBJECTS) \
32 $(unit_test_ndef_parse_OBJECTS) \
33--
342.11.0
35
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch
deleted file mode 100644
index 16875e0543..0000000000
--- a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From bfd32d68cfc9f1e31dab88e07446d1c02bc80b5e Mon Sep 17 00:00:00 2001
2From: Robert Yang <liezhi.yang@windriver.com>
3Date: Thu, 12 Feb 2015 00:39:29 -0800
4Subject: [PATCH] Makefile.am: do not ship version.h
5
6The HEADERS' name has been changed to pkginclude_HEADERS, so use
7nodist_pkginclude_HEADERS, otherwise version.h would be shipped.
8
9Upstream-Status: Pending
10
11Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
12---
13 Makefile.am | 4 ++--
14 1 file changed, 2 insertions(+), 2 deletions(-)
15
16diff --git a/Makefile.am b/Makefile.am
17index 3334790..69cd58f 100644
18--- a/Makefile.am
19+++ b/Makefile.am
20@@ -10,11 +10,11 @@ pkginclude_HEADERS = include/types.h include/log.h include/plugin.h \
21 include/tlv.h include/setting.h include/device.h \
22 include/nfc_copy.h include/snep.h
23
24-nodist_include_HEADERS = include/version.h
25+nodist_pkginclude_HEADERS = include/version.h
26
27 noinst_HEADERS = include/dbus.h
28
29-local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_include_HEADERS) \
30+local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_pkginclude_HEADERS) \
31 $(noinst_HEADERS), include/near/$(notdir $(file)))
32
33 gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \
34--
351.7.9.5
36
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
deleted file mode 100644
index aeb33a5bdc..0000000000
--- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
+++ /dev/null
@@ -1,30 +0,0 @@
1From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001
2From: Robert Yang <liezhi.yang@windriver.com>
3Date: Thu, 15 Jan 2015 18:12:07 -0800
4Subject: [PATCH] Makefile.am: fix parallel issue
5
6There might be no src dir if src/builtin.h runs earlier, create it to
7fix the race issue:
8
9src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
10/bin/sh: src/builtin.h: No such file or directory
11
12Upstream-Status: Backport [d39f8c0eee659743b4425d395c2f7ab1949e9c71]
13
14Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
15---
16 Makefile.am | 1 +
17 1 file changed, 1 insertion(+)
18
19Index: neard-0.16/Makefile.am
20===================================================================
21--- neard-0.16.orig/Makefile.am
22+++ neard-0.16/Makefile.am
23@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di
24 src/plugin.$(OBJEXT): src/builtin.h
25
26 src/builtin.h: src/genbuiltin $(builtin_sources)
27+ $(AM_V_at)$(MKDIR_P) src
28 $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
29
30 se/plugin.$(OBJEXT): se/builtin.h
diff --git a/meta/recipes-connectivity/neard/neard/neard.in b/meta/recipes-connectivity/neard/neard/neard.in
deleted file mode 100644
index a47d4d96c9..0000000000
--- a/meta/recipes-connectivity/neard/neard/neard.in
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2#
3# start/stop neard daemon.
4
5### BEGIN INIT INFO
6# Provides: neard
7# Required-Start: $network
8# Required-Stop: $network
9# Default-Start: S 2 3 4 5
10# Default-Stop: 0 1 6
11# Short-Description: NFC daemon
12# Description: neard is a daemon used to enable NFC features
13### END INIT INFO
14
15DAEMON=@installpath@/neard
16PIDFILE=/var/run/neard.pid
17DESC="Linux NFC daemon"
18
19if [ -f /etc/default/neard ] ; then
20 . /etc/default/neard
21fi
22
23set -e
24
25do_start() {
26 $DAEMON
27}
28
29do_stop() {
30 start-stop-daemon --stop --name neard --quiet
31}
32
33case "$1" in
34 start)
35 echo "Starting $DESC"
36 do_start
37 ;;
38 stop)
39 echo "Stopping $DESC"
40 do_stop
41 ;;
42 restart|force-reload)
43 echo "Restarting $DESC"
44 do_stop
45 sleep 1
46 do_start
47 ;;
48 *)
49 echo "Usage: $0 {start|stop|restart|force-reload}" >&2
50 exit 1
51 ;;
52esac
53
54exit 0
diff --git a/meta/recipes-connectivity/neard/neard_0.19.bb b/meta/recipes-connectivity/neard/neard_0.19.bb
deleted file mode 100644
index c1149e7631..0000000000
--- a/meta/recipes-connectivity/neard/neard_0.19.bb
+++ /dev/null
@@ -1,48 +0,0 @@
1SUMMARY = "Linux NFC daemon"
2DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
3HOMEPAGE = "https://github.com/linux-nfc/neard"
4LICENSE = "GPL-2.0-only"
5LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
6 file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
7 "
8
9DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native"
10
11SRC_URI = "git://github.com/linux-nfc/neard;protocol=https;branch=master \
12 file://neard.in \
13 file://Makefile.am-fix-parallel-issue.patch \
14 file://Makefile.am-do-not-ship-version.h.patch \
15 file://0001-Add-header-dependency-to-nciattach.o.patch \
16 "
17
18SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7"
19
20inherit autotools pkgconfig systemd update-rc.d
21
22PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
23
24PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
25
26EXTRA_OECONF += "--enable-tools"
27
28# This would copy neard start-stop shell and test scripts
29do_install:append() {
30 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
31 install -d ${D}${sysconfdir}/init.d/
32 sed "s:@installpath@:${libexecdir}/nfc:" ${UNPACKDIR}/neard.in \
33 > ${D}${sysconfdir}/init.d/neard
34 chmod 0755 ${D}${sysconfdir}/init.d/neard
35 fi
36}
37
38# Bluez & Wifi are not mandatory except for handover
39WIRELESS_DAEMON ??= "wpa-supplicant"
40RRECOMMENDS:${PN} = "\
41 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
42 ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','${WIRELESS_DAEMON}', '', d)} \
43 "
44
45INITSCRIPT_NAME = "neard"
46INITSCRIPT_PARAMS = "defaults 64"
47
48SYSTEMD_SERVICE:${PN} = "neard.service"
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch
deleted file mode 100644
index 351407ddcd..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 24 Jul 2023 20:39:16 -0700
4Subject: [PATCH] locktest: Makefile.am: Do not use build flags
5
6Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags
7when thse flags are speficied different than target flags which
8is common when cross-building. It can pass wrong paths to linker
9and it would find incompatible libraries during link since they
10are from host system and target maybe not same as build host.
11
12Fixes subtle errors like
13| aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64
14
15Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2]
16Signed-off-by: Khem Raj <raj.khem@gmail.com>
17---
18 tools/locktest/Makefile.am | 3 ---
19 1 file changed, 3 deletions(-)
20
21diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
22index e8914655..2fd36971 100644
23--- a/tools/locktest/Makefile.am
24+++ b/tools/locktest/Makefile.am
25@@ -2,8 +2,5 @@
26
27 noinst_PROGRAMS = testlk
28 testlk_SOURCES = testlk.c
29-testlk_CFLAGS=$(CFLAGS_FOR_BUILD)
30-testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
31-testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD)
32
33 MAINTAINERCLEANFILES = Makefile.in
34--
352.41.0
36
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch
deleted file mode 100644
index bbf44d5977..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1From 001913c5eb0aad933a93ee966252905cd46d776b Mon Sep 17 00:00:00 2001
2From: Daniel McGregor <daniel.mcgregor@vecima.com>
3Date: Tue, 6 Jun 2023 16:07:53 -0600
4Subject: [PATCH] Use "nogroup" for nobody group
5
6Upstream-Status: Inappropriate [oe-core specific, configuration]
7Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
8---
9 support/nfsidmap/idmapd.conf | 2 +-
10 utils/idmapd/idmapd.c | 2 +-
11 2 files changed, 2 insertions(+), 2 deletions(-)
12
13diff --git a/support/nfsidmap/idmapd.conf b/support/nfsidmap/idmapd.conf
14index 2a2f79a1..e6f3724f 100644
15--- a/support/nfsidmap/idmapd.conf
16+++ b/support/nfsidmap/idmapd.conf
17@@ -41,7 +41,7 @@
18 [Mapping]
19
20 #Nobody-User = nobody
21-#Nobody-Group = nobody
22+#Nobody-Group = nogroup
23
24 [Translation]
25
26diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
27index cd9a965f..3be805e9 100644
28--- a/utils/idmapd/idmapd.c
29+++ b/utils/idmapd/idmapd.c
30@@ -89,7 +89,7 @@
31 #endif
32
33 #ifndef NFS4NOBODY_GROUP
34-#define NFS4NOBODY_GROUP "nobody"
35+#define NFS4NOBODY_GROUP "nogroup"
36 #endif
37
38 /* From Niels */
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch
deleted file mode 100644
index 3241e8e859..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1From a2af266f013722a64c5d04e0fe097cd711393a53 Mon Sep 17 00:00:00 2001
2From: Daniel McGregor <daniel.mcgregor@vecima.com>
3Date: Wed, 8 Nov 2023 16:24:20 -0600
4Subject: [PATCH] find OE provided Kerberos
5
6Upstream-Status: Inappropriate [oe-core specific]
7Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
8---
9 aclocal/kerberos5.m4 | 6 ++++--
10 1 file changed, 4 insertions(+), 2 deletions(-)
11
12diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4
13index f96f0fd4..ad85fdf2 100644
14--- a/aclocal/kerberos5.m4
15+++ b/aclocal/kerberos5.m4
16@@ -22,8 +22,8 @@ AC_DEFUN([AC_KERBEROS_V5],[
17 dnl This ugly hack brought on by the split installation of
18 dnl MIT Kerberos on Fedora Core 1
19 K5CONFIG=""
20- if test -f $dir/bin/krb5-config; then
21- K5CONFIG=$dir/bin/krb5-config
22+ if test -f $dir/bin/crossscripts/krb5-config; then
23+ K5CONFIG=$dir/bin/crossscripts/krb5-config
24 elif test -f "/usr/kerberos/bin/krb5-config"; then
25 K5CONFIG="/usr/kerberos/bin/krb5-config"
26 elif test -f "/usr/lib/mit/bin/krb5-config"; then
27@@ -72,6 +72,7 @@ AC_DEFUN([AC_KERBEROS_V5],[
28 AC_MSG_RESULT($KRBDIR)
29
30 dnl Check if -rpath=$(KRBDIR)/lib is needed
31+ if false; then
32 echo "The current KRBDIR is $KRBDIR"
33 if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
34 -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
35@@ -81,6 +82,7 @@ AC_DEFUN([AC_KERBEROS_V5],[
36 else
37 KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
38 fi
39+ fi
40
41 dnl Now check for functions within gssapi library
42 AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
deleted file mode 100644
index 9b7fd17b41..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
+++ /dev/null
@@ -1,279 +0,0 @@
1#!/bin/sh
2
3### BEGIN INIT INFO
4# Provides: nfs-common
5# Required-Start: $portmap $time
6# Required-Stop: $portmap $time
7# Default-Start: S
8# Default-Stop: 0 1 6
9# Short-Description: NFS support files common to client and server
10# Description: NFS is a popular protocol for file sharing across
11# TCP/IP networks. This service provides various
12# support functions for NFS mounts.
13### END INIT INFO
14
15# What is this?
16DESC="NFS common utilities"
17
18# Read config
19DEFAULTFILE=/etc/default/nfs-utils
20NEED_STATD=
21NEED_GSSD=
22if nfsconf --isset general pipefs-directory; then
23 PIPEFS_MOUNTPOINT=$(nfsconf --get general pipefs-directory)
24else
25 PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs
26fi
27if [ -f $DEFAULTFILE ]; then
28 . $DEFAULTFILE
29fi
30
31. /etc/init.d/functions
32
33# Exit if required binaries are missing.
34[ -x /usr/sbin/rpc.statd ] || exit 0
35
36#
37# Parse the fstab file, and determine whether we need gssd. (The
38# /etc/defaults settings, if any, will override our autodetection.) This code
39# is partially adapted from the mountnfs.sh script in the sysvinit package.
40#
41AUTO_NEED_GSSD=no
42
43if [ -f /etc/fstab ]; then
44 exec 9<&0 </etc/fstab
45
46 while read -r DEV _ _ OPTS _
47 do
48 case $DEV in
49 ''|\#*)
50 continue
51 ;;
52 esac
53 OLDIFS="$IFS"
54 IFS=","
55 for OPT in $OPTS; do
56 case "$OPT" in
57 sec=krb5|sec=krb5i|sec=krb5p)
58 AUTO_NEED_GSSD=yes
59 ;;
60 esac
61 done
62 IFS="$OLDIFS"
63 done
64
65 exec 0<&9 9<&-
66fi
67
68case "$NEED_STATD" in
69 yes|no)
70 ;;
71 *)
72 NEED_STATD=yes
73 ;;
74esac
75
76case "$NEED_IDMAPD" in
77 yes|no)
78 ;;
79 *)
80 NEED_IDMAPD=yes
81 ;;
82esac
83
84case "$NEED_GSSD" in
85 yes|no)
86 ;;
87 *)
88 NEED_GSSD=$AUTO_NEED_GSSD
89 ;;
90esac
91
92do_modprobe() {
93 if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
94 then
95 modprobe -q "$1" || true
96 fi
97}
98
99do_mount() {
100 if ! grep -E -qs "$1\$" /proc/filesystems
101 then
102 return 1
103 fi
104 if ! mountpoint -q "$2"
105 then
106 mount -t "$1" "$1" "$2"
107 return
108 fi
109 return 0
110}
111
112do_umount() {
113 if mountpoint -q "$1"
114 then
115 umount "$1"
116 fi
117 return 0
118}
119
120# See how we were called.
121case "$1" in
122 start)
123 echo -n "Starting $DESC ..."
124
125 if [ "$NEED_STATD" = yes ]; then
126 echo -n " statd"
127
128 # See if rpcbind is running
129 if [ -x /usr/sbin/rpcinfo ]; then
130 /usr/sbin/rpcinfo -p >/dev/null 2>&1
131 RET=$?
132 if [ $RET != 0 ]; then
133 echo
134 echo "Not starting: portmapper is not running"
135 exit 0
136 fi
137 fi
138 start-stop-daemon --start --oknodo --quiet \
139 --pidfile /run/rpc.statd.pid \
140 --exec /usr/sbin/rpc.statd
141 RET=$?
142 if [ $RET != 0 ]; then
143 echo " failed" $RET
144 exit $RET
145 else
146 if [ -d /run/sendsigs.omit.d ]; then
147 rm -f /run/sendsigs.omit.d/statd
148 ln -s /run/rpc.statd.pid /run/sendsigs.omit.d/statd
149 fi
150 fi
151 fi
152
153 # Don't start idmapd and gssd if we don't have them (say, if /usr is not
154 # up yet).
155 [ -x /usr/sbin/rpc.idmapd ] || NEED_IDMAPD=no
156 [ -x /usr/sbin/rpc.gssd ] || NEED_GSSD=no
157
158 if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ]
159 then
160 do_modprobe sunrpc
161 do_modprobe nfs
162 do_modprobe nfsd
163 mkdir -p "$PIPEFS_MOUNTPOINT"
164 if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT
165 then
166 if [ "$NEED_IDMAPD" = yes ]
167 then
168 ecno -n " idmapd"
169 start-stop-daemon --start --oknodo --quiet \
170 --exec /usr/sbin/rpc.idmapd
171 RET=$?
172 if [ $RET != 0 ]; then
173 echo " failed" $RET
174 exit $RET
175 fi
176 fi
177 if [ "$NEED_GSSD" = yes ]
178 then
179 do_modprobe rpcsec_gss_krb5
180 echo -n " gssd"
181
182 start-stop-daemon --start --oknodo --quiet \
183 --exec /usr/sbin/rpc.gssd
184 RET=$?
185 if [ $RET != 0 ]; then
186 echo " failed" $RET
187 exit $RET
188 fi
189 fi
190 fi
191 fi
192 echo " done"
193 ;;
194
195 stop)
196 echo -n "Stopping $DESC ..."
197
198 if [ "$NEED_GSSD" = yes ]
199 then
200 echo -n " gssd"
201 start-stop-daemon --stop --oknodo --quiet \
202 --name rpc.gssd
203 RET=$?
204 if [ $RET != 0 ]; then
205 echo " failed" $RET
206 exit $RET
207 fi
208 fi
209 if [ "$NEED_IDMAPD" = yes ]
210 then
211 echo -n " idmapd"
212 start-stop-daemon --stop --oknodo --quiet \
213 --name rpc.idmapd
214 RET=$?
215 if [ $RET != 0 ]; then
216 echo " failed" $RET
217 exit $RET
218 fi
219 fi
220 if [ "$NEED_STATD" = yes ]
221 then
222 echo -n " statd"
223 start-stop-daemon --stop --oknodo --quiet \
224 --name rpc.statd
225 RET=$?
226 if [ $RET != 0 ]; then
227 echo " failed" $RET
228 exit $RET
229 fi
230 fi
231 do_umount $PIPEFS_MOUNTPOINT 2>/dev/null || true
232 echo " done"
233 ;;
234
235 status)
236 if [ "$NEED_STATD" = yes ]
237 then
238 if ! pidof rpc.statd >/dev/null
239 then
240 echo "rpc.statd not running"
241 exit 3
242 fi
243 fi
244
245 if [ "$NEED_GSSD" = yes ]
246 then
247 if ! pidof rpc.gssd >/dev/null
248 then
249 echo "rpc.gssd not running"
250 exit 3
251 fi
252 fi
253
254 if [ "$NEED_IDMAPD" = yes ]
255 then
256 if ! pidof rpc.idmapd >/dev/null
257 then
258 echo "rpc.idmapd not running"
259 exit 3
260 fi
261 fi
262
263 echo "all daemons running"
264 exit 0
265 ;;
266
267 restart | force-reload)
268 $0 stop
269 sleep 1
270 $0 start
271 ;;
272
273 *)
274 echo "Usage: nfscommon {start|stop|status|restart}"
275 exit 1
276 ;;
277esac
278
279exit 0
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
deleted file mode 100644
index 99ec280b35..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ /dev/null
@@ -1,135 +0,0 @@
1#!/bin/sh
2
3### BEGIN INIT INFO
4# Provides: nfs-kernel-server
5# Required-Start: $remote_fs nfs-common $portmap $time
6# Required-Stop: $remote_fs nfs-common $portmap $time
7# Should-Start: $named
8# Default-Start: 2 3 4 5
9# Default-Stop: 0 1 6
10# Short-Description: Kernel NFS server support
11# Description: NFS is a popular protocol for file sharing across
12# TCP/IP networks. This service provides NFS server
13# functionality, which is configured via the
14# /etc/exports file.
15### END INIT INFO
16#
17# Startup script for nfs-utils
18#
19# Source function library.
20. /etc/init.d/functions
21#
22# The environment variable NFS_SERVERS may be set in /etc/default/nfsd
23# Other control variables may be overridden here too
24test -r /etc/default/nfs-utils && . /etc/default/nfs-utils
25#
26# Location of executables:
27test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd
28test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd
29test -x "$NFS_SVCGSSD" || NFS_SVCGSSD=/usr/sbin/rpc.svcgssd
30#
31# The user mode program must also exist (it just starts the kernel
32# threads using the kernel module code).
33test -x "$NFS_MOUNTD" || exit 0
34test -x "$NFS_NFSD" || exit 0
35
36case "$NEED_SVCGSSD" in
37 yes|no)
38 ;;
39 *)
40 NEED_SVCGSSD=no
41 ;;
42esac
43#
44#----------------------------------------------------------------------
45# Startup and shutdown functions.
46# Actual startup/shutdown is at the end of this file.
47#mountd
48start_mountd(){
49 echo -n 'starting mountd: '
50 start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@"
51 echo done
52}
53stop_mountd(){
54 echo -n 'stopping mountd: '
55 start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD"
56 echo done
57}
58#
59#svcgssd
60start_svcgssd(){
61 modprobe -q rpcsec_gss_krb5
62 if [ "$NEED_SVCGSSD" = "yes" ]; then
63 echo -n "starting svcgssd: "
64 start-stop-daemon --start --exec "$NFS_SVCGSSD" -- "$@"
65 echo done
66 fi
67}
68stop_svcgssd(){
69 if [ "$NEED_SVCGSSD" = "yes" ]; then
70 echo -n "stop svcgssd: "
71 start-stop-daemon --stop --exec "$NFS_SVCGSSD"
72 echo done
73 fi
74}
75#nfsd
76start_nfsd(){
77 modprobe -q nfsd
78 grep -q nfsd /proc/filesystems || {
79 echo NFS daemon support not enabled in kernel
80 exit 1
81 }
82 grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd
83 grep -q nfsd /proc/mounts || {
84 echo nfsd filesystem could not be mounted at /proc/fs/nfsd
85 exit 1
86 }
87
88 echo -n "starting nfsd: "
89 start-stop-daemon --start --exec "$NFS_NFSD" -- "$@"
90 echo done
91}
92stop_nfsd(){
93 echo -n 'stopping nfsd: '
94 $NFS_NFSD 0
95 if pidof nfsd
96 then
97 echo failed
98 else
99 echo done
100 fi
101}
102
103#----------------------------------------------------------------------
104#
105# supported options:
106# start
107# stop
108# reload: reloads the exports file
109# restart: stops and starts mountd
110#FIXME: need to create the /var/lib/nfs/... directories
111case "$1" in
112 start)
113 test -r /etc/exports && exportfs -r
114 start_nfsd
115 start_svcgssd
116 start_mountd
117 test -r /etc/exports && exportfs -a;;
118 stop) exportfs -ua
119 stop_mountd
120 stop_svcgssd
121 stop_nfsd;;
122 status)
123 status /usr/sbin/rpc.mountd
124 RETVAL=$?
125 status nfsd
126 rval=$?
127 [ $RETVAL -eq 0 ] && exit $rval
128 exit $RETVAL;;
129 reload) test -r /etc/exports && exportfs -r;;
130 restart)
131 $0 stop
132 $0 start;;
133 *) echo "Usage: $0 {start|stop|status|reload|restart}"
134 exit 1;;
135esac
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb
deleted file mode 100644
index b68a55edcd..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb
+++ /dev/null
@@ -1,159 +0,0 @@
1SUMMARY = "userspace utilities for kernel nfs"
2DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \
3NFS server and related tools."
4HOMEPAGE = "http://nfs.sourceforge.net/"
5SECTION = "console/network"
6
7LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause"
8LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
9
10# util-linux for libblkid
11DEPENDS = "libcap libevent util-linux sqlite3 libtirpc libxml2"
12RDEPENDS:${PN} = "${PN}-client"
13RRECOMMENDS:${PN} = "kernel-module-nfsd"
14
15inherit useradd
16
17USERADD_PACKAGES = "${PN}-client"
18USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \
19 --shell /bin/false --user-group rpcuser"
20
21SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
22 file://nfsserver \
23 file://nfscommon \
24 file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
25 file://0004-Use-nogroup-for-nobody-group.patch \
26 file://0005-find-OE-provided-Kerberos.patch \
27 "
28
29SRC_URI[sha256sum] = "11c4cc598a434d7d340bad3e072a373ba1dcc2c49f855d44b202222b78ecdbf5"
30
31# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
32# pull in the remainder of the dependencies.
33
34INITSCRIPT_PACKAGES = "${PN} ${PN}-client"
35INITSCRIPT_NAME = "nfsserver"
36INITSCRIPT_PARAMS = "defaults"
37INITSCRIPT_NAME:${PN}-client = "nfscommon"
38INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21"
39
40inherit autotools-brokensep update-rc.d systemd pkgconfig
41
42SYSTEMD_PACKAGES = "${PN} ${PN}-client"
43SYSTEMD_SERVICE:${PN} = "nfs-server.service"
44SYSTEMD_SERVICE:${PN}-client = "nfs-client.target"
45
46# --enable-uuid is need for cross-compiling
47EXTRA_OECONF = "--with-statduser=rpcuser \
48 --enable-mountconfig \
49 --enable-libmount-mount \
50 --enable-uuid \
51 --with-statdpath=/var/lib/nfs/statd \
52 --with-pluginpath=${libdir}/libnfsidmap \
53 --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \
54 "
55
56LDFLAGS += "-lsqlite3 -levent"
57
58PACKAGECONFIG ??= "tcp-wrappers \
59 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} \
60"
61
62PACKAGECONFIG:remove:libc-musl = "tcp-wrappers"
63#krb5 is available in meta-oe
64PACKAGECONFIG[gssapi] = "--with-krb5=${STAGING_EXECPREFIXDIR} --enable-gss --enable-svcgss,--disable-gss --disable-svcgss,krb5"
65PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
66PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
67# libdevmapper is available in meta-oe
68PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper"
69# keyutils is available in meta-oe
70PACKAGECONFIG[nfsv4] = "--enable-nfsv4 --enable-nfsdcltrack,--disable-nfsv4 --disable-nfsdcltrack,keyutils,python3-core"
71PACKAGECONFIG[nfsdctl] = "--enable-nfsdctl,--disable-nfsdctl,libnl readline,"
72PACKAGECONFIG[systemd] = "--with-systemd=${systemd_unitdir}/system,--without-systemd"
73
74PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl"
75
76CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \
77 ${localstatedir}/lib/nfs/rmtab \
78 ${localstatedir}/lib/nfs/xtab \
79 ${localstatedir}/lib/nfs/statd/state \
80 ${sysconfdir}/idmapd.conf \
81 ${sysconfdir}/nfs.conf \
82 ${sysconfdir}/nfsmount.conf"
83
84FILES:${PN}-client = "${sbindir}/*statd \
85 ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
86 ${sbindir}/showmount ${sbindir}/nfsstat \
87 ${sbindir}/rpc.gssd \
88 ${sbindir}/nfsconf \
89 ${libdir}/libnfsidmap.so.* \
90 ${libdir}/libnfsidmap/*.so \
91 ${libexecdir}/nfsrahead \
92 ${localstatedir}/lib/nfs \
93 ${sysconfdir}/idmapd.conf \
94 ${sysconfdir}/init.d/nfscommon \
95 ${sysconfdir}/nfs.conf \
96 ${sysconfdir}/nfsmount.conf \
97 ${systemd_system_unitdir}/auth-rpcgss-module.service \
98 ${systemd_system_unitdir}/nfs-client.target \
99 ${systemd_system_unitdir}/nfs-idmapd.service \
100 ${systemd_system_unitdir}/nfs-statd.service \
101 ${systemd_system_unitdir}/nfscommon.service \
102 ${systemd_system_unitdir}/rpc-gssd.service \
103 ${systemd_system_unitdir}/rpc-statd-notify.service \
104 ${systemd_system_unitdir}/rpc-statd.service \
105 ${systemd_system_unitdir}/rpc_pipefs.target \
106 ${systemd_system_unitdir}/var-lib-nfs-rpc_pipefs.mount \
107 ${nonarch_libdir}/udev/rules.d/*"
108RDEPENDS:${PN}-client = "${PN}-mount rpcbind"
109
110FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*"
111
112FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts"
113RDEPENDS:${PN}-stats = "python3-core"
114
115FILES:${PN}-rpcctl = "${sbindir}/rpcctl"
116RDEPENDS:${PN}-rpcctl = "python3-core"
117
118FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a"
119
120FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d"
121
122do_configure:prepend() {
123 sed -i -e 's,sbindir = .*,sbindir = ${base_sbindir},g' \
124 -e 's,udev_rulesdir = .*,udev_rulesdir = ${nonarch_base_libdir}/udev/rules.d/,g' \
125 ${S}/utils/mount/Makefile.am ${S}/utils/nfsdcltrack/Makefile.am \
126 ${S}/systemd/Makefile.am ${S}/tools/nfsrahead/Makefile.am
127}
128
129# Make clean needed because the package comes with
130# precompiled 64-bit objects that break the build
131do_compile:prepend() {
132 make clean
133}
134
135# Works on systemd only
136HIGH_RLIMIT_NOFILE ??= "4096"
137
138do_install:append () {
139 install -d ${D}${sysconfdir}/init.d
140 install -m 0755 ${UNPACKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
141 install -m 0755 ${UNPACKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon
142
143 install -m 0644 ${S}/support/nfsidmap/idmapd.conf ${D}${sysconfdir}
144 install -m 0644 ${S}/nfs.conf ${D}${sysconfdir}
145
146 install -d ${D}${systemd_system_unitdir}
147 # Retain historical service name so old scripts keep working
148 ln -s rpc-statd.service ${D}${systemd_system_unitdir}/nfs-statd.service
149 # Add compatibility symlinks for the sysvinit scripts
150 ln -s nfs-server.service ${D}${systemd_system_unitdir}/nfsserver.service
151 ln -s /dev/null ${D}${systemd_system_unitdir}/nfscommon.service
152
153 # kernel code as of 3.8 hard-codes this path as a default
154 install -d ${D}/var/lib/nfs/v4recovery
155
156 # chown the directories and files
157 chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
158 chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
159}
diff --git a/meta/recipes-connectivity/ofono/ofono/ofono b/meta/recipes-connectivity/ofono/ofono/ofono
deleted file mode 100644
index cc9970929c..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/ofono
+++ /dev/null
@@ -1,42 +0,0 @@
1#!/bin/sh
2
3DAEMON=/usr/sbin/ofonod
4PIDFILE=/var/run/ofonod.pid
5DESC="Telephony daemon"
6
7if [ -f /etc/default/ofono ] ; then
8 . /etc/default/ofono
9fi
10
11set -e
12
13do_start() {
14 $DAEMON
15}
16
17do_stop() {
18 start-stop-daemon --stop --name ofonod --quiet
19}
20
21case "$1" in
22 start)
23 echo "Starting $DESC"
24 do_start
25 ;;
26 stop)
27 echo "Stopping $DESC"
28 do_stop
29 ;;
30 restart|force-reload)
31 echo "Restarting $DESC"
32 do_stop
33 sleep 1
34 do_start
35 ;;
36 *)
37 echo "Usage: $0 {start|stop|restart|force-reload}" >&2
38 exit 1
39 ;;
40esac
41
42exit 0
diff --git a/meta/recipes-connectivity/ofono/ofono_2.18.bb b/meta/recipes-connectivity/ofono/ofono_2.18.bb
deleted file mode 100644
index e2666b3e7e..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_2.18.bb
+++ /dev/null
@@ -1,46 +0,0 @@
1SUMMARY = "open source telephony"
2DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
3HOMEPAGE = "http://www.ofono.org"
4BUGTRACKER = "https://01.org/jira/browse/OF"
5LICENSE = "GPL-2.0-only"
6LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
7 file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277"
8DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
9
10SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
11 file://ofono \
12 "
13SRC_URI[sha256sum] = "f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00"
14
15inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
16
17INITSCRIPT_NAME = "ofono"
18INITSCRIPT_PARAMS = "defaults 22"
19SYSTEMD_SERVICE:${PN} = "ofono.service"
20
21PACKAGECONFIG ??= "\
22 ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
23 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
24"
25PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir="
26PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
27
28EXTRA_OECONF += "--enable-test --enable-external-ell"
29
30do_install:append() {
31 install -d ${D}${sysconfdir}/init.d/
32 install -m 0755 ${UNPACKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
33}
34
35PACKAGES =+ "${PN}-tests"
36
37FILES:${PN} += "${systemd_unitdir}"
38FILES:${PN}-tests = "${libdir}/${BPN}/test"
39
40RDEPENDS:${PN}-tests = "\
41 python3-core \
42 python3-dbus \
43 ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
44"
45
46RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
deleted file mode 100644
index f424288e37..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From 5cc897fe2effe549e1e280c2f606bce8b532b61e Mon Sep 17 00:00:00 2001
2From: Mikko Rapeli <mikko.rapeli@linaro.org>
3Date: Mon, 11 Sep 2023 09:55:21 +0100
4Subject: [PATCH] regress/banner.sh: log input and output files on error
5
6Some test environments like yocto with qemu are seeing these
7tests failing. There may be additional error messages in the
8stderr of ssh cloent command. busybox cmp shows this error when
9first input file has less new line characters then second
10input file:
11
12cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
13
14Logging the full banner.out will show what other error messages
15are captured in addition of the expected banner.
16
17Full log of a failing banner test runs is:
18
19run test banner.sh ...
20test banner: missing banner file
21test banner: size 0
22cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
23banner size 0 mismatch
24test banner: size 10
25test banner: size 100
26cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
27banner size 100 mismatch
28test banner: size 1000
29test banner: size 10000
30test banner: size 100000
31test banner: suppress banner (-q)
32FAIL: banner
33return value: 1
34
35See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
36
37Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437]
38
39Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
40Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
41---
42 regress/banner.sh | 4 +++-
43 1 file changed, 3 insertions(+), 1 deletion(-)
44
45diff --git a/regress/banner.sh b/regress/banner.sh
46index a84feb5..de84957 100644
47--- a/regress/banner.sh
48+++ b/regress/banner.sh
49@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do
50 verbose "test $tid: size $s"
51 ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
52 cmp $OBJ/banner.in $OBJ/banner.out ) || \
53- fail "banner size $s mismatch"
54+ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \
55+ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \
56+ fail "banner size $s mismatch" )
57 done
58
59 trace "test suppress banner (-q)"
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
deleted file mode 100644
index 360b62af34..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From 9dcccafe44ea17e972e7cddea205bbe9fe71d8d6 Mon Sep 17 00:00:00 2001
2From: Jose Quaresma <jose.quaresma@foundries.io>
3Date: Mon, 15 Jul 2024 18:43:08 +0100
4Subject: [PATCH] regress/test-exec: use the absolute path in the SSH env
5
6The SSHAGENT_BIN was changed in [1] to SSH_BIN but
7the last one don't use the absolute path and consequently
8the function increase_datafile_size can loops forever
9if the binary not found.
10
11[1] https://github.com/openssh/openssh-portable/commit/a68f80f2511f0e0c5cef737a8284cc2dfabad818
12
13Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/510]
14
15Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
16---
17 regress/test-exec.sh | 5 +++++
18 1 file changed, 5 insertions(+)
19
20diff --git a/regress/test-exec.sh b/regress/test-exec.sh
21index 8a00c72..2891f27 100644
22--- a/regress/test-exec.sh
23+++ b/regress/test-exec.sh
24@@ -179,6 +179,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then
25 fi
26
27 # Path to sshd must be absolute for rexec
28+case "$SSH" in
29+/*) ;;
30+*) SSH=`which $SSH` ;;
31+esac
32+
33 case "$SSHD" in
34 /*) ;;
35 *) SSHD=`which $SSHD` ;;
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
deleted file mode 100644
index 8887e3af13..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ /dev/null
@@ -1,90 +0,0 @@
1#! /bin/sh
2set -e
3
4PIDFILE=/var/run/sshd.pid
5
6# source function library
7. /etc/init.d/functions
8
9# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
10
11test -x /usr/sbin/sshd || exit 0
12( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
13
14# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
15if test -f /etc/default/ssh; then
16 . /etc/default/ssh
17fi
18
19[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
20mkdir -p $SYSCONFDIR
21
22check_for_no_start() {
23 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
24 if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
25 echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
26 exit 0
27 fi
28}
29
30check_privsep_dir() {
31 # Create the PrivSep empty dir if necessary
32 if [ ! -d /var/run/sshd ]; then
33 mkdir /var/run/sshd
34 chmod 0755 /var/run/sshd
35 fi
36}
37
38check_config() {
39 /usr/sbin/sshd $SSHD_OPTS -t || exit 1
40}
41
42export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
43
44case "$1" in
45 start)
46 check_for_no_start
47 echo "Starting OpenBSD Secure Shell server: sshd"
48 @LIBEXECDIR@/sshd_check_keys
49 check_privsep_dir
50 start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
51 echo "done."
52 ;;
53 stop)
54 echo -n "Stopping OpenBSD Secure Shell server: sshd"
55 start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
56 echo "."
57 ;;
58
59 reload|force-reload)
60 check_for_no_start
61 @LIBEXECDIR@/sshd_check_keys
62 check_config
63 echo -n "Reloading OpenBSD Secure Shell server's configuration"
64 start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
65 echo "."
66 ;;
67
68 restart)
69 @LIBEXECDIR@/sshd_check_keys
70 check_config
71 echo -n "Restarting OpenBSD Secure Shell server: sshd"
72 start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
73 check_for_no_start
74 check_privsep_dir
75 sleep 2
76 start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
77 echo "."
78 ;;
79
80 status)
81 status /usr/sbin/sshd
82 exit $?
83 ;;
84
85 *)
86 echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}"
87 exit 1
88esac
89
90exit 0
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
deleted file mode 100755
index c9100f9f37..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ /dev/null
@@ -1,60 +0,0 @@
1#!/bin/sh
2
3export TEST_SSH_SSH=ssh
4export TEST_SHELL=sh
5export SKIP_UNIT=1
6
7cd regress
8
9# copied from openssh-portable/.github/run_test.sh
10output_failed_logs() {
11 for i in failed*.log; do
12 if [ -f "$i" ]; then
13 echo -------------------------------------------------------------------------
14 echo LOGFILE $i
15 cat $i
16 echo -------------------------------------------------------------------------
17 fi
18 done
19}
20trap output_failed_logs 0
21
22sed -i "/\t\tagent-ptrace /d" Makefile
23make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \
24 | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
25
26SSHAGENT=`which ssh-agent`
27GDB=`which gdb`
28
29if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then
30 echo "SKIP: agent-ptrace"
31 exit
32fi
33
34useradd openssh-test
35
36eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null
37r=$?
38if [ $r -ne 0 ]; then
39 echo "FAIL: could not start ssh-agent: exit code $r"
40else
41 su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF
42 quit
43EOF
44 r=$?
45 if [ $r -ne 0 ]; then
46 echo "gdb failed: exit code $r"
47 fi
48 egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out
49 r=$?
50 rm -f /tmp/gdb.out
51 if [ $r -ne 0 ]; then
52 echo "FAIL: ptrace agent"
53 else
54 echo "PASS: ptrace agent"
55 fi
56
57 ${SSHAGENT} -k > /dev/null
58fi
59userdel openssh-test
60
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
deleted file mode 100644
index cb2774a163..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ /dev/null
@@ -1,48 +0,0 @@
1# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
2
3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for
5# users, and the values can be changed in per-user configuration files
6# or on the command line.
7
8# Configuration data is parsed as follows:
9# 1. command line options
10# 2. user-specific file
11# 3. system-wide file
12# Any configuration value is only changed the first time it is set.
13# Thus, host-specific definitions should be at the beginning of the
14# configuration file, and defaults at the end.
15
16# Site-wide defaults for some commonly used options. For a comprehensive
17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page.
19
20Include /etc/ssh/ssh_config.d/*.conf
21
22# Host *
23# ForwardAgent no
24# ForwardX11 no
25# PasswordAuthentication yes
26# HostbasedAuthentication no
27# GSSAPIAuthentication no
28# GSSAPIDelegateCredentials no
29# BatchMode no
30# CheckHostIP yes
31# AddressFamily any
32# ConnectTimeout 0
33# StrictHostKeyChecking ask
34# IdentityFile ~/.ssh/id_rsa
35# IdentityFile ~/.ssh/id_dsa
36# IdentityFile ~/.ssh/id_ecdsa
37# IdentityFile ~/.ssh/id_ed25519
38# Port 22
39# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
40# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
41# EscapeChar ~
42# Tunnel no
43# TunnelDevice any:any
44# PermitLocalCommand no
45# VisualHostKey no
46# ProxyCommand ssh -q -W %h:%p gateway.example.com
47# RekeyLimit 1G 1h
48# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd b/meta/recipes-connectivity/openssh/openssh/sshd
deleted file mode 100644
index cf675a4dad..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd
+++ /dev/null
@@ -1,10 +0,0 @@
1#%PAM-1.0
2
3auth include common-auth
4account required pam_nologin.so
5account include common-account
6password include common-password
7session optional pam_keyinit.so force revoke
8session include common-session
9session required pam_loginuid.so
10session required pam_env.so
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
deleted file mode 100644
index c71fff1cc1..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd.service
+++ /dev/null
@@ -1,18 +0,0 @@
1[Unit]
2Description=OpenSSH server daemon
3Wants=sshdgenkeys.service
4After=sshdgenkeys.service
5After=nss-user-lookup.target
6
7[Service]
8Type=notify-reload
9Environment="SSHD_OPTS="
10EnvironmentFile=-/etc/default/ssh
11ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
12ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS
13KillMode=process
14Restart=on-failure
15RestartSec=42s
16
17[Install]
18WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
deleted file mode 100644
index 7dd2ed0626..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ /dev/null
@@ -1,12 +0,0 @@
1[Unit]
2Conflicts=sshd.service
3Wants=sshdgenkeys.service
4After=nss-user-lookup.target
5
6[Socket]
7ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
8ListenStream=22
9Accept=yes
10
11[Install]
12WantedBy=sockets.target
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
deleted file mode 100644
index 9d9965e624..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ /dev/null
@@ -1,10 +0,0 @@
1[Unit]
2Description=OpenSSH Per-Connection Daemon
3After=sshdgenkeys.service
4
5[Service]
6Environment="SSHD_OPTS="
7EnvironmentFile=-/etc/default/ssh
8ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS
9StandardInput=socket
10KillMode=process
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
deleted file mode 100644
index bbb6a14908..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ /dev/null
@@ -1,78 +0,0 @@
1#! /bin/sh
2
3generate_key() {
4 local FILE=$1
5 local TYPE=$2
6 local DIR="$(dirname "$FILE")"
7
8 mkdir -p "$DIR"
9 rm -f ${FILE}.tmp
10 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
11 chmod go-rwx "$FILE.tmp"
12 # Atomically rename file public key
13 mv -f "${FILE}.tmp.pub" "${FILE}.pub"
14
15 # This sync does double duty: Ensuring that the data in the temporary
16 # private key file is on disk before the rename, and ensuring that the
17 # public key rename is completed before the private key rename, since we
18 # switch on the existence of the private key to trigger key generation.
19 # This does mean it is possible for the public key to exist, but be garbage
20 # but this is OK because in that case the private key won't exist and the
21 # keys will be regenerated.
22 #
23 # In the event that sync understands arguments that limit what it tries to
24 # fsync(), we provided them. If it does not, it will simply call sync()
25 # which is just as well
26 sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
27
28 mv "${FILE}.tmp" "$FILE"
29
30 # sync to ensure the atomic rename is committed
31 sync "$DIR"
32}
33
34# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
35if test -f /etc/default/ssh; then
36 . /etc/default/ssh
37fi
38
39[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
40mkdir -p $SYSCONFDIR
41
42# parse sshd options
43set -- ${SSHD_OPTS} --
44sshd_config=/etc/ssh/sshd_config
45while true ; do
46 case "$1" in
47 -f*) if [ "$1" = "-f" ] ; then
48 sshd_config="$2"
49 shift
50 else
51 sshd_config="${1#-f}"
52 fi
53 shift
54 ;;
55 --) shift; break;;
56 *) shift;;
57 esac
58done
59
60HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ')
61
62for key in ${HOST_KEYS} ; do
63 [ -f $key ] && continue
64 case $key in
65 *_rsa_key)
66 echo " generating ssh RSA host key..."
67 generate_key $key rsa
68 ;;
69 *_ecdsa_key)
70 echo " generating ssh ECDSA host key..."
71 generate_key $key ecdsa
72 ;;
73 *_ed25519_key)
74 echo " generating ssh ED25519 host key..."
75 generate_key $key ed25519
76 ;;
77 esac
78done
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
deleted file mode 100644
index e9eaf93157..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ /dev/null
@@ -1,119 +0,0 @@
1# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
2
3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information.
5
6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
8# The strategy used for options in the default sshd_config shipped with
9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options override the
11# default value.
12
13Include /etc/ssh/sshd_config.d/*.conf
14
15#Port 22
16#AddressFamily any
17#ListenAddress 0.0.0.0
18#ListenAddress ::
19
20#HostKey /etc/ssh/ssh_host_rsa_key
21#HostKey /etc/ssh/ssh_host_ecdsa_key
22#HostKey /etc/ssh/ssh_host_ed25519_key
23
24# Ciphers and keying
25#RekeyLimit default none
26
27# Logging
28#SyslogFacility AUTH
29#LogLevel INFO
30
31# Authentication:
32
33#LoginGraceTime 2m
34#PermitRootLogin prohibit-password
35#StrictModes yes
36#MaxAuthTries 6
37#MaxSessions 10
38
39#PubkeyAuthentication yes
40
41# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
42# but this is overridden so installations will only check .ssh/authorized_keys
43AuthorizedKeysFile .ssh/authorized_keys
44
45#AuthorizedPrincipalsFile none
46
47#AuthorizedKeysCommand none
48#AuthorizedKeysCommandUser nobody
49
50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51#HostbasedAuthentication no
52# Change to yes if you don't trust ~/.ssh/known_hosts for
53# HostbasedAuthentication
54#IgnoreUserKnownHosts no
55# Don't read the user's ~/.rhosts and ~/.shosts files
56#IgnoreRhosts yes
57
58# To disable tunneled clear text passwords, change to no here!
59#PasswordAuthentication yes
60#PermitEmptyPasswords no
61
62# Change to yes to enable keyboard-interactive authentication (beware issues
63# with some PAM modules and threads)
64KbdInteractiveAuthentication no
65
66# Kerberos options
67#KerberosAuthentication no
68#KerberosOrLocalPasswd yes
69#KerberosTicketCleanup yes
70#KerberosGetAFSToken no
71
72# GSSAPI options
73#GSSAPIAuthentication no
74#GSSAPICleanupCredentials yes
75
76# Set this to 'yes' to enable PAM authentication, account processing,
77# and session processing. If this is enabled, PAM authentication will
78# be allowed through the KbdInteractiveAuthentication and
79# PasswordAuthentication. Depending on your PAM configuration,
80# PAM authentication via KbdInteractiveAuthentication may bypass
81# the setting of "PermitRootLogin without-password".
82# If you just want the PAM account and session checks to run without
83# PAM authentication, then enable this but set PasswordAuthentication
84# and KbdInteractiveAuthentication to 'no'.
85#UsePAM no
86
87#AllowAgentForwarding yes
88#AllowTcpForwarding yes
89#GatewayPorts no
90#X11Forwarding no
91#X11DisplayOffset 10
92#X11UseLocalhost yes
93#PermitTTY yes
94#PrintMotd yes
95#PrintLastLog yes
96#TCPKeepAlive yes
97#PermitUserEnvironment no
98Compression no
99ClientAliveInterval 15
100ClientAliveCountMax 4
101#UseDNS no
102#PidFile /var/run/sshd.pid
103#MaxStartups 10:30:100
104#PermitTunnel no
105#ChrootDirectory none
106#VersionAddendum none
107
108# no default banner path
109#Banner none
110
111# override default of no subsystems
112Subsystem sftp /usr/libexec/sftp-server
113
114# Example of overriding settings on a per-user basis
115#Match User anoncvs
116# X11Forwarding no
117# AllowTcpForwarding no
118# PermitTTY no
119# ForceCommand cvs server
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
deleted file mode 100644
index fd81793d51..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ /dev/null
@@ -1,9 +0,0 @@
1[Unit]
2Description=OpenSSH Key Generation
3RequiresMountsFor=/var /run
4
5[Service]
6ExecStart=@LIBEXECDIR@/sshd_check_keys
7Type=oneshot
8RemainAfterExit=yes
9Nice=10
diff --git a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
deleted file mode 100644
index a0d2af3c65..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
+++ /dev/null
@@ -1,2 +0,0 @@
1d root root 0755 /var/run/sshd none
2f root root 0644 /var/log/lastlog none
diff --git a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb b/meta/recipes-connectivity/openssh/openssh_10.1p1.bb
deleted file mode 100644
index 83b6183858..0000000000
--- a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb
+++ /dev/null
@@ -1,227 +0,0 @@
1SUMMARY = "A suite of security-related network utilities based on \
2the SSH protocol including the ssh client and sshd server"
3DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
4Ssh (Secure Shell) is a program for logging into a remote machine \
5and for executing commands on a remote machine."
6HOMEPAGE = "http://www.openssh.com/"
7SECTION = "console/network"
8LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT"
9LIC_FILES_CHKSUM = "file://LICENCE;md5=78ffb36e5a48c0d8c5648603a3b6c8eb"
10
11DEPENDS = "zlib openssl virtual/crypt"
12DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
13
14SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
15 file://sshd_config \
16 file://ssh_config \
17 file://init \
18 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
19 file://sshd.service \
20 file://sshd.socket \
21 file://sshd@.service \
22 file://sshdgenkeys.service \
23 file://volatiles.99_sshd \
24 file://run-ptest \
25 file://sshd_check_keys \
26 file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
27 file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
28 "
29SRC_URI[sha256sum] = "b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758"
30
31CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
32
33# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
34# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
35CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
36Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
37
38CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
39CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."
40
41PAM_SRC_URI = "file://sshd"
42
43inherit manpages useradd update-rc.d update-alternatives systemd
44
45USERADD_PACKAGES = "${PN}-sshd"
46USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
47INITSCRIPT_PACKAGES = "${PN}-sshd"
48INITSCRIPT_NAME:${PN}-sshd = "sshd"
49INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
50
51SYSTEMD_PACKAGES = "${PN}-sshd"
52SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}"
53
54inherit autotools-brokensep ptest pkgconfig
55
56# systemd-sshd-socket-mode means installing sshd.socket
57# and systemd-sshd-service-mode corresponding to sshd.service
58PACKAGECONFIG ??= "systemd-sshd-socket-mode hostkey-ecdsa"
59PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2"
60PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
61PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
62PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
63PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
64PACKAGECONFIG[systemd-sshd-socket-mode] = ""
65PACKAGECONFIG[systemd-sshd-service-mode] = ""
66PACKAGECONFIG[hostkey-rsa] = ""
67PACKAGECONFIG[hostkey-ecdsa] = ""
68PACKAGECONFIG[hostkey-ed25519] = ""
69
70EXTRA_AUTORECONF += "--exclude=aclocal"
71
72# login path is hardcoded in sshd
73EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
74 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
75 --without-zlib-version-check \
76 --with-privsep-path=${localstatedir}/run/sshd \
77 --sysconfdir=${sysconfdir}/ssh \
78 --with-xauth=${bindir}/xauth \
79 --disable-strip \
80 "
81
82# musl doesn't implement wtmp/utmp and logwtmp
83EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
84
85# Work around ICE on mips/mips64 starting in 9.6p1
86EXTRA_OECONF:append:mips = " --without-hardening"
87EXTRA_OECONF:append:mips64 = " --without-hardening"
88
89# Work around ICE on powerpc64le starting in 9.6p1
90EXTRA_OECONF:append:powerpc64le = " --without-hardening"
91
92# Since we do not depend on libbsd, we do not want configure to use it
93# just because it finds libutil.h. But, specifying --disable-libutil
94# causes compile errors, so...
95CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
96
97# passwd path is hardcoded in sshd
98CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
99
100# We don't want to depend on libblockfile
101CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
102
103do_configure:prepend () {
104 export LD="${CC}"
105 install -m 0600 ${UNPACKDIR}/sshd_config ${B}/
106 install -m 0644 ${UNPACKDIR}/ssh_config ${B}/
107}
108
109do_compile_ptest() {
110 oe_runmake regress-binaries regress-unit-binaries
111}
112
113sshd_hostkey_setup() {
114 # Enable specific ssh host keys
115 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config
116 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
117 echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
118 fi
119 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
120 echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
121 fi
122 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
123 echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config
124 fi
125
126 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
127 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
128 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
129 fi
130 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
131 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
132 fi
133 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
134 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
135 fi
136}
137
138do_install:append () {
139 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
140 install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
141 sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
142 fi
143
144 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
145 sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
146 fi
147
148 install -d ${D}${sysconfdir}/init.d
149 install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/sshd
150 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
151 rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
152 install -d ${D}/${sysconfdir}/default/volatiles
153 install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
154 install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
155
156 # Limit sshd_config access to the owner (default is 0644)
157 chmod 0600 ${D}${sysconfdir}/ssh/sshd_config
158
159 # Create config files for read-only rootfs
160 install -d ${D}${sysconfdir}/ssh
161 install -m 0600 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
162
163 install -d ${D}${systemd_system_unitdir}
164 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
165 install -c -m 0644 ${UNPACKDIR}/sshd.socket ${D}${systemd_system_unitdir}
166 install -c -m 0644 ${UNPACKDIR}/sshd@.service ${D}${systemd_system_unitdir}
167 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
168 -e 's,@SBINDIR@,${sbindir},g' \
169 -e 's,@BINDIR@,${bindir},g' \
170 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
171 ${D}${systemd_system_unitdir}/sshd.socket
172 fi
173 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then
174 install -c -m 0644 ${UNPACKDIR}/sshd.service ${D}${systemd_system_unitdir}
175 fi
176 install -c -m 0644 ${UNPACKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
177 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
178 -e 's,@SBINDIR@,${sbindir},g' \
179 -e 's,@BINDIR@,${bindir},g' \
180 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
181 ${D}${systemd_system_unitdir}/*.service
182
183 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
184 ${D}${sysconfdir}/init.d/sshd
185
186 install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
187 sshd_hostkey_setup
188}
189
190do_install_ptest () {
191 sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
192 cp -r regress ${D}${PTEST_PATH}
193 cp config.h ${D}${PTEST_PATH}
194}
195
196ALLOW_EMPTY:${PN} = "1"
197
198PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
199FILES:${PN}-scp = "${bindir}/scp.${BPN}"
200FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
201FILES:${PN}-sshd = "${sbindir}/sshd ${libexecdir}/sshd-session ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
202FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
203FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys ${libexecdir}/sshd-auth"
204FILES:${PN}-sftp = "${bindir}/sftp"
205FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
206FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
207FILES:${PN}-keygen = "${bindir}/ssh-keygen"
208
209RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
210RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
211# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
212RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin"
213
214RPROVIDES:${PN}-ssh = "ssh"
215RPROVIDES:${PN}-sshd = "sshd"
216
217RCONFLICTS:${PN} = "dropbear"
218RCONFLICTS:${PN}-sshd = "dropbear"
219
220CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
221CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
222
223ALTERNATIVE_PRIORITY = "90"
224ALTERNATIVE:${PN}-scp = "scp"
225ALTERNATIVE:${PN}-ssh = "ssh"
226
227BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
deleted file mode 100644
index 0e75e34f9d..0000000000
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ /dev/null
@@ -1,24 +0,0 @@
1export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf"
2export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
3export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
4export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES"
5
6# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools
7# CAFILE/CAPATH is auto-deteced when source buildtools
8if [ -z "${SSL_CERT_FILE:-}" ]; then
9 if [ -n "${CAFILE:-}" ];then
10 export SSL_CERT_FILE="$CAFILE"
11 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
12 export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt"
13 fi
14fi
15
16if [ -z "${SSL_CERT_DIR:-}" ]; then
17 if [ -n "${CAPATH:-}" ];then
18 export SSL_CERT_DIR="$CAPATH"
19 elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
20 export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs"
21 fi
22fi
23
24export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
deleted file mode 100644
index 5b7365a353..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
+++ /dev/null
@@ -1,367 +0,0 @@
1From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001
2From: William Lyu <William.Lyu@windriver.com>
3Date: Fri, 20 Oct 2023 16:22:37 -0400
4Subject: [PATCH] Added handshake history reporting when test fails
5
6Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481]
7
8Signed-off-by: William Lyu <William.Lyu@windriver.com>
9---
10 test/helpers/handshake.c | 137 +++++++++++++++++++++++++++++----------
11 test/helpers/handshake.h | 70 +++++++++++++++++++-
12 test/ssl_test.c | 44 +++++++++++++
13 3 files changed, 217 insertions(+), 34 deletions(-)
14
15diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
16index f611b3a..5703b48 100644
17--- a/test/helpers/handshake.c
18+++ b/test/helpers/handshake.c
19@@ -25,6 +25,102 @@
20 #include <netinet/sctp.h>
21 #endif
22
23+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
24+/* Maps string names to various enumeration type */
25+typedef struct {
26+ const char *name;
27+ int value;
28+} enum_name_map;
29+
30+static const enum_name_map connect_phase_names[] = {
31+ {"Handshake", HANDSHAKE},
32+ {"RenegAppData", RENEG_APPLICATION_DATA},
33+ {"RenegSetup", RENEG_SETUP},
34+ {"RenegHandshake", RENEG_HANDSHAKE},
35+ {"AppData", APPLICATION_DATA},
36+ {"Shutdown", SHUTDOWN},
37+ {"ConnectionDone", CONNECTION_DONE}
38+};
39+
40+static const enum_name_map peer_status_names[] = {
41+ {"PeerSuccess", PEER_SUCCESS},
42+ {"PeerRetry", PEER_RETRY},
43+ {"PeerError", PEER_ERROR},
44+ {"PeerWaiting", PEER_WAITING},
45+ {"PeerTestFail", PEER_TEST_FAILURE}
46+};
47+
48+static const enum_name_map handshake_status_names[] = {
49+ {"HandshakeSuccess", HANDSHAKE_SUCCESS},
50+ {"ClientError", CLIENT_ERROR},
51+ {"ServerError", SERVER_ERROR},
52+ {"InternalError", INTERNAL_ERROR},
53+ {"HandshakeRetry", HANDSHAKE_RETRY}
54+};
55+
56+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
57+static const char *enum_name(const enum_name_map *enums, size_t num_enums,
58+ int value)
59+{
60+ size_t i;
61+ for (i = 0; i < num_enums; i++) {
62+ if (enums[i].value == value) {
63+ return enums[i].name;
64+ }
65+ }
66+ return "InvalidValue";
67+}
68+
69+const char *handshake_connect_phase_name(connect_phase_t phase)
70+{
71+ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names),
72+ (int)phase);
73+}
74+
75+const char *handshake_status_name(handshake_status_t handshake_status)
76+{
77+ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names),
78+ (int)handshake_status);
79+}
80+
81+const char *handshake_peer_status_name(peer_status_t peer_status)
82+{
83+ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names),
84+ (int)peer_status);
85+}
86+
87+static void save_loop_history(HANDSHAKE_HISTORY *history,
88+ connect_phase_t phase,
89+ handshake_status_t handshake_status,
90+ peer_status_t server_status,
91+ peer_status_t client_status,
92+ int client_turn_count,
93+ int is_client_turn)
94+{
95+ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL;
96+
97+ /*
98+ * Create a new history entry for a handshake loop with statuses given in
99+ * the arguments. Potentially evicting the oldest entry when the
100+ * ring buffer is full.
101+ */
102+ ++(history->last_idx);
103+ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
104+
105+ new_entry = &((history->entries)[history->last_idx]);
106+ new_entry->phase = phase;
107+ new_entry->handshake_status = handshake_status;
108+ new_entry->server_status = server_status;
109+ new_entry->client_status = client_status;
110+ new_entry->client_turn_count = client_turn_count;
111+ new_entry->is_client_turn = is_client_turn;
112+
113+ /* Evict the oldest handshake loop entry when the ring buffer is full. */
114+ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) {
115+ ++(history->entry_count);
116+ }
117+}
118+
119 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
120 {
121 HANDSHAKE_RESULT *ret;
122@@ -726,15 +822,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
123 SSL_set_post_handshake_auth(client, 1);
124 }
125
126-/* The status for each connection phase. */
127-typedef enum {
128- PEER_SUCCESS,
129- PEER_RETRY,
130- PEER_ERROR,
131- PEER_WAITING,
132- PEER_TEST_FAILURE
133-} peer_status_t;
134-
135 /* An SSL object and associated read-write buffers. */
136 typedef struct peer_st {
137 SSL *ssl;
138@@ -1081,17 +1168,6 @@ static void do_shutdown_step(PEER *peer)
139 }
140 }
141
142-typedef enum {
143- HANDSHAKE,
144- RENEG_APPLICATION_DATA,
145- RENEG_SETUP,
146- RENEG_HANDSHAKE,
147- APPLICATION_DATA,
148- SHUTDOWN,
149- CONNECTION_DONE
150-} connect_phase_t;
151-
152-
153 static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
154 {
155 switch (test_ctx->handshake_mode) {
156@@ -1169,19 +1245,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
157 }
158 }
159
160-typedef enum {
161- /* Both parties succeeded. */
162- HANDSHAKE_SUCCESS,
163- /* Client errored. */
164- CLIENT_ERROR,
165- /* Server errored. */
166- SERVER_ERROR,
167- /* Peers are in inconsistent state. */
168- INTERNAL_ERROR,
169- /* One or both peers not done. */
170- HANDSHAKE_RETRY
171-} handshake_status_t;
172-
173 /*
174 * Determine the handshake outcome.
175 * last_status: the status of the peer to have acted last.
176@@ -1546,6 +1609,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
177
178 start = time(NULL);
179
180+ save_loop_history(&(ret->history),
181+ phase, status, server.status, client.status,
182+ client_turn_count, client_turn);
183+
184 /*
185 * Half-duplex handshake loop.
186 * Client and server speak to each other synchronously in the same process.
187@@ -1567,6 +1634,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
188 0 /* server went last */);
189 }
190
191+ save_loop_history(&(ret->history),
192+ phase, status, server.status, client.status,
193+ client_turn_count, client_turn);
194+
195 switch (status) {
196 case HANDSHAKE_SUCCESS:
197 client_turn_count = 0;
198diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h
199index 78b03f9..b9967c2 100644
200--- a/test/helpers/handshake.h
201+++ b/test/helpers/handshake.h
202@@ -1,5 +1,5 @@
203 /*
204- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
205+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
206 *
207 * Licensed under the Apache License 2.0 (the "License"). You may not use
208 * this file except in compliance with the License. You can obtain a copy
209@@ -12,6 +12,11 @@
210
211 #include "ssl_test_ctx.h"
212
213+#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4
214+#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT)
215+#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \
216+ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1)
217+
218 typedef struct ctx_data_st {
219 unsigned char *npn_protocols;
220 size_t npn_protocols_len;
221@@ -22,6 +27,63 @@ typedef struct ctx_data_st {
222 char *session_ticket_app_data;
223 } CTX_DATA;
224
225+typedef enum {
226+ HANDSHAKE,
227+ RENEG_APPLICATION_DATA,
228+ RENEG_SETUP,
229+ RENEG_HANDSHAKE,
230+ APPLICATION_DATA,
231+ SHUTDOWN,
232+ CONNECTION_DONE
233+} connect_phase_t;
234+
235+/* The status for each connection phase. */
236+typedef enum {
237+ PEER_SUCCESS,
238+ PEER_RETRY,
239+ PEER_ERROR,
240+ PEER_WAITING,
241+ PEER_TEST_FAILURE
242+} peer_status_t;
243+
244+typedef enum {
245+ /* Both parties succeeded. */
246+ HANDSHAKE_SUCCESS,
247+ /* Client errored. */
248+ CLIENT_ERROR,
249+ /* Server errored. */
250+ SERVER_ERROR,
251+ /* Peers are in inconsistent state. */
252+ INTERNAL_ERROR,
253+ /* One or both peers not done. */
254+ HANDSHAKE_RETRY
255+} handshake_status_t;
256+
257+/* Stores the various status information in a handshake loop. */
258+typedef struct handshake_history_entry_st {
259+ connect_phase_t phase;
260+ handshake_status_t handshake_status;
261+ peer_status_t server_status;
262+ peer_status_t client_status;
263+ int client_turn_count;
264+ int is_client_turn;
265+} HANDSHAKE_HISTORY_ENTRY;
266+
267+typedef struct handshake_history_st {
268+ /* Implemented using ring buffer. */
269+ /*
270+ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|,
271+ * ..., etc., going up to |entry_count| number of entries. Note that when
272+ * the index into the array |entries| becomes < 0, we wrap around to
273+ * the end of |entries|.
274+ */
275+ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY];
276+ /* The number of valid entries in |entries| array. */
277+ size_t entry_count;
278+ /* The index of the last valid entry in the |entries| array. */
279+ size_t last_idx;
280+} HANDSHAKE_HISTORY;
281+
282 typedef struct handshake_result {
283 ssl_test_result_t result;
284 /* These alerts are in the 2-byte format returned by the info_callback. */
285@@ -77,6 +139,8 @@ typedef struct handshake_result {
286 char *cipher;
287 /* session ticket application data */
288 char *result_session_ticket_app_data;
289+ /* handshake loop history */
290+ HANDSHAKE_HISTORY history;
291 } HANDSHAKE_RESULT;
292
293 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
294@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
295 CTX_DATA *server2_ctx_data,
296 CTX_DATA *client_ctx_data);
297
298+const char *handshake_connect_phase_name(connect_phase_t phase);
299+const char *handshake_status_name(handshake_status_t handshake_status);
300+const char *handshake_peer_status_name(peer_status_t peer_status);
301+
302 #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */
303diff --git a/test/ssl_test.c b/test/ssl_test.c
304index ea60851..9d6b093 100644
305--- a/test/ssl_test.c
306+++ b/test/ssl_test.c
307@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL;
308 /* Currently the section names are of the form test-<number>, e.g. test-15. */
309 #define MAX_TESTCASE_NAME_LENGTH 100
310
311+static void print_handshake_history(const HANDSHAKE_HISTORY *history)
312+{
313+ size_t first_idx;
314+ size_t i;
315+ size_t cur_idx;
316+ const HANDSHAKE_HISTORY_ENTRY *cur_entry;
317+ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|";
318+ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|";
319+
320+ TEST_info("The following is the server/client state "
321+ "in the most recent %d handshake loops.",
322+ MAX_HANDSHAKE_HISTORY_ENTRY);
323+
324+ TEST_note("=================================================="
325+ "==================================================");
326+ TEST_note(header_template,
327+ "phase", "handshake status", "server status",
328+ "client status", "client turn count", "is client turn");
329+ TEST_note("+--------------+----------------+----------------"
330+ "+----------------+-----------------+--------------+");
331+
332+ first_idx = (history->last_idx - history->entry_count + 1) &
333+ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
334+ for (i = 0; i < history->entry_count; ++i) {
335+ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
336+ cur_entry = &(history->entries)[cur_idx];
337+ TEST_note(body_template,
338+ handshake_connect_phase_name(cur_entry->phase),
339+ handshake_status_name(cur_entry->handshake_status),
340+ handshake_peer_status_name(cur_entry->server_status),
341+ handshake_peer_status_name(cur_entry->client_status),
342+ cur_entry->client_turn_count,
343+ cur_entry->is_client_turn ? "true" : "false");
344+ }
345+ TEST_note("=================================================="
346+ "==================================================");
347+}
348+
349 static const char *print_alert(int alert)
350 {
351 return alert ? SSL_alert_desc_string_long(alert) : "no alert";
352@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
353 ret &= check_client_sign_type(result, test_ctx);
354 ret &= check_client_ca_names(result, test_ctx);
355 }
356+
357+ /* Print handshake loop history if any check fails. */
358+ if (!ret) {
359+ print_handshake_history(&(result->history));
360+ }
361+
362 return ret;
363 }
364
365--
3662.25.1
367
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
deleted file mode 100644
index cf5ff356ee..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Tue, 30 May 2023 09:11:27 -0700
4Subject: [PATCH] Configure: do not tweak mips cflags
5
6This conflicts with mips machine definitons from yocto,
7e.g.
8| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
9
10Upstream-Status: Inappropriate [oe-core specific]
11Signed-off-by: Alexander Kanavin <alex@linutronix.de>
12
13Refreshed for openssl-3.1.1
14Signed-off-by: Tim Orling <tim.orling@konsulko.com>
15---
16 Configure | 10 ----------
17 1 file changed, 10 deletions(-)
18
19diff --git a/Configure b/Configure
20index fff97bd..5ee54c1 100755
21--- a/Configure
22+++ b/Configure
23@@ -1552,16 +1552,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
24 push @{$config{shared_ldflag}}, "-mno-cygwin";
25 }
26
27-if ($target =~ /linux.*-mips/ && !$disabled{asm}
28- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
29- # minimally required architecture flags for assembly modules
30- my $value;
31- $value = '-mips2' if ($target =~ /mips32/);
32- $value = '-mips3' if ($target =~ /mips64/);
33- unshift @{$config{cflags}}, $value;
34- unshift @{$config{cxxflags}}, $value if $config{CXX};
35-}
36-
37 # If threads aren't disabled, check how possible they are
38 unless ($disabled{threads}) {
39 if ($auto_threads) {
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
deleted file mode 100644
index dadc034c91..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ /dev/null
@@ -1,82 +0,0 @@
1From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
3Date: Tue, 6 Nov 2018 14:50:47 +0100
4Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
5 info
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10The openssl build system generates buildinf.h containing the full
11compiler command line used to compile objects. This breaks
12reproducibility, as the compile command is baked into libcrypto, where
13it is used when running `openssl version -f`.
14
15Add stripped build variables for the compiler and cflags lines, and use
16those when generating buildinfo.h.
17
18This is based on a similar patch for older openssl versions:
19https://patchwork.openembedded.org/patch/147229/
20
21Upstream-Status: Inappropriate [OE specific]
22Signed-off-by: Martin Hundebøll <martin@geanix.com>
23
24Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
25
26Signed-off-by: Kai Kang <kai.kang@windriver.com>
27
28Update to fix buildpaths qa issue for '-ffile-prefix-map'.
29
30Signed-off-by: Khem Raj <raj.khem@gmail.com>
31
32---
33 Configurations/unix-Makefile.tmpl | 16 +++++++++++++++-
34 crypto/build.info | 2 +-
35 2 files changed, 16 insertions(+), 2 deletions(-)
36
37diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
38index 09303c4..011bda1 100644
39--- a/Configurations/unix-Makefile.tmpl
40+++ b/Configurations/unix-Makefile.tmpl
41@@ -513,13 +513,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
42 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
43 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
44
45-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
46+# *_Q variables are used for one thing only: to build up buildinf.h
47 CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
48+ $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g;
49 $cppflags2 =~ s|([\\"])|\\$1|g;
50+ $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g;
51 $lib_cppflags =~ s|([\\"])|\\$1|g;
52+ $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g;
53 join(' ', $lib_cppflags || (), $cppflags2 || (),
54 $cppflags1 || ()) -}
55
56+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
57+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
58+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
59+ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
60+ s|-isystem/[^ ]+/usr/include ||g;
61+ }
62+ join(' ', @{$config{CFLAGS}}) -}
63+
64+CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
65+ join(' ', $config{CC}) -}
66+
67 PERLASM_SCHEME= {- $target{perlasm_scheme} -}
68
69 # For x86 assembler: Set PROCESSOR to 386 if you want to support
70diff --git a/crypto/build.info b/crypto/build.info
71index aee5c46..95c9577 100644
72--- a/crypto/build.info
73+++ b/crypto/build.info
74@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
75
76 DEPEND[info.o]=buildinf.h
77 DEPEND[cversion.o]=buildinf.h
78-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
79+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
80
81 GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
82 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch b/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch
deleted file mode 100644
index d02d42f1b5..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1From c7000672296f4c367341aa3415f26c4d9f5e4749 Mon Sep 17 00:00:00 2001
2From: Gyorgy Sarvari <skandigraun@gmail.com>
3Date: Thu, 23 Oct 2025 11:24:36 +0200
4Subject: [PATCH] extend check_cwm test timeout
5
6The default, 3s long test timeout isn't always enough for this
7particular test in case there is a high load on the host machine
8(assuming it is running in qemu). Extend the default timeout to 6s
9for the check_cwm test to avoid timeouts.
10
11Upstream-Status: Inappropriate [upstream issue: https://github.com/openssl/openssl/issues/28983]
12Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
13---
14 test/radix/main.c | 5 +++++
15 1 file changed, 5 insertions(+)
16
17diff --git a/test/radix/main.c b/test/radix/main.c
18index 4a1e886a71..39f8c61ef9 100644
19--- a/test/radix/main.c
20+++ b/test/radix/main.c
21@@ -25,6 +25,11 @@ static int test_script(int idx)
22 int testresult;
23 TERP_CONFIG cfg = {0};
24
25+ // check_cwm test sometimes times out, the default 3000ms is
26+ // not enough if the test execution starves for CPU
27+ if (!strncmp("check_cwm", script_info->name, strlen("check_cwm")))
28+ cfg.max_execution_time = ossl_ms2time(6000);
29+
30 if (!TEST_true(bindings_process_init(0, 0)))
31 return 0;
32
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
deleted file mode 100644
index cd29bb1446..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/sh
2
3set -eu
4
5# Optional arguments are 'list' to lists the tests, or the test name (base name
6# ie test_evp, not 03_test_evp.t). Without any arguments we run all tests.
7
8if test $# -gt 0; then
9 TESTS=$*
10else
11 # Skip test_symbol_presence as this is for developers
12 TESTS="alltests -test_symbol_presence"
13fi
14
15export TOP=.
16# Run four jobs in parallel
17export HARNESS_JOBS=4
18
19{ perl ./test/run_tests.pl $TESTS || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb b/meta/recipes-connectivity/openssl/openssl_3.5.4.bb
deleted file mode 100644
index e760baf3a0..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb
+++ /dev/null
@@ -1,289 +0,0 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7LICENSE = "Apache-2.0"
8LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
9
10SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
11 file://run-ptest \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://0001-Configure-do-not-tweak-mips-cflags.patch \
14 file://0001-Added-handshake-history-reporting-when-test-fails.patch \
15 file://0001-extend-check_cwm-test-timeout.patch \
16 "
17
18SRC_URI:append:class-nativesdk = " \
19 file://environment.d-openssl.sh \
20 "
21
22SRC_URI[sha256sum] = "967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99"
23
24inherit lib_package multilib_header multilib_script ptest perlnative manpages
25MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
26
27PACKAGECONFIG ?= ""
28PACKAGECONFIG:class-native = ""
29PACKAGECONFIG:class-nativesdk = ""
30
31PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
32PACKAGECONFIG[no-tls1] = "no-tls1"
33PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
34PACKAGECONFIG[manpages] = ""
35PACKAGECONFIG[fips] = "enable-fips"
36
37B = "${WORKDIR}/build"
38do_configure[cleandirs] = "${B}"
39
40EXTRA_OECONF = "${@bb.utils.contains('PTEST_ENABLED', '1', '', 'no-tests', d)}"
41
42#| ./libcrypto.so: undefined reference to `getcontext'
43#| ./libcrypto.so: undefined reference to `setcontext'
44#| ./libcrypto.so: undefined reference to `makecontext'
45EXTRA_OECONF:append:libc-musl = " no-async"
46EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
47
48# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
49# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
50EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom"
51EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom"
52
53# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
54EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"'
55EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"'
56
57#| threads_pthread.c:(.text+0x372): undefined reference to `__atomic_is_lock_free'
58EXTRA_OECONF:append:toolchain-clang:x86 = " -latomic"
59
60# This allows disabling deprecated or undesirable crypto algorithms.
61# The default is to trust upstream choices.
62DEPRECATED_CRYPTO_FLAGS ?= ""
63
64do_configure () {
65 # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
66 # the issue really clear that perl isn't functional due to symbol mismatch issues.
67 cat <<- EOF > ${WORKDIR}/perltest
68 #!/usr/bin/env perl
69 use POSIX;
70 EOF
71 chmod a+x ${WORKDIR}/perltest
72 ${WORKDIR}/perltest
73
74 os=${HOST_OS}
75 case $os in
76 linux-gnueabi |\
77 linux-gnuspe |\
78 linux-musleabi |\
79 linux-muslspe |\
80 linux-musl )
81 os=linux
82 ;;
83 *)
84 ;;
85 esac
86 target="$os-${HOST_ARCH}"
87 case $target in
88 linux-arc | linux-microblaze*)
89 target=linux-latomic
90 ;;
91 linux-arm*)
92 target=linux-armv4
93 ;;
94 linux-aarch64*)
95 target=linux-aarch64
96 ;;
97 linux-i?86 | linux-viac3)
98 target=linux-x86
99 ;;
100 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
101 target=linux-x32
102 ;;
103 linux-gnu64-x86_64)
104 target=linux-x86_64
105 ;;
106 linux-loongarch64)
107 target=linux64-loongarch64
108 ;;
109 linux-mips | linux-mipsel)
110 # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
111 target="linux-mips32 ${TARGET_CC_ARCH}"
112 ;;
113 linux-gnun32-mips*)
114 target=linux-mips64
115 ;;
116 linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
117 target=linux64-mips64
118 ;;
119 linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
120 target=linux-generic32
121 ;;
122 linux-powerpc)
123 target=linux-ppc
124 ;;
125 linux-powerpc64)
126 target=linux-ppc64
127 ;;
128 linux-powerpc64le)
129 target=linux-ppc64le
130 ;;
131 linux-riscv32)
132 target=linux32-riscv32
133 ;;
134 linux-riscv64)
135 target=linux64-riscv64
136 ;;
137 linux-sparc | linux-supersparc)
138 target=linux-sparcv9
139 ;;
140 mingw32-x86_64)
141 target=mingw64
142 ;;
143 esac
144
145 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
146 # environment variables set by bitbake. Adjust the environment variables instead.
147 PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
148 test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
149 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
150 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target
151 perl ${B}/configdata.pm --dump
152}
153
154do_compile:append () {
155 # The test suite binaries are large and we don't need the debugging in them
156 if test -d ${B}/test; then
157 find ${B}/test -type f -executable -exec ${STRIP} {} \;
158 fi
159}
160
161do_install () {
162 oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs \
163 ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} \
164 ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'install_fips', '', d)}
165
166 oe_multilib_header openssl/opensslconf.h
167 oe_multilib_header openssl/configuration.h
168
169 # Create SSL structure for packages such as ca-certificates which
170 # contain hard-coded paths to /etc/ssl. Debian does the same.
171 install -d ${D}${sysconfdir}/ssl
172 mv ${D}${libdir}/ssl-3/certs \
173 ${D}${libdir}/ssl-3/private \
174 ${D}${libdir}/ssl-3/openssl.cnf \
175 ${D}${sysconfdir}/ssl/
176
177 # Although absolute symlinks would be OK for the target, they become
178 # invalid if native or nativesdk are relocated from sstate.
179 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
180 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
181 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
182
183 # Generate fipsmodule.cnf in pkg_postinst_ontarget
184 if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then
185 rm -f ${D}${libdir}/ssl-3/fipsmodule.cnf
186 fi
187}
188
189do_install:append:class-native () {
190 create_wrapper ${D}${bindir}/openssl \
191 OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \
192 SSL_CERT_DIR=\${SSL_CERT_DIR:-${libdir}/ssl-3/certs} \
193 SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \
194 OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \
195 OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules}
196
197 # Setting ENGINESDIR and MODULESDIR to invalid paths prevents host contamination,
198 # but also breaks the generated libcrypto.pc file. Post-Fix it manually here.
199 sed -i 's|^enginesdir=\($.libdir.\)/.*|enginesdir=\1/engines-3|' ${D}${libdir}/pkgconfig/libcrypto.pc
200 sed -i 's|^modulesdir=\($.libdir.\)/.*|modulesdir=\1/ossl-modules|' ${D}${libdir}/pkgconfig/libcrypto.pc
201}
202
203do_install:append:class-nativesdk () {
204 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
205 install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
206}
207
208PTEST_BUILD_HOST_FILES += "configdata.pm"
209PTEST_BUILD_HOST_PATTERN = "perl_version ="
210do_install_ptest() {
211 install -m644 ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
212 cp -rf ${S}/Configurations ${S}/external ${D}${PTEST_PATH}/
213
214 install -d ${D}${PTEST_PATH}/apps
215 ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
216
217 cd ${S}
218 find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
219 find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
220 find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
221 find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
222 find util -name \*.p[lm] -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
223
224 cd ${B}
225 # Everything but .? (.o and .d)
226 find test -type f -name \*[^.]? -exec install -m755 -D {} ${D}${PTEST_PATH}/{} \;
227 find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
228 find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
229 find apps test -name \*.srl -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
230 install -m755 ${B}/util/*wrap.* ${D}${PTEST_PATH}/util/
231
232 install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps/
233 install -m755 ${S}/test/*.pl ${D}${PTEST_PATH}/test/
234 install -m755 ${S}/test/shibboleth.pfx ${D}${PTEST_PATH}/test/
235 install -m755 ${S}/test/*.bin ${D}${PTEST_PATH}/test/
236 install -m755 ${S}/test/dane*.in ${D}${PTEST_PATH}/test/
237 install -m755 ${S}/test/smcont*.txt ${D}${PTEST_PATH}/test/
238 install -m755 ${S}/test/ssl_test.tmpl ${D}${PTEST_PATH}/test/
239
240 sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm ${D}${PTEST_PATH}/util/wrap.pl
241
242 install -d ${D}${PTEST_PATH}/engines
243 install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines/
244 install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines/
245 ln -s ${libdir}/engines-3/loader_attic.so ${D}${PTEST_PATH}/engines/
246 ln -s ${libdir}/ossl-modules/ ${D}${PTEST_PATH}/providers
247}
248
249pkg_postinst_ontarget:${PN}-ossl-module-fips () {
250 if test -f ${libdir}/ossl-modules/fips.so; then
251 ${bindir}/openssl fipsinstall -out ${libdir}/ssl-3/fipsmodule.cnf -module ${libdir}/ossl-modules/fips.so
252 fi
253}
254
255# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
256# package RRECOMMENDS on this package. This will enable the configuration
257# file to be installed for both the openssl-bin package and the libcrypto
258# package since the openssl-bin package depends on the libcrypto package.
259
260PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy ${PN}-ossl-module-fips"
261
262FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
263FILES:libssl = "${libdir}/libssl${SOLIBS}"
264FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
265 ${libdir}/ssl-3/openssl.cnf* \
266 "
267FILES:${PN}-engines = "${libdir}/engines-3"
268# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
269FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
270FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
271FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
272FILES:${PN}-ossl-module-fips = "${libdir}/ossl-modules/fips.so"
273FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
274FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
275
276CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
277
278RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
279RDEPENDS:${PN}-misc = "perl"
280RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy"
281
282RDEPENDS:${PN}-bin += "openssl-conf"
283
284# The test suite is installed stripped
285INSANE_SKIP:${PN} = "already-stripped"
286
287BBCLASSEXTEND = "native nativesdk"
288
289CVE_PRODUCT = "openssl:openssl"
diff --git a/meta/recipes-connectivity/ppp-dialin/files/host-peer b/meta/recipes-connectivity/ppp-dialin/files/host-peer
deleted file mode 100644
index e7e2e11d49..0000000000
--- a/meta/recipes-connectivity/ppp-dialin/files/host-peer
+++ /dev/null
@@ -1,11 +0,0 @@
1-detach
2defaultroute
3nocrtscts
4lock
5noauth
6lcp-echo-interval 5
7lcp-echo-failure 3
8usepeerdns
9115200
10local
11asyncmap 0
diff --git a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
deleted file mode 100644
index ea2771311a..0000000000
--- a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
+++ /dev/null
@@ -1,3 +0,0 @@
1#!/bin/sh
2
3/usr/sbin/pppd call host
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
deleted file mode 100644
index 5c9c8219d7..0000000000
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ /dev/null
@@ -1,27 +0,0 @@
1SUMMARY = "Enables PPP dial-in through a serial connection"
2SECTION = "console/network"
3DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks."
4DEPENDS = "ppp"
5RDEPENDS:${PN} = "ppp"
6LICENSE = "MIT"
7LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
8
9SRC_URI = "file://host-peer \
10 file://ppp-dialin"
11
12inherit allarch useradd
13
14S = "${UNPACKDIR}"
15
16do_install() {
17 install -d ${D}${sysconfdir}/ppp/peers
18 install -m 0644 ${S}/host-peer ${D}${sysconfdir}/ppp/peers/host
19
20 install -d ${D}${sbindir}
21 install -m 0755 ${S}/ppp-dialin ${D}${sbindir}
22}
23
24USERADD_PACKAGES = "${PN}"
25USERADD_PARAM:${PN} = "--system --home /dev/null \
26 --no-create-home --shell ${sbindir}/ppp-dialin \
27 --no-user-group --gid nogroup ppp"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch
deleted file mode 100644
index a00706c184..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch
+++ /dev/null
@@ -1,98 +0,0 @@
1From a6eb65162db5bcc5ec26cff7361885c0a44cbbfa Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Mon, 17 Mar 2025 11:12:07 +0100
4Subject: [PATCH] pppd/pppdconf.h: remove erroneous generated header
5
6Upstream-Status: Inappropriate [tarball generation issue tracked at https://github.com/ppp-project/ppp/issues/541]
7Signed-off-by: Alexander Kanavin <alex@linutronix.de>
8---
9 pppd/pppdconf.h | 80 -------------------------------------------------
10 1 file changed, 80 deletions(-)
11 delete mode 100644 pppd/pppdconf.h
12
13diff --git a/pppd/pppdconf.h b/pppd/pppdconf.h
14deleted file mode 100644
15index 51a8f02..0000000
16--- a/pppd/pppdconf.h
17+++ /dev/null
18@@ -1,80 +0,0 @@
19-/* pppd/pppdconf.h. Generated from pppdconf.h.in by configure. */
20-/*
21- * Copyright (c) 2022 Eivind Næss. All rights reserved.
22- *
23- * Redistribution and use in source and binary forms, with or without
24- * modification, are permitted provided that the following conditions
25- * are met:
26- *
27- * 1. Redistributions of source code must retain the above copyright
28- * notice, this list of conditions and the following disclaimer.
29- *
30- * 2. Redistributions in binary form must reproduce the above copyright
31- * notice, this list of conditions and the following disclaimer in
32- * the documentation and/or other materials provided with the
33- * distribution.
34- *
35- * 3. The name(s) of the authors of this software must not be used to
36- * endorse or promote products derived from this software without
37- * prior written permission.
38- *
39- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
40- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
41- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
42- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
43- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
44- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
45- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
46- */
47-
48-/*
49- * This file is generated by configure and sets the features enabled
50- * in pppd when configured.
51- */
52-
53-#ifndef PPP_PPPDCONF_H
54-#define PPP_PPPDCONF_H
55-
56-/* Have Microsoft CHAP support */
57-#define PPP_WITH_CHAPMS 1
58-
59-/* Have Microsoft LAN Manager support */
60-/* #undef PPP_WITH_MSLANMAN */
61-
62-/* Have Microsoft MPPE support */
63-#define PPP_WITH_MPPE 1
64-
65-/* Have multilink support */
66-#define PPP_WITH_MULTILINK 1
67-
68-/* Have packet activity filter support */
69-#define PPP_WITH_FILTER 1
70-
71-/* Have support for loadable plugins */
72-#define PPP_WITH_PLUGINS 1
73-
74-/* Have Callback Protocol support */
75-/* #undef PPP_WITH_CBCP */
76-
77-/* Include TDB support */
78-#define PPP_WITH_TDB 1
79-
80-/* Have IPv6 Control Protocol */
81-#define PPP_WITH_IPV6CP 1
82-
83-/* Support for Pluggable Authentication Modules */
84-/* #undef PPP_WITH_PAM */
85-
86-/* Have EAP-SRP authentication support */
87-/* #undef PPP_WITH_SRP */
88-
89-/* Have EAP-TLS authentication support */
90-#define PPP_WITH_EAPTLS 1
91-
92-/* Have PEAP authentication support */
93-#define PPP_WITH_PEAP 1
94-
95-/* The pppd version */
96-#define PPPD_VERSION "2.5.2"
97-
98-#endif
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch
deleted file mode 100644
index d95c72e96b..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From 5edcb01f1d8d521c819d45df1f1bb87697252130 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 17 Mar 2025 14:38:26 -0700
4Subject: [PATCH] pppd/session: Fixed building with GCC 15
5
6Fixed building with GCC 15 which defaults to C23
7and find conflicting declration of getspnam() here
8with the one provided by shadow.h (extern struct spwd *getspnam (const char *__name);)
9
10Fixes
11../../ppp-2.5.2/pppd/session.c: In function 'session_start':
12../../ppp-2.5.2/pppd/session.c:185:18: error: conflicting types for 'getspnam'; have 'struct spwd *(void)'
13 185 | struct spwd *getspnam();
14 | ^~~~~~~~
15
16Upstream-Status: Submitted [https://github.com/ppp-project/ppp/pull/553]
17Signed-off-by: Khem Raj <raj.khem@gmail.com>
18---
19 pppd/session.c | 1 -
20 1 file changed, 1 deletion(-)
21
22diff --git a/pppd/session.c b/pppd/session.c
23index f08d8e1..9cc7538 100644
24--- a/pppd/session.c
25+++ b/pppd/session.c
26@@ -182,7 +182,6 @@ session_start(const int flags, const char *user, const char *passwd, const char
27 char *cbuf;
28 #ifdef HAVE_SHADOW_H
29 struct spwd *spwd;
30- struct spwd *getspnam();
31 long now = 0;
32 #endif /* #ifdef HAVE_SHADOW_H */
33 #endif /* #ifdef PPP_WITH_PAM */
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch
deleted file mode 100644
index 2a3b3cc84a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch
+++ /dev/null
@@ -1,75 +0,0 @@
1From 44a766a3d086f10cb584a0c423e5bed6af2e3615 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
3Date: Thu, 27 Feb 2025 23:00:16 +0100
4Subject: [PATCH] pppdump: Fixed building with GCC 15 (#548)
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9GCC 15 defaults to C23 which does not allow K&R declarations.
10
11Credit Yaakov Selkowitz in:
12https://src.fedoraproject.org/rpms/ppp/pull-request/12
13
14Upstream-Status: Backport [https://github.com/ppp-project/ppp/pull/548]
15
16Signed-off-by: Jaroslav Å karvada <jskarvad@redhat.com>
17Signed-off-by: Khem Raj <raj.khem@gmail.com>
18---
19 pppdump/pppdump.c | 20 +++++++-------------
20 1 file changed, 7 insertions(+), 13 deletions(-)
21
22diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
23index c24208a..1534036 100644
24--- a/pppdump/pppdump.c
25+++ b/pppdump/pppdump.c
26@@ -42,14 +42,12 @@ int tot_sent, tot_rcvd;
27 extern int optind;
28 extern char *optarg;
29
30-void dumplog();
31-void dumpppp();
32-void show_time();
33+void dumplog(FILE *);
34+void dumpppp(FILE *);
35+void show_time(FILE *, int);
36
37 int
38-main(ac, av)
39- int ac;
40- char **av;
41+main(int ac, char **av)
42 {
43 int i;
44 char *p;
45@@ -97,8 +95,7 @@ main(ac, av)
46 }
47
48 void
49-dumplog(f)
50- FILE *f;
51+dumplog(FILE *f)
52 {
53 int c, n, k, col;
54 int nb, c2;
55@@ -241,8 +238,7 @@ struct pkt {
56 unsigned char dbuf[8192];
57
58 void
59-dumpppp(f)
60- FILE *f;
61+dumpppp(FILE *f)
62 {
63 int c, n, k;
64 int nb, nl, dn, proto, rv;
65@@ -375,9 +371,7 @@ dumpppp(f)
66 }
67
68 void
69-show_time(f, c)
70- FILE *f;
71- int c;
72+show_time(FILE *f, int c)
73 {
74 time_t t;
75 int n;
diff --git a/meta/recipes-connectivity/ppp/ppp/08setupdns b/meta/recipes-connectivity/ppp/ppp/08setupdns
deleted file mode 100644
index 998219de97..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/08setupdns
+++ /dev/null
@@ -1,12 +0,0 @@
1#!/bin/sh
2ACTUALCONF=/var/run/resolv.conf
3PPPCONF=/var/run/ppp/resolv.conf
4if [ -f $PPPCONF ] ; then
5 if [ -f $ACTUALCONF ] ; then
6 if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then
7 mv $ACTUALCONF $ACTUALCONF.ppporig
8 fi
9 fi
10
11 ln -sf $PPPCONF $ACTUALCONF
12fi
diff --git a/meta/recipes-connectivity/ppp/ppp/92removedns b/meta/recipes-connectivity/ppp/ppp/92removedns
deleted file mode 100644
index 2eadec6899..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/92removedns
+++ /dev/null
@@ -1,5 +0,0 @@
1#!/bin/sh
2ACTUALCONF=/var/run/resolv.conf
3if [ -f $ACTUALCONF.ppporig ] ; then
4 mv $ACTUALCONF.ppporig $ACTUALCONF
5fi
diff --git a/meta/recipes-connectivity/ppp/ppp/init b/meta/recipes-connectivity/ppp/ppp/init
deleted file mode 100755
index 0c0136049b..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/init
+++ /dev/null
@@ -1,57 +0,0 @@
1#!/bin/sh
2#
3# /etc/init.d/ppp: start or stop PPP link.
4#
5# If you want PPP started on boot time (most dialup systems won't need it)
6# rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and
7# follow the instructions in the comments in that file.
8
9# Source function library.
10. /etc/init.d/functions
11
12test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0
13if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi
14
15case "$1" in
16 start)
17 echo -n "Starting up PPP link: pppd"
18 if [ "$RUNFILE" = "1" ]; then
19 /etc/ppp/ppp_on_boot
20 else
21 pppd call provider
22 fi
23 echo "."
24 ;;
25 stop)
26 echo -n "Shutting down PPP link: pppd"
27 if [ "$RUNFILE" = "1" ]; then
28 poff
29 else
30 poff provider
31 fi
32 echo "."
33 ;;
34 status)
35 status /usr/sbin/pppd;
36 exit $?
37 ;;
38 restart|force-reload)
39 echo -n "Restarting PPP link: pppd"
40 if [ "$RUNFILE" = "1" ]; then
41 poff
42 sleep 5
43 /etc/ppp/ppp_on_boot
44 else
45 poff provider
46 sleep 5
47 pppd call provider
48 fi
49 echo "."
50 ;;
51 *)
52 echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}"
53 exit 1
54 ;;
55esac
56
57exit 0
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-down b/meta/recipes-connectivity/ppp/ppp/ip-down
deleted file mode 100755
index 06d35487a5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/ip-down
+++ /dev/null
@@ -1,43 +0,0 @@
1#!/bin/sh
2#
3# $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $
4#
5# This script is run by the pppd _after_ the link is brought down.
6# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
7# routes, unset IP addresses etc. you should create script(s) there.
8#
9# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
10# after that package), so choose local script names with that in mind.
11#
12# This script is called with the following arguments:
13# Arg Name Example
14# $1 Interface name ppp0
15# $2 The tty ttyS1
16# $3 The link speed 38400
17# $4 Local IP number 12.34.56.78
18# $5 Peer IP number 12.34.56.99
19# $6 Optional ``ipparam'' value foo
20
21# The environment is cleared before executing this script
22# so the path must be reset
23PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
24export PATH
25# These variables are for the use of the scripts run by run-parts
26PPP_IFACE="$1"
27PPP_TTY="$2"
28PPP_SPEED="$3"
29PPP_LOCAL="$4"
30PPP_REMOTE="$5"
31PPP_IPPARAM="$6"
32export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
33
34# as an additional convenience, $PPP_TTYNAME is set to the tty name,
35# stripped of /dev/ (if present) for easier matching.
36PPP_TTYNAME=`/usr/bin/basename "$2"`
37export PPP_TTYNAME
38
39# Main Script starts here
40
41run-parts /etc/ppp/ip-down.d
42
43# last line
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-up b/meta/recipes-connectivity/ppp/ppp/ip-up
deleted file mode 100755
index fc2fae9fe0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/ip-up
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2#
3# $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $
4#
5# This script is run by the pppd after the link is established.
6# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
7# set IP address, run the mailq etc. you should create script(s) there.
8#
9# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
10# after that package), so choose local script names with that in mind.
11#
12# This script is called with the following arguments:
13# Arg Name Example
14# $1 Interface name ppp0
15# $2 The tty ttyS1
16# $3 The link speed 38400
17# $4 Local IP number 12.34.56.78
18# $5 Peer IP number 12.34.56.99
19# $6 Optional ``ipparam'' value foo
20
21# The environment is cleared before executing this script
22# so the path must be reset
23PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
24export PATH
25# These variables are for the use of the scripts run by run-parts
26PPP_IFACE="$1"
27PPP_TTY="$2"
28PPP_SPEED="$3"
29PPP_LOCAL="$4"
30PPP_REMOTE="$5"
31PPP_IPPARAM="$6"
32export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
33
34
35# as an additional convenience, $PPP_TTYNAME is set to the tty name,
36# stripped of /dev/ (if present) for easier matching.
37PPP_TTYNAME=`/usr/bin/basename "$2"`
38export PPP_TTYNAME
39
40# Main Script starts here
41
42run-parts /etc/ppp/ip-up.d
43
44# last line
diff --git a/meta/recipes-connectivity/ppp/ppp/pap b/meta/recipes-connectivity/ppp/ppp/pap
deleted file mode 100644
index 093c32607a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/pap
+++ /dev/null
@@ -1,22 +0,0 @@
1# You can use this script unmodified to connect to sites which allow
2# authentication via PAP, CHAP and similar protocols.
3# This script can be shared among different pppd peer configurations.
4# To use it, add something like this to your /etc/ppp/peers/ file:
5#
6# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER"
7# user YOUR-USERNAME-IN-PAP-SECRETS
8# noauth
9
10# Uncomment the following line to see the connect speed.
11# It will be logged to stderr or to the file specified with the -r chat option.
12#REPORT CONNECT
13
14ABORT BUSY
15ABORT VOICE
16ABORT "NO CARRIER"
17ABORT "NO DIALTONE"
18ABORT "NO DIAL TONE"
19"" ATZ
20OK ATDT\T
21CONNECT ""
22
diff --git a/meta/recipes-connectivity/ppp/ppp/poff b/meta/recipes-connectivity/ppp/ppp/poff
deleted file mode 100644
index 0521a9406a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/poff
+++ /dev/null
@@ -1,26 +0,0 @@
1#!/bin/sh
2
3# Lets see how many pppds are running....
4set -- `cat /var/run/ppp*.pid 2>/dev/null`
5
6case $# in
7 0) # pppd only creates a pid file once ppp is up, so let's try killing pppd
8 # on the assumption that we've not got that far yet.
9 killall pppd
10 ;;
11 1) # If only one was running then it can be killed (apparently killall
12 # caused problems for some, so lets try killing the pid from the file)
13 kill $1
14 ;;
15 *) # More than one! Aieehh.. Dont know which one to kill.
16 echo "More than one pppd running. None stopped"
17 exit 1
18 ;;
19esac
20
21if [ -r /var/run/ppp-quick ]
22then
23 rm -f /var/run/ppp-quick
24fi
25
26exit 0
diff --git a/meta/recipes-connectivity/ppp/ppp/pon b/meta/recipes-connectivity/ppp/ppp/pon
deleted file mode 100644
index 91c059501a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/pon
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "quick" ]
4then
5 touch /var/run/ppp-quick
6 shift
7fi
8
9/usr/sbin/pppd call ${1:-provider}
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp@.service b/meta/recipes-connectivity/ppp/ppp/ppp@.service
deleted file mode 100644
index 2bf0b5e347..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/ppp@.service
+++ /dev/null
@@ -1,9 +0,0 @@
1[Unit]
2Description=PPP link to %I
3Before=network.target
4
5[Service]
6ExecStart=@SBINDIR@/pppd call %I nodetach nolog
7
8[Install]
9WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
deleted file mode 100644
index 9793761840..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
+++ /dev/null
@@ -1,21 +0,0 @@
1###!/bin/sh
2#
3# Rename this file to ppp_on_boot and pppd will be fired up as
4# soon as the system comes up, connecting to `provider'.
5#
6# If you also make this file executable, and replace the first line
7# with just "#!/bin/sh", the commands below will be executed instead.
8#
9
10# The location of the ppp daemon itself (shouldn't need to be changed)
11PPPD=/usr/sbin/pppd
12
13# The default provider to connect to
14$PPPD call provider
15
16# Additional connections, which would just use settings from
17# /etc/ppp/options.<tty>
18#$PPPD ttyS0
19#$PPPD ttyS1
20#$PPPD ttyS2
21#$PPPD ttyS3
diff --git a/meta/recipes-connectivity/ppp/ppp/provider b/meta/recipes-connectivity/ppp/ppp/provider
deleted file mode 100644
index e74d71a8eb..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/provider
+++ /dev/null
@@ -1,35 +0,0 @@
1# example configuration for a dialup connection authenticated with PAP or CHAP
2#
3# This is the default configuration used by pon(1) and poff(1).
4# See the manual page pppd(8) for information on all the options.
5
6# MUST CHANGE: replace myusername@realm with the PPP login name given to
7# your by your provider.
8# There should be a matching entry with the password in /etc/ppp/pap-secrets
9# and/or /etc/ppp/chap-secrets.
10user "myusername@realm"
11
12# MUST CHANGE: replace ******** with the phone number of your provider.
13# The /etc/chatscripts/pap chat script may be modified to change the
14# modem initialization string.
15connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
16
17# Serial device to which the modem is connected.
18/dev/modem
19
20# Speed of the serial line.
21115200
22
23# Assumes that your IP address is allocated dynamically by the ISP.
24noipdefault
25# Try to get the name server addresses from the ISP.
26usepeerdns
27# Use this connection as the default route.
28defaultroute
29
30# Makes pppd "dial again" when the connection is lost.
31persist
32
33# Do not ask the remote to authenticate.
34noauth
35
diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb b/meta/recipes-connectivity/ppp/ppp_2.5.2.bb
deleted file mode 100644
index 607678db8b..0000000000
--- a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb
+++ /dev/null
@@ -1,81 +0,0 @@
1SUMMARY = "Point-to-Point Protocol (PPP) support"
2DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \
3the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
4SECTION = "console/network"
5HOMEPAGE = "http://samba.org/ppp/"
6BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
7DEPENDS = "libpcap virtual/crypt"
8LICENSE = "BSD-2-Clause & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD & MIT"
9LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=25;md5=f0463bd67ae70535c709fca554089bd8 \
10 file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
11 file://chat/chat.c;beginline=1;endline=1;md5=234d7d4edd08962c0144e4604050e0b6 \
12 "
13
14SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
15 file://pon \
16 file://poff \
17 file://init \
18 file://ip-up \
19 file://ip-down \
20 file://08setupdns \
21 file://92removedns \
22 file://pap \
23 file://ppp_on_boot \
24 file://provider \
25 file://ppp@.service \
26 file://0001-pppdump-Fixed-building-with-GCC-15-548.patch \
27 file://0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch \
28 file://0001-pppd-session-Fixed-building-with-GCC-15.patch \
29 "
30
31SRC_URI[sha256sum] = "47da358de54a10cb10bf6ff2cf9b1c03c0d3555518f6182e8f701b8e55733cb2"
32
33inherit autotools pkgconfig systemd
34
35PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl"
36PACKAGECONFIG[pam] = "--with-pam=yes,--with-pam=no,libpam"
37PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl"
38PACKAGECONFIG[multilink] = "--enable-multilink,--disable-multilink"
39
40do_install:append () {
41 mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
42 mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
43 mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
44 install -m 0755 ${UNPACKDIR}/pon ${D}${bindir}/pon
45 install -m 0755 ${UNPACKDIR}/poff ${D}${bindir}/poff
46 install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/ppp
47 install -m 0755 ${UNPACKDIR}/ip-up ${D}${sysconfdir}/ppp/
48 install -m 0755 ${UNPACKDIR}/ip-down ${D}${sysconfdir}/ppp/
49 install -m 0755 ${UNPACKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/
50 install -m 0755 ${UNPACKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/
51 mkdir -p ${D}${sysconfdir}/chatscripts
52 mkdir -p ${D}${sysconfdir}/ppp/peers
53 install -m 0755 ${UNPACKDIR}/pap ${D}${sysconfdir}/chatscripts
54 install -m 0755 ${UNPACKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
55 install -m 0755 ${UNPACKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
56 install -d ${D}${systemd_system_unitdir}
57 install -m 0644 ${UNPACKDIR}/ppp@.service ${D}${systemd_system_unitdir}
58 sed -i -e 's,@SBINDIR@,${sbindir},g' \
59 ${D}${systemd_system_unitdir}/ppp@.service
60}
61
62CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
63PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
64FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service"
65FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so"
66FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so"
67FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
68FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so"
69FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so"
70FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
71FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so"
72FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump"
73SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support"
74SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support"
75SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support"
76SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows"
77SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies"
78SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
79SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support"
80SUMMARY:${PN}-tools = "Additional tools for the PPP package"
81
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
deleted file mode 100644
index ab32f26754..0000000000
--- a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 17 Nov 2022 17:26:30 +0800
4Subject: [PATCH] avoid using -m option for readlink
5
6Use a more widely used option '-f' instead of '-m' here to
7avoid dependency on coreutils.
8
9Looking at the git history of the resolvconf repo, the '-m'
10is deliberately used. And it wants to depend on coreutils.
11But in case of OE, the existence of /etc is ensured, and busybox
12readlink provides '-f' option, so we can just use '-f'. In this
13way, the coreutils dependency is not necessary any more.
14
15Upstream-Status: Inappropriate [OE Specific]
16
17Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
18---
19 etc/resolvconf/update.d/libc | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc
23index 1c4f6bc..f75d22c 100755
24--- a/etc/resolvconf/update.d/libc
25+++ b/etc/resolvconf/update.d/libc
26@@ -57,7 +57,7 @@ fi
27 report_warning() { echo "$0: Warning: $*" >&2 ; }
28
29 resolv_conf_is_symlinked_to_dynamic_file() {
30- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
31+ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
32 }
33
34 if ! resolv_conf_is_symlinked_to_dynamic_file ; then
35--
362.17.1
37
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
deleted file mode 100644
index 3790d774a7..0000000000
--- a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
+++ /dev/null
@@ -1,4 +0,0 @@
1d root root 0755 /var/run/resolvconf/interface none
2f root root 0644 /etc/resolvconf/run/resolv.conf none
3f root root 0644 /etc/resolvconf/run/enable-updates none
4l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb
deleted file mode 100644
index c10c57267a..0000000000
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb
+++ /dev/null
@@ -1,65 +0,0 @@
1SUMMARY = "name server information handler"
2DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \
3information about currently available nameservers. It sets \
4itself up as the intermediary between programs that supply \
5nameserver information and programs that need nameserver \
6information."
7SECTION = "console/network"
8LICENSE = "GPL-2.0-or-later"
9LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
10HOMEPAGE = "http://packages.debian.org/resolvconf"
11RDEPENDS:${PN} = "bash sed util-linux-flock"
12
13SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
14 file://99_resolvconf \
15 file://0001-avoid-using-m-option-for-readlink.patch \
16 "
17
18SRCREV = "ab766fa31f7939f6d879123236b4275320b7ff64"
19
20# the package is taken from snapshots.debian.org; that source is static and goes stale
21# so we check the latest upstream from a directory that does get updated
22UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
23
24do_compile () {
25 :
26}
27
28do_install () {
29 install -d ${D}${sysconfdir}/default/volatiles
30 install -m 0644 ${UNPACKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles
31 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
32 install -d ${D}${sysconfdir}/tmpfiles.d
33 echo "d /run/${BPN}/interface - - - -" \
34 > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf
35 fi
36 install -d ${D}${base_libdir}/${BPN}
37 install -d ${D}${sysconfdir}/${BPN}
38 install -d ${D}${nonarch_base_libdir}/${BPN}
39 ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
40 install -d ${D}${sysconfdir} ${D}${base_sbindir}
41 install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
42 cp -pPR etc/resolvconf ${D}${sysconfdir}/
43 chown -R root:root ${D}${sysconfdir}/
44 install -m 0755 bin/resolvconf ${D}${base_sbindir}/
45 install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN}
46 install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
47 install -d ${D}/${sysconfdir}/network/if-up.d
48 install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
49 install -d ${D}/${sysconfdir}/network/if-down.d
50 install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf
51 install -m 0644 README ${D}${docdir}/${P}/
52 install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/
53}
54
55pkg_postinst:${PN} () {
56 if [ -z "$D" ]; then
57 if command -v systemd-tmpfiles >/dev/null; then
58 systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf
59 elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
60 ${sysconfdir}/init.d/populate-volatile.sh update
61 fi
62 fi
63}
64
65FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}"
diff --git a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb b/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb
deleted file mode 100644
index 9f7005d709..0000000000
--- a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb
+++ /dev/null
@@ -1,14 +0,0 @@
1SUMMARY = "A general purpose TCP-IP emulator"
2DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services."
3HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp"
4LICENSE = "BSD-3-Clause & MIT"
5LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727"
6
7SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master"
8SRCREV = "9c744e1e52aa0d9646ed91d789d588696292c21e"
9
10DEPENDS = "glib-2.0"
11
12inherit meson pkgconfig
13
14BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
deleted file mode 100644
index ea00dfa0a9..0000000000
--- a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
+++ /dev/null
@@ -1,62 +0,0 @@
1From c4c3d5f2d4dfe8167205e8d20b4cb7a197706c16 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Wed, 27 Nov 2024 04:09:59 -0800
4Subject: [PATCH] fix compile procan.c failed
5
61. Compile socat failed if out of tree build (build dir != source dir)
7...
8gcc -c -D CC="gcc" -o procan.o procan.c
9cc1: fatal error: procan.c: No such file or directory
10...
11Explicitly add $srcdir to makefile rule
12
132. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64"
14...
15from ../socat-1.8.0.0/procan.c:10:
16../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory
17 18 | #include <inttypes.h> /* uint16_t */
18...
19
20In commit [Procan: print umask, CC, and couple more new infos][1],
21it defeines marcro CC in C source, the space in CC will break
22C source compile. Use first word of $(CC) to defeine marco CC
23
24[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185
25
26Upstream-Status: Submitted [socat@dest-unreach.org]
27
28Rebase to 1.8.0.1
29Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
30---
31 Makefile.in | 8 ++++----
32 1 file changed, 4 insertions(+), 4 deletions(-)
33
34diff --git a/Makefile.in b/Makefile.in
35index 631d31d..103d4d1 100644
36--- a/Makefile.in
37+++ b/Makefile.in
38@@ -110,7 +110,7 @@ socat: socat.o libxio.a
39 $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS)
40
41 procan.o: $(srcdir)/procan.c
42- $(CC) $(CFLAGS) -c -D CC="\"$(CC)\"" -o $@ $(srcdir)/procan.c
43+ $(CC) $(CFLAGS) -c -D CC="\"$(firstword $(CC))\"" -o $@ $(srcdir)/procan.c
44
45 PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
46 procan: $(PROCAN_OBJS)
47@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1
48 mkdir -p $(DESTDIR)$(BINDEST)
49 $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1
50 ln -sf socat1 $(DESTDIR)$(BINDEST)/socat
51- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST)
52- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST)
53- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST)
54+ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST)
55+ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST)
56+ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST)
57 $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST)
58 $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST)
59 mkdir -p $(DESTDIR)$(MANDEST)/man1
60--
612.25.1
62
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb
deleted file mode 100644
index ee6ca1fe44..0000000000
--- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb
+++ /dev/null
@@ -1,53 +0,0 @@
1SUMMARY = "Multipurpose relay for bidirectional data transfer"
2DESCRIPTION = "Socat is a relay for bidirectional data \
3transfer between two independent data channels."
4HOMEPAGE = "http://www.dest-unreach.org/socat/"
5
6SECTION = "console/network"
7
8LICENSE = "GPL-2.0-with-OpenSSL-exception"
9LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
10 file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f"
11
12SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
13 file://0001-fix-compile-procan.c-failed.patch \
14"
15
16SRC_URI[sha256sum] = "01eb017361d95bb3a6941e840b59e4463a3fabf92df4154ed02b16a2ed6a0095"
17
18inherit autotools
19
20EXTRA_AUTORECONF += "--exclude=autoheader"
21
22EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
23 ac_cv_header_bsd_libutil_h=no \
24 sc_cv_termios_ispeed=no \
25 ${TERMBITS_SHIFTS} \
26"
27
28TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \
29 sc_cv_sys_tabdly_shift=11 \
30 sc_cv_sys_csize_shift=4"
31
32TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \
33 sc_cv_sys_tabdly_shift=10 \
34 sc_cv_sys_csize_shift=8"
35
36TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \
37 sc_cv_sys_tabdly_shift=10 \
38 sc_cv_sys_csize_shift=8"
39
40PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl"
41PACKAGECONFIG ??= "readline openssl"
42PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
43PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
44PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl"
45
46CFLAGS += "-fcommon"
47
48do_install:prepend () {
49 mkdir -p ${D}${bindir}
50 install -d ${D}${bindir} ${D}${mandir}/man1
51}
52
53BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
deleted file mode 100644
index 30443c9438..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
+++ /dev/null
Binary files differ
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
deleted file mode 100644
index 86c2104ec8..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN OPENSSH PRIVATE KEY-----
2b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
31zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF
4rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN
5uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30
607BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E
7cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw
8cwECAw==
9-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
deleted file mode 100644
index a358aeb88a..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
+++ /dev/null
@@ -1 +0,0 @@
1ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
deleted file mode 100644
index 00ed9adae2..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN OPENSSH PRIVATE KEY-----
2b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
3QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV
4dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw
5AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K
6awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM=
7-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
deleted file mode 100644
index cc0e2f43ed..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
+++ /dev/null
@@ -1 +0,0 @@
1ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
deleted file mode 100644
index a8e4406ba3..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
+++ /dev/null
@@ -1,38 +0,0 @@
1-----BEGIN OPENSSH PRIVATE KEY-----
2b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
3NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC
4i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8
5KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL
6EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z
7PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz
8kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y
959n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq
10tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2
11EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO
127PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf
13X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E
14nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L
15NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM
16HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL
17NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY
189Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U
19mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb
20N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK
21m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+
22ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/
23SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk
24b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot
25JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA
26wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0
27jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM
28lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD
298vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52
30p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt
31cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV
32p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J
33BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx
34WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP
352HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49
36tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F
379AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ==
38-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
deleted file mode 100644
index 9eb8c3838f..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
+++ /dev/null
@@ -1 +0,0 @@
1ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
deleted file mode 100644
index 57b0534929..0000000000
--- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
+++ /dev/null
@@ -1,23 +0,0 @@
1SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests"
2
3SRC_URI = "file://dropbear_rsa_host_key \
4 file://openssh"
5
6LICENSE = "MIT"
7LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
8
9S = "${UNPACKDIR}"
10
11INHIBIT_DEFAULT_DEPS = "1"
12
13COMPATIBLE_MACHINE = "^qemu.*$"
14
15do_install () {
16 install -d ${D}${sysconfdir}/dropbear
17 install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/
18
19 install -d ${D}${sysconfdir}/ssh
20 install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/
21 chmod 0600 ${D}${sysconfdir}/ssh/*
22 chmod 0644 ${D}${sysconfdir}/ssh/*.pub
23}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch
deleted file mode 100644
index f9634e47c9..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch
+++ /dev/null
@@ -1,53 +0,0 @@
1From 809d9d8172db8e2a08ff639875f838b5b86d2641 Mon Sep 17 00:00:00 2001
2From: Sergey Matyukevich <geomatsi@gmail.com>
3Date: Thu, 22 Aug 2024 00:03:41 +0300
4Subject: [PATCH] macsec_linux: Hardware offload requires Linux headers >= v5.7
5
6Hardware offload in Linux macsec driver is enabled in compile time if
7libnl version is >= v3.6. This is not sufficient for successful build
8since enum 'macsec_offload' has been added to Linux header if_link.h
9in kernels v5.6 and v5.7, see commits:
10- https://github.com/torvalds/linux/commit/21114b7feec29e4425a3ac48a037569c016a46c8
11- https://github.com/torvalds/linux/commit/76564261a7db80c5f5c624e0122a28787f266bdf
12
13New libnl with older Linux headers is a valid combination. This is how
14hostapd build failure has been detected by Buildroot autobuilder, see:
15- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/
16
17Extend compile time condition for the enablement of the macsec hardware
18offload adding Linux headers version check.
19
20Fixes: 40c139664439 ("macsec_linux: Add support for MACsec hardware offload")
21Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
22
23Upstream-Status: Backport [https://w1.fi/cgit/hostap/patch/?id=809d9d8172db8e2a08ff639875f838b5b86d2641]
24Signed-off-by: Jon Mason <jdmason@kudzu.us>
25---
26 src/drivers/driver_macsec_linux.c | 4 +++-
27 1 file changed, 3 insertions(+), 1 deletion(-)
28
29diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c
30index c867154981e9..fad47a292f9f 100644
31--- a/src/drivers/driver_macsec_linux.c
32+++ b/src/drivers/driver_macsec_linux.c
33@@ -19,6 +19,7 @@
34 #include <netlink/route/link.h>
35 #include <netlink/route/link/macsec.h>
36 #include <linux/if_macsec.h>
37+#include <linux/version.h>
38 #include <inttypes.h>
39
40 #include "utils/common.h"
41@@ -32,7 +33,8 @@
42
43 #define UNUSED_SCI 0xffffffffffffffff
44
45-#if LIBNL_VER_NUM >= LIBNL_VER(3, 6)
46+#if (LIBNL_VER_NUM >= LIBNL_VER(3, 6) && \
47+ LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
48 #define LIBNL_HAS_OFFLOAD
49 #endif
50
51--
522.39.2
53
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
deleted file mode 100644
index 6ff4dd8826..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
+++ /dev/null
@@ -1 +0,0 @@
1d root root 0700 /var/run/wpa_supplicant none
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch
deleted file mode 100644
index 36660b5880..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch
+++ /dev/null
@@ -1,79 +0,0 @@
1From 726432d7622cc0088ac353d073b59628b590ea44 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Sat, 25 Jan 2025 11:21:16 +0200
4Subject: [PATCH] RADIUS: Drop pending request only when accepting the response
5
6The case of an invalid authenticator in a RADIUS response could imply
7that the response is not from the correct RADIUS server and as such,
8such a response should be discarded without changing internal state for
9the pending request. The case of an unknown response (RADIUS_RX_UNKNOWN)
10is somewhat more complex since it could have been indicated before
11validating the authenticator. In any case, it seems better to change the
12state for the pending request only when we have fully accepted the
13response.
14
15Allowing the internal state of pending RADIUS request to change based on
16responses that are not fully validation could have allow at least a
17theoretical DoS attack if an attacker were to have means for injecting
18RADIUS messages to the network using the IP address of the real RADIUS
19server and being able to do so more quickly than the real server and
20with the matching identifier from the request header (i.e., either by
21flooding 256 responses quickly or by having means to capture the RADIUS
22request). These should not really be realistic options in a properly
23protected deployment, but nevertheless it is good to be more careful in
24processing RADIUS responses.
25
26Remove a pending RADIUS request from the internal list only when having
27fully accepted a matching RADIUS response, i.e., after one of the
28registered handlers has confirmed that the authenticator is valid and
29processing of the response has succeeded.
30
31Signed-off-by: Jouni Malinen <j@w1.fi>
32
33CVE: CVE-2025-24912
34Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44]
35Signed-off-by: Peter Marko <peter.marko@siemens.com>
36---
37 src/radius/radius_client.c | 15 +++++++--------
38 1 file changed, 7 insertions(+), 8 deletions(-)
39
40diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
41index 2a7f36170..7909b29a7 100644
42--- a/src/radius/radius_client.c
43+++ b/src/radius/radius_client.c
44@@ -1259,13 +1259,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
45 roundtrip / 100, roundtrip % 100);
46 rconf->round_trip_time = roundtrip;
47
48- /* Remove ACKed RADIUS packet from retransmit list */
49- if (prev_req)
50- prev_req->next = req->next;
51- else
52- radius->msgs = req->next;
53- radius->num_msgs--;
54-
55 for (i = 0; i < num_handlers; i++) {
56 RadiusRxResult res;
57 res = handlers[i].handler(msg, req->msg, req->shared_secret,
58@@ -1276,6 +1269,13 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
59 radius_msg_free(msg);
60 /* fall through */
61 case RADIUS_RX_QUEUED:
62+ /* Remove ACKed RADIUS packet from retransmit list */
63+ if (prev_req)
64+ prev_req->next = req->next;
65+ else
66+ radius->msgs = req->next;
67+ radius->num_msgs--;
68+
69 radius_client_msg_free(req);
70 return;
71 case RADIUS_RX_INVALID_AUTHENTICATOR:
72@@ -1297,7 +1297,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
73 msg_type, hdr->code, hdr->identifier,
74 invalid_authenticator ? " [INVALID AUTHENTICATOR]" :
75 "");
76- radius_client_msg_free(req);
77
78 fail:
79 radius_msg_free(msg);
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch
deleted file mode 100644
index add2e47048..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch
+++ /dev/null
@@ -1,70 +0,0 @@
1From 339a334551ca911187cc870f4f97ef08e11db109 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <quic_jouni@quicinc.com>
3Date: Wed, 5 Feb 2025 19:23:39 +0200
4Subject: [PATCH] RADIUS: Fix pending request dropping
5
6A recent change to this moved the place where the processed RADIUS
7request was removed from the pending list to happen after the message
8handler had been called. This did not take into account possibility of
9the handler adding a new pending request in the list and the prev_req
10pointer not necessarily pointing to the correct entry anymore. As such,
11some of the pending requests could have been lost and that would result
12in not being able to process responses to those requests and also, to a
13memory leak.
14
15Fix this by determining prev_req at the point when the pending request
16is being removed, i.e., after the handler function has already added a
17new entry.
18
19Fixes: 726432d7622c ("RADIUS: Drop pending request only when accepting the response")
20Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
21
22CVE: CVE-2025-24912
23Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109]
24Signed-off-by: Peter Marko <peter.marko@siemens.com>
25---
26 src/radius/radius_client.c | 10 +++++++---
27 1 file changed, 7 insertions(+), 3 deletions(-)
28
29diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c
30index 7909b29a7..d4faa7936 100644
31--- a/src/radius/radius_client.c
32+++ b/src/radius/radius_client.c
33@@ -1099,7 +1099,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
34 struct radius_hdr *hdr;
35 struct radius_rx_handler *handlers;
36 size_t num_handlers, i;
37- struct radius_msg_list *req, *prev_req;
38+ struct radius_msg_list *req, *prev_req, *r;
39 struct os_reltime now;
40 struct hostapd_radius_server *rconf;
41 int invalid_authenticator = 0;
42@@ -1224,7 +1224,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
43 break;
44 }
45
46- prev_req = NULL;
47 req = radius->msgs;
48 while (req) {
49 /* TODO: also match by src addr:port of the packet when using
50@@ -1236,7 +1235,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
51 hdr->identifier)
52 break;
53
54- prev_req = req;
55 req = req->next;
56 }
57
58@@ -1270,6 +1268,12 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx)
59 /* fall through */
60 case RADIUS_RX_QUEUED:
61 /* Remove ACKed RADIUS packet from retransmit list */
62+ prev_req = NULL;
63+ for (r = radius->msgs; r; r = r->next) {
64+ if (r == req)
65+ break;
66+ prev_req = r;
67+ }
68 if (prev_req)
69 prev_req->next = req->next;
70 else
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
deleted file mode 100644
index 35a1aa639e..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
+++ /dev/null
@@ -1,86 +0,0 @@
1#!/bin/sh
2
3
4WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
5WPA_SUP_PNAME="wpa_supplicant"
6WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
7WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
8WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
9
10VERBOSITY=0
11
12
13if [ -s "$IF_WPA_CONF" ]; then
14 WPA_SUP_CONF="-c $IF_WPA_CONF"
15else
16 exit 0
17fi
18
19if [ ! -x "$WPA_SUP_BIN" ]; then
20
21 if [ "$VERBOSITY" = "1" ]; then
22 echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN"
23 fi
24
25 exit 1
26fi
27
28if [ "$MODE" = "start" ] ; then
29 # driver type of interface, defaults to wext when undefined
30 if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then
31 IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE")
32 elif [ -z "$IF_WPA_DRIVER" ]; then
33
34 if [ "$VERBOSITY" = "1" ]; then
35 echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\""
36 fi
37
38 IF_WPA_DRIVER="wext"
39 fi
40
41 # if we have passed the criteria, start wpa_supplicant
42 if [ -n "$WPA_SUP_CONF" ]; then
43
44 if [ "$VERBOSITY" = "1" ]; then
45 echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER"
46 fi
47
48 start-stop-daemon --start --quiet \
49 --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
50 -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER
51 fi
52
53 # if the interface socket exists, then wpa_supplicant was invoked successfully
54 if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
55
56 if [ "$VERBOSITY" = "1" ]; then
57 echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE"
58 fi
59
60 exit 0
61
62 fi
63
64elif [ "$MODE" = "stop" ]; then
65
66 if [ -f "$WPA_SUP_PIDFILE" ]; then
67
68 if [ "$VERBOSITY" = "1" ]; then
69 echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon"
70 fi
71
72 start-stop-daemon --stop --quiet \
73 --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE
74
75 if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
76 rm -f $WPA_COMMON_CTRL_IFACE/$IFACE
77 fi
78
79 if [ -f "$WPA_SUP_PIDFILE" ]; then
80 rm -f $WPA_SUP_PIDFILE
81 fi
82 fi
83
84fi
85
86exit 0
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
deleted file mode 100644
index 68258f5ee2..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
+++ /dev/null
@@ -1,690 +0,0 @@
1##### Example wpa_supplicant configuration file ###############################
2#
3# This file describes configuration file format and lists all available option.
4# Please also take a look at simpler configuration examples in 'examples'
5# subdirectory.
6#
7# Empty lines and lines starting with # are ignored
8
9# NOTE! This file may contain password information and should probably be made
10# readable only by root user on multiuser systems.
11
12# Note: All file paths in this configuration file should use full (absolute,
13# not relative to working directory) path in order to allow working directory
14# to be changed. This can happen if wpa_supplicant is run in the background.
15
16# Whether to allow wpa_supplicant to update (overwrite) configuration
17#
18# This option can be used to allow wpa_supplicant to overwrite configuration
19# file whenever configuration is changed (e.g., new network block is added with
20# wpa_cli or wpa_gui, or a password is changed). This is required for
21# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
22# Please note that overwriting configuration file will remove the comments from
23# it.
24#update_config=1
25
26# global configuration (shared by all network blocks)
27#
28# Parameters for the control interface. If this is specified, wpa_supplicant
29# will open a control interface that is available for external programs to
30# manage wpa_supplicant. The meaning of this string depends on which control
31# interface mechanism is used. For all cases, the existence of this parameter
32# in configuration is used to determine whether the control interface is
33# enabled.
34#
35# For UNIX domain sockets (default on Linux and BSD): This is a directory that
36# will be created for UNIX domain sockets for listening to requests from
37# external programs (CLI/GUI, etc.) for status information and configuration.
38# The socket file will be named based on the interface name, so multiple
39# wpa_supplicant processes can be run at the same time if more than one
40# interface is used.
41# /var/run/wpa_supplicant is the recommended directory for sockets and by
42# default, wpa_cli will use it when trying to connect with wpa_supplicant.
43#
44# Access control for the control interface can be configured by setting the
45# directory to allow only members of a group to use sockets. This way, it is
46# possible to run wpa_supplicant as root (since it needs to change network
47# configuration and open raw sockets) and still allow GUI/CLI components to be
48# run as non-root users. However, since the control interface can be used to
49# change the network configuration, this access needs to be protected in many
50# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
51# want to allow non-root users to use the control interface, add a new group
52# and change this value to match with that group. Add users that should have
53# control interface access to this group. If this variable is commented out or
54# not included in the configuration file, group will not be changed from the
55# value it got by default when the directory or socket was created.
56#
57# When configuring both the directory and group, use following format:
58# DIR=/var/run/wpa_supplicant GROUP=wheel
59# DIR=/var/run/wpa_supplicant GROUP=0
60# (group can be either group name or gid)
61#
62# For UDP connections (default on Windows): The value will be ignored. This
63# variable is just used to select that the control interface is to be created.
64# The value can be set to, e.g., udp (ctrl_interface=udp)
65#
66# For Windows Named Pipe: This value can be used to set the security descriptor
67# for controlling access to the control interface. Security descriptor can be
68# set using Security Descriptor String Format (see http://msdn.microsoft.com/
69# library/default.asp?url=/library/en-us/secauthz/security/
70# security_descriptor_string_format.asp). The descriptor string needs to be
71# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
72# DACL (which will reject all connections). See README-Windows.txt for more
73# information about SDDL string format.
74#
75ctrl_interface=/var/run/wpa_supplicant
76
77# IEEE 802.1X/EAPOL version
78# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
79# EAPOL version 2. However, there are many APs that do not handle the new
80# version number correctly (they seem to drop the frames completely). In order
81# to make wpa_supplicant interoperate with these APs, the version number is set
82# to 1 by default. This configuration value can be used to set it to the new
83# version (2).
84eapol_version=1
85
86# AP scanning/selection
87# By default, wpa_supplicant requests driver to perform AP scanning and then
88# uses the scan results to select a suitable AP. Another alternative is to
89# allow the driver to take care of AP scanning and selection and use
90# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
91# information from the driver.
92# 1: wpa_supplicant initiates scanning and AP selection
93# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
94# parameters (e.g., WPA IE generation); this mode can also be used with
95# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
96# APs (i.e., external program needs to control association). This mode must
97# also be used when using wired Ethernet drivers.
98# 2: like 0, but associate with APs using security policy and SSID (but not
99# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
100# enable operation with hidden SSIDs and optimized roaming; in this mode,
101# the network blocks in the configuration file are tried one by one until
102# the driver reports successful association; each network block should have
103# explicit security policy (i.e., only one option in the lists) for
104# key_mgmt, pairwise, group, proto variables
105ap_scan=1
106
107# EAP fast re-authentication
108# By default, fast re-authentication is enabled for all EAP methods that
109# support it. This variable can be used to disable fast re-authentication.
110# Normally, there is no need to disable this.
111fast_reauth=1
112
113# OpenSSL Engine support
114# These options can be used to load OpenSSL engines.
115# The two engines that are supported currently are shown below:
116# They are both from the opensc project (http://www.opensc.org/)
117# By default no engines are loaded.
118# make the opensc engine available
119#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
120# make the pkcs11 engine available
121#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
122# configure the path to the pkcs11 module required by the pkcs11 engine
123#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
124
125# Dynamic EAP methods
126# If EAP methods were built dynamically as shared object files, they need to be
127# loaded here before being used in the network blocks. By default, EAP methods
128# are included statically in the build, so these lines are not needed
129#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
130#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
131
132# Driver interface parameters
133# This field can be used to configure arbitrary driver interace parameters. The
134# format is specific to the selected driver interface. This field is not used
135# in most cases.
136#driver_param="field=value"
137
138# Maximum lifetime for PMKSA in seconds; default 43200
139#dot11RSNAConfigPMKLifetime=43200
140# Threshold for reauthentication (percentage of PMK lifetime); default 70
141#dot11RSNAConfigPMKReauthThreshold=70
142# Timeout for security association negotiation in seconds; default 60
143#dot11RSNAConfigSATimeout=60
144
145# network block
146#
147# Each network (usually AP's sharing the same SSID) is configured as a separate
148# block in this configuration file. The network blocks are in preference order
149# (the first match is used).
150#
151# network block fields:
152#
153# disabled:
154# 0 = this network can be used (default)
155# 1 = this network block is disabled (can be enabled through ctrl_iface,
156# e.g., with wpa_cli or wpa_gui)
157#
158# id_str: Network identifier string for external scripts. This value is passed
159# to external action script through wpa_cli as WPA_ID_STR environment
160# variable to make it easier to do network specific configuration.
161#
162# ssid: SSID (mandatory); either as an ASCII string with double quotation or
163# as hex string; network name
164#
165# scan_ssid:
166# 0 = do not scan this SSID with specific Probe Request frames (default)
167# 1 = scan with SSID-specific Probe Request frames (this can be used to
168# find APs that do not accept broadcast SSID or use multiple SSIDs;
169# this will add latency to scanning, so enable this only when needed)
170#
171# bssid: BSSID (optional); if set, this network block is used only when
172# associating with the AP using the configured BSSID
173#
174# priority: priority group (integer)
175# By default, all networks will get same priority group (0). If some of the
176# networks are more desirable, this field can be used to change the order in
177# which wpa_supplicant goes through the networks when selecting a BSS. The
178# priority groups will be iterated in decreasing priority (i.e., the larger the
179# priority value, the sooner the network is matched against the scan results).
180# Within each priority group, networks will be selected based on security
181# policy, signal strength, etc.
182# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
183# using this priority to select the order for scanning. Instead, they try the
184# networks in the order that used in the configuration file.
185#
186# mode: IEEE 802.11 operation mode
187# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
188# 1 = IBSS (ad-hoc, peer-to-peer)
189# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
190# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
191# to be set to 2 for IBSS. WPA-None requires following network block options:
192# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
193# both), and psk must also be set.
194#
195# proto: list of accepted protocols
196# WPA = WPA/IEEE 802.11i/D3.0
197# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
198# If not set, this defaults to: WPA RSN
199#
200# key_mgmt: list of accepted authenticated key management protocols
201# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
202# WPA-EAP = WPA using EAP authentication (this can use an external
203# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
204# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
205# generated WEP keys
206# NONE = WPA is not used; plaintext or static WEP could be used
207# If not set, this defaults to: WPA-PSK WPA-EAP
208#
209# auth_alg: list of allowed IEEE 802.11 authentication algorithms
210# OPEN = Open System authentication (required for WPA/WPA2)
211# SHARED = Shared Key authentication (requires static WEP keys)
212# LEAP = LEAP/Network EAP (only used with LEAP)
213# If not set, automatic selection is used (Open System with LEAP enabled if
214# LEAP is allowed as one of the EAP methods).
215#
216# pairwise: list of accepted pairwise (unicast) ciphers for WPA
217# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
218# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
219# NONE = Use only Group Keys (deprecated, should not be included if APs support
220# pairwise keys)
221# If not set, this defaults to: CCMP TKIP
222#
223# group: list of accepted group (broadcast/multicast) ciphers for WPA
224# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
225# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
226# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
227# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
228# If not set, this defaults to: CCMP TKIP WEP104 WEP40
229#
230# psk: WPA preshared key; 256-bit pre-shared key
231# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
232# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
233# generated using the passphrase and SSID). ASCII passphrase must be between
234# 8 and 63 characters (inclusive).
235# This field is not needed, if WPA-EAP is used.
236# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
237# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
238# startup and reconfiguration time can be optimized by generating the PSK only
239# only when the passphrase or SSID has actually changed.
240#
241# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
242# Dynamic WEP key required for non-WPA mode
243# bit0 (1): require dynamically generated unicast WEP key
244# bit1 (2): require dynamically generated broadcast WEP key
245# (3 = require both keys; default)
246# Note: When using wired authentication, eapol_flags must be set to 0 for the
247# authentication to be completed successfully.
248#
249# proactive_key_caching:
250# Enable/disable opportunistic PMKSA caching for WPA2.
251# 0 = disabled (default)
252# 1 = enabled
253#
254# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
255# hex without quotation, e.g., 0102030405)
256# wep_tx_keyidx: Default WEP key index (TX) (0..3)
257#
258# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
259# allowed. This is only used with RSN/WPA2.
260# 0 = disabled (default)
261# 1 = enabled
262#peerkey=1
263#
264# Following fields are only used with internal EAP implementation.
265# eap: space-separated list of accepted EAP methods
266# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
267# cannot be used with WPA; to be used as a Phase 2 method
268# with EAP-PEAP or EAP-TTLS)
269# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
270# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
271# OTP = EAP-OTP (cannot be used separately with WPA; to be used
272# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
273# GTC = EAP-GTC (cannot be used separately with WPA; to be used
274# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
275# TLS = EAP-TLS (client and server certificate)
276# PEAP = EAP-PEAP (with tunnelled EAP authentication)
277# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
278# authentication)
279# If not set, all compiled in methods are allowed.
280#
281# identity: Identity string for EAP
282# anonymous_identity: Anonymous identity string for EAP (to be used as the
283# unencrypted identity with EAP types that support different tunnelled
284# identity, e.g., EAP-TTLS)
285# password: Password string for EAP
286# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
287# or more trusted CA certificates. If ca_cert and ca_path are not
288# included, server certificate will not be verified. This is insecure and
289# a trusted CA certificate should always be configured when using
290# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
291# change when wpa_supplicant is run in the background.
292# On Windows, trusted CA certificates can be loaded from the system
293# certificate store by setting this to cert_store://<name>, e.g.,
294# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
295# Note that when running wpa_supplicant as an application, the user
296# certificate store (My user account) is used, whereas computer store
297# (Computer account) is used when running wpasvc as a service.
298# ca_path: Directory path for CA certificate files (PEM). This path may
299# contain multiple CA certificates in OpenSSL format. Common use for this
300# is to point to system trusted CA list which is often installed into
301# directory like /etc/ssl/certs. If configured, these certificates are
302# added to the list of trusted CAs. ca_cert may also be included in that
303# case, but it is not required.
304# client_cert: File path to client certificate file (PEM/DER)
305# Full path should be used since working directory may change when
306# wpa_supplicant is run in the background.
307# Alternatively, a named configuration blob can be used by setting this
308# to blob://<blob name>.
309# private_key: File path to client private key file (PEM/DER/PFX)
310# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
311# commented out. Both the private key and certificate will be read from
312# the PKCS#12 file in this case. Full path should be used since working
313# directory may change when wpa_supplicant is run in the background.
314# Windows certificate store can be used by leaving client_cert out and
315# configuring private_key in one of the following formats:
316# cert://substring_to_match
317# hash://certificate_thumbprint_in_hex
318# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
319# Note that when running wpa_supplicant as an application, the user
320# certificate store (My user account) is used, whereas computer store
321# (Computer account) is used when running wpasvc as a service.
322# Alternatively, a named configuration blob can be used by setting this
323# to blob://<blob name>.
324# private_key_passwd: Password for private key file (if left out, this will be
325# asked through control interface)
326# dh_file: File path to DH/DSA parameters file (in PEM format)
327# This is an optional configuration file for setting parameters for an
328# ephemeral DH key exchange. In most cases, the default RSA
329# authentication does not use this configuration. However, it is possible
330# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
331# DSA keys always use ephemeral DH keys. This can be used to achieve
332# forward secrecy. If the file is in DSA parameters format, it will be
333# automatically converted into DH params.
334# subject_match: Substring to be matched against the subject of the
335# authentication server certificate. If this string is set, the server
336# sertificate is only accepted if it contains this string in the subject.
337# The subject string is in following format:
338# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
339# altsubject_match: Semicolon separated string of entries to be matched against
340# the alternative subject name of the authentication server certificate.
341# If this string is set, the server sertificate is only accepted if it
342# contains one of the entries in an alternative subject name extension.
343# altSubjectName string is in following format: TYPE:VALUE
344# Example: EMAIL:server@example.com
345# Example: DNS:server.example.com;DNS:server2.example.com
346# Following types are supported: EMAIL, DNS, URI
347# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
348# (string with field-value pairs, e.g., "peapver=0" or
349# "peapver=1 peaplabel=1")
350# 'peapver' can be used to force which PEAP version (0 or 1) is used.
351# 'peaplabel=1' can be used to force new label, "client PEAP encryption",
352# to be used during key derivation when PEAPv1 or newer. Most existing
353# PEAPv1 implementation seem to be using the old label, "client EAP
354# encryption", and wpa_supplicant is now using that as the default value.
355# Some servers, e.g., Radiator, may require peaplabel=1 configuration to
356# interoperate with PEAPv1; see eap_testing.txt for more details.
357# 'peap_outer_success=0' can be used to terminate PEAP authentication on
358# tunneled EAP-Success. This is required with some RADIUS servers that
359# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
360# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
361# include_tls_length=1 can be used to force wpa_supplicant to include
362# TLS Message Length field in all TLS messages even if they are not
363# fragmented.
364# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
365# challenges (by default, it accepts 2 or 3)
366# phase2: Phase2 (inner authentication with TLS tunnel) parameters
367# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
368# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
369# Following certificate/private key fields are used in inner Phase2
370# authentication when using EAP-TTLS or EAP-PEAP.
371# ca_cert2: File path to CA certificate file. This file can have one or more
372# trusted CA certificates. If ca_cert2 and ca_path2 are not included,
373# server certificate will not be verified. This is insecure and a trusted
374# CA certificate should always be configured.
375# ca_path2: Directory path for CA certificate files (PEM)
376# client_cert2: File path to client certificate file
377# private_key2: File path to client private key file
378# private_key2_passwd: Password for private key file
379# dh_file2: File path to DH/DSA parameters file (in PEM format)
380# subject_match2: Substring to be matched against the subject of the
381# authentication server certificate.
382# altsubject_match2: Substring to be matched against the alternative subject
383# name of the authentication server certificate.
384#
385# fragment_size: Maximum EAP fragment size in bytes (default 1398).
386# This value limits the fragment size for EAP methods that support
387# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
388# small enough to make the EAP messages fit in MTU of the network
389# interface used for EAPOL. The default value is suitable for most
390# cases.
391#
392# EAP-PSK variables:
393# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
394# nai: user NAI
395#
396# EAP-PAX variables:
397# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
398#
399# EAP-SAKE variables:
400# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
401# (this is concatenation of Root-Secret-A and Root-Secret-B)
402# nai: user NAI (PEERID)
403#
404# EAP-GPSK variables:
405# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
406# nai: user NAI (ID_Client)
407#
408# EAP-FAST variables:
409# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
410# to create this file and write updates to it when PAC is being
411# provisioned or refreshed. Full path to the file should be used since
412# working directory may change when wpa_supplicant is run in the
413# background. Alternatively, a named configuration blob can be used by
414# setting this to blob://<blob name>
415# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
416# credentials (PAC)
417#
418# wpa_supplicant supports number of "EAP workarounds" to work around
419# interoperability issues with incorrectly behaving authentication servers.
420# These are enabled by default because some of the issues are present in large
421# number of authentication servers. Strict EAP conformance mode can be
422# configured by disabling workarounds with eap_workaround=0.
423
424# Example blocks:
425
426# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
427network={
428 ssid="simple"
429 psk="very secret passphrase"
430 priority=5
431}
432
433# Same as previous, but request SSID-specific scanning (for APs that reject
434# broadcast SSID)
435network={
436 ssid="second ssid"
437 scan_ssid=1
438 psk="very secret passphrase"
439 priority=2
440}
441
442# Only WPA-PSK is used. Any valid cipher combination is accepted.
443network={
444 ssid="example"
445 proto=WPA
446 key_mgmt=WPA-PSK
447 pairwise=CCMP TKIP
448 group=CCMP TKIP WEP104 WEP40
449 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
450 priority=2
451}
452
453# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
454# or WEP40 as the group cipher will not be accepted.
455network={
456 ssid="example"
457 proto=RSN
458 key_mgmt=WPA-EAP
459 pairwise=CCMP TKIP
460 group=CCMP TKIP
461 eap=TLS
462 identity="user@example.com"
463 ca_cert="/etc/cert/ca.pem"
464 client_cert="/etc/cert/user.pem"
465 private_key="/etc/cert/user.prv"
466 private_key_passwd="password"
467 priority=1
468}
469
470# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
471# (e.g., Radiator)
472network={
473 ssid="example"
474 key_mgmt=WPA-EAP
475 eap=PEAP
476 identity="user@example.com"
477 password="foobar"
478 ca_cert="/etc/cert/ca.pem"
479 phase1="peaplabel=1"
480 phase2="auth=MSCHAPV2"
481 priority=10
482}
483
484# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
485# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
486network={
487 ssid="example"
488 key_mgmt=WPA-EAP
489 eap=TTLS
490 identity="user@example.com"
491 anonymous_identity="anonymous@example.com"
492 password="foobar"
493 ca_cert="/etc/cert/ca.pem"
494 priority=2
495}
496
497# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
498# use. Real identity is sent only within an encrypted TLS tunnel.
499network={
500 ssid="example"
501 key_mgmt=WPA-EAP
502 eap=TTLS
503 identity="user@example.com"
504 anonymous_identity="anonymous@example.com"
505 password="foobar"
506 ca_cert="/etc/cert/ca.pem"
507 phase2="auth=MSCHAPV2"
508}
509
510# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
511# authentication.
512network={
513 ssid="example"
514 key_mgmt=WPA-EAP
515 eap=TTLS
516 # Phase1 / outer authentication
517 anonymous_identity="anonymous@example.com"
518 ca_cert="/etc/cert/ca.pem"
519 # Phase 2 / inner authentication
520 phase2="autheap=TLS"
521 ca_cert2="/etc/cert/ca2.pem"
522 client_cert2="/etc/cer/user.pem"
523 private_key2="/etc/cer/user.prv"
524 private_key2_passwd="password"
525 priority=2
526}
527
528# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
529# group cipher.
530network={
531 ssid="example"
532 bssid=00:11:22:33:44:55
533 proto=WPA RSN
534 key_mgmt=WPA-PSK WPA-EAP
535 pairwise=CCMP
536 group=CCMP
537 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
538}
539
540# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
541# and all valid ciphers.
542network={
543 ssid=00010203
544 psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
545}
546
547
548# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
549# EAP-TLS for authentication and key generation; require both unicast and
550# broadcast WEP keys.
551network={
552 ssid="1x-test"
553 key_mgmt=IEEE8021X
554 eap=TLS
555 identity="user@example.com"
556 ca_cert="/etc/cert/ca.pem"
557 client_cert="/etc/cert/user.pem"
558 private_key="/etc/cert/user.prv"
559 private_key_passwd="password"
560 eapol_flags=3
561}
562
563
564# LEAP with dynamic WEP keys
565network={
566 ssid="leap-example"
567 key_mgmt=IEEE8021X
568 eap=LEAP
569 identity="user"
570 password="foobar"
571}
572
573# Plaintext connection (no WPA, no IEEE 802.1X)
574network={
575 ssid="plaintext-test"
576 key_mgmt=NONE
577}
578
579
580# Shared WEP key connection (no WPA, no IEEE 802.1X)
581network={
582 ssid="static-wep-test"
583 key_mgmt=NONE
584 wep_key0="abcde"
585 wep_key1=0102030405
586 wep_key2="1234567890123"
587 wep_tx_keyidx=0
588 priority=5
589}
590
591
592# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
593# IEEE 802.11 authentication
594network={
595 ssid="static-wep-test2"
596 key_mgmt=NONE
597 wep_key0="abcde"
598 wep_key1=0102030405
599 wep_key2="1234567890123"
600 wep_tx_keyidx=0
601 priority=5
602 auth_alg=SHARED
603}
604
605
606# IBSS/ad-hoc network with WPA-None/TKIP.
607network={
608 ssid="test adhoc"
609 mode=1
610 proto=WPA
611 key_mgmt=WPA-NONE
612 pairwise=NONE
613 group=TKIP
614 psk="secret passphrase"
615}
616
617
618# Catch all example that allows more or less all configuration modes
619network={
620 ssid="example"
621 scan_ssid=1
622 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
623 pairwise=CCMP TKIP
624 group=CCMP TKIP WEP104 WEP40
625 psk="very secret passphrase"
626 eap=TTLS PEAP TLS
627 identity="user@example.com"
628 password="foobar"
629 ca_cert="/etc/cert/ca.pem"
630 client_cert="/etc/cert/user.pem"
631 private_key="/etc/cert/user.prv"
632 private_key_passwd="password"
633 phase1="peaplabel=0"
634}
635
636# Example of EAP-TLS with smartcard (openssl engine)
637network={
638 ssid="example"
639 key_mgmt=WPA-EAP
640 eap=TLS
641 proto=RSN
642 pairwise=CCMP TKIP
643 group=CCMP TKIP
644 identity="user@example.com"
645 ca_cert="/etc/cert/ca.pem"
646 client_cert="/etc/cert/user.pem"
647
648 engine=1
649
650 # The engine configured here must be available. Look at
651 # OpenSSL engine support in the global section.
652 # The key available through the engine must be the private key
653 # matching the client certificate configured above.
654
655 # use the opensc engine
656 #engine_id="opensc"
657 #key_id="45"
658
659 # use the pkcs11 engine
660 engine_id="pkcs11"
661 key_id="id_45"
662
663 # Optional PIN configuration; this can be left out and PIN will be
664 # asked through the control interface
665 pin="1234"
666}
667
668# Example configuration showing how to use an inlined blob as a CA certificate
669# data instead of using external file
670network={
671 ssid="example"
672 key_mgmt=WPA-EAP
673 eap=TTLS
674 identity="user@example.com"
675 anonymous_identity="anonymous@example.com"
676 password="foobar"
677 ca_cert="blob://exampleblob"
678 priority=20
679}
680
681blob-base64-exampleblob={
682SGVsbG8gV29ybGQhCg==
683}
684
685
686# Wildcard match for SSID (plaintext APs only). This example select any
687# open AP regardless of its SSID.
688network={
689 key_mgmt=NONE
690}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
deleted file mode 100644
index c91ffe0c84..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
+++ /dev/null
@@ -1,7 +0,0 @@
1ctrl_interface=/var/run/wpa_supplicant
2ctrl_interface_group=0
3update_config=1
4
5network={
6 key_mgmt=NONE
7}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
deleted file mode 100644
index ffb1cf617d..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb
+++ /dev/null
@@ -1,139 +0,0 @@
1SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
2DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver."
3HOMEPAGE = "http://w1.fi/wpa_supplicant/"
4BUGTRACKER = "http://w1.fi/security/"
5SECTION = "network"
6LICENSE = "BSD-3-Clause"
7LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \
8 file://README;beginline=1;endline=56;md5=6e4b25e7d74bfc44a32ba37bdf5210a6 \
9 file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=f5ccd57ea91e04800edb88267bf8eae4"
10
11DEPENDS = "dbus libnl"
12
13SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
14 file://wpa-supplicant.sh \
15 file://wpa_supplicant.conf \
16 file://wpa_supplicant.conf-sane \
17 file://99_wpa_supplicant \
18 file://0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch \
19 file://CVE-2025-24912-01.patch \
20 file://CVE-2025-24912-02.patch \
21 "
22SRC_URI[sha256sum] = "912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a"
23
24S = "${UNPACKDIR}/wpa_supplicant-${PV}"
25
26inherit pkgconfig systemd
27
28PACKAGECONFIG ?= "openssl"
29PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
30PACKAGECONFIG[openssl] = ",,openssl"
31
32CVE_PRODUCT = "wpa_supplicant"
33
34CVE_STATUS[CVE-2024-5290] = "not-applicable-platform: this only affects Ubuntu and other platforms patching wpa-supplicant"
35
36EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'"
37
38do_configure () {
39 ${MAKE} -C wpa_supplicant clean
40 sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config
41
42 if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then
43 echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config
44 elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then
45 echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config
46 sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \
47 -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \
48 -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config
49 fi
50
51 # For rebuild
52 rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
53}
54
55do_compile () {
56 oe_runmake -C wpa_supplicant
57 if [ -z "${DISABLE_STATIC}" ]; then
58 oe_runmake -C wpa_supplicant libwpa_client.a
59 fi
60}
61
62do_install () {
63 oe_runmake -C wpa_supplicant DESTDIR="${D}" install
64
65 install -d ${D}${docdir}/wpa_supplicant
66 install -m 644 wpa_supplicant/README ${UNPACKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
67
68 install -d ${D}${sysconfdir}
69 install -m 600 ${UNPACKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
70
71 install -d ${D}${sysconfdir}/network/if-pre-up.d/
72 install -d ${D}${sysconfdir}/network/if-post-down.d/
73 install -d ${D}${sysconfdir}/network/if-down.d/
74 install -m 755 ${UNPACKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
75 ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant
76
77 install -d ${D}/${sysconfdir}/dbus-1/system.d
78 install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
79 install -d ${D}/${datadir}/dbus-1/system-services
80 install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
81
82 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
83 install -d ${D}/${systemd_system_unitdir}
84 install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir}
85 fi
86
87 install -d ${D}/etc/default/volatiles
88 install -m 0644 ${UNPACKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
89
90 install -d ${D}${includedir}
91 install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir}
92
93 if [ -z "${DISABLE_STATIC}" ]; then
94 install -d ${D}${libdir}
95 install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir}
96 fi
97}
98
99pkg_postinst:${PN} () {
100 # If we're offline, we don't need to do this.
101 if [ "x$D" = "x" ]; then
102 killall -q -HUP dbus-daemon || true
103 fi
104}
105
106PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli"
107PACKAGES =+ "${PN}-lib"
108PACKAGES += "${PN}-plugins"
109ALLOW_EMPTY:${PN}-plugins = "1"
110
111PACKAGES_DYNAMIC += "^${PN}-plugin-.*$"
112NOAUTOPACKAGEDEBUG = "1"
113
114FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase"
115FILES:${PN}-cli = "${sbindir}/wpa_cli"
116FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}"
117FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
118FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug"
119
120CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf"
121
122RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins"
123
124SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service"
125SYSTEMD_AUTO_ENABLE = "disable"
126
127python split_wpa_supplicant_libs () {
128 libdir = d.expand('${libdir}/wpa_supplicant')
129 dbglibdir = os.path.join(libdir, '.debug')
130
131 split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True)
132 split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg')
133
134 if split_packages:
135 pn = d.getVar('PN')
136 d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages))
137 d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages))
138}
139PACKAGESPLITFUNCS += "split_wpa_supplicant_libs"