From 8c22ff0d8b70d9b12f0487ef696a7e915b9e3173 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 7 Nov 2025 13:31:53 +0000 Subject: The poky repository master branch is no longer being updated. You can either: a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs b) use the new bitbake-setup You can find information about either approach in our documentation: https://docs.yoctoproject.org/ Note that "poky" the distro setting is still available in meta-yocto as before and we continue to use and maintain that. Long live Poky! Some further information on the background of this change can be found in: https://lists.openembedded.org/g/openembedded-architecture/message/2179 Signed-off-by: Richard Purdie --- .../avahi/avahi-libnss-mdns_0.15.1.bb | 38 -- meta/recipes-connectivity/avahi/avahi_0.8.bb | 200 ------ .../0001-Fix-opening-etc-resolv.conf-error.patch | 45 -- .../avahi/files/00avahi-autoipd | 10 - .../avahi/files/99avahi-autoipd | 10 - .../avahi/files/CVE-2023-1981.patch | 58 -- .../avahi/files/CVE-2023-38469-1.patch | 48 -- .../avahi/files/CVE-2023-38469-2.patch | 65 -- .../avahi/files/CVE-2023-38470-1.patch | 59 -- .../avahi/files/CVE-2023-38470-2.patch | 52 -- .../avahi/files/CVE-2023-38471-1.patch | 73 --- .../avahi/files/CVE-2023-38471-2.patch | 52 -- .../avahi/files/CVE-2023-38472.patch | 46 -- .../avahi/files/CVE-2023-38473.patch | 110 ---- .../avahi/files/CVE-2024-52615.patch | 228 ------- .../avahi/files/CVE-2024-52616.patch | 104 ---- .../avahi/files/handle-hup.patch | 41 -- .../avahi/files/initscript.patch | 51 -- .../avahi/files/invalid-service.patch | 29 - .../avahi/files/local-ping.patch | 153 ----- .../0001-avoid-start-failure-with-bind-user.patch | 24 - ...lwresd-V-and-start-log-hide-build-options.patch | 34 - ...-searching-for-json-headers-searches-sysr.patch | 46 -- meta/recipes-connectivity/bind/bind/bind9 | 2 - meta/recipes-connectivity/bind/bind/conf.patch | 381 ------------ .../bind/bind/generate-rndc-key.sh | 8 - .../init.d-add-support-for-read-only-rootfs.patch | 65 -- .../bind/bind/make-etc-initd-bind-stop-work.patch | 41 -- meta/recipes-connectivity/bind/bind/named.service | 22 - meta/recipes-connectivity/bind/bind_9.20.15.bb | 109 ---- meta/recipes-connectivity/bluez5/bluez5.inc | 158 ----- ...media-fix-pac_config_cb-error-code-return.patch | 29 - ...-target-for-building-tests-without-runnin.patch | 25 - meta/recipes-connectivity/bluez5/bluez5/init | 61 -- meta/recipes-connectivity/bluez5/bluez5/run-ptest | 31 - meta/recipes-connectivity/bluez5/bluez5_5.84.bb | 74 --- meta/recipes-connectivity/connman/connman-conf.bb | 20 - .../connman/connman-conf/main.conf | 2 - .../connman/connman-gnome/0001-Port-to-Gtk3.patch | 277 --------- ...oved-icon-from-connman-gnome-about-applet.patch | 35 -- .../connman-gnome-fix-dbus-interface-name.patch | 187 ------ .../connman-gnome/images/connman-signal-01.png | Bin 490 -> 0 bytes .../connman-gnome/images/connman-signal-02.png | Bin 496 -> 0 bytes .../connman-gnome/images/connman-signal-03.png | Bin 492 -> 0 bytes .../connman-gnome/images/connman-signal-04.png | Bin 470 -> 0 bytes .../connman-gnome/images/connman-signal-05.png | Bin 419 -> 0 bytes .../connman-gnome/null_check_for_ipv4_config.patch | 36 -- .../connman/connman-gnome_0.7.bb | 32 - ...-avoid-hiding-implementation-reserved-sym.patch | 50 -- ...resolve-musl-does-not-implement-res_ninit.patch | 85 --- meta/recipes-connectivity/connman/connman/connman | 45 -- .../connman/connman/no-version-scripts.patch | 48 -- meta/recipes-connectivity/connman/connman_1.45.bb | 237 ------- meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb | 67 -- ...onf-improve-the-sitation-of-working-with-.patch | 79 --- ...8-Fix-conflict-error-when-enable-multilib.patch | 43 -- ...remove-INCLUDEDIR-to-prevent-build-issues.patch | 42 -- .../dhcpcd/files/dhcpcd.service | 11 - .../dhcpcd/files/dhcpcd@.service | 16 - .../inetutils/inetutils/rexec.xinetd.inetutils | 20 - .../inetutils/inetutils/rlogin.xinetd.inetutils | 23 - .../inetutils/inetutils/rsh.xinetd.inetutils | 21 - .../inetutils/inetutils/telnet.xinetd.inetutils | 13 - .../inetutils/inetutils/tftpd.xinetd.inetutils | 19 - .../inetutils/inetutils_2.6.bb | 216 ------- ...netlink.h-add-missing-include-for-htobe64.patch | 24 - .../iproute2/iproute2_6.16.0.bb | 112 ---- ....sh-don-t-use-git-describe-for-versioning.patch | 41 -- .../iw/iw/separate-objdir.patch | 50 -- meta/recipes-connectivity/iw/iw_6.17.bb | 31 - .../kea/files/0001-build-boost-1.89.0-fixes.patch | 53 -- ...radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch | 348 ----------- ...son-use-a-runtime-safe-interpreter-string.patch | 123 ---- .../files/0001-mk_cfgrpt.sh-strip-prefixes.patch | 54 -- ...-logger_unittest_support.cc-do-not-write-.patch | 26 - .../kea/files/CVE-2025-11232.patch | 474 -------------- .../kea/files/fix-multilib-conflict.patch | 104 ---- .../kea/files/fix_pid_keactrl.patch | 30 - .../kea/files/kea-dhcp-ddns-server | 46 -- .../kea/files/kea-dhcp-ddns.service | 13 - .../kea/files/kea-dhcp4-server | 46 -- .../kea/files/kea-dhcp4.service | 14 - .../kea/files/kea-dhcp6-server | 47 -- .../kea/files/kea-dhcp6.service | 14 - meta/recipes-connectivity/kea/kea_3.0.1.bb | 90 --- .../recipes-connectivity/libpcap/libpcap_1.10.5.bb | 43 -- meta/recipes-connectivity/libuv/libuv_1.51.0.bb | 20 - .../mobile-broadband-provider-info_20250613.bb | 15 - ...0001-Add-header-dependency-to-nciattach.o.patch | 35 -- .../neard/Makefile.am-do-not-ship-version.h.patch | 36 -- .../neard/Makefile.am-fix-parallel-issue.patch | 30 - meta/recipes-connectivity/neard/neard/neard.in | 54 -- meta/recipes-connectivity/neard/neard_0.19.bb | 48 -- ...cktest-Makefile.am-Do-not-use-build-flags.patch | 36 -- .../0004-Use-nogroup-for-nobody-group.patch | 38 -- .../nfs-utils/0005-find-OE-provided-Kerberos.patch | 42 -- .../nfs-utils/nfs-utils/nfscommon | 279 --------- .../nfs-utils/nfs-utils/nfsserver | 135 ---- .../nfs-utils/nfs-utils_2.8.4.bb | 159 ----- meta/recipes-connectivity/ofono/ofono/ofono | 42 -- meta/recipes-connectivity/ofono/ofono_2.18.bb | 46 -- ...ner.sh-log-input-and-output-files-on-erro.patch | 59 -- ...t-exec-use-the-absolute-path-in-the-SSH-e.patch | 35 -- meta/recipes-connectivity/openssh/openssh/init | 90 --- .../recipes-connectivity/openssh/openssh/run-ptest | 60 -- .../openssh/openssh/ssh_config | 48 -- meta/recipes-connectivity/openssh/openssh/sshd | 10 - .../openssh/openssh/sshd.service | 18 - .../openssh/openssh/sshd.socket | 12 - .../openssh/openssh/sshd@.service | 10 - .../openssh/openssh/sshd_check_keys | 78 --- .../openssh/openssh/sshd_config | 119 ---- .../openssh/openssh/sshdgenkeys.service | 9 - .../openssh/openssh/volatiles.99_sshd | 2 - .../recipes-connectivity/openssh/openssh_10.1p1.bb | 227 ------- .../openssl/files/environment.d-openssl.sh | 24 - ...ndshake-history-reporting-when-test-fails.patch | 367 ----------- .../0001-Configure-do-not-tweak-mips-cflags.patch | 39 -- ...trip-sysroot-and-debug-prefix-map-from-co.patch | 82 --- .../0001-extend-check_cwm-test-timeout.patch | 32 - .../recipes-connectivity/openssl/openssl/run-ptest | 19 - meta/recipes-connectivity/openssl/openssl_3.5.4.bb | 289 --------- .../ppp-dialin/files/host-peer | 11 - .../ppp-dialin/files/ppp-dialin | 3 - .../ppp-dialin/ppp-dialin_0.1.bb | 27 - ...dconf.h-remove-erroneous-generated-header.patch | 98 --- ...1-pppd-session-Fixed-building-with-GCC-15.patch | 33 - ...01-pppdump-Fixed-building-with-GCC-15-548.patch | 75 --- meta/recipes-connectivity/ppp/ppp/08setupdns | 12 - meta/recipes-connectivity/ppp/ppp/92removedns | 5 - meta/recipes-connectivity/ppp/ppp/init | 57 -- meta/recipes-connectivity/ppp/ppp/ip-down | 43 -- meta/recipes-connectivity/ppp/ppp/ip-up | 44 -- meta/recipes-connectivity/ppp/ppp/pap | 22 - meta/recipes-connectivity/ppp/ppp/poff | 26 - meta/recipes-connectivity/ppp/ppp/pon | 9 - meta/recipes-connectivity/ppp/ppp/ppp@.service | 9 - meta/recipes-connectivity/ppp/ppp/ppp_on_boot | 21 - meta/recipes-connectivity/ppp/ppp/provider | 35 -- meta/recipes-connectivity/ppp/ppp_2.5.2.bb | 81 --- .../0001-avoid-using-m-option-for-readlink.patch | 37 -- .../resolvconf/resolvconf/99_resolvconf | 4 - .../resolvconf/resolvconf_1.93.bb | 65 -- meta/recipes-connectivity/slirp/libslirp_4.9.1.bb | 14 - .../files/0001-fix-compile-procan.c-failed.patch | 62 -- meta/recipes-connectivity/socat/socat_1.8.0.3.bb | 53 -- .../ssh-pregen-hostkeys/dropbear_rsa_host_key | Bin 805 -> 0 bytes .../ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key | 9 - .../openssh/ssh_host_ecdsa_key.pub | 1 - .../openssh/ssh_host_ed25519_key | 7 - .../openssh/ssh_host_ed25519_key.pub | 1 - .../ssh-pregen-hostkeys/openssh/ssh_host_rsa_key | 38 -- .../openssh/ssh_host_rsa_key.pub | 1 - .../ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb | 23 - ...x-Hardware-offload-requires-Linux-headers.patch | 53 -- .../wpa-supplicant/99_wpa_supplicant | 1 - .../wpa-supplicant/CVE-2025-24912-01.patch | 79 --- .../wpa-supplicant/CVE-2025-24912-02.patch | 70 --- .../wpa-supplicant/wpa-supplicant.sh | 86 --- .../wpa-supplicant/wpa_supplicant.conf | 690 --------------------- .../wpa-supplicant/wpa_supplicant.conf-sane | 7 - .../wpa-supplicant/wpa-supplicant_2.11.bb | 139 ----- 162 files changed, 10684 deletions(-) delete mode 100644 meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb delete mode 100644 meta/recipes-connectivity/avahi/avahi_0.8.bb delete mode 100644 meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch delete mode 100644 meta/recipes-connectivity/avahi/files/00avahi-autoipd delete mode 100644 meta/recipes-connectivity/avahi/files/99avahi-autoipd delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch delete mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch delete mode 100644 meta/recipes-connectivity/avahi/files/handle-hup.patch delete mode 100644 meta/recipes-connectivity/avahi/files/initscript.patch delete mode 100644 meta/recipes-connectivity/avahi/files/invalid-service.patch delete mode 100644 meta/recipes-connectivity/avahi/files/local-ping.patch delete mode 100644 meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch delete mode 100644 meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch delete mode 100644 meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch delete mode 100644 meta/recipes-connectivity/bind/bind/bind9 delete mode 100644 meta/recipes-connectivity/bind/bind/conf.patch delete mode 100644 meta/recipes-connectivity/bind/bind/generate-rndc-key.sh delete mode 100644 meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch delete mode 100644 meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch delete mode 100644 meta/recipes-connectivity/bind/bind/named.service delete mode 100644 meta/recipes-connectivity/bind/bind_9.20.15.bb delete mode 100644 meta/recipes-connectivity/bluez5/bluez5.inc delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/init delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/run-ptest delete mode 100644 meta/recipes-connectivity/bluez5/bluez5_5.84.bb delete mode 100644 meta/recipes-connectivity/connman/connman-conf.bb delete mode 100644 meta/recipes-connectivity/connman/connman-conf/main.conf delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png delete mode 100644 meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch delete mode 100644 meta/recipes-connectivity/connman/connman-gnome_0.7.bb delete mode 100755 meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch delete mode 100644 meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch delete mode 100644 meta/recipes-connectivity/connman/connman/connman delete mode 100644 meta/recipes-connectivity/connman/connman/no-version-scripts.patch delete mode 100644 meta/recipes-connectivity/connman/connman_1.45.bb delete mode 100644 meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb delete mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch delete mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch delete mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch delete mode 100644 meta/recipes-connectivity/dhcpcd/files/dhcpcd.service delete mode 100644 meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils delete mode 100644 meta/recipes-connectivity/inetutils/inetutils_2.6.bb delete mode 100644 meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch delete mode 100644 meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb delete mode 100644 meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch delete mode 100644 meta/recipes-connectivity/iw/iw/separate-objdir.patch delete mode 100644 meta/recipes-connectivity/iw/iw_6.17.bb delete mode 100644 meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch delete mode 100644 meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch delete mode 100644 meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch delete mode 100644 meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch delete mode 100644 meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch delete mode 100644 meta/recipes-connectivity/kea/files/CVE-2025-11232.patch delete mode 100644 meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch delete mode 100644 meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp4-server delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp4.service delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp6-server delete mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp6.service delete mode 100644 meta/recipes-connectivity/kea/kea_3.0.1.bb delete mode 100644 meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb delete mode 100644 meta/recipes-connectivity/libuv/libuv_1.51.0.bb delete mode 100644 meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb delete mode 100644 meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch delete mode 100644 meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch delete mode 100644 meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch delete mode 100644 meta/recipes-connectivity/neard/neard/neard.in delete mode 100644 meta/recipes-connectivity/neard/neard_0.19.bb delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb delete mode 100644 meta/recipes-connectivity/ofono/ofono/ofono delete mode 100644 meta/recipes-connectivity/ofono/ofono_2.18.bb delete mode 100644 meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch delete mode 100644 meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch delete mode 100644 meta/recipes-connectivity/openssh/openssh/init delete mode 100755 meta/recipes-connectivity/openssh/openssh/run-ptest delete mode 100644 meta/recipes-connectivity/openssh/openssh/ssh_config delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd.service delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd.socket delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd@.service delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd_check_keys delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshd_config delete mode 100644 meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service delete mode 100644 meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd delete mode 100644 meta/recipes-connectivity/openssh/openssh_10.1p1.bb delete mode 100644 meta/recipes-connectivity/openssl/files/environment.d-openssl.sh delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/run-ptest delete mode 100644 meta/recipes-connectivity/openssl/openssl_3.5.4.bb delete mode 100644 meta/recipes-connectivity/ppp-dialin/files/host-peer delete mode 100644 meta/recipes-connectivity/ppp-dialin/files/ppp-dialin delete mode 100644 meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/08setupdns delete mode 100644 meta/recipes-connectivity/ppp/ppp/92removedns delete mode 100755 meta/recipes-connectivity/ppp/ppp/init delete mode 100755 meta/recipes-connectivity/ppp/ppp/ip-down delete mode 100755 meta/recipes-connectivity/ppp/ppp/ip-up delete mode 100644 meta/recipes-connectivity/ppp/ppp/pap delete mode 100644 meta/recipes-connectivity/ppp/ppp/poff delete mode 100644 meta/recipes-connectivity/ppp/ppp/pon delete mode 100644 meta/recipes-connectivity/ppp/ppp/ppp@.service delete mode 100644 meta/recipes-connectivity/ppp/ppp/ppp_on_boot delete mode 100644 meta/recipes-connectivity/ppp/ppp/provider delete mode 100644 meta/recipes-connectivity/ppp/ppp_2.5.2.bb delete mode 100644 meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch delete mode 100644 meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf delete mode 100644 meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb delete mode 100644 meta/recipes-connectivity/slirp/libslirp_4.9.1.bb delete mode 100644 meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch delete mode 100644 meta/recipes-connectivity/socat/socat_1.8.0.3.bb delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub delete mode 100644 meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb (limited to 'meta/recipes-connectivity') diff --git a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb deleted file mode 100644 index d45c06357d..0000000000 --- a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" -HOMEPAGE = "https://github.com/lathiat/nss-mdns" -DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." -SECTION = "libs" - -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" - -DEPENDS = "avahi" - -SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ - " - -SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" - -inherit autotools pkgconfig - -COMPATIBLE_HOST:libc-musl = 'null' - -EXTRA_OECONF = "--libdir=${base_libdir}" - -RDEPENDS:${PN} = "avahi-daemon" -RPROVIDES:${PN} = "libnss-mdns" - -pkg_postinst:${PN} () { - sed ' - /^hosts:/ !b - /\/ b - s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g - ' -i $D${sysconfdir}/nsswitch.conf -} - -pkg_prerm:${PN} () { - sed ' - /^hosts:/ !b - s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g - ' -i $D${sysconfdir}/nsswitch.conf -} diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb deleted file mode 100644 index 4fe8ba4d28..0000000000 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ /dev/null @@ -1,200 +0,0 @@ -SUMMARY = "Avahi IPv4LL network address configuration daemon" -DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ -allows programs to publish and discover services and hosts running on a local network \ -with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ -IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ -configuration from the link-local 169.254.0.0/16 range without the need for a central \ -server.' -HOMEPAGE = "http://avahi.org" -BUGTRACKER = "https://github.com/avahi/avahi/issues" -SECTION = "network" - -# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and -# python scripts are under GPL-2.0-or-later -LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ - file://00avahi-autoipd \ - file://99avahi-autoipd \ - file://initscript.patch \ - file://0001-Fix-opening-etc-resolv.conf-error.patch \ - file://handle-hup.patch \ - file://local-ping.patch \ - file://invalid-service.patch \ - file://CVE-2023-1981.patch \ - file://CVE-2023-38469-1.patch \ - file://CVE-2023-38469-2.patch \ - file://CVE-2023-38470-1.patch \ - file://CVE-2023-38470-2.patch \ - file://CVE-2023-38471-1.patch \ - file://CVE-2023-38471-2.patch \ - file://CVE-2023-38472.patch \ - file://CVE-2023-38473.patch \ - file://CVE-2024-52616.patch \ - file://CVE-2024-52615.patch \ - " - -GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" -SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" - -CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" - -DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" - -# For gtk related PACKAGECONFIGs: gtk, gtk3 -AVAHI_GTK ?= "" - -PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" -PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" -PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" -PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" -PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" - -inherit autotools pkgconfig gettext gobject-introspection github-releases - -EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ - --disable-stack-protector \ - --disable-gdbm \ - --disable-dbm \ - --disable-mono \ - --disable-monodoc \ - --disable-qt3 \ - --disable-qt4 \ - --disable-python \ - --disable-doxygen-doc \ - --enable-manpages \ - ${EXTRA_OECONF_SYSVINIT} \ - ${EXTRA_OECONF_SYSTEMD} \ - " - -# The distro choice determines what init scripts are installed -EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" - -do_configure:prepend() { - # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes - rm "${S}/common/introspection.m4" || true -} - -do_compile:prepend() { - export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" -} - -RRECOMMENDS:${PN}:append:libc-glibc = " avahi-libnss-mdns" - -do_install() { - autotools_do_install - rm -rf ${D}/run - test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 - rm -rf ${D}${libdir}/avahi - - # Move example service files out of /etc/avahi/services so we don't - # advertise ssh & sftp-ssh by default - install -d ${D}${docdir}/avahi - mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi -} - -PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" - -FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" - -RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" - -inherit update-rc.d systemd useradd - -PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" - -FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" -FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ - ${datadir}/avahi/interfaces/avahi-discover.ui \ - ${bindir}/avahi-discover-standalone \ - " - -LICENSE:libavahi-gobject = "LGPL-2.1-or-later" -LICENSE:avahi-daemon = "LGPL-2.1-or-later" -LICENSE:libavahi-common = "LGPL-2.1-or-later" -LICENSE:libavahi-core = "LGPL-2.1-or-later" -LICENSE:libavahi-client = "LGPL-2.1-or-later" -LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" -LICENSE:libavahi-glib = "LGPL-2.1-or-later" -LICENSE:avahi-autoipd = "LGPL-2.1-or-later" -LICENSE:avahi-utils = "LGPL-2.1-or-later" - -# As avahi doesn't put any files into PN, clear the files list to avoid problems -# if extra libraries appear. -FILES:${PN} = "" -FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ - ${sysconfdir}/avahi/avahi-autoipd.action \ - ${sysconfdir}/dhcp/*/avahi-autoipd \ - ${sysconfdir}/udhcpc.d/00avahi-autoipd \ - ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES:libavahi-common = "${libdir}/libavahi-common.so.*" -FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES:avahi-daemon = "${sbindir}/avahi-daemon \ - ${sysconfdir}/avahi/avahi-daemon.conf \ - ${sysconfdir}/avahi/hosts \ - ${sysconfdir}/avahi/services \ - ${sysconfdir}/dbus-1 \ - ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/dbus-1/interfaces \ - ${datadir}/avahi/avahi-service.dtd \ - ${datadir}/avahi/service-types \ - ${datadir}/dbus-1/system-services" -FILES:libavahi-client = "${libdir}/libavahi-client.so.*" -FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ - ${sysconfdir}/avahi/avahi-dnsconfd.action \ - ${sysconfdir}/init.d/avahi-dnsconfd" -FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" - -DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" -DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" -RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" - -RRECOMMENDS:avahi-daemon:append:libc-glibc = " avahi-libnss-mdns" - -CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" - -USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ - --no-create-home --shell /bin/false \ - --user-group avahi" - -USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ - --no-create-home --shell /bin/false \ - --user-group \ - -c \"Avahi autoip daemon\" \ - avahi-autoipd" - -INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" - -SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" - -do_install:append() { - install -d ${D}${sysconfdir}/udhcpc.d - install ${UNPACKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d - install ${UNPACKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d -} - -# At the time the postinst runs, dbus might not be setup so only restart if running -# Don't exit early, because update-rc.d needs to run subsequently. -pkg_postinst:avahi-daemon () { -if [ -z "$D" ]; then - killall -q -HUP dbus-daemon || true -fi -} - diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch deleted file mode 100644 index cb8b83fd23..0000000000 --- a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Wed, 20 Jun 2018 13:57:35 +0800 -Subject: [PATCH] Fix opening /etc/resolv.conf error - -Fix to start avahi-daemon after systemd-resolved.service. This is because -/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is -a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf -is created by systemd-resolved.service by default in current OE's systemd -based systems. - -This fixes errro like below. - - Failed to open /etc/resolv.conf: Invalid argument - -In fact, handling of /etc/resolv.conf is quite distro specific. So this patch -is marked as OE specific. - -Upstream-Status: Inappropriate [OE Specific] - -Signed-off-by: Chen Qi - -When connman installed to image, /etc/resolv.conf is link to -/etc/resolv-conf.connman. So launch avahi-daemon after connman too. - -Signed-off-by: Kai Kang ---- - avahi-daemon/avahi-daemon.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in -index 548c834..63e28e4 100644 ---- a/avahi-daemon/avahi-daemon.service.in -+++ b/avahi-daemon/avahi-daemon.service.in -@@ -18,6 +18,7 @@ - [Unit] - Description=Avahi mDNS/DNS-SD Stack - Requires=avahi-daemon.socket -+After=systemd-resolved.service connman.service - - [Service] - Type=dbus --- -2.11.0 - diff --git a/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/meta/recipes-connectivity/avahi/files/00avahi-autoipd deleted file mode 100644 index a0ab814603..0000000000 --- a/meta/recipes-connectivity/avahi/files/00avahi-autoipd +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 - -case "$1" in - - deconfig|renew|bound) - /usr/sbin/avahi-autoipd -k $interface 2> /dev/null - ;; -esac diff --git a/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/meta/recipes-connectivity/avahi/files/99avahi-autoipd deleted file mode 100644 index 234cdaa3eb..0000000000 --- a/meta/recipes-connectivity/avahi/files/99avahi-autoipd +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 - -case "$1" in - - leasefail) - /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null - ;; -esac diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch deleted file mode 100644 index 4d7924d13a..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Thu, 17 Nov 2022 01:51:53 +0100 -Subject: [PATCH] Emit error if requested service is not found - -It currently just crashes instead of replying with error. Check return -value and emit error instead of passing NULL pointer to reply. - -Fixes #375 - -Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security -Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] -CVE: CVE-2023-1981 -Signed-off-by: Vijay Anusuri ---- - avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c -index 70d7687bc..406d0b441 100644 ---- a/avahi-daemon/dbus-protocol.c -+++ b/avahi-daemon/dbus-protocol.c -@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM - } - - t = avahi_alternative_host_name(n); -- avahi_dbus_respond_string(c, m, t); -- avahi_free(t); -+ if (t) { -+ avahi_dbus_respond_string(c, m, t); -+ avahi_free(t); - -- return DBUS_HANDLER_RESULT_HANDLED; -+ return DBUS_HANDLER_RESULT_HANDLED; -+ } else { -+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); -+ } - } - - static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { -@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB - } - - t = avahi_alternative_service_name(n); -- avahi_dbus_respond_string(c, m, t); -- avahi_free(t); -+ if (t) { -+ avahi_dbus_respond_string(c, m, t); -+ avahi_free(t); - -- return DBUS_HANDLER_RESULT_HANDLED; -+ return DBUS_HANDLER_RESULT_HANDLED; -+ } else { -+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); -+ } - } - - static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch deleted file mode 100644 index a078f66102..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Mon, 23 Oct 2023 20:29:31 +0000 -Subject: [PATCH] avahi: core: reject overly long TXT resource records - -Closes https://github.com/lathiat/avahi/issues/455 - -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] -CVE: CVE-2023-38469 - -Signed-off-by: Meenali Gupta ---- - avahi-core/rr.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/avahi-core/rr.c b/avahi-core/rr.c -index 7fa0bee..b03a24c 100644 ---- a/avahi-core/rr.c -+++ b/avahi-core/rr.c -@@ -32,6 +32,7 @@ - #include - #include - -+#include "dns.h" - #include "rr.h" - #include "log.h" - #include "util.h" -@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { - case AVAHI_DNS_TYPE_TXT: { - - AvahiStringList *strlst; -+ size_t used = 0; - -- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) -+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { - if (strlst->size > 255 || strlst->size <= 0) - return 0; - -+ used += 1+strlst->size; -+ if (used > AVAHI_DNS_RDATA_MAX) -+ return 0; -+ } -+ - return 1; - } - } --- -2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch deleted file mode 100644 index f8f60ddca1..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch +++ /dev/null @@ -1,65 +0,0 @@ -From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Wed, 25 Oct 2023 18:15:42 +0000 -Subject: [PATCH] tests: pass overly long TXT resource records - -to make sure they don't crash avahi any more. -It reproduces https://github.com/lathiat/avahi/issues/455 - -Canonical notes: -nickgalanis> removed first hunk since there is no .github dir in this release - -Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security -Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] -CVE: CVE-2023-38469 -Signed-off-by: Vijay Anusuri ---- - avahi-client/client-test.c | 14 ++++++++++++++ - 1 files changed, 14 insertions(+) - -Index: avahi-0.8/avahi-client/client-test.c -=================================================================== ---- avahi-0.8.orig/avahi-client/client-test.c -+++ avahi-0.8/avahi-client/client-test.c -@@ -22,6 +22,7 @@ - #endif - - #include -+#include - #include - - #include -@@ -33,6 +34,8 @@ - #include - #include - -+#include -+ - static const AvahiPoll *poll_api = NULL; - static AvahiSimplePoll *simple_poll = NULL; - -@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA - uint32_t cookie; - struct timeval tv; - AvahiAddress a; -+ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; -+ AvahiStringList *txt = NULL; -+ int r; - - simple_poll = avahi_simple_poll_new(); - poll_api = avahi_simple_poll_get(simple_poll); -@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA - printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); - printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); - -+ memset(rdata, 1, sizeof(rdata)); -+ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); -+ assert(r >= 0); -+ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); -+ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); -+ assert(error == AVAHI_ERR_INVALID_RECORD); -+ avahi_string_list_free(txt); -+ - avahi_entry_group_commit (group); - - domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch deleted file mode 100644 index 91f9e677ac..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch +++ /dev/null @@ -1,59 +0,0 @@ -From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Tue, 11 Apr 2023 15:29:59 +0200 -Subject: [PATCH] avahi: Ensure each label is at least one byte long - -The only allowed exception is single dot, where it should return empty -string. - -Fixes #454. - -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] -CVE: CVE-2023-38470 - -Signed-off-by: Meenali Gupta ---- - avahi-common/domain-test.c | 14 ++++++++++++++ - avahi-common/domain.c | 2 +- - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c -index cf763ec..3acc1c1 100644 ---- a/avahi-common/domain-test.c -+++ b/avahi-common/domain-test.c -@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { - printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); - avahi_free(s); - -+ printf("%s\n", s = avahi_normalize_name_strdup(".")); -+ avahi_free(s); -+ -+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." -+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" -+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" -+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." -+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." -+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" -+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." -+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." -+ "}.?.?.?.}.=.?.?.}"); -+ assert(s == NULL); -+ - printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); - printf("%i\n", avahi_domain_equal("A", "a")); - -diff --git a/avahi-common/domain.c b/avahi-common/domain.c -index 3b1ab68..e66d241 100644 ---- a/avahi-common/domain.c -+++ b/avahi-common/domain.c -@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { - } - - if (!empty) { -- if (size < 1) -+ if (size < 2) - return NULL; - - *(r++) = '.'; --- -2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch deleted file mode 100644 index e0736bf210..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Tue, 19 Sep 2023 03:21:25 +0000 -Subject: [PATCH] [common] bail out when escaped labels can't fit into ret - -Fixes: -``` -==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 -READ of size 1110 at 0x7f9e76f14c16 thread T0 - #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) - #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 - #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 -``` -and -``` -fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. -==101571== ERROR: libFuzzer: deadly signal - #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) - #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) - #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) - #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) - #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 -``` - -It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c - -Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security -CVE: CVE-2023-38470 #Follow-up patch -Signed-off-by: Vijay Anusuri ---- - avahi-common/domain.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Index: avahi-0.8/avahi-common/domain.c -=================================================================== ---- avahi-0.8.orig/avahi-common/domain.c -+++ avahi-0.8/avahi-common/domain.c -@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s - } else - empty = 0; - -- avahi_escape_label(label, strlen(label), &r, &size); -+ if (!(avahi_escape_label(label, strlen(label), &r, &size))) -+ return NULL; - } - - return ret_s; diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch deleted file mode 100644 index b3f716495d..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 23 Oct 2023 13:38:35 +0200 -Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() - -Previously we could create invalid escape sequence when we split the -string on dot. For example, from valid host name "foo\\.bar" we have -created invalid name "foo\\" and tried to set that as the host name -which crashed the daemon. - -Fixes #453 - -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] -CVE: CVE-2023-38471 - -Signed-off-by: Meenali Gupta ---- - avahi-core/server.c | 27 +++++++++++++++++++++------ - 1 file changed, 21 insertions(+), 6 deletions(-) - -diff --git a/avahi-core/server.c b/avahi-core/server.c -index e507750..40f1d68 100644 ---- a/avahi-core/server.c -+++ b/avahi-core/server.c -@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { - } - - int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { -- char *hn = NULL; -+ char label_escaped[AVAHI_LABEL_MAX*4+1]; -+ char label[AVAHI_LABEL_MAX]; -+ char *hn = NULL, *h; -+ size_t len; -+ - assert(s); - - AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); -@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { - else - hn = avahi_normalize_name_strdup(host_name); - -- hn[strcspn(hn, ".")] = 0; -+ h = hn; -+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { -+ avahi_free(h); -+ return AVAHI_ERR_INVALID_HOST_NAME; -+ } -+ -+ avahi_free(h); -+ -+ h = label_escaped; -+ len = sizeof(label_escaped); -+ if (!avahi_escape_label(label, strlen(label), &h, &len)) -+ return AVAHI_ERR_INVALID_HOST_NAME; - -- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { -- avahi_free(hn); -+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) - return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); -- } - - withdraw_host_rrs(s); - - avahi_free(s->host_name); -- s->host_name = hn; -+ s->host_name = avahi_strdup(label_escaped); -+ if (!s->host_name) -+ return AVAHI_ERR_NO_MEMORY; - - update_fqdn(s); - --- -2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch deleted file mode 100644 index 44737bfc2e..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch +++ /dev/null @@ -1,52 +0,0 @@ -From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Tue, 24 Oct 2023 22:04:51 +0000 -Subject: [PATCH] core: return errors from avahi_server_set_host_name properly - -It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 - -Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security -Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] -CVE: CVE-2023-38471 #Follow-up Patch -Signed-off-by: Vijay Anusuri ---- - avahi-core/server.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -Index: avahi-0.8/avahi-core/server.c -=================================================================== ---- avahi-0.8.orig/avahi-core/server.c -+++ avahi-0.8/avahi-core/server.c -@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ - else - hn = avahi_normalize_name_strdup(host_name); - -+ if (!hn) -+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); -+ - h = hn; - if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { - avahi_free(h); -- return AVAHI_ERR_INVALID_HOST_NAME; -+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); - } - - avahi_free(h); -@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ - h = label_escaped; - len = sizeof(label_escaped); - if (!avahi_escape_label(label, strlen(label), &h, &len)) -- return AVAHI_ERR_INVALID_HOST_NAME; -+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); - - if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) - return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); -@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ - avahi_free(s->host_name); - s->host_name = avahi_strdup(label_escaped); - if (!s->host_name) -- return AVAHI_ERR_NO_MEMORY; -+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); - - update_fqdn(s); - diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch deleted file mode 100644 index 85dbded73b..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Thu, 19 Oct 2023 17:36:44 +0200 -Subject: [PATCH] core: make sure there is rdata to process before parsing it - -Fixes #452 - -CVE-2023-38472 - -Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security -Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] -CVE: CVE-2023-38472 -Signed-off-by: Meenali Gupta -Signed-off-by: Vijay Anusuri ---- - avahi-client/client-test.c | 3 +++ - avahi-daemon/dbus-entry-group.c | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -Index: avahi-0.8/avahi-client/client-test.c -=================================================================== ---- avahi-0.8.orig/avahi-client/client-test.c -+++ avahi-0.8/avahi-client/client-test.c -@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA - assert(error == AVAHI_ERR_INVALID_RECORD); - avahi_string_list_free(txt); - -+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); -+ assert(error != AVAHI_OK); -+ - avahi_entry_group_commit (group); - - domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); -Index: avahi-0.8/avahi-daemon/dbus-entry-group.c -=================================================================== ---- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c -+++ avahi-0.8/avahi-daemon/dbus-entry-group.c -@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g - if (!(r = avahi_record_new_full (name, clazz, type, ttl))) - return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); - -- if (avahi_rdata_parse (r, rdata, size) < 0) { -+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { - avahi_record_unref (r); - return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); - } diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch deleted file mode 100644 index 707acb60fe..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 11 Oct 2023 17:45:44 +0200 -Subject: [PATCH] avahi: common: derive alternative host name from its - unescaped version - -Normalization of input makes sure we don't have to deal with special -cases like unescaped dot at the end of label. - -Fixes #451 #487 - -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] -CVE: CVE-2023-38473 - -Signed-off-by: Meenali Gupta ---- - avahi-common/alternative-test.c | 3 +++ - avahi-common/alternative.c | 27 +++++++++++++++++++-------- - 2 files changed, 22 insertions(+), 8 deletions(-) - -diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c -index 9255435..681fc15 100644 ---- a/avahi-common/alternative-test.c -+++ b/avahi-common/alternative-test.c -@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { - const char* const test_strings[] = { - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", -+ ").", -+ "\\.", -+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", - "gurke", - "-", - " #", -diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c -index b3d39f0..a094e6d 100644 ---- a/avahi-common/alternative.c -+++ b/avahi-common/alternative.c -@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { - } - - char *avahi_alternative_host_name(const char *s) { -+ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; -+ char *alt, *r, *ret; - const char *e; -- char *r; -+ size_t len; - - assert(s); - - if (!avahi_is_valid_host_name(s)) - return NULL; - -- if ((e = strrchr(s, '-'))) { -+ if (!avahi_unescape_label(&s, label, sizeof(label))) -+ return NULL; -+ -+ if ((e = strrchr(label, '-'))) { - const char *p; - - e++; -@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { - - if (e) { - char *c, *m; -- size_t l; - int n; - - n = atoi(e)+1; - if (!(m = avahi_strdup_printf("%i", n))) - return NULL; - -- l = e-s-1; -+ len = e-label-1; - -- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) -- l = AVAHI_LABEL_MAX-1-strlen(m)-1; -+ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) -+ len = AVAHI_LABEL_MAX-1-strlen(m)-1; - -- if (!(c = avahi_strndup(s, l))) { -+ if (!(c = avahi_strndup(label, len))) { - avahi_free(m); - return NULL; - } -@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { - } else { - char *c; - -- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) -+ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) - return NULL; - - drop_incomplete_utf8(c); -@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { - avahi_free(c); - } - -+ alt = alternative; -+ len = sizeof(alternative); -+ ret = avahi_escape_label(r, strlen(r), &alt, &len); -+ -+ avahi_free(r); -+ r = avahi_strdup(ret); -+ - assert(avahi_is_valid_host_name(r)); - - return r; --- -2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch deleted file mode 100644 index 9737f52837..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch +++ /dev/null @@ -1,228 +0,0 @@ -From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 27 Nov 2024 18:07:32 +0100 -Subject: [PATCH] core/wide-area: fix for CVE-2024-52615 - -CVE: CVE-2024-52615 -Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] - -Signed-off-by: Zhang Peng ---- - avahi-core/wide-area.c | 128 ++++++++++++++++++++++------------------- - 1 file changed, 69 insertions(+), 59 deletions(-) - -diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c -index 00a15056e..06df7afc6 100644 ---- a/avahi-core/wide-area.c -+++ b/avahi-core/wide-area.c -@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup { - - AvahiAddress dns_server_used; - -+ int fd; -+ AvahiWatch *watch; -+ AvahiProtocol proto; -+ - AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups); - AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key); - }; -@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup { - struct AvahiWideAreaLookupEngine { - AvahiServer *server; - -- int fd_ipv4, fd_ipv6; -- AvahiWatch *watch_ipv4, *watch_ipv6; -- - /* Cache */ - AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); - AvahiHashmap *cache_by_key; -@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i - return l; - } - -+static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata); -+ - static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) { -+ AvahiWideAreaLookupEngine *e; - AvahiAddress *a; -+ AvahiServer *s; -+ AvahiWatch *w; -+ int r; - - assert(l); - assert(p); - -- if (l->engine->n_dns_servers <= 0) -+ e = l->engine; -+ assert(e); -+ -+ s = e->server; -+ assert(s); -+ -+ if (e->n_dns_servers <= 0) - return -1; - -- assert(l->engine->current_dns_server < l->engine->n_dns_servers); -+ assert(e->current_dns_server < e->n_dns_servers); - -- a = &l->engine->dns_servers[l->engine->current_dns_server]; -+ a = &e->dns_servers[e->current_dns_server]; - l->dns_server_used = *a; - -- if (a->proto == AVAHI_PROTO_INET) { -+ if (l->fd >= 0) { -+ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */ -+ s->poll_api->watch_free(l->watch); -+ l->watch = NULL; - -- if (l->engine->fd_ipv4 < 0) -- return -1; -+ close(l->fd); -+ l->fd = -EBADF; -+ } - -- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT); -+ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6); - -- } else { -- assert(a->proto == AVAHI_PROTO_INET6); -+ if (a->proto == AVAHI_PROTO_INET) -+ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; -+ else -+ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; - -- if (l->engine->fd_ipv6 < 0) -- return -1; -+ if (r < 0) { -+ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup"); -+ return -1; -+ } - -- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); -+ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l); -+ if (!w) { -+ close(r); -+ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup"); -+ return -1; - } -+ -+ l->fd = r; -+ l->watch = w; -+ l->proto = a->proto; -+ -+ return a->proto == AVAHI_PROTO_INET ? -+ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT): -+ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); - } - - static void next_dns_server(AvahiWideAreaLookupEngine *e) { -@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( - l->dead = 0; - l->key = avahi_key_ref(key); - l->cname_key = avahi_key_new_cname(l->key); -+ l->fd = -EBADF; -+ l->watch = NULL; -+ l->proto = AVAHI_PROTO_UNSPEC; - l->callback = callback; - l->userdata = userdata; - -@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) { - if (l->cname_key) - avahi_key_unref(l->cname_key); - -+ if (l->watch) -+ l->engine->server->poll_api->watch_free(l->watch); -+ -+ if (l->fd >= 0) -+ close(l->fd); -+ - avahi_free(l); - } - -@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) { - } - - static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) { -- AvahiWideAreaLookupEngine *e = userdata; -+ AvahiWideAreaLookup *l = userdata; -+ AvahiWideAreaLookupEngine *e = l->engine; - AvahiDnsPacket *p = NULL; - -- if (fd == e->fd_ipv4) -- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL); -+ assert(l); -+ assert(e); -+ assert(l->fd == fd); -+ -+ if (l->proto == AVAHI_PROTO_INET) -+ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL); - else { -- assert(fd == e->fd_ipv6); -- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL); -+ assert(l->proto == AVAHI_PROTO_INET6); -+ -+ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL); - } - - if (p) { -@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { - e->server = s; - e->cleanup_dead = 0; - -- /* Create sockets */ -- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; -- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; -- -- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) { -- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno)); -- -- if (e->fd_ipv6 >= 0) -- close(e->fd_ipv6); -- -- if (e->fd_ipv4 >= 0) -- close(e->fd_ipv4); -- -- avahi_free(e); -- return NULL; -- } -- -- /* Create watches */ -- -- e->watch_ipv4 = e->watch_ipv6 = NULL; -- -- if (e->fd_ipv4 >= 0) -- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e); -- if (e->fd_ipv6 >= 0) -- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); -- - e->n_dns_servers = e->current_dns_server = 0; - - /* Initialize cache */ -@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) { - avahi_hashmap_free(e->lookups_by_id); - avahi_hashmap_free(e->lookups_by_key); - -- if (e->watch_ipv4) -- e->server->poll_api->watch_free(e->watch_ipv4); -- -- if (e->watch_ipv6) -- e->server->poll_api->watch_free(e->watch_ipv6); -- -- if (e->fd_ipv6 >= 0) -- close(e->fd_ipv6); -- -- if (e->fd_ipv4 >= 0) -- close(e->fd_ipv4); -- - avahi_free(e); - } - -@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres - - if (a) { - for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--) -- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0)) -+ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6) - e->dns_servers[e->n_dns_servers++] = *a; - } else { - assert(n == 0); diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch deleted file mode 100644 index a156f98728..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch +++ /dev/null @@ -1,104 +0,0 @@ -From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Mon, 11 Nov 2024 00:56:09 +0100 -Subject: [PATCH] Properly randomize query id of DNS packets - -CVE: CVE-2024-52616 -Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] - -Signed-off-by: Zhang Peng ---- - avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++-------- - configure.ac | 3 ++- - 2 files changed, 30 insertions(+), 9 deletions(-) - -diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c -index 971f5e714..00a15056e 100644 ---- a/avahi-core/wide-area.c -+++ b/avahi-core/wide-area.c -@@ -40,6 +40,13 @@ - #include "addr-util.h" - #include "rr-util.h" - -+#ifdef HAVE_SYS_RANDOM_H -+#include -+#endif -+#ifndef HAVE_GETRANDOM -+# define getrandom(d, len, flags) (-1) -+#endif -+ - #define CACHE_ENTRIES_MAX 500 - - typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry; -@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine { - int fd_ipv4, fd_ipv6; - AvahiWatch *watch_ipv4, *watch_ipv6; - -- uint16_t next_id; -- - /* Cache */ - AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); - AvahiHashmap *cache_by_key; -@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) { - avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0)); - } - -+static uint16_t get_random_uint16(void) { -+ uint16_t next_id; -+ -+ if (getrandom(&next_id, sizeof(next_id), 0) == -1) -+ next_id = (uint16_t) rand(); -+ return next_id; -+} -+ -+static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) { -+ uint16_t next_id; -+ -+ next_id = get_random_uint16(); -+ while (find_lookup(e, next_id)) { -+ /* This ID is already used, get new. */ -+ next_id = get_random_uint16(); -+ } -+ return next_id; -+} -+ -+ - AvahiWideAreaLookup *avahi_wide_area_lookup_new( - AvahiWideAreaLookupEngine *e, - AvahiKey *key, -@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( - /* If more than 65K wide area quries are issued simultaneously, - * this will break. This should be limited by some higher level */ - -- for (;; e->next_id++) -- if (!find_lookup(e, e->next_id)) -- break; /* This ID is not yet used. */ -- -- l->id = e->next_id++; -+ l->id = avahi_wide_area_next_id(e); - - /* We keep the packet around in case we need to repeat our query */ - l->packet = avahi_dns_packet_new(0); -@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { - e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); - - e->n_dns_servers = e->current_dns_server = 0; -- e->next_id = (uint16_t) rand(); - - /* Initialize cache */ - AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache); -diff --git a/configure.ac b/configure.ac -index a3211b80e..31bce3d76 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES - # whether libc's malloc does too. (Same for realloc.) - #AC_FUNC_MALLOC - #AC_FUNC_REALLOC --AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname]) -+AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom]) -+AC_CHECK_HEADERS([sys/random.h]) - - AC_FUNC_CHOWN - AC_FUNC_STAT - diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch deleted file mode 100644 index 26632e5443..0000000000 --- a/meta/recipes-connectivity/avahi/files/handle-hup.patch +++ /dev/null @@ -1,41 +0,0 @@ -CVE: CVE-2021-3468 -Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] -Signed-off-by: Ross Burton - -From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 -From: Riccardo Schirone -Date: Fri, 26 Mar 2021 11:50:24 +0100 -Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in - client_work - -If a client fills the input buffer, client_work() disables the -AVAHI_WATCH_IN event, thus preventing the function from executing the -`read` syscall the next times it is called. However, if the client then -terminates the connection, the socket file descriptor receives a HUP -event, which is not handled, thus the kernel keeps marking the HUP event -as occurring. While iterating over the file descriptors that triggered -an event, the client file descriptor will keep having the HUP event and -the client_work() function is always called with AVAHI_WATCH_HUP but -without nothing being done, thus entering an infinite loop. - -See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 ---- - avahi-daemon/simple-protocol.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c -index 3e0ebb11..6c0274d6 100644 ---- a/avahi-daemon/simple-protocol.c -+++ b/avahi-daemon/simple-protocol.c -@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv - } - } - -+ if (events & AVAHI_WATCH_HUP) { -+ client_free(c); -+ return; -+ } -+ - c->server->poll_api->watch_update( - watch, - (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch deleted file mode 100644 index e1176888df..0000000000 --- a/meta/recipes-connectivity/avahi/files/initscript.patch +++ /dev/null @@ -1,51 +0,0 @@ -Note: upcoming avahi 0.9 drops debian initscripts altogether, -so any version update would probably have to copy the last -upstream versions into oe-core, and install them from the recipe. - -Upstream-Status: Inappropriate [upstream removed the files] - -Index: avahi-0.7/initscript/debian/avahi-daemon.in -=================================================================== ---- avahi-0.7.orig/initscript/debian/avahi-daemon.in -+++ avahi-0.7/initscript/debian/avahi-daemon.in -@@ -1,5 +1,17 @@ - #!/bin/sh -- -+### BEGIN INIT INFO -+# Provides: avahi -+# Required-Start: $remote_fs dbus -+# Required-Stop: $remote_fs dbus -+# Should-Start: $syslog -+# Should-Stop: $syslog -+# Default-Start: 2 3 4 5 -+# Default-Stop: 0 1 6 -+# Short-Description: Avahi mDNS/DNS-SD Daemon -+# Description: Zeroconf daemon for configuring your network -+# automatically -+### END INIT INFO -+# - # This file is part of avahi. - # - # avahi is free software; you can redistribute it and/or modify it -Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in -=================================================================== ---- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in -+++ avahi-0.7/initscript/debian/avahi-dnsconfd.in -@@ -1,4 +1,17 @@ - #!/bin/sh -+### BEGIN INIT INFO -+# Provides: avahi-dnsconfd -+# Required-Start: $remote_fs avahi -+# Required-Stop: $remote_fs avahi -+# Should-Start: $syslog -+# Should-Stop: $syslog -+# Default-Start: 2 3 4 5 -+# Default-Stop: 0 1 6 -+# Short-Description: Avahi mDNS/DNS-SD DNS configuration -+# Description: Zeroconf daemon for configuring your network -+# automatically -+### END INIT INFO -+# - - # This file is part of avahi. - # diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch deleted file mode 100644 index 8f188aff2c..0000000000 --- a/meta/recipes-connectivity/avahi/files/invalid-service.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 -From: Asger Hautop Drewsen -Date: Mon, 9 Aug 2021 14:25:08 +0200 -Subject: [PATCH] Fix avahi-browse: Invalid service type - -Invalid service types will stop the browse from completing, or -in simple terms "my washing machine stops me from printing". - -Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] -Signed-off-by: Ross Burton ---- - avahi-core/browse-service.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c -index 63e0275a..ac3d2ecb 100644 ---- a/avahi-core/browse-service.c -+++ b/avahi-core/browse-service.c -@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); -- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); -+ -+ if (!avahi_is_valid_service_type_generic(service_type)) -+ service_type = "_invalid._tcp"; - - if (!domain) - domain = server->domain_name; diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch deleted file mode 100644 index 29c192d296..0000000000 --- a/meta/recipes-connectivity/avahi/files/local-ping.patch +++ /dev/null @@ -1,153 +0,0 @@ -CVE: CVE-2021-36217 -CVE: CVE-2021-3502 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 -From: Tommi Rantala -Date: Mon, 8 Feb 2021 11:04:43 +0200 -Subject: [PATCH] Fix NULL pointer crashes from #175 - -avahi-daemon is crashing when running "ping .local". -The crash is due to failing assertion from NULL pointer. -Add missing NULL pointer checks to fix it. - -Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd ---- - avahi-core/browse-dns-server.c | 5 ++++- - avahi-core/browse-domain.c | 5 ++++- - avahi-core/browse-service-type.c | 3 +++ - avahi-core/browse-service.c | 3 +++ - avahi-core/browse.c | 3 +++ - avahi-core/resolve-address.c | 5 ++++- - avahi-core/resolve-host-name.c | 5 ++++- - avahi-core/resolve-service.c | 5 ++++- - 8 files changed, 29 insertions(+), 5 deletions(-) - -diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c -index 049752e9..c2d914fa 100644 ---- a/avahi-core/browse-dns-server.c -+++ b/avahi-core/browse-dns-server.c -@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( - AvahiSDNSServerBrowser* b; - - b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_dns_server_browser_start(b); - - return b; --} -\ No newline at end of file -+} -diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c -index f145d56a..06fa70c0 100644 ---- a/avahi-core/browse-domain.c -+++ b/avahi-core/browse-domain.c -@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( - AvahiSDomainBrowser *b; - - b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_domain_browser_start(b); - - return b; --} -\ No newline at end of file -+} -diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c -index fdd22dcd..b1fc7af8 100644 ---- a/avahi-core/browse-service-type.c -+++ b/avahi-core/browse-service-type.c -@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( - AvahiSServiceTypeBrowser *b; - - b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_service_type_browser_start(b); - - return b; -diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c -index 5531360c..63e0275a 100644 ---- a/avahi-core/browse-service.c -+++ b/avahi-core/browse-service.c -@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( - AvahiSServiceBrowser *b; - - b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_service_browser_start(b); - - return b; -diff --git a/avahi-core/browse.c b/avahi-core/browse.c -index 2941e579..e8a915e9 100644 ---- a/avahi-core/browse.c -+++ b/avahi-core/browse.c -@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( - AvahiSRecordBrowser *b; - - b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_record_browser_start_query(b); - - return b; -diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c -index ac0b29b1..e61dd242 100644 ---- a/avahi-core/resolve-address.c -+++ b/avahi-core/resolve-address.c -@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( - AvahiSAddressResolver *b; - - b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_address_resolver_start(b); - - return b; --} -\ No newline at end of file -+} -diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c -index 808b0e72..4e8e5973 100644 ---- a/avahi-core/resolve-host-name.c -+++ b/avahi-core/resolve-host-name.c -@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( - AvahiSHostNameResolver *b; - - b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_host_name_resolver_start(b); - - return b; --} -\ No newline at end of file -+} -diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c -index 66bf3cae..43771763 100644 ---- a/avahi-core/resolve-service.c -+++ b/avahi-core/resolve-service.c -@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( - AvahiSServiceResolver *b; - - b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); -+ if (!b) -+ return NULL; -+ - avahi_s_service_resolver_start(b); - - return b; --} -\ No newline at end of file -+} diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch deleted file mode 100644 index dda94c14e7..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 7128d079b0c315414410c4bcfb18b445cd7afda2 Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Mon, 15 Oct 2018 16:55:09 +0800 -Subject: [PATCH] avoid start failure with bind user - -Upstream-Status: Pending - -Signed-off-by: Chen Qi ---- - init.d | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/init.d b/init.d -index 95e8909..771d349 100644 ---- a/init.d -+++ b/init.d -@@ -57,6 +57,7 @@ case "$1" in - modprobe capability >/dev/null 2>&1 || true - if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -+ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true - chmod 0640 /etc/bind/rndc.key - fi - if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5d3bd682f4..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 56249e557c820a743f1390174bd93104698e70f2 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Mon, 27 Aug 2018 21:24:20 +0800 -Subject: [PATCH] `named/lwresd -V' and start log hide build options - -The build options expose build path directories, so hide them. -[snip] -$ named -V -|built by make with *** (options are hidden) -[snip] - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia - -Refreshed for 9.16.0 -Signed-off-by: Armin Kuster ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 295bfd6..5c7d7fb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par - AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) - AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) - --bind_CONFIGARGS="${ac_configure_args:-default}" -+bind_CONFIGARGS="(removed for reproducibility)" - AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) - - AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch deleted file mode 100644 index 9bbe0998c6..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ /dev/null @@ -1,46 +0,0 @@ -From fe34ede0bbb0c60624cc281c938b9ca784505f5a Mon Sep 17 00:00:00 2001 -From: Paul Gortmaker -Date: Tue, 9 Jun 2015 11:22:00 -0400 -Subject: [PATCH] bind: ensure searching for json headers searches sysroot - -Bind can fail configure by detecting headers w/o libs[1], or -it can fail the host contamination check as per below: - -ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. -Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build' -ERROR: Function failed: do_qa_configure -ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242 -ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1' -NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed. -No currently running tasks (773 of 781) - -Summary: 1 task failed: - /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure - -One way to fix it would be to unconditionally disable json in bind -configure[2] but here we fix it by using the path to where we would -put the header if we had json in the sysroot, in case someone wants -to make use of the combination some day. - -[1] https://trac.macports.org/ticket/45305 -[2] https://trac.macports.org/changeset/126406 - -Upstream-Status: Inappropriate [OE Specific] -Signed-off-by: Paul Gortmaker ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 6ee5459..295bfd6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -863,7 +863,7 @@ AS_CASE([$with_lmdb], - [no],[], - [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], - [ac_lib_lmdb_found=yes], -- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do -+ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do - AX_LIB_LMDB([$ac_lib_lmdb_path], - [ac_lib_lmdb_found=yes - break]) diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind/bind9 deleted file mode 100644 index 968679ff7f..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind9 +++ /dev/null @@ -1,2 +0,0 @@ -# startup options for the server -OPTIONS="-u bind" diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch deleted file mode 100644 index 8a45667fc4..0000000000 --- a/meta/recipes-connectivity/bind/bind/conf.patch +++ /dev/null @@ -1,381 +0,0 @@ -From 24452a9a46ba21233925218e4fca066b338ba70d Mon Sep 17 00:00:00 2001 -From: Qing He -Date: Tue, 30 Nov 2010 13:35:42 +0800 -Subject: [PATCH] bind: add new recipe - -Upstream-Status: Inappropriate [configuration] - -the patch is imported from openembedded project - -11/30/2010 - Qing He ---- - conf/db.0 | 12 +++++++ - conf/db.127 | 13 ++++++++ - conf/db.255 | 12 +++++++ - conf/db.empty | 14 +++++++++ - conf/db.local | 13 ++++++++ - conf/db.root | 45 ++++++++++++++++++++++++++ - conf/named.conf | 49 +++++++++++++++++++++++++++++ - conf/named.conf.local | 8 +++++ - conf/named.conf.options | 24 ++++++++++++++ - conf/zones.rfc1918 | 20 ++++++++++++ - init.d | 70 +++++++++++++++++++++++++++++++++++++++++ - 11 files changed, 280 insertions(+) - create mode 100644 conf/db.0 - create mode 100644 conf/db.127 - create mode 100644 conf/db.255 - create mode 100644 conf/db.empty - create mode 100644 conf/db.local - create mode 100644 conf/db.root - create mode 100644 conf/named.conf - create mode 100644 conf/named.conf.local - create mode 100644 conf/named.conf.options - create mode 100644 conf/zones.rfc1918 - create mode 100644 init.d - -diff --git a/conf/db.0 b/conf/db.0 -new file mode 100644 -index 0000000..e3aabdb ---- /dev/null -+++ b/conf/db.0 -@@ -0,0 +1,12 @@ -+; -+; BIND reverse data file for broadcast zone -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff --git a/conf/db.127 b/conf/db.127 -new file mode 100644 -index 0000000..cd05bef ---- /dev/null -+++ b/conf/db.127 -@@ -0,0 +1,13 @@ -+; -+; BIND reverse data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+1.0.0 IN PTR localhost. -diff --git a/conf/db.255 b/conf/db.255 -new file mode 100644 -index 0000000..16cd819 ---- /dev/null -+++ b/conf/db.255 -@@ -0,0 +1,12 @@ -+; -+; BIND reserve data file for broadcast zone -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff --git a/conf/db.empty b/conf/db.empty -new file mode 100644 -index 0000000..8a12858 ---- /dev/null -+++ b/conf/db.empty -@@ -0,0 +1,14 @@ -+; BIND reverse data file for empty rfc1918 zone -+; -+; DO NOT EDIT THIS FILE - it is used for multiple zones. -+; Instead, copy it, edit named.conf, and use that copy. -+; -+$TTL 86400 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 86400 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -diff --git a/conf/db.local b/conf/db.local -new file mode 100644 -index 0000000..66b4892 ---- /dev/null -+++ b/conf/db.local -@@ -0,0 +1,13 @@ -+; -+; BIND data file for local loopback interface -+; -+$TTL 604800 -+@ IN SOA localhost. root.localhost. ( -+ 1 ; Serial -+ 604800 ; Refresh -+ 86400 ; Retry -+ 2419200 ; Expire -+ 604800 ) ; Negative Cache TTL -+; -+@ IN NS localhost. -+@ IN A 127.0.0.1 -diff --git a/conf/db.root b/conf/db.root -new file mode 100644 -index 0000000..01c20f0 ---- /dev/null -+++ b/conf/db.root -@@ -0,0 +1,45 @@ -+ -+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. -+;; global options: printcmd -+;; Got answer: -+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 -+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 -+ -+;; QUESTION SECTION: -+;. IN NS -+ -+;; ANSWER SECTION: -+. 518400 IN NS A.ROOT-SERVERS.NET. -+. 518400 IN NS B.ROOT-SERVERS.NET. -+. 518400 IN NS C.ROOT-SERVERS.NET. -+. 518400 IN NS D.ROOT-SERVERS.NET. -+. 518400 IN NS E.ROOT-SERVERS.NET. -+. 518400 IN NS F.ROOT-SERVERS.NET. -+. 518400 IN NS G.ROOT-SERVERS.NET. -+. 518400 IN NS H.ROOT-SERVERS.NET. -+. 518400 IN NS I.ROOT-SERVERS.NET. -+. 518400 IN NS J.ROOT-SERVERS.NET. -+. 518400 IN NS K.ROOT-SERVERS.NET. -+. 518400 IN NS L.ROOT-SERVERS.NET. -+. 518400 IN NS M.ROOT-SERVERS.NET. -+ -+;; ADDITIONAL SECTION: -+A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 -+B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 -+C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 -+D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 -+E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 -+F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 -+G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 -+H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 -+I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 -+J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 -+K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 -+L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 -+M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 -+ -+;; Query time: 81 msec -+;; SERVER: 198.41.0.4#53(a.root-servers.net.) -+;; WHEN: Sun Feb 1 11:27:14 2004 -+;; MSG SIZE rcvd: 436 -+ -diff --git a/conf/named.conf b/conf/named.conf -new file mode 100644 -index 0000000..95829cf ---- /dev/null -+++ b/conf/named.conf -@@ -0,0 +1,49 @@ -+// This is the primary configuration file for the BIND DNS server named. -+// -+// If you are just adding zones, please do that in /etc/bind/named.conf.local -+ -+include "/etc/bind/named.conf.options"; -+ -+// prime the server with knowledge of the root servers -+zone "." { -+ type hint; -+ file "/etc/bind/db.root"; -+}; -+ -+// be authoritative for the localhost forward and reverse zones, and for -+// broadcast zones as per RFC 1912 -+ -+zone "localhost" { -+ type master; -+ file "/etc/bind/db.local"; -+}; -+ -+zone "127.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.127"; -+}; -+ -+zone "0.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.0"; -+}; -+ -+zone "255.in-addr.arpa" { -+ type master; -+ file "/etc/bind/db.255"; -+}; -+ -+// zone "com" { type delegation-only; }; -+// zone "net" { type delegation-only; }; -+ -+// From the release notes: -+// Because many of our users are uncomfortable receiving undelegated answers -+// from root or top level domains, other than a few for whom that behaviour -+// has been trusted and expected for quite some length of time, we have now -+// introduced the "root-delegations-only" feature which applies delegation-only -+// logic to all top level domains, and to the root domain. An exception list -+// should be specified, including "MUSEUM" and "DE", and any other top level -+// domains from whom undelegated responses are expected and trusted. -+// root-delegation-only exclude { "DE"; "MUSEUM"; }; -+ -+include "/etc/bind/named.conf.local"; -diff --git a/conf/named.conf.local b/conf/named.conf.local -new file mode 100644 -index 0000000..7a57b10 ---- /dev/null -+++ b/conf/named.conf.local -@@ -0,0 +1,8 @@ -+// -+// Do any local configuration here -+// -+ -+// Consider adding the 1918 zones here, if they are not used in your -+// organization -+//include "/etc/bind/zones.rfc1918"; -+ -diff --git a/conf/named.conf.options b/conf/named.conf.options -new file mode 100644 -index 0000000..813193d ---- /dev/null -+++ b/conf/named.conf.options -@@ -0,0 +1,24 @@ -+options { -+ directory "/var/cache/bind"; -+ -+ // If there is a firewall between you and nameservers you want -+ // to talk to, you might need to uncomment the query-source -+ // directive below. Previous versions of BIND always asked -+ // questions using port 53, but BIND 8.1 and later use an unprivileged -+ // port by default. -+ -+ // query-source address * port 53; -+ -+ // If your ISP provided one or more IP addresses for stable -+ // nameservers, you probably want to use them as forwarders. -+ // Uncomment the following block, and insert the addresses replacing -+ // the all-0's placeholder. -+ -+ // forwarders { -+ // 0.0.0.0; -+ // }; -+ -+ auth-nxdomain no; # conform to RFC1035 -+ -+}; -+ -diff --git a/conf/zones.rfc1918 b/conf/zones.rfc1918 -new file mode 100644 -index 0000000..03b5546 ---- /dev/null -+++ b/conf/zones.rfc1918 -@@ -0,0 +1,20 @@ -+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -+ -+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; -diff --git a/init.d b/init.d -new file mode 100644 -index 0000000..2ef2277 ---- /dev/null -+++ b/init.d -@@ -0,0 +1,70 @@ -+#!/bin/sh -+ -+PATH=/sbin:/bin:/usr/sbin:/usr/bin -+ -+# for a chrooted server: "-u bind -t /var/lib/named" -+# Don't modify this line, change or create /etc/default/bind9. -+OPTIONS="" -+ -+test -f /etc/default/bind9 && . /etc/default/bind9 -+ -+test -x /usr/sbin/rndc || exit 0 -+ -+case "$1" in -+ start) -+ echo -n "Starting domain name service: named" -+ -+ modprobe capability >/dev/null 2>&1 || true -+ if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -+ chmod 0640 /etc/bind/rndc.key -+ fi -+ if [ -f /var/run/named/named.pid ]; then -+ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 -+ fi -+ -+ # dirs under /var/run can go away on reboots. -+ mkdir -p /var/run/named -+ mkdir -p /var/cache/bind -+ chmod 775 /var/run/named -+ chown root:bind /var/run/named >/dev/null 2>&1 || true -+ -+ if [ ! -x /usr/sbin/named ]; then -+ echo "named binary missing - not starting" -+ exit 1 -+ fi -+ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ -+ --pidfile /var/run/named/named.pid -- $OPTIONS; then -+ if [ -x /sbin/resolvconf ] ; then -+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo -+ fi -+ fi -+ echo "." -+ ;; -+ -+ stop) -+ echo -n "Stopping domain name service: named" -+ if [ -x /sbin/resolvconf ]; then -+ /sbin/resolvconf -d lo -+ fi -+ /usr/sbin/rndc stop >/dev/null 2>&1 -+ echo "." -+ ;; -+ -+ reload) -+ /usr/sbin/rndc reload -+ ;; -+ -+ restart|force-reload) -+ $0 stop -+ sleep 2 -+ $0 start -+ ;; -+ -+ *) -+ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 -+ exit 1 -+ ;; -+esac -+ -+exit 0 diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh deleted file mode 100644 index 633e29c0e6..0000000000 --- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if [ ! -s /etc/bind/rndc.key ]; then - echo -n "Generating /etc/bind/rndc.key:" - /usr/sbin/rndc-confgen -a -b 512 - chown root:bind /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key -fi diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch deleted file mode 100644 index 97fac429dd..0000000000 --- a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2fb98a36b3b35aeaa4852bd8bc268fbf66d0ad2d Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Thu, 27 Mar 2014 02:34:41 +0000 -Subject: [PATCH] init.d: add support for read-only rootfs - -Upstream-Status: Inappropriate [oe specific] - -Signed-off-by: Chen Qi ---- - init.d | 40 ++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 40 insertions(+) - -diff --git a/init.d b/init.d -index 2ef2277..95e8909 100644 ---- a/init.d -+++ b/init.d -@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin - # Don't modify this line, change or create /etc/default/bind9. - OPTIONS="" - -+test -f /etc/default/rcS && . /etc/default/rcS - test -f /etc/default/bind9 && . /etc/default/bind9 - -+# This function is here because it's possible that /var and / are on different partitions. -+is_on_read_only_partition () { -+ DIRECTORY=$1 -+ dir=`readlink -f $DIRECTORY` -+ while true; do -+ if [ ! -d "$dir" ]; then -+ echo "ERROR: $dir is not a directory" -+ exit 1 -+ else -+ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ -+ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do -+ [ "$flag" = "FOUND" ] && partition="read-write" -+ [ "$flag" = "ro" ] && { partition="read-only"; break; } -+ done -+ if [ "$dir" = "/" -o -n "$partition" ]; then -+ break -+ else -+ dir=`dirname $dir` -+ fi -+ fi -+ done -+ [ "$partition" = "read-only" ] && echo "yes" || echo "no" -+} -+ -+bind_mount () { -+ olddir=$1 -+ newdir=$2 -+ mkdir -p $olddir -+ cp -a $newdir/* $olddir -+ mount --bind $olddir $newdir -+} -+ -+# Deal with read-only rootfs -+if [ "$ROOTFS_READ_ONLY" = "yes" ]; then -+ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" -+ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind -+ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named -+fi -+ - test -x /usr/sbin/rndc || exit 0 - - case "$1" in diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch deleted file mode 100644 index 3adb694eaa..0000000000 --- a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3f18a00d627ec06d26d189e7ef1818d2c237274b Mon Sep 17 00:00:00 2001 -From: Roy Li -Date: Thu, 15 Nov 2012 02:27:54 +0000 -Subject: [PATCH] bind: make "/etc/init.d/bind stop" work - -Upstream-Status: Inappropriate [configuration] - -Add some configurations, make rndc command be able to controls -the named daemon. - -Signed-off-by: Roy Li ---- - conf/named.conf | 5 +++++ - conf/rndc.conf | 5 +++++ - 2 files changed, 10 insertions(+) - create mode 100644 conf/rndc.conf - -diff --git a/conf/named.conf b/conf/named.conf -index 95829cf..021dbca 100644 ---- a/conf/named.conf -+++ b/conf/named.conf -@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { - // root-delegation-only exclude { "DE"; "MUSEUM"; }; - - include "/etc/bind/named.conf.local"; -+include "/etc/bind/rndc.key" ; -+controls { -+ inet 127.0.0.1 allow { localhost; } -+ keys { rndc-key; }; -+}; -diff --git a/conf/rndc.conf b/conf/rndc.conf -new file mode 100644 -index 0000000..4b43a3d ---- /dev/null -+++ b/conf/rndc.conf -@@ -0,0 +1,5 @@ -+include "/etc/bind/rndc.key"; -+options { -+ default-server localhost; -+ default-key rndc-key; -+}; diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind/named.service deleted file mode 100644 index cda56ef015..0000000000 --- a/meta/recipes-connectivity/bind/bind/named.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Berkeley Internet Name Domain (DNS) -Wants=nss-lookup.target -Before=nss-lookup.target -After=network.target - -[Service] -Type=forking -EnvironmentFile=-/etc/default/bind9 -PIDFile=/run/named/named.pid - -ExecStartPre=@SBINDIR@/generate-rndc-key.sh -ExecStart=@SBINDIR@/named $OPTIONS - -ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' - -ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' - -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/bind/bind_9.20.15.bb b/meta/recipes-connectivity/bind/bind_9.20.15.bb deleted file mode 100644 index 1195b5bdc3..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.20.15.bb +++ /dev/null @@ -1,109 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "https://www.isc.org/bind/" -DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" -SECTION = "console/network" - -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" - -DEPENDS = "openssl libcap zlib libuv liburcu" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - " - -SRC_URI[sha256sum] = "d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# follow the ESV versions divisible by 2 -UPSTREAM_CHECK_REGEX = "(?P9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=readline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" -PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" - -EXTRA_OECONF = " --disable-auto-validation \ - --with-gssapi=no --with-lmdb=no --with-zlib \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " -LDFLAGS += "-lz" - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE:${PN} = "named.service" - -do_install:append() { - - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${UNPACKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${UNPACKDIR}/named.service ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_system_unitdir}/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${UNPACKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES:${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE:${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES:${PN}-dev += "${bindir}/isc-config.h" -FILES:${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -# special arrangement below due to -# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 -FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" -FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" - -DEV_PKG_DEPENDENCY = "" diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc deleted file mode 100644 index aac38a54a9..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ /dev/null @@ -1,158 +0,0 @@ -SUMMARY = "Linux Bluetooth Stack Userland V5" -DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." -HOMEPAGE = "http://www.bluez.org" -SECTION = "libs" -LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ - file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ - file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" -DEPENDS = "dbus glib-2.0" -PROVIDES += "bluez-hcidump" -RPROVIDES:${PN} += "bluez-hcidump" - -PACKAGECONFIG ??= "obex-profiles \ - readline \ - ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ - a2dp-profiles \ - avrcp-profiles \ - bap-profiles \ - bass-profiles \ - mcp-profiles \ - ccp-profiles \ - vcp-profiles \ - micp-profiles \ - csip-profiles \ - asha-profiles \ - network-profiles \ - hid-profiles \ - hog-profiles \ - tools \ - deprecated \ - udev \ -" -PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical" -PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline," -PACKAGECONFIG[testing] = "--enable-testing,--disable-testing" -PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib" -PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" -PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups" -PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc" -PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap" -PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp" -PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp" -PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network" -PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid" -PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog" -PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health" -PACKAGECONFIG[bap-profiles] = "--enable-bap,--disable-bap" -PACKAGECONFIG[bass-profiles] = "--enable-bass,--disable-bass" -PACKAGECONFIG[mcp-profiles] = "--enable-mcp,--disable-mcp" -PACKAGECONFIG[ccp-profiles] = "--enable-ccp,--disable-ccp" -PACKAGECONFIG[vcp-profiles] = "--enable-vcp,--disable-vcp" -PACKAGECONFIG[micp-profiles] = "--enable-micp,--disable-micp" -PACKAGECONFIG[csip-profiles] = "--enable-csip,--disable-csip" -PACKAGECONFIG[asha-profiles] = "--enable-asha,--disable-asha" -PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" -PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" -PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" -PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" -PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" -PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" - -SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ - file://init \ - file://run-ptest \ - file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ - file://0001-media-fix-pac_config_cb-error-code-return.patch \ - " -S = "${UNPACKDIR}/bluez-${PV}" - -CVE_PRODUCT = "bluez" - -inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data - -EXTRA_OECONF = "\ - --enable-test \ - --enable-datafiles \ - --enable-library \ - --enable-pie \ - --without-zsh-completion-dir \ -" - -CFLAGS += "-DFIRMWARE_DIR='"${nonarch_base_libdir}/firmware"'" - -# bluez5 builds a large number of useful utilities but does not -# install them. Specify which ones we want put into ${PN}-noinst-tools. -NOINST_TOOLS_READLINE ??= "" -NOINST_TOOLS_TESTING ??= "" -NOINST_TOOLS_BT ??= "" -NOINST_TOOLS = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ -" - -do_install:append() { - install -d ${D}${INIT_D_DIR} - install -m 0755 ${UNPACKDIR}/init ${D}${INIT_D_DIR}/bluetooth - - if [ -f ${D}${sysconfdir}/init.d/bluetooth ]; then - sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${sysconfdir}/init.d/bluetooth - fi - - # Install desired tools that upstream leaves in build area - for f in ${NOINST_TOOLS} ; do - install -m 755 ${B}/$f ${D}${bindir} - done -} - -PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" - -FILES:${PN} += " \ - ${libdir}/bluetooth/plugins/*.so \ - ${systemd_unitdir}/ ${datadir}/dbus-1 \ - ${libdir}/cups \ -" -FILES:${PN}-dev += " \ - ${libdir}/bluetooth/plugins/*.la \ -" - -FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ - ${exec_prefix}/lib/systemd/user/obex.service \ - ${systemd_system_unitdir}/obex.service \ - ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ - ${datadir}/dbus-1/services/org.bluez.obex.service \ - ${sysconfdir}/dbus-1/system.d/obexd.conf \ - " -SYSTEMD_SERVICE:${PN}-obex = "obex.service" - -FILES:${PN}-testtools = "${libdir}/bluez/test/*" - -def get_noinst_tools_paths (d, bb, tools): - s = list() - bindir = d.getVar("bindir") - for bdp in tools.split(): - f = os.path.basename(bdp) - s.append("%s/%s" % (bindir, f)) - return "\n".join(s) - -FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" - -RDEPENDS:${PN}-testtools += "python3-core python3-dbus" -RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" - -SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME:${PN} = "bluetooth" - -do_compile_ptest() { - oe_runmake buildtests -} - -do_install_ptest() { - cp -r ${B}/unit/ ${D}${PTEST_PATH} - rm -f ${D}${PTEST_PATH}/unit/*.o -} - -RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch deleted file mode 100644 index a67fd07137..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d7966dbb7bcf39f9615c906c47ef7ad895796756 Mon Sep 17 00:00:00 2001 -From: Pauli Virtanen -Date: Thu, 18 Sep 2025 20:19:35 +0300 -Subject: [PATCH] media: fix pac_config_cb() error code return - -Fixes: a887b1a1b91f ("audio: Add support for specific error codes for A2DP configuration") - -Upstream-Status: Backport [https://github.com/bluez/bluez/commit/6b0a08776ae44a9102d7c6875a77e83dc6a11a37] -Signed-off-by: Guðni Már Gilbert ---- - profiles/audio/media.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/profiles/audio/media.c b/profiles/audio/media.c -index 332f643bb..deb321e6c 100644 ---- a/profiles/audio/media.c -+++ b/profiles/audio/media.c -@@ -1110,7 +1110,7 @@ static void pac_config_cb(struct media_endpoint *endpoint, void *ret, int size, - if (!transport) - return; - -- data->cb(data->stream, error_code == 0 ? 0 : -EINVAL); -+ data->cb(data->stream, (error_code && *error_code == 0) ? 0 : -EINVAL); - } - - static struct media_transport *pac_ucast_config(struct bt_bap_stream *stream, --- -2.43.0 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch deleted file mode 100644 index cea7c10c3d..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d8bbdd8e7166f481429b4999f520cd8306685f03 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Fri, 1 Apr 2016 17:07:34 +0300 -Subject: [PATCH] tests: add a target for building tests without running them - -Upstream-Status: Inappropriate [oe specific] -Signed-off-by: Alexander Kanavin ---- - Makefile.am | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/Makefile.am b/Makefile.am -index 94f625d..a3c3512 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -725,6 +725,9 @@ endif - TESTS = $(unit_tests) - AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 - -+# This allows building tests without running them -+buildtests: $(TESTS) -+ - if DBUS_RUN_SESSION - AM_TESTS_ENVIRONMENT += dbus-run-session -- - endif diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init deleted file mode 100644 index ca9fa18549..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/init +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh - -# Source function library -. /etc/init.d/functions - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DESC=bluetooth - -DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd - -# If you want to be ignore error of "org.freedesktop.hostname1", -# please enable NOPLUGIN_OPTION. -# NOPLUGIN_OPTION="--noplugin=hostname" -NOPLUGIN_OPTION="" -SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION" - -test -f $DAEMON || exit 0 - -# FIXME: any of the sourced files may fail if/with syntax errors -test -f /etc/default/bluetooth && . /etc/default/bluetooth -test -f /etc/default/rcS && . /etc/default/rcS - -set -e - -case $1 in - start) - echo -n "Starting $DESC: " - if test "$BLUETOOTH_ENABLED" = 0; then - echo "disabled (see /etc/default/bluetooth)." - exit 0 - fi - start-stop-daemon --start --background $SSD_OPTIONS - echo "${DAEMON##*/}." - ;; - stop) - echo -n "Stopping $DESC: " - if test "$BLUETOOTH_ENABLED" = 0; then - echo "disabled (see /etc/default/bluetooth)." - exit 0 - fi - start-stop-daemon --stop $SSD_OPTIONS - echo "${DAEMON##*/}." - ;; - restart|force-reload) - $0 stop - sleep 1 - $0 start - ;; - status) - status ${DAEMON} || exit $? - ;; - *) - N=/etc/init.d/bluetooth - echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 - -# vim:noet diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest deleted file mode 100644 index 0335e68e48..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/sh - -cd unit - -failed=0 -all=0 - -for f in test-*; do - "./$f" -q - case "$?" in - 0) - echo "PASS: $f" - all=$((all + 1)) - ;; - 77) - echo "SKIP: $f" - ;; - *) - echo "FAIL: $f" - failed=$((failed + 1)) - all=$((all + 1)) - ;; - esac -done - -if [ "$failed" -eq 0 ] ; then - echo "All $all tests passed" -else - echo "$failed of $all tests failed" -fi - diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb b/meta/recipes-connectivity/bluez5/bluez5_5.84.bb deleted file mode 100644 index 874db9df64..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb +++ /dev/null @@ -1,74 +0,0 @@ -require bluez5.inc - -SRC_URI[sha256sum] = "5ba73d030f7b00087d67800b0e321601aec0f892827c72e5a2c8390d8c886b11" - -CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" - -# noinst programs in Makefile.tools that are conditional on READLINE -# support -NOINST_TOOLS_READLINE ?= " \ - ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ - tools/obex-client-tool \ - tools/obex-server-tool \ - tools/bluetooth-player \ - tools/obexctl \ - tools/btmgmt \ -" - -# noinst programs in Makefile.tools that are conditional on TESTING -# support -NOINST_TOOLS_TESTING ?= " \ - emulator/btvirt \ - emulator/b1ee \ - emulator/hfp \ - peripheral/btsensor \ - tools/3dsp \ - tools/mgmt-tester \ - tools/gap-tester \ - tools/l2cap-tester \ - tools/sco-tester \ - tools/smp-tester \ - tools/hci-tester \ - tools/rfcomm-tester \ - tools/bnep-tester \ - tools/userchan-tester \ - tools/iso-tester \ - tools/mesh-tester \ - tools/ioctl-tester \ -" - -# noinst programs in Makefile.tools that are conditional on TOOLS -# support -NOINST_TOOLS_BT ?= " \ - tools/bdaddr \ - tools/avinfo \ - tools/avtest \ - tools/scotest \ - tools/hwdb \ - tools/hcieventmask \ - tools/hcisecfilter \ - tools/btinfo \ - tools/btconfig \ - tools/btsnoop \ - tools/btproxy \ - tools/btiotest \ - tools/bneptest \ - tools/mcaptest \ - tools/cltest \ - tools/oobtest \ - tools/advtest \ - tools/seq2bseq \ - tools/nokfw \ - tools/rtlfw \ - tools/bcmfw \ - tools/create-image \ - tools/eddystone \ - tools/ibeacon \ - tools/btgatt-client \ - tools/btgatt-server \ - tools/test-runner \ - tools/check-selftest \ - tools/gatt-service \ - profiles/iap/iapd \ - ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient tools/btpclientctl', '', d)} \ -" diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb deleted file mode 100644 index 854e1f1f29..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ /dev/null @@ -1,20 +0,0 @@ -SUMMARY = "Connman config to ignore wired interface on qemu machines" -DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ -network interface inside qemu machines." -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" - -SRC_URI = "file://main.conf \ - " - -S = "${UNPACKDIR}" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -FILES:${PN} = "${sysconfdir}/*" - -# Kernel IP-Config is perfectly capable of setting up networking passed in via ip= -do_install:append:qemuall() { - mkdir -p ${D}${sysconfdir}/connman - cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf -} diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf deleted file mode 100644 index 3c9dd396f6..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/main.conf +++ /dev/null @@ -1,2 +0,0 @@ -[General] -NetworkInterfaceBlacklist = eth,en diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch deleted file mode 100644 index c93e9b4654..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch +++ /dev/null @@ -1,277 +0,0 @@ -From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen -Date: Wed, 2 Mar 2016 15:47:49 +0200 -Subject: [PATCH] Port to Gtk3 - -Some unused (or not useful) code was removed, functionality should stay -the same. - -Code still contains quite a few uses of deprecated API. - -Upstream-Status: Submitted -Signed-off-by: Jussi Kukkonen ---- - applet/agent.c | 3 +-- - applet/main.c | 43 ------------------------------------------- - applet/status.c | 8 -------- - configure.ac | 3 +-- - properties/ethernet.c | 14 +++++++------- - properties/main.c | 2 +- - properties/wifi.c | 12 ++++++------ - 7 files changed, 16 insertions(+), 69 deletions(-) - -diff --git a/applet/agent.c b/applet/agent.c -index 65bed08..04fe86a 100644 ---- a/applet/agent.c -+++ b/applet/agent.c -@@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request, - gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); - gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE); -- gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE); - input->dialog = dialog; - - gtk_dialog_add_button(GTK_DIALOG(dialog), -@@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request, - gtk_table_set_row_spacings(GTK_TABLE(table), 4); - gtk_table_set_col_spacings(GTK_TABLE(table), 20); - gtk_container_set_border_width(GTK_CONTAINER(table), 12); -- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); -+ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table); - - label = gtk_label_new(_("Please provide some network information:")); - gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0); -diff --git a/applet/main.c b/applet/main.c -index f12d371..cd16285 100644 ---- a/applet/main.c -+++ b/applet/main.c -@@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name, - } - } - --static void open_uri(GtkWindow *parent, const char *uri) --{ -- GtkWidget *dialog; -- GdkScreen *screen; -- GError *error = NULL; -- gchar *cmdline; -- -- screen = gtk_window_get_screen(parent); -- -- cmdline = g_strconcat("xdg-open ", uri, NULL); -- -- if (gdk_spawn_command_line_on_screen(screen, -- cmdline, &error) == FALSE) { -- dialog = gtk_message_dialog_new(parent, -- GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, -- GTK_BUTTONS_CLOSE, "%s", error->message); -- gtk_dialog_run(GTK_DIALOG(dialog)); -- gtk_widget_destroy(dialog); -- g_error_free(error); -- } -- -- g_free(cmdline); --} -- --static void about_url_hook(GtkAboutDialog *dialog, -- const gchar *url, gpointer data) --{ -- open_uri(GTK_WINDOW(dialog), url); --} -- --static void about_email_hook(GtkAboutDialog *dialog, -- const gchar *email, gpointer data) --{ -- gchar *uri; -- -- uri = g_strconcat("mailto:", email, NULL); -- open_uri(GTK_WINDOW(dialog), uri); -- g_free(uri); --} -- - static void about_callback(GtkWidget *item, gpointer user_data) - { - const gchar *authors[] = { -@@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data) - NULL - }; - -- gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL); -- gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL); -- - gtk_show_about_dialog(NULL, "version", VERSION, - "copyright", "Copyright \xc2\xa9 2008 Intel Corporation", - "comments", _("A connection manager for the GNOME desktop"), -diff --git a/applet/status.c b/applet/status.c -index aed6f1e..015ff29 100644 ---- a/applet/status.c -+++ b/applet/status.c -@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation, - { - available = TRUE; - -- gtk_status_icon_set_tooltip(statusicon, NULL); -- - animation->start = start; - animation->end = (end == 0) ? animation->count - 1 : end; - -@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation) - { - available = TRUE; - -- gtk_status_icon_set_tooltip(statusicon, NULL); -- - if (animation->id > 0) - g_source_remove(animation->id); - -@@ -251,8 +247,6 @@ void status_unavailable(void) - available = FALSE; - - gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier); -- gtk_status_icon_set_tooltip(statusicon, -- "Connection Manager daemon is not running"); - - gtk_status_icon_set_visible(statusicon, TRUE); - } -@@ -299,7 +293,6 @@ static void set_ready(gint signal) - - if (signal < 0) { - gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired); -- gtk_status_icon_set_tooltip(statusicon, NULL); - return; - } - -@@ -311,7 +304,6 @@ static void set_ready(gint signal) - index = 4; - - gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]); -- gtk_status_icon_set_tooltip(statusicon, NULL); - } - - struct timeout_data { -diff --git a/configure.ac b/configure.ac -index b972e07..a4dad5d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS) - DBUS_BINDING_TOOL="dbus-binding-tool" - AC_SUBST(DBUS_BINDING_TOOL) - --PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes, -- AC_MSG_ERROR(gtk+ >= 2.8 is required)) -+PKG_CHECK_MODULES(GTK, gtk+-3.0) - AC_SUBST(GTK_CFLAGS) - AC_SUBST(GTK_LIBS) - -diff --git a/properties/ethernet.c b/properties/ethernet.c -index 31db7a0..0b6b423 100644 ---- a/properties/ethernet.c -+++ b/properties/ethernet.c -@@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter, - gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); - gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); - -- table = gtk_table_new(1, 1, TRUE); -+ table = gtk_table_new(1, 1, FALSE); - gtk_table_set_row_spacings(GTK_TABLE(table), 10); - gtk_table_set_col_spacings(GTK_TABLE(table), 10); - gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); -@@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d - gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); - gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); - -- table = gtk_table_new(5, 5, TRUE); -+ table = gtk_table_new(5, 5, FALSE); - gtk_table_set_row_spacings(GTK_TABLE(table), 10); - gtk_table_set_col_spacings(GTK_TABLE(table), 10); - gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); -@@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d - label = gtk_label_new(_("Configuration:")); - gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1); - -- combo = gtk_combo_box_new_text(); -- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP"); -- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL"); -+ combo = gtk_combo_box_text_new(); -+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP"); -+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL"); - gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo), - separator_function, NULL, NULL); - gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1); -@@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy) - case CONNMAN_POLICY_DHCP: - gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0); - for (i = 0; i < 3; i++) { -- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0); -+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0); - gtk_widget_set_sensitive(entry[i], 0); - gtk_entry_set_text(GTK_ENTRY(entry[i]), _("")); - } -@@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy) - case CONNMAN_POLICY_MANUAL: - gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1); - for (i = 0; i < 3; i++) { -- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1); -+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1); - gtk_widget_set_sensitive(entry[i], 1); - } - break; -diff --git a/properties/main.c b/properties/main.c -index c05f443..6f76361 100644 ---- a/properties/main.c -+++ b/properties/main.c -@@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window) - - scrolled = gtk_scrolled_window_new(NULL, NULL); - gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled), -- GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); -+ GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC); - gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled), - GTK_SHADOW_OUT); - gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0); -diff --git a/properties/wifi.c b/properties/wifi.c -index bd325ef..a5827e0 100644 ---- a/properties/wifi.c -+++ b/properties/wifi.c -@@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter, - gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); - gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); - -- table = gtk_table_new(1, 1, TRUE); -+ table = gtk_table_new(1, 1, FALSE); - gtk_table_set_row_spacings(GTK_TABLE(table), 10); - gtk_table_set_col_spacings(GTK_TABLE(table), 10); - gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); -@@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte - gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4); - data->ipv4.label[0] = label; - -- combo = gtk_combo_box_new_text(); -- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP"); -- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual"); -+ combo = gtk_combo_box_text_new(); -+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP"); -+ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual"); - - gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo), - separator_function, NULL, NULL); -@@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy) - case CONNMAN_POLICY_DHCP: - gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0); - for (i = 0; i < 3; i++) { -- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0); -+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0); - gtk_widget_set_sensitive(entry[i], 0); - } - break; - case CONNMAN_POLICY_MANUAL: - gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1); - for (i = 0; i < 3; i++) { -- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1); -+ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1); - gtk_widget_set_sensitive(entry[i], 1); - } - break; --- -2.8.1 - diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch deleted file mode 100644 index 7957500dcf..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001 -From: Andrei Dinu -Date: Mon, 17 Dec 2012 14:01:18 +0200 -Subject: [PATCH] Removed icon from connman-gnome "about" applet - -The connman-gnome "about" applet showed a picture that -can not be displayed. There is no designated picture -in connman-gnome to be used in the about section, so -it was removed. - -[OE-Core #2509] - -Upstream-Status: Pending - -Signed-off-by: Andrei Dinu ---- - applet/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/applet/main.c b/applet/main.c -index f12d371..c7b3c7f 100644 ---- a/applet/main.c -+++ b/applet/main.c -@@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data) - "comments", _("A connection manager for the GNOME desktop"), - "authors", authors, - "translator-credits", _("translator-credits"), -- "logo-icon-name", "network-wireless", NULL); -+ NULL); - } - - static void settings_callback(GtkWidget *item, gpointer user_data) --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch deleted file mode 100644 index f4049fa3e2..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch +++ /dev/null @@ -1,187 +0,0 @@ -connman-gnome: fix dbus interface name - -This patch resolves following error: - -"connman-dbus.xml": "connman" is not a valid D-Bus interface name - -https://502552.bugs.gentoo.org/attachment.cgi?id=380652 - -Upstream-Status: Backport - -Signed-off-by: Chong Lu ---- - common/connman-client.c | 24 ++++++++++++------------ - common/connman-client.h | 4 ++-- - common/connman-dbus.c | 6 +++--- - common/connman-dbus.xml | 2 +- - 4 files changed, 18 insertions(+), 18 deletions(-) - -diff --git a/common/connman-client.c b/common/connman-client.c -index c55e25c..9d818b2 100644 ---- a/common/connman-client.c -+++ b/common/connman-client.c -@@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, - - g_value_init(&value, DBUS_TYPE_G_DICTIONARY); - g_value_set_boxed(&value, ipv4); -- ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL); -+ ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL); - - g_object_unref(proxy); - -@@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, - g_value_set_boolean(&value, powered); - - error = NULL; -- connman_set_property(proxy, "Powered", &value, &error); -+ net_connman_set_property(proxy, "Powered", &value, &error); - if( error ) - fprintf (stderr, "error: %s\n", error->message); - -@@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, - } - - void connman_client_scan(ConnmanClient *client, const gchar *device, -- connman_scan_reply callback, gpointer user_data) -+ net_connman_scan_reply callback, gpointer user_data) - { - ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); - DBusGProxy *proxy; -@@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device, - if (proxy == NULL) - return; - -- connman_scan_async(proxy, callback, user_data); -+ net_connman_scan_async(proxy, callback, user_data); - - g_object_unref(proxy); - } -@@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client) - - DBG("client %p", client); - -- ret = connman_get_properties(priv->manager, &hash, NULL); -+ ret = net_connman_get_properties(priv->manager, &hash, NULL); - - if (ret == FALSE) - goto done; -@@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status) - g_value_init(&value, G_TYPE_BOOLEAN); - g_value_set_boolean(&value, status); - -- connman_set_property(priv->manager, "OfflineMode", &value, NULL); -+ net_connman_set_property(priv->manager, "OfflineMode", &value, NULL); - } - - static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, -@@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, - return TRUE; - - if (type == CONNMAN_TYPE_WIFI) -- connman_disconnect(proxy, NULL); -+ net_connman_disconnect(proxy, NULL); - - g_object_unref(proxy); - -@@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network) - if (proxy == NULL) - return; - -- connman_connect(proxy, NULL); -+ net_connman_connect(proxy, NULL); - - g_object_unref(proxy); - } - - void connman_client_connect_async(ConnmanClient *client, const gchar *network, -- connman_connect_reply callback, gpointer userdata) -+ net_connman_connect_reply callback, gpointer userdata) - { - ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); - DBusGProxy *proxy; -@@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network, - if (proxy == NULL) - goto done; - -- connman_connect_async(proxy, callback, userdata); -+ net_connman_connect_async(proxy, callback, userdata); - - done: - return; -@@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network) - if (proxy == NULL) - return; - -- connman_disconnect(proxy, NULL); -+ net_connman_disconnect(proxy, NULL); - - g_object_unref(proxy); - } -@@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network) - if (proxy == NULL) - return; - -- connman_remove(proxy, NULL); -+ net_connman_remove(proxy, NULL); - - g_object_unref(proxy); - } -diff --git a/common/connman-client.h b/common/connman-client.h -index 9e2e6d5..98241de 100644 ---- a/common/connman-client.h -+++ b/common/connman-client.h -@@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, - gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, - struct ipv4_config *ipv4_config); - void connman_client_scan(ConnmanClient *client, const gchar *device, -- connman_scan_reply callback, gpointer user_data); -+ net_connman_scan_reply callback, gpointer user_data); - - void connman_client_connect(ConnmanClient *client, const gchar *network); - void connman_client_disconnect(ConnmanClient *client, const gchar *network); - gchar *connman_client_get_security(ConnmanClient *client, const gchar *network); - void connman_client_connect_async(ConnmanClient *client, const gchar *network, -- connman_connect_reply callback, gpointer userdata); -+ net_connman_connect_reply callback, gpointer userdata); - void connman_client_set_remember(ConnmanClient *client, const gchar *network, - gboolean remember); - -diff --git a/common/connman-dbus.c b/common/connman-dbus.c -index b82b3e1..543eb43 100644 ---- a/common/connman-dbus.c -+++ b/common/connman-dbus.c -@@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn, - - DBG("getting manager properties"); - -- connman_get_properties_async(proxy, manager_properties, store); -+ net_connman_get_properties_async(proxy, manager_properties, store); - - DBG("getting technologies"); - -- connman_get_technologies_async(proxy, manager_technologies, store); -+ net_connman_get_technologies_async(proxy, manager_technologies, store); - - DBG("getting services"); - -- connman_get_services_async(proxy, manager_services, store); -+ net_connman_get_services_async(proxy, manager_services, store); - - return proxy; - } -diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml -index 56b9582..0199d52 100644 ---- a/common/connman-dbus.xml -+++ b/common/connman-dbus.xml -@@ -1,7 +1,7 @@ - - - -- -+ - - - --- -1.9.1 - diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png deleted file mode 100644 index 33247c1e2d..0000000000 Binary files a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png and /dev/null differ diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png deleted file mode 100644 index a94fb952ff..0000000000 Binary files a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png and /dev/null differ diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png deleted file mode 100644 index b5eb405a90..0000000000 Binary files a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png and /dev/null differ diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png deleted file mode 100644 index be54419fa7..0000000000 Binary files a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png and /dev/null differ diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png deleted file mode 100644 index 1c40ac9a10..0000000000 Binary files a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png and /dev/null differ diff --git a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch deleted file mode 100644 index 0421cda0b2..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch +++ /dev/null @@ -1,36 +0,0 @@ -In networks that don't have a DHCP server configured, ipv4 address -allocation fails and the ipv4 structure doesn't get populated. When -the GUI is trying to read the ipv4_config.method field to see whether -it contains "dhcp" string, a segmentation fault is generated. - -Ethernet manual configuration behavior remains unchanged after this fix. - -Upstream-Status: Pending - -Signed-off-by: Emilia Ciobanu -Index: git/properties/ethernet.c -=================================================================== ---- git.orig/properties/ethernet.c -+++ git/properties/ethernet.c -@@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai - - data->button = button; - -- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) -+ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) - update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP); - else - update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL); -Index: git/properties/wifi.c -=================================================================== ---- git.orig/properties/wifi.c -+++ git/properties/wifi.c -@@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab - - data->ipv4_config = ipv4_config; - -- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) -+ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) - update_wifi_ipv4(data, CONNMAN_POLICY_DHCP); - else - update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL); diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb deleted file mode 100644 index 8bfc1540b3..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ /dev/null @@ -1,32 +0,0 @@ -SUMMARY = "GTK+ frontend for the ConnMan network connection manager" -HOMEPAGE = "http://connman.net/" -SECTION = "libs/network" -LICENSE = "GPL-2.0-only & LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ - file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" - -DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" - -# 0.7 tag -SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ - file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ - file://null_check_for_ipv4_config.patch \ - file://images/ \ - file://connman-gnome-fix-dbus-interface-name.patch \ - file://0001-Port-to-Gtk3.patch \ - " - -inherit autotools-brokensep gtk-icon-cache pkgconfig features_check -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" - -RDEPENDS:${PN} = "connman" - -do_install:append() { - install -m 0644 ${UNPACKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ -} - -# http://errors.yoctoproject.org/Errors/Details/766926/ -# connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types] -CFLAGS += "-Wno-error=incompatible-pointer-types" diff --git a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch b/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch deleted file mode 100755 index 3b7b5a096e..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch +++ /dev/null @@ -1,50 +0,0 @@ -From eac489c872c775c88bbd85b4cec6c1d47ad9e6a6 Mon Sep 17 00:00:00 2001 -From: Peter Tatrai -Date: Sun, 7 Sep 2025 09:25:20 +0200 -Subject: [PATCH] connman, vpn: avoid hiding implementation-reserved symbols - -When using 'local: *;' in the version script, all symbols, including those -reserved for the implementation (such as _IO_stdin_used), are hidden. This -causes glibc's libio to misdetect the libc version, leading to a crash when -glibc prints to stdout (e.g., with connmand --help) on PowerPC. - -Change 'local: *;' to 'local: [!_]*;' to avoid hiding symbols starting with an -underscore, as recommended in glibc bug 17908 -(https://sourceware.org/bugzilla/show_bug.cgi?id=17908). This ensures libio can -correctly detect the libc version and prevents the crash. - -Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=17908 - -Upstream-Status: Submitted [https://lore.kernel.org/connman/20250907081844.1558-1-peter.tatrai.ext@siemens.com/] - -Signed-off-by: Peter Tatrai ---- - src/connman.ver | 2 +- - vpn/vpn.ver | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/connman.ver b/src/connman.ver -index 03a0eec..b75e90d 100644 ---- a/src/connman.ver -+++ b/src/connman.ver -@@ -3,5 +3,5 @@ - connman_*; - g_dbus_*; - local: -- *; -+ [!_]*; - }; -diff --git a/vpn/vpn.ver b/vpn/vpn.ver -index b887706..5cad344 100644 ---- a/vpn/vpn.ver -+++ b/vpn/vpn.ver -@@ -4,5 +4,5 @@ - vpn_*; - g_dbus_*; - local: -- *; -+ [!_]*; - }; --- -2.47.2 - diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch deleted file mode 100644 index 2c612039ee..0000000000 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 4e726a5aaa75d60fab6a56bc37dbec48be53ff79 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 6 Apr 2015 23:02:21 -0700 -Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to - __RES - -Not all libc implementation have those functions, and the way to determine -if they do is to check __RES which is explained in resolv.h thusly: - -/* - * Revision information. This is the release date in YYYYMMDD format. - * It can change every day so the right thing to do with it is use it - * in preprocessor commands such as "#if (__RES > 19931104)". Do not - * compare for equality; rather, use it to determine whether your resolver - * is new enough to contain a certain feature. - */ - -Indeed, it needs to be at least 19991006. - -The portion of the patch that implements a fallback is ported from -Alpine Linux: -http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch - -Upstream-Status: Submitted [to connman@lists.linux.dev,marcel@holtmann.org] - -Signed-off-by: Khem Raj ---- - gweb/gresolv.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 8101d71..9f1477c 100644 ---- a/gweb/gresolv.c -+++ b/gweb/gresolv.c -@@ -879,7 +879,9 @@ GResolv *g_resolv_new(int index) - resolv->index = index; - resolv->nameserver_list = NULL; - -+#if (__RES >= 19991006) - res_ninit(&resolv->res); -+#endif - - return resolv; - } -@@ -920,7 +922,9 @@ void g_resolv_unref(GResolv *resolv) - - flush_nameservers(resolv); - -+#if (__RES >= 19991006) - res_nclose(&resolv->res); -+#endif - - g_free(resolv); - } -@@ -1024,6 +1028,7 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, - debug(resolv, "hostname %s", hostname); - - if (!resolv->nameserver_list) { -+#if (__RES >= 19991006) - int i; - - for (i = 0; i < resolv->res.nscount; i++) { -@@ -1043,6 +1048,22 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, - if (inet_ntop(family, sa_addr, buf, sizeof(buf))) - g_resolv_add_nameserver(resolv, buf, 53, 0); - } -+#else -+ FILE *f = fopen("/etc/resolv.conf", "r"); -+ if (f) { -+ char line[256], *s; -+ int i; -+ while (fgets(line, sizeof(line), f)) { -+ if (strncmp(line, "nameserver", 10) || !isspace(line[10])) -+ continue; -+ for (s = &line[11]; isspace(s[0]); s++); -+ for (i = 0; s[i] && !isspace(s[i]); i++); -+ s[i] = 0; -+ g_resolv_add_nameserver(resolv, s, 53, 0); -+ } -+ fclose(f); -+ } -+#endif - - if (!resolv->nameserver_list) - g_resolv_add_nameserver(resolv, "127.0.0.1", 53, 0); diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman deleted file mode 100644 index adb5d44fed..0000000000 --- a/meta/recipes-connectivity/connman/connman/connman +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -DAEMON=/usr/sbin/connmand -PIDFILE=/var/run/connmand.pid -DESC="Connection Manager" - -if [ -f /etc/default/connman ] ; then - . /etc/default/connman -fi - -set -e - -do_start() { - if [ -f @DATADIR@/connman/wired-setup ] ; then - . @DATADIR@/connman/wired-setup - fi - $DAEMON -} - -do_stop() { - start-stop-daemon --stop --oknodo --name connmand --quiet -} - -case "$1" in - start) - echo "Starting $DESC" - do_start - ;; - stop) - echo "Stopping $DESC" - do_stop - ;; - restart|force-reload) - echo "Restarting $DESC" - do_stop - sleep 1 - do_start - ;; - *) - echo "Usage: $0 {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/meta/recipes-connectivity/connman/connman/no-version-scripts.patch deleted file mode 100644 index c96ab311e5..0000000000 --- a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 67f37aafcc8ef5d2eb006387e7bec21f74518727 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 9 Aug 2016 12:12:02 +0100 -Subject: [PATCH] connman: disable version-scripts to fix crashes at startup - -With binutils 2.27 on at least PowerPC, connmand will crash on `connmand --help`. -This appears to be due to the symbol visibilty scripts hiding symbols that stdio -looks up at runtime, resulting in it segfaulting. - -This certainly appears to be a bug in binutils 2.27 although the problem has -been known about for some time: - -https://sourceware.org/bugzilla/show_bug.cgi?id=17908 - -As the version scripts are only used to hide symbols from plugins we can safely -remove the scripts to work around the problem until binutils is fixed. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton -Signed-off-by: Peter Tatrai ---- - Makefile.am | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 3dc3bb5..3be5ccb 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -143,8 +143,7 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \ - @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \ - -lresolv -ldl -lrt - --src_connmand_LDFLAGS = -Wl,--export-dynamic \ -- -Wl,--version-script=$(srcdir)/src/connman.ver -+src_connmand_LDFLAGS = -Wl,--export-dynamic - - src_connmand_wait_online_SOURCES = src/connmand-wait-online.c - -@@ -187,8 +186,7 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \ - @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \ - -lresolv -ldl - --vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \ -- -Wl,--version-script=$(srcdir)/vpn/vpn.ver -+vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic - endif - - BUILT_SOURCES = $(local_headers) src/builtin.h $(service_files) \ diff --git a/meta/recipes-connectivity/connman/connman_1.45.bb b/meta/recipes-connectivity/connman/connman_1.45.bb deleted file mode 100644 index ca0337b4d3..0000000000 --- a/meta/recipes-connectivity/connman/connman_1.45.bb +++ /dev/null @@ -1,237 +0,0 @@ -SUMMARY = "A daemon for managing internet connections within embedded devices" -DESCRIPTION = "The ConnMan project provides a daemon for managing \ -internet connections within embedded devices running the Linux \ -operating system. The Connection Manager is designed to be slim and \ -to use as few resources as possible, so it can be easily integrated. \ -It is a fully modular system that can be extended, through plug-ins, \ -to support all kinds of wired or wireless technologies. Also, \ -configuration methods, like DHCP and domain name resolving, are \ -implemented using plug-ins." -HOMEPAGE = "https://web.git.kernel.org/pub/scm/network/connman/connman.git/about/" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ - file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" - -inherit autotools pkgconfig systemd update-rc.d update-alternatives - -CVE_PRODUCT = "connman connection_manager" - -DEPENDS = "dbus glib-2.0" - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://connman \ - file://no-version-scripts.patch \ - file://0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch \ - file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - " - -SRC_URI[sha256sum] = "77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913" - -RRECOMMENDS:${PN} = "connman-conf" -RCONFLICTS:${PN} = "networkmanager" - -EXTRA_OECONF += "\ - ac_cv_path_IP6TABLES_SAVE=${sbindir}/ip6tables-save \ - ac_cv_path_IPTABLES_SAVE=${sbindir}/iptables-save \ - ac_cv_path_PPPD=${sbindir}/pppd \ - ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ - --enable-debug \ - --enable-loopback \ - --enable-ethernet \ - --enable-tools \ - --disable-polkit \ - --runstatedir='${runtimedir}' \ - --with-dns-backend='${@bb.utils.contains("DISTRO_FEATURES", "systemd-resolved", "systemd-resolved", "internal", d)}' \ -" -# For smooth operation it would be best to start only one wireless daemon at a time. -# If wpa-supplicant is running, connman will use it preferentially. -# Select either wpa-supplicant or iwd -WIRELESS_DAEMON ??= "wpa-supplicant" - -PACKAGECONFIG ??= "wispr iptables client\ - ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \ -" - -# If you want ConnMan to support VPN, add following statement into -# local.conf or distro config -# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" - -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" -PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi" -PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" -PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" -PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant" -PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd" -PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," -PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" -PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" -PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,ppp,xl2tpd" -PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,ppp,pptp-linux" -# WISPr support for logging into hotspots, requires TLS -PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," -PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat,iptables" -PACKAGECONFIG[iptables] = "--with-firewall=iptables,,iptables,,,nftables" -PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" -PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" -PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl" - -INITSCRIPT_NAME = "connman" -INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." - -python __anonymous () { - systemd_packages = "${PN} ${PN}-wait-online" - pkgconfig = d.getVar('PACKAGECONFIG') - if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split(): - systemd_packages += " ${PN}-vpn" - d.setVar('SYSTEMD_PACKAGES', systemd_packages) -} - -SYSTEMD_SERVICE:${PN} = "connman.service" -SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" -SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" - -ALTERNATIVE_PRIORITY = "${@bb.utils.contains('DISTRO_FEATURES','systemd-resolved','10','100',d)}" -ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" -ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" -ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" - -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${UNPACKDIR}/connman ${D}${sysconfdir}/init.d/connman - sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman - fi - - install -d ${D}${bindir} - install -m 0755 ${B}/tools/*-test ${D}${bindir} - if [ -e ${B}/tools/wispr ]; then - install -m 0755 ${B}/tools/wispr ${D}${bindir} - fi - - # We don't need to package an empty directory - rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts - - # Automake 1.12 won't install empty directories, but we need the - # plugins directory to be present for ownership - mkdir -p ${D}${libdir}/connman/plugins - - # For read-only filesystem, do not create links during bootup - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${sysconfdir} - ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman - fi -} - -# These used to be plugins, but now they are core -RPROVIDES:${PN} = "\ - connman-plugin-loopback \ - connman-plugin-ethernet \ - ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ - " - -PACKAGES_DYNAMIC += "^${PN}-plugin-.*" - -def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): - plugintype = pkg.split( '-' )[-1] - if plugintype in depmap: - rdepends = map(lambda x: multilib_prefix + x, \ - depmap[plugintype].split()) - d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) - if add_insane_skip: - d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") - -python populate_packages:prepend() { - depmap = dict(pppd="ppp") - multilib_prefix = (d.getVar("MLPREFIX") or "") - - hook = lambda file,pkg,x,y,z: \ - add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False) - plugin_dir = d.expand('${libdir}/connman/plugins/') - plugin_name = d.expand('${PN}-plugin-%s') - do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ - '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True ) - - hook = lambda file,pkg,x,y,z: \ - add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True) - plugin_dir = d.expand('${libdir}/connman/plugins-vpn/') - plugin_name = d.expand('${PN}-plugin-vpn-%s') - do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ - '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True ) -} - -PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" - -FILES:${PN}-tools = "${bindir}/wispr" -RDEPENDS:${PN}-tools = "${PN}" - -FILES:${PN}-tests = "${bindir}/*-test" -RDEPENDS:${PN}-tests = "${@bb.utils.contains('PACKAGECONFIG', 'iptables', 'iptables', '', d)}" - -FILES:${PN}-client = "${bindir}/connmanctl" -RDEPENDS:${PN}-client = "${PN}" - -FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ - ${libdir}/connman/plugins \ - ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ - ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ - ${datadir}/dbus-1/system-services/* \ - ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" - -FILES:${PN}-dev += "${libdir}/connman/*/*.la" - -PACKAGES =+ "${PN}-vpn ${PN}-wait-online" - -SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" -DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ -managing VPN connections within embedded devices running the Linux \ -operating system. The connman-vpnd handles all the VPN connections \ -and starts/stops VPN client processes when necessary. The connman-vpnd \ -provides a DBus API for managing VPN connections. All the different \ -VPN technogies are implemented using plug-ins." -FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ - ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ - ${datadir}/dbus-1/system-services/net.connman.vpn.service \ - ${systemd_system_unitdir}/connman-vpn.service" - -SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" -DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ -the system waits until a network connection is established." -FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ - ${systemd_system_unitdir}/connman-wait-online.service" - -SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" -DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ -to create a VPN connection to OpenVPN server." -FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ - ${libdir}/connman/plugins-vpn/openvpn.so" -RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" -RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" - -SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" -DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ -to create a VPN connection to Cisco3000 VPN Concentrator." -FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ - ${libdir}/connman/plugins-vpn/vpnc.so \ - ${libdir}/connman/scripts/vpn-script" -RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" -RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" - -SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" -DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ -to create a VPN connection to L2TP server." -FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ - ${libdir}/connman/plugins-vpn/l2tp.so" -RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" -RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" - -SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" -DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ -to create a VPN connection to PPTP server." -FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ - ${libdir}/connman/plugins-vpn/pptp.so" -RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" -RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb deleted file mode 100644 index bfb24aa58c..0000000000 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb +++ /dev/null @@ -1,67 +0,0 @@ -SECTION = "console/network" -SUMMARY = "dhcpcd - a DHCP client" -DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ - computer to work on the attached networks without trouble \ - and mostly without configuration." - -HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=4dda5beb433a809f2e0aeffbf9da3d91" - -SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \ - file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ - file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ - file://dhcpcd.service \ - file://dhcpcd@.service \ - file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ - " - -SRCREV = "93df2b254caf9639f9ffb66e0fe2b584eeba6220" - -# Doesn't use automake so we can't do out-of-tree builds -inherit pkgconfig autotools-brokensep systemd useradd - -SYSTEMD_SERVICE:${PN} = "dhcpcd.service" - -PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" - -PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" -# ntp conflicts with chrony -PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" -PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" -PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" - -# add option to override DBDIR location -DBDIR ?= "${localstatedir}/lib/${BPN}" - -EXTRA_OECONF = "--enable-ipv4 \ - --dbdir=${DBDIR} \ - --sbindir=${base_sbindir} \ - --runstatedir=/run \ - --enable-privsep \ - --privsepuser=dhcpcd \ - --with-hooks \ - --with-eghooks \ - " - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" - -# This isn't autoconf but is instead a configure script that tries to look like -# autoconf, so just run it directly. -do_configure() { - oe_runconf -} - -do_install:append () { - # install systemd unit files - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${UNPACKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} - - chmod 700 ${D}${DBDIR} - chown dhcpcd:dhcpcd ${D}${DBDIR} -} - -FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch deleted file mode 100644 index 512e33aebf..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch +++ /dev/null @@ -1,79 +0,0 @@ -From d1581ce103db0a5db0b1761907fff9ddd6b55a8a Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Wed, 9 Nov 2022 16:33:18 +0800 -Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd - -systemd's resolvconf implementation ignores the protocol part. -See https://github.com/systemd/systemd/issues/25032. - -When using 'dhcp server + dns server + dhcpcd + systemd', we -get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', -yet systemd's resolvconf treats it as eth0. This will delete the -DNS information set by 'resolvconf -a eth0.dhcp'. - -Fortunately, 20-resolv.conf has the ability to build the resolv.conf -file contents itself. We can just pass the generated contents to -systemd's resolvconf. This way, the DNS information is not incorrectly -deleted. Also, it does not cause behavior regression for dhcpcd -in other cases. - -Upstream-Status: Inappropriate [OE Specific] -This patch has been rejected by dhcpcd upstream. -See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 - -Signed-off-by: Chen Qi ---- - hooks/20-resolv.conf | 17 +++++++++++++---- - 1 file changed, 13 insertions(+), 4 deletions(-) - -diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf -index bd0b0df5..9c7721de 100644 ---- a/hooks/20-resolv.conf -+++ b/hooks/20-resolv.conf -@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" - NL=" - " - : ${resolvconf:=resolvconf} -+resolvconf_from_systemd=false - if command -v "$resolvconf" >/dev/null 2>&1; then - have_resolvconf=true -+ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then -+ resolvconf_from_systemd=true -+ fi - else - have_resolvconf=false - fi -@@ -69,8 +73,13 @@ build_resolv_conf() - else - echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" - fi -- if change_file /etc/resolv.conf "$cf"; then -- chmod 644 /etc/resolv.conf -+ if $resolvconf_from_systemd; then -+ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" -+ "$resolvconf" -a "$ifname" <"$cf" -+ else -+ if change_file /etc/resolv.conf "$cf"; then -+ chmod 644 /etc/resolv.conf -+ fi - fi - rm -f "$cf" - } -@@ -179,7 +188,7 @@ add_resolv_conf() - for x in ${new_domain_name_servers}; do - conf="${conf}nameserver $x$NL" - done -- if $have_resolvconf; then -+ if $have_resolvconf && ! $resolvconf_from_systemd; then - [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" - printf %s "$conf" | "$resolvconf" -a "$ifname" - return $? -@@ -195,7 +204,7 @@ add_resolv_conf() - - remove_resolv_conf() - { -- if $have_resolvconf; then -+ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then - "$resolvconf" -d "$ifname" -f - else - if [ -e "$resolv_conf_dir/$ifname" ]; then diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch deleted file mode 100644 index 484b84f94a..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e9b1376c59b15e7b03611429187d9d89167154b5 Mon Sep 17 00:00:00 2001 -From: Lei Maohui -Date: Fri, 10 Mar 2023 03:48:46 +0000 -Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. - -Error: Transaction test error: - file /usr/share/man/man8/dhcpcd.8 conflicts between attempted - installs of dhcpcd-doc-9.4.1-r0.cortexa57 and - lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon - -The differences between the two files are as follows: -@@ -821,7 +821,7 @@ - If you always use the same options, put them here. - .It Pa /usr/libexec/dhcpcd-run-hooks - Bourne shell script that is run to configure or de-configure an interface. --.It Pa /usr/lib64/dhcpcd/dev -+.It Pa /usr/lib/dhcpcd/dev - Linux - .Pa /dev - management modules. - -It is just a man file, there is no necessary to manage multiple -versions. - -Upstream-Status: Inappropriate [oe specific] -Signed-off-by: Lei Maohui ---- - src/dhcpcd.8.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in -index 91fdde2c..b467dc3b 100644 ---- a/src/dhcpcd.8.in -+++ b/src/dhcpcd.8.in -@@ -826,7 +826,7 @@ Configuration file for dhcpcd. - If you always use the same options, put them here. - .It Pa @SCRIPT@ - Bourne shell script that is run to configure or de-configure an interface. --.It Pa @LIBDIR@/dhcpcd/dev -+.It Pa /usr//dhcpcd/dev - Linux - .Pa /dev - management modules. diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch deleted file mode 100644 index fd3fae7e7e..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c2ebc32112e0cd29390b4dc951b65efae36d607b Mon Sep 17 00:00:00 2001 -From: Stefano Cappa -Date: Sun, 13 Jan 2019 01:50:52 +0100 -Subject: [PATCH] remove INCLUDEDIR to prevent build issues - -Upstream-Status: Pending - -Signed-off-by: Stefano Cappa ---- - configure | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/configure b/configure -index a60da137..3673de8b 100755 ---- a/configure -+++ b/configure -@@ -26,7 +26,6 @@ BUILD= - HOST= - HOSTCC= - TARGET= --INCLUDEDIR= - DEBUG= - FORK= - STATIC= -@@ -89,7 +88,6 @@ for x do - --mandir) MANDIR=$var;; - --datadir) DATADIR=$var;; - --with-ccopts|CFLAGS) CFLAGS=$var;; -- -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";; - CC) CC=$var;; - CPPFLAGS) CPPFLAGS=$var;; - PKG_CONFIG) PKG_CONFIG=$var;; -@@ -346,9 +344,6 @@ if [ -n "$CPPFLAGS" ]; then - echo "CPPFLAGS=" >>$CONFIG_MK - echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK - fi --if [ -n "$INCLUDEDIR" ]; then -- echo "CPPFLAGS+= $INCLUDEDIR" >>$CONFIG_MK --fi - if [ -n "$LDFLAGS" ]; then - echo "LDFLAGS=" >>$CONFIG_MK - echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service deleted file mode 100644 index 6c967ddaf0..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support -Wants=network.target -Before=network.target -Conflicts=connman.service - -[Service] -ExecStart=/sbin/dhcpcd -q --nobackground - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service deleted file mode 100644 index 845b83b9e5..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=dhcpcd on %I -Wants=network.target -Before=network.target -BindsTo=sys-subsystem-net-devices-%i.device -After=sys-subsystem-net-devices-%i.device -Conflicts=connman.service - -[Service] -Type=forking -PIDFile=/run/dhcpcd/%I.pid -ExecStart=/sbin/dhcpcd -q %I -ExecStop=/sbin/dhcpcd -x %I - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils deleted file mode 100644 index 30e81ef450..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils +++ /dev/null @@ -1,20 +0,0 @@ -# default: off -# description: -# Rexecd is the server for the rexec program. The server provides remote -# execution facilities with authentication based on user names and -# passwords. -# -service exec -{ - socket_type = stream - protocol = tcp - flags = NAMEINARGS - wait = no - user = root - group = root - log_on_success += USERID - log_on_failure += USERID - server = @SBINDIR@/tcpd - server_args = @SBINDIR@/in.rexecd - disable = yes -} diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils deleted file mode 100644 index 21b55da9a9..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils +++ /dev/null @@ -1,23 +0,0 @@ -# default: off -# description: -# Rlogind is a server for the rlogin program. The server provides remote -# execution with authentication based on privileged port numbers from trusted -# host -# -service login -{ - socket_type = stream - protocol = tcp - flags = NAMEINARGS - wait = no - user = root - group = root - log_on_success += USERID - log_on_failure += USERID - server = @SBINDIR@/tcpd - server_args = @SBINDIR@/in.rlogind -a - disable = yes -} - - - diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils deleted file mode 100644 index 2b894a74bd..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils +++ /dev/null @@ -1,21 +0,0 @@ -# default: off -# description: -# The rshd server is a server for the rcmd(3) routine and, -# consequently, for the rsh(1) program. The server provides -# remote execution facilities with authentication based on -# privileged port numbers from trusted hosts. -# -service shell -{ - socket_type = stream - protocol = tcp - flags = NAMEINARGS - wait = no - user = root - group = root - log_on_success += USERID - log_on_failure += USERID - server = @SBINDIR@/tcpd - server_args = @SBINDIR@/in.rshd -aL - disable = yes -} diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils deleted file mode 100644 index 2d9a0408c0..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils +++ /dev/null @@ -1,13 +0,0 @@ -# default: on -# description: The telnet server serves telnet sessions; it uses \ -# unencrypted username/password pairs for authentication. -service telnet -{ - disable = no - flags = REUSE - socket_type = stream - wait = no - user = root - server = @SBINDIR@/in.telnetd - log_on_failure += USERID -} diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils deleted file mode 100644 index 67b44c43e8..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils +++ /dev/null @@ -1,19 +0,0 @@ -# default: off -# description: -# Tftpd is a server which supports the Internet Trivial File Transfer -# Pro-tocol (RFC 783). The TFTP server operates at the port indicated -# in the tftp service description; see services(5). -# -service tftp -{ - disable = yes - socket_type = dgram - protocol = udp - flags = IPv6 - wait = yes - user = root - group = root - server = @SBINDIR@/in.tftpd - server_args = /tftpboot -} - diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb b/meta/recipes-connectivity/inetutils/inetutils_2.6.bb deleted file mode 100644 index 6e03195f2d..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb +++ /dev/null @@ -1,216 +0,0 @@ -SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers." -DESCRIPTION = "The GNU inetutils are a collection of common \ -networking utilities and servers including ftp, ftpd, rcp, \ -rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ -talkd, telnet, telnetd, tftp, tftpd, and uucpd." -HOMEPAGE = "http://www.gnu.org/software/inetutils" -SECTION = "net" -DEPENDS = "ncurses netbase readline virtual/crypt" - -LICENSE = "GPL-3.0-only" - -LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" - -SRC_URI[sha256sum] = "68bedbfeaf73f7d86be2a7d99bcfbd4093d829f52770893919ae174c0b2357ca" -SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ - file://rexec.xinetd.inetutils \ - file://rlogin.xinetd.inetutils \ - file://rsh.xinetd.inetutils \ - file://telnet.xinetd.inetutils \ - file://tftpd.xinetd.inetutils \ - " - -inherit autotools gettext update-alternatives texinfo - -PACKAGECONFIG ??= "ftp uucpd \ - ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ - " -PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline" -PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline" -PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," -PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," - -EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ - --with-libreadline-prefix=${STAGING_LIBDIR} \ - --enable-rpath=no \ - --with-path-login=${base_bindir}/login \ - --with-path-cp=${base_bindir}/cp \ - --with-path-uucico=${libexecdir}/uuico \ - --with-path-procnet-dev=/proc/net/dev \ - " - -EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx" - -# These are horrible for security, disable them -EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ - --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" - -# The configure script guesses many paths in cross builds, check for this happening -do_configure_cross_check() { - if grep "may be incorrect because of cross-compilation" ${B}/config.log; then - bberror Default path values used, these must be set explicitly - fi -} -do_configure[postfuncs] += "do_configure_cross_check" - -# The --with-path options are not actually options, so this check needs to be silenced -ERROR_QA:remove = "unknown-configure-option" - -do_configure:prepend () { - export HELP2MAN='true' -} - -do_install:append () { - install -m 0755 -d ${D}${base_sbindir} - install -m 0755 -d ${D}${sbindir} - install -m 0755 -d ${D}${sysconfdir}/xinetd.d - if [ "${base_bindir}" != "${bindir}" ] ; then - install -m 0755 -d ${D}${base_bindir} - mv ${D}${bindir}/ping* ${D}${base_bindir}/ - mv ${D}${bindir}/hostname ${D}${base_bindir}/ - mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/ - fi - mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ - mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ - mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd - mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd - if [ -e ${D}${libexecdir}/rexecd ]; then - mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd - cp ${UNPACKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec - fi - if [ -e ${D}${libexecdir}/rlogind ]; then - mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind - cp ${UNPACKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin - fi - if [ -e ${D}${libexecdir}/rshd ]; then - mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd - cp ${UNPACKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh - fi - if [ -e ${D}${libexecdir}/talkd ]; then - mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd - fi - mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd - mv ${D}${libexecdir}/* ${D}${bindir}/ - cp ${UNPACKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet - cp ${UNPACKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd - - sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/* - if [ -e ${D}${libdir}/charset.alias ]; then - rm -rf ${D}${libdir}/charset.alias - fi - rm -rf ${D}${libexecdir}/ - # remove usr/lib if empty - rmdir ${D}${libdir} || true -} - -PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \ -${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \ -${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \ -${PN}-rsh ${PN}-rshd" - -# The packages tftpd, telnetd and rshd conflict with the ones -# provided by netkit, so add the corresponding -dbg packages -# for them to avoid the confliction between the dbg package -# of inetutils and netkit. -PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" -NOAUTOPACKAGEDEBUG = "1" - -ALTERNATIVE_PRIORITY = "79" -ALTERNATIVE:${PN} = "whois dnsdomainname" -ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" -ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" - -ALTERNATIVE_PRIORITY_${PN}-logger = "60" -ALTERNATIVE:${PN}-logger = "logger" -ALTERNATIVE:${PN}-syslogd = "syslogd" -ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" - -ALTERNATIVE:${PN}-ftp = "ftp" -ALTERNATIVE:${PN}-ftpd = "ftpd" -ALTERNATIVE:${PN}-tftp = "tftp" -ALTERNATIVE:${PN}-tftpd = "tftpd" -ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" -ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" - -ALTERNATIVE:${PN}-telnet = "telnet" -ALTERNATIVE:${PN}-telnetd = "telnetd" -ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" -ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" - -ALTERNATIVE:${PN}-inetd = "inetd" -ALTERNATIVE:${PN}-traceroute = "traceroute" - -ALTERNATIVE:${PN}-hostname = "hostname" -ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_PRIORITY[hostname] = "100" - -ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ - tftpd.8 tftp.1 telnetd.8" -ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" -ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" -ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" -ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" -ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" -ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" -ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" - -ALTERNATIVE:${PN}-ifconfig = "ifconfig" -ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" - -ALTERNATIVE:${PN}-ping = "ping" -ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" - -ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" -ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" - -FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" -FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" -FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" -FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" -FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" -FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" -FILES:${PN}-logger = "${bindir}/logger.${BPN}" - -FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" -RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" - -FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" - -FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" -FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" - -# We make us of RCONFLICTS / RPROVIDES here rather than using the normal -# alternatives method as this leads to packaging QA issues when using -# musl as that library does not provide what these applications need to -# build. -FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" -RCONFLICTS:${PN}-rsh += "netkit-rsh-client" -RPROVIDES:${PN}-rsh = "rsh" - -FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ - ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" -FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" -RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" -RCONFLICTS:${PN}-rshd += "netkit-rshd-server" -RPROVIDES:${PN}-rshd = "rshd" - -FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" -FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" -RDEPENDS:${PN}-ftpd += "xinetd" - -FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" -FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" -RCONFLICTS:${PN}-tftpd += "netkit-tftpd" -RDEPENDS:${PN}-tftpd += "xinetd" - -FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" -FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" -RCONFLICTS:${PN}-telnetd += "netkit-telnet" -RPROVIDES:${PN}-telnetd = "telnetd" -RDEPENDS:${PN}-telnetd += "xinetd" - -FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" - -RDEPENDS:${PN} = "xinetd" diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch deleted file mode 100644 index c4dea39676..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9e427aa1c647f741b08a1f0c44483ea974c7fc61 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Sat, 24 Aug 2024 15:32:25 +0200 -Subject: [PATCH] include/libnetlink.h: add missing include for htobe64 - definitions - -Upstream-Status: Submitted [by email to stephen@networkplumber.org netdev@vger.kernel.org] -Signed-off-by: Alexander Kanavin ---- - include/libnetlink.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/include/libnetlink.h b/include/libnetlink.h -index 7074e91..3dbfa42 100644 ---- a/include/libnetlink.h -+++ b/include/libnetlink.h -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - - struct rtnl_handle { - int fd; diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb deleted file mode 100644 index dc7106902c..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb +++ /dev/null @@ -1,112 +0,0 @@ -SUMMARY = "TCP / IP networking and traffic control utilities" -DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ -TCP / IP networking and traffic control in Linux. Of the utilities ip \ -and tc are the most important. ip controls IPv4 and IPv6 \ -configuration and tc stands for traffic control." -HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" -SECTION = "base" -LICENSE = "GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - " - -DEPENDS = "flex-native bison-native libcap" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ - file://0001-include-libnetlink.h-add-missing-include-for-htobe64.patch \ - " - -SRC_URI[sha256sum] = "5900ccc15f9ac3bf7b7eae81deb5937123df35e99347a7f11a22818482f0a8d0" - -inherit update-alternatives bash-completion pkgconfig - -PACKAGECONFIG ??= "tipc elf devlink iptables" -PACKAGECONFIG[tipc] = ",,libmnl," -PACKAGECONFIG[elf] = ",,elfutils," -PACKAGECONFIG[devlink] = ",,libmnl," -PACKAGECONFIG[iptables] = ",,iptables" -PACKAGECONFIG[rdma] = ",,libmnl," -PACKAGECONFIG[selinux] = ",,libselinux" - -IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" - -# This is needed with GCC-14 and musl -CFLAGS += "-Wno-error=incompatible-pointer-types" -# CFLAGS are computed in Makefile and reference CCOPTS -# -EXTRA_OEMAKE = "\ - CC='${CC}' \ - KERNEL_INCLUDE=${STAGING_INCDIR} \ - DOCDIR=${docdir}/iproute2 \ - SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ - SBINDIR='${base_sbindir}' \ - CONF_USR_DIR='${libdir}/iproute2' \ - LIBDIR='${libdir}' \ - CCOPTS='${CFLAGS}' \ -" - -do_configure:append () { - sh configure ${STAGING_INCDIR} - # Explicitly disable ATM support - sed -i -e '/TC_CONFIG_ATM/d' config.mk -} - -do_install () { - oe_runmake DESTDIR=${D} install - mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 - install -d ${D}${datadir} - mv ${D}/share/* ${D}${datadir}/ || true - rm ${D}/share -rf || true - - # Remove support fot ipt and xt in tc. So tc library directory is not needed. - rm ${D}${libdir}/tc -rf -} - -# The .so files in iproute2-tc are modules, not traditional libraries -INSANE_SKIP:${PN}-tc = "dev-so" - -IPROUTE2_PACKAGES =+ "\ - ${PN}-bridge \ - ${PN}-devlink \ - ${PN}-genl \ - ${PN}-ifstat \ - ${PN}-ip \ - ${PN}-lnstat \ - ${PN}-nstat \ - ${PN}-routel \ - ${PN}-rtacct \ - ${PN}-ss \ - ${PN}-tc \ - ${PN}-tipc \ - ${PN}-rdma \ -" - -PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" -RDEPENDS:${PN} += "${PN}-ip" - -FILES:${PN}-tc = "${base_sbindir}/tc* \ - ${libdir}/tc/*.so" -FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ - ${base_sbindir}/ctstat \ - ${base_sbindir}/rtstat" -FILES:${PN}-ifstat = "${base_sbindir}/ifstat" -FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2" -FILES:${PN}-genl = "${base_sbindir}/genl" -FILES:${PN}-rtacct = "${base_sbindir}/rtacct" -FILES:${PN}-nstat = "${base_sbindir}/nstat" -FILES:${PN}-ss = "${base_sbindir}/ss" -FILES:${PN}-tipc = "${base_sbindir}/tipc" -FILES:${PN}-devlink = "${base_sbindir}/devlink" -FILES:${PN}-rdma = "${base_sbindir}/rdma" -FILES:${PN}-routel = "${base_sbindir}/routel" -FILES:${PN}-bridge = "${base_sbindir}/bridge" - -RDEPENDS:${PN}-routel = "python3-core" - -ALTERNATIVE:${PN}-ip = "ip" -ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" -ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" -ALTERNATIVE_PRIORITY = "100" - -ALTERNATIVE:${PN}-tc = "tc" -ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" -ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch deleted file mode 100644 index 715b88d466..0000000000 --- a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch +++ /dev/null @@ -1,41 +0,0 @@ -Subject: [PATCH] iw: version.sh: don't use git describe for versioning - -It will detect top-level git repositories like the Angstrom setup-scripts and break. - -Upstream-Status: Pending - -Signed-off-by: Koen Kooi -Signed-off-by: Maxin B. John ---- -diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh ---- iw-4.7-orig/version.sh 2016-05-31 12:52:46.000000000 +0300 -+++ iw-4.7/version.sh 2016-06-01 11:21:58.307409060 +0300 -@@ -15,27 +15,7 @@ - SRC_DIR=$(cd ${SRC_DIR}; pwd) - cd "${SRC_DIR}" - --v="" --if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then -- git update-index --refresh --unmerged > /dev/null -- descr=$(git describe --match=v* 2>/dev/null) -- if [ $? -eq 0 ]; then -- # on git builds check that the version number above -- # is correct... -- if [ "${descr%%-*}" = "v$VERSION" ]; then -- v="${descr#v}" -- if git diff-index --name-only HEAD | read dummy ; then -- v="$v"-dirty -- fi -- fi -- fi --fi -- --# set to the default version when failed to get the version --# information with git --if [ -z "${v}" ]; then -- v="$VERSION" --fi -+v="$VERSION" - - echo '#include "iw.h"' > "$OUT" - echo "const char iw_version[] = \"$v\";" >> "$OUT" diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch deleted file mode 100644 index 179fd90124..0000000000 --- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 -From: Changhyeok Bae -Date: Mon, 27 Jan 2020 22:48:03 +0100 -Subject: [PATCH] Support separation of SRCDIR and OBJDIR - -Typical use of VPATH to locate the sources. - -Upstream-Status: Pending - -Signed-off-by: Christopher Larson -Signed-off-by: Maxin B. John ---- - Makefile | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 90f2251..714cdb9 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,5 +1,9 @@ - MAKEFLAGS += --no-print-directory - -+SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) -+OBJDIR ?= $(PWD) -+VPATH = $(SRCDIR) -+ - PREFIX ?= /usr - SBINDIR ?= $(PREFIX)/sbin - MANDIR ?= $(PREFIX)/share/man -@@ -92,7 +96,7 @@ all: $(ALL) - version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ - $(wildcard .git/index .git/refs/tags) - @$(NQ) ' GEN ' $@ -- $(Q)./version.sh $@ -+ $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ - - nl80211-commands.inc: nl80211.h - @$(NQ) ' GEN ' $@ -@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h - - %.o: %.c iw.h nl80211.h nl80211-commands.inc - @$(NQ) ' CC ' $@ -- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< -+ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< - - ifeq ($(IW_ANDROID_BUILD),) - iw: $(OBJS) --- -2.23.0 - diff --git a/meta/recipes-connectivity/iw/iw_6.17.bb b/meta/recipes-connectivity/iw/iw_6.17.bb deleted file mode 100644 index a9a4695d39..0000000000 --- a/meta/recipes-connectivity/iw/iw_6.17.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "nl80211 based CLI configuration utility for wireless devices" -DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ -wireless devices. It supports almost all new drivers that have been added \ -to the kernel recently. " -HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" -SECTION = "base" -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" - -DEPENDS = "libnl" - -SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ - file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ - file://separate-objdir.patch \ -" - -SRC_URI[sha256sum] = "aebdcfa3691aa5065a9b0d7def66c761c8b01a59dd81bc315d0305e05c3b04de" - -inherit pkgconfig - -EXTRA_OEMAKE = "\ - -f '${S}/Makefile' \ - \ - 'PREFIX=${prefix}' \ - 'SBINDIR=${sbindir}' \ - 'MANDIR=${mandir}' \ -" - -do_install() { - oe_runmake 'DESTDIR=${D}' install -} diff --git a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch b/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch deleted file mode 100644 index fba2f5a573..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch +++ /dev/null @@ -1,53 +0,0 @@ -From cf6af9219ba688fcd01d73a392dd1306d2b7a9e6 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 27 Aug 2025 22:20:09 -0700 -Subject: [PATCH] build: boost 1.89.0 fixes - -Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/merge_requests/2771/] -Signed-off-by: Khem Raj ---- - meson.build | 2 +- - src/lib/asiodns/io_fetch.cc | 1 + - src/lib/asiolink/interval_timer.cc | 1 + - 3 files changed, 3 insertions(+), 1 deletion(-) - ---- a/meson.build -+++ b/meson.build -@@ -189,7 +189,7 @@ message(f'Detected system "@SYSTEM@".') - - #### Dependencies - --boost_dep = dependency('boost', version: '>=1.66', modules: ['system']) -+boost_dep = dependency('boost', version: '>=1.66') - dl_dep = dependency('dl') - threads_dep = dependency('threads') - add_project_dependencies(boost_dep, dl_dep, threads_dep, language: ['cpp']) -@@ -1094,7 +1094,7 @@ pkg.generate( - if TARGETS_GEN_MESSAGES.length() > 0 - alias_target('messages', TARGETS_GEN_MESSAGES) - else -- error( -+ warning( - 'No messages to generate. This is probably an error in the meson.build files.', - ) - endif ---- a/src/lib/asiodns/io_fetch.cc -+++ b/src/lib/asiodns/io_fetch.cc -@@ -22,6 +22,7 @@ - #include - #include - -+#include - #include - #include - ---- a/src/lib/asiolink/interval_timer.cc -+++ b/src/lib/asiolink/interval_timer.cc -@@ -9,6 +9,7 @@ - #include - #include - -+#include - #include - #include - #include diff --git a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch b/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch deleted file mode 100644 index 6facc4d32d..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch +++ /dev/null @@ -1,348 +0,0 @@ -From e3a0d181a279334c7d7a10c5b09fd1610384101c Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 3 Sep 2025 12:52:51 -0700 -Subject: [PATCH] d2/dhcp[46]/radius/dhcpsrv: Avoid Boost lexical_cast on enums -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Clang with libc++ hardening (-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST) -rejects Boost's enum trait probe used by `boost::lexical_cast`: -`boost::type_traits::is_signed/is_unsigned` defines -`static const T minus_one = (T)-1;`, which is ill-formed for scoped/limited -enums whose valid range does not include −1 (e.g. enums with values [0..3]). -When an enum is passed to `lexical_cast`, this triggers errors like: - - error: in-class initializer for static data member is not a constant expression - ... minus_one = (static_cast(-1)); - -In Kea this surfaced via logging `.arg(enum_value)` and when writing -`Lease6::type_` to CSV. - -This change makes all such call sites avoid `lexical_cast` on enums: - -* d2 transactions (`check_exists_*`, `nc_*`, `simple_*`): - cast `getDnsUpdateStatus()` to `int` before passing to `.arg(...)`. - -* d2 queue manager (`d2_queue_mgr.cc`): - cast `mgr_state_` to `int` before logging. - -* DHCPv4/6 servers (`dhcp4_srv.cc`, `dhcp6_srv.cc`): - cast `dhcp_ddns::NameChangeSender::Result` to `int` before logging. - -* RADIUS hook (`radius_accounting.cc`): - cast `env.event_` to `int` for the numeric field; we still log the textual - form via `eventToText(event_)` in the next argument. - -* DHCPv6 CSV writer (`csv_lease_file6.cc`): - write `lease_type` using `isc::dhcp::Lease::typeToText(lease.type_)` - instead of passing the enum directly. This is human-readable and uses Kea’s - own canonical stringifier, while avoiding the Boost enum path entirely. - -why: - -- Prevents Boost from instantiating enum trait checks that cast −1 to an enum. -- Unblocks builds with recent Clang/libc++ hardening. -- Keeps log output stable (numeric codes retained) and improves CSV clarity - for lease type by using the provided textual converter. - -No functional/ABI changes; only formatting of certain log/CSV values. -If a downstream consumer expects a numeric `lease_type`, it can be adjusted -to parse the textual value or the change can be trivially flipped to -`static_cast(lease.type_)`. - -Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4100] -Signed-off-by: Khem Raj ---- - src/bin/d2/check_exists_add.cc | 6 +++--- - src/bin/d2/check_exists_remove.cc | 6 +++--- - src/bin/d2/d2_queue_mgr.cc | 2 +- - src/bin/d2/nc_add.cc | 6 +++--- - src/bin/d2/nc_remove.cc | 6 +++--- - src/bin/d2/simple_add.cc | 4 ++-- - src/bin/d2/simple_add_without_dhcid.cc | 4 ++-- - src/bin/d2/simple_remove.cc | 4 ++-- - src/bin/d2/simple_remove_without_dhcid.cc | 4 ++-- - src/bin/dhcp4/dhcp4_srv.cc | 2 +- - src/bin/dhcp6/dhcp6_srv.cc | 2 +- - src/hooks/dhcp/radius/radius_accounting.cc | 2 +- - src/lib/dhcpsrv/csv_lease_file6.cc | 2 +- - 13 files changed, 25 insertions(+), 25 deletions(-) - -diff --git a/src/bin/d2/check_exists_add.cc b/src/bin/d2/check_exists_add.cc -index 11bb29f..edfef31 100644 ---- a/src/bin/d2/check_exists_add.cc -+++ b/src/bin/d2/check_exists_add.cc -@@ -270,7 +270,7 @@ CheckExistsAddTransaction::addingFwdAddrsHandler() { - // bigger is wrong. - LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -397,7 +397,7 @@ CheckExistsAddTransaction::replacingFwdAddrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -541,7 +541,7 @@ CheckExistsAddTransaction::replacingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/check_exists_remove.cc b/src/bin/d2/check_exists_remove.cc -index 8ae5296..8b6b221 100644 ---- a/src/bin/d2/check_exists_remove.cc -+++ b/src/bin/d2/check_exists_remove.cc -@@ -268,7 +268,7 @@ CheckExistsRemoveTransaction::removingFwdAddrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -404,7 +404,7 @@ CheckExistsRemoveTransaction::removingFwdRRsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -556,7 +556,7 @@ CheckExistsRemoveTransaction::removingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/d2_queue_mgr.cc b/src/bin/d2/d2_queue_mgr.cc -index f902b22..effa56b 100644 ---- a/src/bin/d2/d2_queue_mgr.cc -+++ b/src/bin/d2/d2_queue_mgr.cc -@@ -78,7 +78,7 @@ D2QueueMgr::operator()(const dhcp_ddns::NameChangeListener::Result result, - // this is unexpected so we will treat it as a receive error. - // This is most likely an unforeseen programmatic issue. - LOG_ERROR(dhcp_to_d2_logger, DHCP_DDNS_QUEUE_MGR_UNEXPECTED_STOP) -- .arg(mgr_state_); -+ .arg(static_cast(mgr_state_)); - stopListening(STOPPED_RECV_ERROR); - } - -diff --git a/src/bin/d2/nc_add.cc b/src/bin/d2/nc_add.cc -index 7bffc16..1d17bb2 100644 ---- a/src/bin/d2/nc_add.cc -+++ b/src/bin/d2/nc_add.cc -@@ -272,7 +272,7 @@ NameAddTransaction::addingFwdAddrsHandler() { - // bigger is wrong. - LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -399,7 +399,7 @@ NameAddTransaction::replacingFwdAddrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -542,7 +542,7 @@ NameAddTransaction::replacingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/nc_remove.cc b/src/bin/d2/nc_remove.cc -index 874e43b..182343c 100644 ---- a/src/bin/d2/nc_remove.cc -+++ b/src/bin/d2/nc_remove.cc -@@ -268,7 +268,7 @@ NameRemoveTransaction::removingFwdAddrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -404,7 +404,7 @@ NameRemoveTransaction::removingFwdRRsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -555,7 +555,7 @@ NameRemoveTransaction::removingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/simple_add.cc b/src/bin/d2/simple_add.cc -index 6113b4d..73aa5b4 100644 ---- a/src/bin/d2/simple_add.cc -+++ b/src/bin/d2/simple_add.cc -@@ -259,7 +259,7 @@ SimpleAddTransaction::replacingFwdAddrsHandler() { - // bigger is wrong. - LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -404,7 +404,7 @@ SimpleAddTransaction::replacingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/simple_add_without_dhcid.cc b/src/bin/d2/simple_add_without_dhcid.cc -index ccea83a..97918ad 100644 ---- a/src/bin/d2/simple_add_without_dhcid.cc -+++ b/src/bin/d2/simple_add_without_dhcid.cc -@@ -260,7 +260,7 @@ SimpleAddWithoutDHCIDTransaction::replacingFwdAddrsHandler() { - // bigger is wrong. - LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -406,7 +406,7 @@ SimpleAddWithoutDHCIDTransaction::replacingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/simple_remove.cc b/src/bin/d2/simple_remove.cc -index e1d9a78..14f416b 100644 ---- a/src/bin/d2/simple_remove.cc -+++ b/src/bin/d2/simple_remove.cc -@@ -272,7 +272,7 @@ SimpleRemoveTransaction::removingFwdRRsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -423,7 +423,7 @@ SimpleRemoveTransaction::removingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/d2/simple_remove_without_dhcid.cc b/src/bin/d2/simple_remove_without_dhcid.cc -index 04fe4df..cefdda8 100644 ---- a/src/bin/d2/simple_remove_without_dhcid.cc -+++ b/src/bin/d2/simple_remove_without_dhcid.cc -@@ -273,7 +273,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingFwdRRsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -@@ -425,7 +425,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingRevPtrsHandler() { - LOG_ERROR(d2_to_dns_logger, - DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) - .arg(getRequestId()) -- .arg(getDnsUpdateStatus()) -+ .arg(static_cast(getDnsUpdateStatus())) - .arg(getNcr()->getFqdn()) - .arg(getCurrentServer()->toText()); - -diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc -index 0701ed4..471e94c 100644 ---- a/src/bin/dhcp4/dhcp4_srv.cc -+++ b/src/bin/dhcp4/dhcp4_srv.cc -@@ -5101,7 +5101,7 @@ Dhcpv4Srv::d2ClientErrorHandler(const - dhcp_ddns::NameChangeSender::Result result, - dhcp_ddns::NameChangeRequestPtr& ncr) { - LOG_ERROR(ddns4_logger, DHCP4_DDNS_REQUEST_SEND_FAILED). -- arg(result).arg((ncr ? ncr->toText() : " NULL ")); -+ arg(static_cast(result)).arg((ncr ? ncr->toText() : " NULL ")); - // We cannot communicate with kea-dhcp-ddns, suspend further updates. - /// @todo We may wish to revisit this, but for now we will simply turn - /// them off. -diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc -index 417960b..818046d 100644 ---- a/src/bin/dhcp6/dhcp6_srv.cc -+++ b/src/bin/dhcp6/dhcp6_srv.cc -@@ -5054,7 +5054,7 @@ Dhcpv6Srv::d2ClientErrorHandler(const - dhcp_ddns::NameChangeSender::Result result, - dhcp_ddns::NameChangeRequestPtr& ncr) { - LOG_ERROR(ddns6_logger, DHCP6_DDNS_REQUEST_SEND_FAILED). -- arg(result).arg((ncr ? ncr->toText() : " NULL ")); -+ arg(static_cast(result)).arg((ncr ? ncr->toText() : " NULL ")); - // We cannot communicate with kea-dhcp-ddns, suspend further updates. - /// @todo We may wish to revisit this, but for now we will simply turn - /// them off. -diff --git a/src/hooks/dhcp/radius/radius_accounting.cc b/src/hooks/dhcp/radius/radius_accounting.cc -index 30eb07e..31f6d5e 100644 ---- a/src/hooks/dhcp/radius/radius_accounting.cc -+++ b/src/hooks/dhcp/radius/radius_accounting.cc -@@ -760,7 +760,7 @@ RadiusAccounting::terminate(RadiusAcctEnv env, int result) { - if (result != OK_RC) { - LOG_ERROR(radius_logger, RADIUS_ACCOUNTING_ERROR) - .arg(env.session_id_) -- .arg(env.event_) -+ .arg(static_cast(env.event_)) - .arg(eventToText(env.event_)) - .arg(result) - .arg(exchangeRCtoText(result)); -diff --git a/src/lib/dhcpsrv/csv_lease_file6.cc b/src/lib/dhcpsrv/csv_lease_file6.cc -index 830d2e5..a899aef 100644 ---- a/src/lib/dhcpsrv/csv_lease_file6.cc -+++ b/src/lib/dhcpsrv/csv_lease_file6.cc -@@ -51,7 +51,7 @@ CSVLeaseFile6::append(const Lease6& lease) { - row.writeAt(getColumnIndex("expire"), static_cast(lease.cltt_) + lease.valid_lft_); - row.writeAt(getColumnIndex("subnet_id"), lease.subnet_id_); - row.writeAt(getColumnIndex("pref_lifetime"), lease.preferred_lft_); -- row.writeAt(getColumnIndex("lease_type"), lease.type_); -+ row.writeAt(getColumnIndex("lease_type"), isc::dhcp::Lease::typeToText(lease.type_)); - row.writeAt(getColumnIndex("iaid"), lease.iaid_); - row.writeAt(getColumnIndex("prefix_len"), - static_cast(lease.prefixlen_)); diff --git a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch b/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch deleted file mode 100644 index 44fe82bce0..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 5ec5e08edc059ed0c0d430dc8e02cd64bebc8d1c Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 28 Aug 2025 17:02:49 -0700 -Subject: [PATCH] meson: use a runtime-safe interpreter string -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In cross builds, python.find_installation() (what -PYTHON usually comes from) must be a native -interpreter (since Meson runs it during configure), -but you don’t want that absolute native path baked -into target files. You want a runtime/target path -such as /usr/bin/env python3 (portable) or -/usr/bin/python3 - -Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087] -Signed-off-by: Khem Raj ---- - doc/sphinx/meson.build | 8 +++++++- - meson.build | 8 +++++++- - src/bin/shell/tests/meson.build | 8 +++++++- - src/lib/util/python/meson.build | 8 +++++++- - 4 files changed, 28 insertions(+), 4 deletions(-) - ---- a/doc/sphinx/meson.build -+++ b/doc/sphinx/meson.build -@@ -70,7 +70,13 @@ doc_conf.set('builddir', meson.current_b - doc_conf.set('srcdir', meson.current_source_dir()) - doc_conf.set('sphinxbuilddir', sphinxbuilddir) - doc_conf.set('abs_sphinxbuilddir', abs_sphinxbuilddir) --doc_conf.set('PYTHON', PYTHON.full_path()) -+# During cross builds, avoid embedding the native Python path into target artifacts. -+# Use a runtime-safe interpreter path for the target. -+py_for_runtime = '/usr/bin/env python3' -+if not meson.is_cross_build() -+ py_for_runtime = PYTHON.full_path() -+endif -+doc_conf.set('PYTHON', py_for_runtime) - doc_conf.set('TOP_SOURCE_DIR', TOP_SOURCE_DIR) - if PDFLATEX.found() - doc_conf.set('HAVE_PDFLATEX', 'yes') ---- a/meson.build -+++ b/meson.build -@@ -638,9 +638,13 @@ link_args = [] - # Also, Meson might use it by default, but might not use it on all systems, so lots of variables... - # EXECUTABLE_RPATH = f'$ORIGIN/../@LIBDIR@' - # HOOK_RPATH = '$ORIGIN/../..' -- -+if not meson.is_cross_build() - BUILD_RPATH = TOP_BUILD_DIR / 'src/lib' - INSTALL_RPATH = LIBDIR_INSTALLED -+else -+BUILD_RPATH = '' -+INSTALL_RPATH = '' -+endif - - # Add rpaths for NETCONF dependencies. - if NETCONF_DEP.found() -@@ -759,7 +763,13 @@ report_conf_data.set('CXX_ARGS', ' '.joi - report_conf_data.set('LD_ID', cpp.get_linker_id()) - link_args += get_option('cpp_link_args') - report_conf_data.set('LD_ARGS', ' '.join(link_args)) --report_conf_data.set('PYTHON_PATH', PYTHON.full_path()) -+# During cross builds, avoid embedding the native Python path into target artifacts. -+# Use a runtime-safe interpreter path for the target. -+py_for_runtime = '/usr/bin/env python3' -+if not meson.is_cross_build() -+ py_for_runtime = PYTHON.full_path() -+endif -+report_conf_data.set('PYTHON_PATH', py_for_runtime) - report_conf_data.set('PYTHON_VERSION', PYTHON.version()) - report_conf_data.set('PKGPYTHONDIR', PKGPYTHONDIR) - result = cpp.run( ---- a/src/bin/shell/tests/meson.build -+++ b/src/bin/shell/tests/meson.build -@@ -3,7 +3,13 @@ if not TESTS_OPT.enabled() - endif - - shell_tests_conf_data = configuration_data() --shell_tests_conf_data.set('PYTHON', PYTHON.full_path()) -+# During cross builds, avoid embedding the native Python path into target artifacts. -+# Use a runtime-safe interpreter path for the target. -+py_for_runtime = '/usr/bin/env python3' -+if not meson.is_cross_build() -+ py_for_runtime = PYTHON.full_path() -+endif -+shell_tests_conf_data.set('PYTHON', py_for_runtime) - shell_tests_conf_data.set('abs_top_builddir', TOP_BUILD_DIR) - shell_tests_conf_data.set('abs_top_srcdir', TOP_SOURCE_DIR) - shell_unittest = configure_file( ---- a/src/lib/util/python/meson.build -+++ b/src/lib/util/python/meson.build -@@ -4,7 +4,13 @@ endif - - configure_file(input: 'const2hdr.py', output: 'const2hdr.py', copy: true) - util_python_conf_data = configuration_data() --util_python_conf_data.set('PYTHON', PYTHON.full_path()) -+# During cross builds, avoid embedding the native Python path into target artifacts. -+# Use a runtime-safe interpreter path for the target. -+py_for_runtime = '/usr/bin/env python3' -+if not meson.is_cross_build() -+ py_for_runtime = PYTHON.full_path() -+endif -+util_python_conf_data.set('PYTHON', py_for_runtime) - configure_file( - input: 'gen_wiredata.py.in', - output: 'gen_wiredata.py', ---- a/src/bin/shell/meson.build -+++ b/src/bin/shell/meson.build -@@ -1,5 +1,11 @@ - kea_shell_conf_data = configuration_data() --kea_shell_conf_data.set('PYTHON', PYTHON.full_path()) -+# During cross builds, avoid embedding the native Python path into target artifacts. -+# Use a runtime-safe interpreter path for the target. -+py_for_runtime = '/usr/bin/env python3' -+if not meson.is_cross_build() -+ py_for_runtime = PYTHON.full_path() -+endif -+kea_shell_conf_data.set('PYTHON', py_for_runtime) - kea_shell_conf_data.set('PACKAGE_VERSION', PROJECT_VERSION) - kea_shell_conf_data.set( - 'EXTENDED_VERSION', diff --git a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch b/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch deleted file mode 100644 index 521fac4629..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From c8a1f0b9c17c8485bdeac045e5afdcd4467c1c14 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 28 Aug 2025 17:31:39 -0700 -Subject: [PATCH] mk_cfgrpt.sh: strip prefixes - -Add support for a STRIP_PREFIXES env var (colon-separated list). -The script will pipe its output through sed to remove any of those prefixes. - -Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087] -Signed-off-by: Khem Raj ---- - tools/mk_cfgrpt.sh | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/tools/mk_cfgrpt.sh b/tools/mk_cfgrpt.sh -index bc0cc41..8f41ce1 100755 ---- a/tools/mk_cfgrpt.sh -+++ b/tools/mk_cfgrpt.sh -@@ -43,6 +43,26 @@ then - exit 2 - fi - -+# Optional: strip absolute path prefixes from generated output to make -+# cross-builds reproducible (e.g. Yocto sysroot/work dirs). -+# Provide colon-separated prefixes via STRIP_PREFIXES. -+strip_paths() { -+ if [ -z "${STRIP_PREFIXES:-}" ]; then -+ cat -+ return -+ fi -+ # Build a sed script that removes each prefix wherever it appears. -+ SED_SCRIPT= -+ IFS=':'; for p in $STRIP_PREFIXES; do -+ [ -n "$p" ] || continue -+ # Escape forward slashes -+ ep=$(printf '%s' "$p" | sed 's,/,\\/,g') -+ SED_SCRIPT="${SED_SCRIPT}s/${ep}//g;" -+ done -+ IFS=' ' -+ sed -e "$SED_SCRIPT" -+} -+ - # Header - cat >> "${dest}" << END - // config_report.cc. Generated from config.report by tools/mk_cfgrpt.sh -@@ -55,7 +75,7 @@ END - - # Body: escape '\'s and '"'s, preprend ' ";;;; ' and append '",' - sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/ ";;;; /' -e 's/$/",/' \ -- < "${report_file}" >> "${dest}" -+ < "${report_file}" | strip_paths >> "${dest}" - - # Trailer - cat >> "${dest}" < -Date: Tue, 10 Nov 2020 15:57:03 +0000 -Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build - path into binary - -This breaks reproducibility and is needed only in unit testing. - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin - ---- - src/lib/log/logger_unittest_support.cc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/lib/log/logger_unittest_support.cc -+++ b/src/lib/log/logger_unittest_support.cc -@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity sever - const char* localfile = getenv("KEA_LOGGER_LOCALMSG"); - - // Set a directory for creating lockfiles when running tests -- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); -+ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); - - // Initialize logging - initLogger(root, severity, dbglevel, localfile); diff --git a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch b/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch deleted file mode 100644 index 659627deba..0000000000 --- a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch +++ /dev/null @@ -1,474 +0,0 @@ -From 92b65b2345e07d826b56ffd65cf47538f1c7a271 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder -Date: Tue, 7 Oct 2025 14:41:16 -0400 -Subject: [PATCH] [#4155] Backport #4142 to v3_0 - -Invalid characters cause assert - -To trigger the issue, three configuration parameters must have -specific settings: "hostname-char-set" must be left at the default -setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must -be empty (the default); and "ddns-qualifying-suffix" must NOT be empty -(the default is empty). DDNS updates do not need to be enabled for -this issue to manifest. A client that sends certain option content -would then cause kea-dhcp4 to exit unexpectedly. - -CVE: CVE-2025-11232 -Upstream-Status: Backport [https://github.com/isc-projects/kea/commit/92b65b2345e07d826b56ffd65cf47538f1c7a271] -Signed-off-by: Ross Burton - -new file: changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname -modified: src/bin/dhcp4/dhcp4_messages.cc -modified: src/bin/dhcp4/dhcp4_messages.h -modified: src/bin/dhcp4/dhcp4_messages.mes -modified: src/bin/dhcp4/dhcp4_srv.cc -modified: src/bin/dhcp4/tests/fqdn_unittest.cc -modified: src/bin/dhcp6/dhcp6_messages.cc -modified: src/bin/dhcp6/dhcp6_messages.h -modified: src/bin/dhcp6/dhcp6_messages.mes -modified: src/bin/dhcp6/dhcp6_srv.cc -modified: src/bin/dhcp6/tests/fqdn_unittest.cc -modified: src/lib/dhcpsrv/d2_client_mgr.cc -modified: src/lib/dhcpsrv/d2_client_mgr.h -modified: src/lib/dhcpsrv/tests/d2_client_unittest.cc ---- - ...-2025-11232-catch-empty-sanitized-hostname | 6 +++ - src/bin/dhcp4/dhcp4_messages.cc | 4 ++ - src/bin/dhcp4/dhcp4_messages.h | 2 + - src/bin/dhcp4/dhcp4_messages.mes | 14 +++++ - src/bin/dhcp4/dhcp4_srv.cc | 21 ++++++-- - src/bin/dhcp4/tests/fqdn_unittest.cc | 54 ++++++++++++++++++- - src/bin/dhcp6/dhcp6_messages.cc | 2 + - src/bin/dhcp6/dhcp6_messages.h | 1 + - src/bin/dhcp6/dhcp6_messages.mes | 7 +++ - src/bin/dhcp6/dhcp6_srv.cc | 9 +++- - src/bin/dhcp6/tests/fqdn_unittest.cc | 23 ++++++++ - src/lib/dhcpsrv/d2_client_mgr.cc | 9 +++- - src/lib/dhcpsrv/d2_client_mgr.h | 19 ++++++- - src/lib/dhcpsrv/tests/d2_client_unittest.cc | 42 +++++++++++++++ - 14 files changed, 205 insertions(+), 8 deletions(-) - create mode 100644 changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname - -diff --git a/src/bin/dhcp4/dhcp4_messages.cc b/src/bin/dhcp4/dhcp4_messages.cc -index e06ce6a121..5c6a334bad 100644 ---- a/src/bin/dhcp4/dhcp4_messages.cc -+++ b/src/bin/dhcp4/dhcp4_messages.cc -@@ -26,9 +26,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED = "DHCP4_CLASS_UNCONFI - extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES = "DHCP4_CLIENTID_IGNORED_FOR_LEASES"; - extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA = "DHCP4_CLIENT_FQDN_DATA"; - extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS = "DHCP4_CLIENT_FQDN_PROCESS"; -+extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY"; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA = "DHCP4_CLIENT_HOSTNAME_DATA"; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED = "DHCP4_CLIENT_HOSTNAME_MALFORMED"; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS = "DHCP4_CLIENT_HOSTNAME_PROCESS"; -+extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY"; - extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL = "DHCP4_CLIENT_NAME_PROC_FAIL"; - extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE = "DHCP4_CONFIG_COMPLETE"; - extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL = "DHCP4_CONFIG_LOAD_FAIL"; -@@ -206,9 +208,11 @@ const char* values[] = { - "DHCP4_CLIENTID_IGNORED_FOR_LEASES", "%1: not using client identifier for lease allocation for subnet %2", - "DHCP4_CLIENT_FQDN_DATA", "%1: Client sent FQDN option: %2", - "DHCP4_CLIENT_FQDN_PROCESS", "%1: processing Client FQDN option", -+ "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string", - "DHCP4_CLIENT_HOSTNAME_DATA", "%1: client sent Hostname option: %2", - "DHCP4_CLIENT_HOSTNAME_MALFORMED", "%1: client hostname option malformed: %2", - "DHCP4_CLIENT_HOSTNAME_PROCESS", "%1: processing client's Hostname option", -+ "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY", "%1: sanitizing client's Hostname option '%2' yielded an empty string", - "DHCP4_CLIENT_NAME_PROC_FAIL", "%1: failed to process the fqdn or hostname sent by a client: %2", - "DHCP4_CONFIG_COMPLETE", "DHCPv4 server has completed configuration: %1", - "DHCP4_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2", -diff --git a/src/bin/dhcp4/dhcp4_messages.h b/src/bin/dhcp4/dhcp4_messages.h -index 9a4d0cda21..6e45c63053 100644 ---- a/src/bin/dhcp4/dhcp4_messages.h -+++ b/src/bin/dhcp4/dhcp4_messages.h -@@ -27,9 +27,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED; - extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES; - extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA; - extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS; -+extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED; - extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS; -+extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY; - extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL; - extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE; - extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL; -diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes -index 1deb2e6074..b359d09616 100644 ---- a/src/bin/dhcp4/dhcp4_messages.mes -+++ b/src/bin/dhcp4/dhcp4_messages.mes -@@ -164,6 +164,20 @@ This debug message is issued when the server starts processing the Hostname - option sent in the client's query. The argument includes the client and - transaction identification information. - -+% DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY %1: sanitizing client's Hostname option '%2' yielded an empty string -+Logged at debug log level 50. -+This debug message is issued when the result of sanitizing the -+hostname option(12) sent by the client is an empty string. When this occurs -+the server will ignore the hostname option. The arguments include the -+client and the hostname option it sent. -+ -+% DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string -+Logged at debug log level 50. -+This debug message is issued when the result of sanitizing the -+FQDN option(81) sent by the client is an empty string. When this occurs -+the server will ignore the FQDN option. The arguments include the -+client and the FQDN option it sent. -+ - % DHCP4_CLIENT_NAME_PROC_FAIL %1: failed to process the fqdn or hostname sent by a client: %2 - Logged at debug log level 55. - This debug message is issued when the DHCP server was unable to process the -diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc -index 0701ed41e9..a6be662889 100644 ---- a/src/bin/dhcp4/dhcp4_srv.cc -+++ b/src/bin/dhcp4/dhcp4_srv.cc -@@ -2714,8 +2714,15 @@ Dhcpv4Srv::processClientFqdnOption(Dhcpv4Exchange& ex) { - } else { - // Adjust the domain name based on domain name value and type sent by the - // client and current configuration. -- d2_mgr.adjustDomainName(*fqdn, *fqdn_resp, -- *(ex.getContext()->getDdnsParams())); -+ try { -+ d2_mgr.adjustDomainName(*fqdn, *fqdn_resp, -+ *(ex.getContext()->getDdnsParams())); -+ } catch (const FQDNScrubbedEmpty& scrubbed) { -+ LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY) -+ .arg(ex.getQuery()->getLabel()) -+ .arg(scrubbed.what()); -+ return; -+ } - } - - // Add FQDN option to the response message. Note that, there may be some -@@ -2857,7 +2864,15 @@ Dhcpv4Srv::processHostnameOption(Dhcpv4Exchange& ex) { - ex.getContext()->getDdnsParams()->getHostnameSanitizer(); - - if (sanitizer) { -- hostname = sanitizer->scrub(hostname); -+ auto tmp = sanitizer->scrub(hostname); -+ if (tmp.empty()) { -+ LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY) -+ .arg(ex.getQuery()->getLabel()) -+ .arg(hostname); -+ return; -+ } -+ -+ hostname = tmp; - } - - // Convert hostname to lower case. -diff --git a/src/bin/dhcp4/tests/fqdn_unittest.cc b/src/bin/dhcp4/tests/fqdn_unittest.cc -index a5d3e4c21a..18e4c6d4b9 100644 ---- a/src/bin/dhcp4/tests/fqdn_unittest.cc -+++ b/src/bin/dhcp4/tests/fqdn_unittest.cc -@@ -2253,7 +2253,7 @@ TEST_F(NameDhcpv4SrvTest, sanitizeHostDefault) { - }, - { - "qualified host name with nuls", -- std::string("four-ok-host\000.other.org",23), -+ std::string("four-ok-host\000.other.org", 23), - "four-ok-host.other.org" - } - }; -@@ -3203,4 +3203,56 @@ TEST_F(NameDhcpv4SrvTest, poolDdnsParametersTest) { - } - } - -+// Verifies that when the FQDN option is scrubbed empty it is logged -+// and ignored. -+TEST_F(NameDhcpv4SrvTest, hostnameScrubbedEmpty) { -+ Dhcp4Client client(srv_, Dhcp4Client::SELECTING); -+ -+ // Configure DHCP server. -+ configure(CONFIGS[2], *client.getServer()); -+ -+ // Set the hostname option. -+ ASSERT_NO_THROW(client.includeHostname("___")); -+ -+ // Send the DHCPDISCOVER and make sure that the server responded. -+ ASSERT_NO_THROW(client.doDiscover()); -+ auto resp = client.getContext().response_; -+ ASSERT_TRUE(resp); -+ ASSERT_EQ(DHCPOFFER, static_cast(resp->getType())); -+ -+ // Should have logged that it was scrubbed empty. -+ std::string log = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY"; -+ EXPECT_EQ(1, countFile(log)); -+ -+ // Hostname should not be in the response. -+ ASSERT_FALSE(resp->getOption(DHO_HOST_NAME)); -+} -+ -+// Verifies that when the FQDN option is scrubbed empty it is logged -+// and ignored. -+TEST_F(NameDhcpv4SrvTest, fqdnScrubbedEmpty) { -+ Dhcp4Client client(srv_, Dhcp4Client::SELECTING); -+ -+ // Configure DHCP server. -+ configure(CONFIGS[2], *client.getServer()); -+ -+ // Include the Client FQDN option. -+ ASSERT_NO_THROW(client.includeFQDN(Option4ClientFqdn::FLAG_S | Option4ClientFqdn::FLAG_E, -+ "___", Option4ClientFqdn::PARTIAL)); -+ -+ // Send the DHCPDISCOVER and make sure that the server responded. -+ ASSERT_NO_THROW(client.doDiscover()); -+ auto resp = client.getContext().response_; -+ ASSERT_TRUE(resp); -+ ASSERT_EQ(DHCPOFFER, static_cast(resp->getType())); -+ -+ // Should have logged that it was scrubbed empty. -+ std::string log = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY"; -+ EXPECT_EQ(1, countFile(log)); -+ -+ // Hostname should not be in the response. -+ ASSERT_FALSE(resp->getOption(DHO_FQDN)); -+} -+ -+ - } // end of anonymous namespace -diff --git a/src/bin/dhcp6/dhcp6_messages.cc b/src/bin/dhcp6/dhcp6_messages.cc -index 229ba74450..9619481aba 100644 ---- a/src/bin/dhcp6/dhcp6_messages.cc -+++ b/src/bin/dhcp6/dhcp6_messages.cc -@@ -27,6 +27,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED = "DHCP6_CLASSES_ASSIGNE - extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION = "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION"; - extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED = "DHCP6_CLASS_ASSIGNED"; - extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED = "DHCP6_CLASS_UNCONFIGURED"; -+extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY"; - extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE = "DHCP6_CONFIG_COMPLETE"; - extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL = "DHCP6_CONFIG_LOAD_FAIL"; - extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE = "DHCP6_CONFIG_PACKET_QUEUE"; -@@ -203,6 +204,7 @@ const char* values[] = { - "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION", "%1: client packet has been assigned to the following classes: %2", - "DHCP6_CLASS_ASSIGNED", "%1: client packet has been assigned to the following class: %2", - "DHCP6_CLASS_UNCONFIGURED", "%1: client packet belongs to an unconfigured class: %2", -+ "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string", - "DHCP6_CONFIG_COMPLETE", "DHCPv6 server has completed configuration: %1", - "DHCP6_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2", - "DHCP6_CONFIG_PACKET_QUEUE", "DHCPv6 packet queue info after configuration: %1", -diff --git a/src/bin/dhcp6/dhcp6_messages.h b/src/bin/dhcp6/dhcp6_messages.h -index 186f7d557a..7af56e716a 100644 ---- a/src/bin/dhcp6/dhcp6_messages.h -+++ b/src/bin/dhcp6/dhcp6_messages.h -@@ -28,6 +28,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED; - extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION; - extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED; - extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED; -+extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY; - extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE; - extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL; - extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE; -diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes -index fff50ed367..79fc984ff5 100644 ---- a/src/bin/dhcp6/dhcp6_messages.mes -+++ b/src/bin/dhcp6/dhcp6_messages.mes -@@ -1167,3 +1167,10 @@ such modification. The clients will remember previous server-id, and will - use it to extend their leases. As a result, they will have to go through - a rebinding phase to re-acquire their leases and associate them with a - new server id. -+ -+% DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string -+Logged at debug log level 50. -+This debug message is issued when the result of sanitizing the -+FQDN option(39) sent by the client is an empty string. When this occurs -+the server will ignore the FQDN option. The arguments include the -+client and the FQDN option it sent. -diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc -index 417960b126..f999c3178f 100644 ---- a/src/bin/dhcp6/dhcp6_srv.cc -+++ b/src/bin/dhcp6/dhcp6_srv.cc -@@ -2332,7 +2332,14 @@ Dhcpv6Srv::processClientFqdn(const Pkt6Ptr& question, const Pkt6Ptr& answer, - } else { - // Adjust the domain name based on domain name value and type sent by - // the client and current configuration. -- d2_mgr.adjustDomainName(*fqdn, *fqdn_resp, *ddns_params); -+ try { -+ d2_mgr.adjustDomainName(*fqdn, *fqdn_resp, *ddns_params); -+ } catch(const FQDNScrubbedEmpty& scrubbed) { -+ LOG_DEBUG(ddns6_logger, DBG_DHCP6_DETAIL, DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY) -+ .arg(question->getLabel()) -+ .arg(scrubbed.what()); -+ return; -+ } - } - - // Once we have the FQDN setup to use it for the lease hostname. This -diff --git a/src/bin/dhcp6/tests/fqdn_unittest.cc b/src/bin/dhcp6/tests/fqdn_unittest.cc -index ca51856e67..7891c1f5e6 100644 ---- a/src/bin/dhcp6/tests/fqdn_unittest.cc -+++ b/src/bin/dhcp6/tests/fqdn_unittest.cc -@@ -2425,4 +2425,27 @@ TEST_F(FqdnDhcpv6SrvTest, poolDdnsParametersTest) { - } - } - -+// Verify an FQDN with all invalid chars is ignored. -+TEST_F(FqdnDhcpv6SrvTest, fqdnScrubbedEmpty) { -+ // Create the query. -+ Pkt6Ptr question = generateMessage(DHCPV6_SOLICIT, Option6ClientFqdn::FLAG_S, -+ "___" , Option6ClientFqdn::FULL, true); -+ ASSERT_TRUE(getClientFqdnOption(question)); -+ subnet_->setHostnameCharReplacement(""); -+ -+ // Create the response with an "assigned" lease. -+ // Set the selected subnet so ddns params get returned correctly. -+ AllocEngine::ClientContext6 ctx; -+ ctx.subnet_ = subnet_; -+ Pkt6Ptr answer = generateMessageWithIds(DHCPV6_ADVERTISE); -+ addIA(1234, IOAddress("2001:db8:1::1"), answer, ctx); -+ -+ // Process the client's FQDN. -+ ASSERT_NO_THROW(srv_->processClientFqdn(question, answer, ctx)); -+ -+ // Should not have an FQDN option in the answer. -+ EXPECT_FALSE(answer->getOption(D6O_CLIENT_FQDN)); -+ countFile("DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY"); -+} -+ - } // end of anonymous namespace -diff --git a/src/lib/dhcpsrv/d2_client_mgr.cc b/src/lib/dhcpsrv/d2_client_mgr.cc -index 84ee11d9fb..54c815176e 100644 ---- a/src/lib/dhcpsrv/d2_client_mgr.cc -+++ b/src/lib/dhcpsrv/d2_client_mgr.cc -@@ -186,10 +186,15 @@ std::string - D2ClientMgr::qualifyName(const std::string& partial_name, - const DdnsParams& ddns_params, - const bool trailing_dot) const { -+ if (partial_name.empty()) { -+ isc_throw(BadValue, "D2ClientMgr::qualifyName" -+ " - partial_name cannot be an empty string"); -+ } -+ - std::ostringstream gen_name; - gen_name << partial_name; - std::string suffix = ddns_params.getQualifyingSuffix(); -- if (!suffix.empty() && partial_name.back() != '.') { -+ if (!suffix.empty() && (partial_name.back() != '.')) { - bool suffix_present = true; - std::string str = gen_name.str(); - auto suffix_rit = suffix.rbegin(); -@@ -241,7 +246,7 @@ D2ClientMgr::qualifyName(const std::string& partial_name, - // If the trailing dot should not be appended but it is present, - // remove it. - if ((len > 0) && (str[len - 1] == '.')) { -- gen_name.str(str.substr(0,len-1)); -+ gen_name.str(str.substr(0, len-1)); - } - - } -diff --git a/src/lib/dhcpsrv/d2_client_mgr.h b/src/lib/dhcpsrv/d2_client_mgr.h -index 7344f19a40..238fd0a415 100644 ---- a/src/lib/dhcpsrv/d2_client_mgr.h -+++ b/src/lib/dhcpsrv/d2_client_mgr.h -@@ -30,6 +30,14 @@ - namespace isc { - namespace dhcp { - -+/// @brief Exception thrown when host name sanitizing reduces -+/// the domain name to an empty string. -+class FQDNScrubbedEmpty : public Exception { -+public: -+ FQDNScrubbedEmpty(const char* file, size_t line, const char* what) : -+ isc::Exception(file, line, what) { } -+}; -+ - /// @brief Defines the type for D2 IO error handler. - /// This callback is invoked when a send to kea-dhcp-ddns completes with a - /// failed status. This provides the application layer (Kea) with a means to -@@ -197,6 +205,7 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler, - /// suffix itself is empty (i.e. ""). - /// - /// @return std::string containing the qualified name. -+ /// @throw BadValue if partial_name is empty. - std::string qualifyName(const std::string& partial_name, - const DdnsParams& ddns_params, - const bool trailing_dot) const; -@@ -264,6 +273,9 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler, - /// @param ddns_params DDNS behavioral configuration parameters - /// @tparam T FQDN Option class containing the FQDN data such as - /// dhcp::Option4ClientFqdn or dhcp::Option6ClientFqdn -+ /// -+ /// @throw FQDNScrubbedEmpty if hostname sanitizing reduces the input domain -+ /// name to an empty string. - template - void adjustDomainName(const T& fqdn, T& fqdn_resp, - const DdnsParams& ddns_params); -@@ -515,7 +527,12 @@ D2ClientMgr::adjustDomainName(const T& fqdn, T& fqdn_resp, const DdnsParams& ddn - ss << sanitizer->scrub(label); - } - -- client_name = ss.str(); -+ std::string clean_name = ss.str(); -+ if (clean_name.empty() || clean_name == ".") { -+ isc_throw(FQDNScrubbedEmpty, client_name); -+ } -+ -+ client_name = clean_name; - } - - // If the supplied name is partial, qualify it by adding the suffix. -diff --git a/src/lib/dhcpsrv/tests/d2_client_unittest.cc b/src/lib/dhcpsrv/tests/d2_client_unittest.cc -index 68ad2189d6..00375d0066 100644 ---- a/src/lib/dhcpsrv/tests/d2_client_unittest.cc -+++ b/src/lib/dhcpsrv/tests/d2_client_unittest.cc -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -627,6 +628,10 @@ TEST_F(D2ClientMgrParamsTest, qualifyName) { - qualified_name = mgr.qualifyName(partial_name, *ddns_params_, do_not_dot); - EXPECT_EQ("somehost.suffix.com", qualified_name); - -+ // Verify that an empty name throws. -+ partial_name = ""; -+ ASSERT_THROW(mgr.qualifyName(partial_name, *ddns_params_, do_not_dot), BadValue); -+ - // Verify that an empty suffix and false flag, does not change the name - subnet_->setDdnsQualifyingSuffix(""); - partial_name = "somehost"; -@@ -1257,4 +1262,41 @@ TEST_F(D2ClientMgrParamsTest, sanitizeFqdnV6) { - } - } - -+/// @brief Tests adjustDomainName template method with Option4ClientFqdn -+/// when sanitizing scrubs input name empty. -+TEST_F(D2ClientMgrParamsTest, adjustDomainNameV4ScrubbedEmpty) { -+ D2ClientMgr mgr; -+ -+ // Create enabled configuration -+ subnet_->setDdnsSendUpdates(false); -+ subnet_->setDdnsQualifyingSuffix("suffix.com"); -+ subnet_->setHostnameCharSet("[^A-Za-z0-9.-]"); -+ subnet_->setHostnameCharReplacement(""); -+ -+ Option4ClientFqdn request(0, Option4ClientFqdn::RCODE_CLIENT(), -+ "___", Option4ClientFqdn::FULL); -+ -+ Option4ClientFqdn response(request); -+ ASSERT_THROW_MSG(mgr.adjustDomainName(request, response, *ddns_params_), -+ FQDNScrubbedEmpty, "___."); -+} -+ -+/// @brief Tests adjustDomainName template method with Option4ClientFqdn -+/// when sanitizing scrubs input name empty. -+TEST_F(D2ClientMgrParamsTest, adjustDomainNameV6ScrubbedEmpty) { -+ D2ClientMgr mgr; -+ -+ // Create enabled configuration -+ subnet_->setDdnsSendUpdates(false); -+ subnet_->setDdnsQualifyingSuffix("suffix.com"); -+ subnet_->setHostnameCharSet("[^A-Za-z0-9.-]"); -+ subnet_->setHostnameCharReplacement(""); -+ -+ Option6ClientFqdn request(0, "___", Option6ClientFqdn::FULL); -+ -+ Option6ClientFqdn response(request); -+ ASSERT_THROW_MSG(mgr.adjustDomainName(request, response, *ddns_params_), -+ FQDNScrubbedEmpty, "___."); -+} -+ - } // end of anonymous namespace diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch deleted file mode 100644 index 68a566773a..0000000000 --- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ /dev/null @@ -1,104 +0,0 @@ -From cdef313bd34c5abd897b80f25554b0c66737ed05 Mon Sep 17 00:00:00 2001 -From: Kai Kang -Date: Tue, 14 Oct 2025 01:37:35 +0000 -Subject: [PATCH] There are conflict of config files between - kea and lib32-kea: - -| Error: Transaction test error: -| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of - lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 -| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of - lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 -| file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of - lib32-kea-2.6.1-r0.core2_32 and kea-2.6.1-r0.core2_64 - -Because they are all commented out, replace the expanded libdir path with -'$libdir' in the config files to avoid conflict. - -Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] -Signed-off-by: Kai Kang -Signed-off-by: Lei Maohui -Signed-off-by: Liu Yiding ---- - src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- - src/bin/keactrl/kea-dhcp4.conf.pre | 6 +++--- - src/bin/keactrl/kea-dhcp6.conf.pre | 6 +++--- - 3 files changed, 8 insertions(+), 7 deletions(-) - -diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre -index 29d8111..de71f41 100644 ---- a/src/bin/keactrl/kea-ctrl-agent.conf.pre -+++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre -@@ -85,7 +85,8 @@ - // Agent will fail to start. - "hooks-libraries": [ - // { --// "library": "@libdir@/kea/hooks/control-agent-commands.so", -+// // Replace $libdir with real library path /usr/lib or /usr/lib64 -+// "library": "$libdir/kea/hooks/control-agent-commands.so", - // "parameters": { - // "param1": "foo" - // } -diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre -index 2a58507..86b5abf 100644 ---- a/src/bin/keactrl/kea-dhcp4.conf.pre -+++ b/src/bin/keactrl/kea-dhcp4.conf.pre -@@ -255,7 +255,7 @@ - // // of all devices serviced by Kea, including their identifiers - // // (like MAC address), their location in the network, times - // // when they were active etc. -- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", -+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", - // "parameters": { - // "base-name": "kea-forensic4" - // } -@@ -271,14 +271,14 @@ - // // of specific options or perhaps even a combination of several - // // options and fields to uniquely identify a client. Those scenarios - // // are addressed by the Flexible Identifiers hook application. -- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", -+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", - // "parameters": { - // "identifier-expression": "relay4[2].hex" - // } - // }, - // { - // // the MySQL host backend hook library required for host storage. -- // "library": "@libdir@/kea/hooks/libdhcp_mysql.so" -+ // "library": "$libdir/kea/hooks/libdhcp_mysql.so" - // } - // ], - -diff --git a/src/bin/keactrl/kea-dhcp6.conf.pre b/src/bin/keactrl/kea-dhcp6.conf.pre -index c69a508..2bb488f 100644 ---- a/src/bin/keactrl/kea-dhcp6.conf.pre -+++ b/src/bin/keactrl/kea-dhcp6.conf.pre -@@ -201,7 +201,7 @@ - // // of all devices serviced by Kea, including their identifiers - // // (like MAC address), their location in the network, times - // // when they were active etc. -- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", -+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", - // "parameters": { - // "base-name": "kea-forensic6" - // } -@@ -217,14 +217,14 @@ - // // of specific options or perhaps even a combination of several - // // options and fields to uniquely identify a client. Those scenarios - // // are addressed by the Flexible Identifiers hook application. -- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", -+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", - // "parameters": { - // "identifier-expression": "relay6[0].option[37].hex" - // } - // }, - // { - // // the MySQL host backend hook library required for host storage. -- // "library": "@libdir@/kea/hooks/libdhcp_mysql.so" -+ // "library": "$libdir/kea/hooks/libdhcp_mysql.so" - // } - // ], - --- -2.43.0 - diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch deleted file mode 100644 index 9cc91bdddf..0000000000 --- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f5125725e4e2e250ccc78a17a8b77431100e7c15 Mon Sep 17 00:00:00 2001 -From: Armin kuster -Date: Wed, 14 Oct 2020 22:48:31 -0700 -Subject: [PATCH] Busybox does not support ps -p so use pgrep - -Upstream-Status: Inappropriate [embedded specific] -Based on changes from Diego Sueiro - -Signed-off-by: Armin kuster - -Refresh to apply on top of 2.6.1. - -Signed-off-by: Trevor Gamblin ---- - src/bin/keactrl/keactrl.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/bin/keactrl/keactrl.in -+++ b/src/bin/keactrl/keactrl.in -@@ -157,8 +157,8 @@ check_running() { - # Get the PID from the PID file (if it exists) - get_pid_from_file "${proc_name}" - if [ "${_pid}" -gt 0 ]; then -- # Use ps to check if PID is alive -- if ps -p "${_pid}" 1>/dev/null; then -+ # Use pgrep and grep to check if PID is alive -+ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then - # No error, so PID IS ALIVE - _running=1 - fi diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server deleted file mode 100644 index 50fe40d439..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: kea-dhcp-ddns-server -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: ISC KEA DHCP IPv6 Server -### END INIT INFO - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="kea-dhcp-ddns-server" -NAME=kea-dhcp-ddns -DAEMON=/usr/sbin/keactrl -DAEMON_ARGS=" -s dhcp_ddns" - -set -e - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Source function library. -. /etc/init.d/functions - -case "$1" in - start) - echo -n "Starting $DESC: " - start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS - echo "done." - ;; - stop) - echo -n "Stopping $DESC: " - kpid=`pidof $NAME` - kill $kpid - echo "done." - ;; - restart|force-reload) - # - $0 stop - $0 start - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service deleted file mode 100644 index aec6446f0e..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Kea DHCP-DDNS Server -Wants=network-online.target -After=network-online.target -After=time-sync.target - -[Service] -ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ -ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ -ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server deleted file mode 100644 index e83e51025d..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp4-server +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: kea-dhcp4-server -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: ISC KEA DHCP IPv6 Server -### END INIT INFO - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="kea-dhcp4-server" -NAME=kea-dhcp4 -DAEMON=/usr/sbin/keactrl -DAEMON_ARGS=" -s dhcp4" - -set -e - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Source function library. -. /etc/init.d/functions - -case "$1" in - start) - echo -n "Starting $DESC: " - start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS - echo "done." - ;; - stop) - echo -n "Stopping $DESC: " - kpid=`pidof $NAME` - kill $kpid - echo "done." - ;; - restart|force-reload) - # - $0 stop - $0 start - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service deleted file mode 100644 index a2ed4edb59..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp4.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Kea DHCPv4 Server -Wants=network-online.target -After=network-online.target -After=time-sync.target - -[Service] -ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ -ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ -ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea -ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server deleted file mode 100644 index 10f2d22641..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp6-server +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: kea-dhcp6-server -# Required-Start: $local_fs $network $remote_fs $syslog -# Required-Stop: $local_fs $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: ISC KEA DHCP IPv6 Server -### END INIT INFO - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="kea-dhcp6-server" -NAME=kea-dhcp6 -DAEMON=/usr/sbin/keactrl -DAEMON_ARGS=" -s dhcp6" - -set -e - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Source function library. -. /etc/init.d/functions - -case "$1" in - start) - echo -n "Starting $DESC: " - start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS - echo "done." - ;; - stop) - echo -n "Stopping $DESC: " - kpid=`pidof $NAME` - kill $kpid - echo "done." - ;; - restart|force-reload) - # - $0 stop - $0 start - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service deleted file mode 100644 index ed6e017d0c..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp6.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Kea DHCPv6 Server -Wants=network-online.target -After=network-online.target -After=time-sync.target - -[Service] -ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ -ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ -ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea -ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/kea_3.0.1.bb b/meta/recipes-connectivity/kea/kea_3.0.1.bb deleted file mode 100644 index 8729b1162e..0000000000 --- a/meta/recipes-connectivity/kea/kea_3.0.1.bb +++ /dev/null @@ -1,90 +0,0 @@ -SUMMARY = "ISC Kea DHCP Server" -DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." -HOMEPAGE = "http://kea.isc.org" -SECTION = "connectivity" -LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=fb634ed1d923b8b8fd1ed7ffc9b70ae4" - -DEPENDS = "boost log4cplus openssl" - -SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.xz \ - file://kea-dhcp4.service \ - file://kea-dhcp6.service \ - file://kea-dhcp-ddns.service \ - file://kea-dhcp4-server \ - file://kea-dhcp6-server \ - file://kea-dhcp-ddns-server \ - file://fix-multilib-conflict.patch \ - file://fix_pid_keactrl.patch \ - file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ - file://0001-build-boost-1.89.0-fixes.patch \ - file://0001-meson-use-a-runtime-safe-interpreter-string.patch \ - file://0001-mk_cfgrpt.sh-strip-prefixes.patch \ - file://0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch \ - file://CVE-2025-11232.patch \ - " -SRC_URI[sha256sum] = "ec84fec4bb7f6b9d15a82e755a571e9348eb4d6fbc62bb3f6f1296cd7a24c566" - -inherit meson pkgconfig systemd update-rc.d upstream-version-is-even - -EXTRA_OEMESON += "-Dcrypto=openssl -Drunstatedir=${runtimedir} -Dkrb5=disabled -Dnetconf=disabled --install-umask=0022" - -INITSCRIPT_NAME = "kea-dhcp4-server" -INITSCRIPT_PARAMS = "defaults 30" - -SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" -SYSTEMD_AUTO_ENABLE = "disable" - -DEBUG_OPTIMIZATION:remove:mips = " -Og" -DEBUG_OPTIMIZATION:append:mips = " -O" -BUILD_OPTIMIZATION:remove:mips = " -Og" -BUILD_OPTIMIZATION:append:mips = " -O" - -DEBUG_OPTIMIZATION:remove:mipsel = " -Og" -DEBUG_OPTIMIZATION:append:mipsel = " -O" -BUILD_OPTIMIZATION:remove:mipsel = " -Og" -BUILD_OPTIMIZATION:append:mipsel = " -O" - -CXXFLAGS:remove = "-fvisibility-inlines-hidden" - -do_configure:prepend() { - # replace abs_top_builddir to avoid introducing the build path - # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target - find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" - sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in - export STRIP_PREFIXES="${RECIPE_SYSROOT_NATIVE}:${RECIPE_SYSROOT}:${WORKDIR}:${B}" -} - -# patch out build host paths for reproducibility -do_compile:prepend:class-target() { - sed -i -e "s,${WORKDIR},,g" ${B}/config.report -} - -do_install:append() { - install -d ${D}${sysconfdir}/init.d - install -d ${D}${systemd_system_unitdir} - - install -m 0644 ${UNPACKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir} - install -m 0755 ${UNPACKDIR}/kea-*-server ${D}${sysconfdir}/init.d - sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl - sed -i -e "s:${B}:@abs_top_builddir_placeholder@:g" \ - -e "s:${S}:@abs_top_srcdir_placeholder@:g" \ - ${D}${sbindir}/kea-admin - rm -rf ${D}${datadir}/${BPN}/meson-info - rm -rf ${D}${runtimedir} -} - -do_install:append() { - rm -rf "${D}${localstatedir}" -} - -CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" - -PACKAGES =+ "${PN}-python" -FILES:${PN}-python = "${nonarch_libdir}/python*/site-packages/*" -RDEPENDS:${PN}-python = "python3" - -FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" -FILES:${PN} += "${libdir}/hooks/*.so" diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb deleted file mode 100644 index 7ad52acd06..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "Interface for user-level network packet capture" -DESCRIPTION = "Libpcap provides a portable framework for low-level network \ -monitoring. Libpcap can provide network statistics collection, \ -security monitoring and network debugging." -HOMEPAGE = "http://www.tcpdump.org/" -BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" -SECTION = "libs/network" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ - file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" -DEPENDS = "flex-native bison-native" - -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz" -SRC_URI[sha256sum] = "84fa89ac6d303028c1c5b754abff77224f45eca0a94eb1a34ff0aa9ceece3925" - -inherit autotools binconfig-disabled pkgconfig - -BINCONFIG = "${bindir}/pcap-config" - -# Explicitly disable dag support. We don't have recipe for it and if enabled here, -# configure script poisons the include dirs with /usr/local/include even when the -# support hasn't been detected. Do the same thing for DPDK. -EXTRA_OECONF = " \ - --with-pcap=linux \ - --without-dag \ - --without-dpdk \ - " -EXTRA_AUTORECONF += "--exclude=aclocal" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" -PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5" -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" - -do_configure:prepend () { - #remove hardcoded references to /usr/include - sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb b/meta/recipes-connectivity/libuv/libuv_1.51.0.bb deleted file mode 100644 index 9ff9cf35e2..0000000000 --- a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb +++ /dev/null @@ -1,20 +0,0 @@ -SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" -HOMEPAGE = "https://github.com/libuv/libuv" -DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." -BUGTRACKER = "https://github.com/libuv/libuv/issues" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ - file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" - -SRCREV = "5152db2cbfeb5582e9c27c5ea1dba2cd9e10759b" -SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https;tag=v${PV}" -UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" - -inherit autotools - -do_configure() { - ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" - oe_runconf -} - -BBCLASSEXTEND = "native" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb deleted file mode 100644 index 72663c7e0a..0000000000 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "Mobile Broadband Service Provider Database" -HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" -DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" -SECTION = "network" -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" - -PE = "1" - -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main;tag=${PV}" -SRCREV = "2a1b409491a531aedcf3eb3ba907929d96bd181a" - -inherit meson - -DEPENDS += "libxslt-native" diff --git a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch deleted file mode 100644 index d8e8a5e5da..0000000000 --- a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch +++ /dev/null @@ -1,35 +0,0 @@ -From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen -Date: Fri, 17 Mar 2017 14:24:29 +0200 -Subject: [PATCH] Add header dependency to nciattach.o - -This can happen when compiling nciattach.o: - -| In file included from ../neard-0.16/tools/nciattach.c:47:0: -| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such -file or directory -| #include - -Add the missing dependency to local headers. - -Signed-off-by: Jussi Kukkonen -Upstream-Status: Submitted [mailinglist] ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index fa552ee..acef6ba 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources) - - $(src_neard_OBJECTS) \ - $(tools_nfctool_nfctool_OBJECTS) \ -+$(tools_nciattach_OBJECTS) \ - $(plugin_objects) \ - $(se_seeld_OBJECTS) \ - $(unit_test_ndef_parse_OBJECTS) \ --- -2.11.0 - diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch deleted file mode 100644 index 16875e0543..0000000000 --- a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch +++ /dev/null @@ -1,36 +0,0 @@ -From bfd32d68cfc9f1e31dab88e07446d1c02bc80b5e Mon Sep 17 00:00:00 2001 -From: Robert Yang -Date: Thu, 12 Feb 2015 00:39:29 -0800 -Subject: [PATCH] Makefile.am: do not ship version.h - -The HEADERS' name has been changed to pkginclude_HEADERS, so use -nodist_pkginclude_HEADERS, otherwise version.h would be shipped. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang ---- - Makefile.am | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 3334790..69cd58f 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,11 +10,11 @@ pkginclude_HEADERS = include/types.h include/log.h include/plugin.h \ - include/tlv.h include/setting.h include/device.h \ - include/nfc_copy.h include/snep.h - --nodist_include_HEADERS = include/version.h -+nodist_pkginclude_HEADERS = include/version.h - - noinst_HEADERS = include/dbus.h - --local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_include_HEADERS) \ -+local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_pkginclude_HEADERS) \ - $(noinst_HEADERS), include/near/$(notdir $(file))) - - gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \ --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch deleted file mode 100644 index aeb33a5bdc..0000000000 --- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001 -From: Robert Yang -Date: Thu, 15 Jan 2015 18:12:07 -0800 -Subject: [PATCH] Makefile.am: fix parallel issue - -There might be no src dir if src/builtin.h runs earlier, create it to -fix the race issue: - -src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h -/bin/sh: src/builtin.h: No such file or directory - -Upstream-Status: Backport [d39f8c0eee659743b4425d395c2f7ab1949e9c71] - -Signed-off-by: Robert Yang ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -Index: neard-0.16/Makefile.am -=================================================================== ---- neard-0.16.orig/Makefile.am -+++ neard-0.16/Makefile.am -@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di - src/plugin.$(OBJEXT): src/builtin.h - - src/builtin.h: src/genbuiltin $(builtin_sources) -+ $(AM_V_at)$(MKDIR_P) src - $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ - - se/plugin.$(OBJEXT): se/builtin.h diff --git a/meta/recipes-connectivity/neard/neard/neard.in b/meta/recipes-connectivity/neard/neard/neard.in deleted file mode 100644 index a47d4d96c9..0000000000 --- a/meta/recipes-connectivity/neard/neard/neard.in +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# -# start/stop neard daemon. - -### BEGIN INIT INFO -# Provides: neard -# Required-Start: $network -# Required-Stop: $network -# Default-Start: S 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: NFC daemon -# Description: neard is a daemon used to enable NFC features -### END INIT INFO - -DAEMON=@installpath@/neard -PIDFILE=/var/run/neard.pid -DESC="Linux NFC daemon" - -if [ -f /etc/default/neard ] ; then - . /etc/default/neard -fi - -set -e - -do_start() { - $DAEMON -} - -do_stop() { - start-stop-daemon --stop --name neard --quiet -} - -case "$1" in - start) - echo "Starting $DESC" - do_start - ;; - stop) - echo "Stopping $DESC" - do_stop - ;; - restart|force-reload) - echo "Restarting $DESC" - do_stop - sleep 1 - do_start - ;; - *) - echo "Usage: $0 {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/meta/recipes-connectivity/neard/neard_0.19.bb b/meta/recipes-connectivity/neard/neard_0.19.bb deleted file mode 100644 index c1149e7631..0000000000 --- a/meta/recipes-connectivity/neard/neard_0.19.bb +++ /dev/null @@ -1,48 +0,0 @@ -SUMMARY = "Linux NFC daemon" -DESCRIPTION = "A daemon for the Linux Near Field Communication stack" -HOMEPAGE = "https://github.com/linux-nfc/neard" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ - file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ - " - -DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" - -SRC_URI = "git://github.com/linux-nfc/neard;protocol=https;branch=master \ - file://neard.in \ - file://Makefile.am-fix-parallel-issue.patch \ - file://Makefile.am-do-not-ship-version.h.patch \ - file://0001-Add-header-dependency-to-nciattach.o.patch \ - " - -SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7" - -inherit autotools pkgconfig systemd update-rc.d - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" - -EXTRA_OECONF += "--enable-tools" - -# This would copy neard start-stop shell and test scripts -do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/init.d/ - sed "s:@installpath@:${libexecdir}/nfc:" ${UNPACKDIR}/neard.in \ - > ${D}${sysconfdir}/init.d/neard - chmod 0755 ${D}${sysconfdir}/init.d/neard - fi -} - -# Bluez & Wifi are not mandatory except for handover -WIRELESS_DAEMON ??= "wpa-supplicant" -RRECOMMENDS:${PN} = "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','${WIRELESS_DAEMON}', '', d)} \ - " - -INITSCRIPT_NAME = "neard" -INITSCRIPT_PARAMS = "defaults 64" - -SYSTEMD_SERVICE:${PN} = "neard.service" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch deleted file mode 100644 index 351407ddcd..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 24 Jul 2023 20:39:16 -0700 -Subject: [PATCH] locktest: Makefile.am: Do not use build flags - -Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags -when thse flags are speficied different than target flags which -is common when cross-building. It can pass wrong paths to linker -and it would find incompatible libraries during link since they -are from host system and target maybe not same as build host. - -Fixes subtle errors like -| aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64 - -Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2] -Signed-off-by: Khem Raj ---- - tools/locktest/Makefile.am | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index e8914655..2fd36971 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -2,8 +2,5 @@ - - noinst_PROGRAMS = testlk - testlk_SOURCES = testlk.c --testlk_CFLAGS=$(CFLAGS_FOR_BUILD) --testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD) --testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD) - - MAINTAINERCLEANFILES = Makefile.in --- -2.41.0 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch deleted file mode 100644 index bbf44d5977..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 001913c5eb0aad933a93ee966252905cd46d776b Mon Sep 17 00:00:00 2001 -From: Daniel McGregor -Date: Tue, 6 Jun 2023 16:07:53 -0600 -Subject: [PATCH] Use "nogroup" for nobody group - -Upstream-Status: Inappropriate [oe-core specific, configuration] -Signed-off-by: Daniel McGregor ---- - support/nfsidmap/idmapd.conf | 2 +- - utils/idmapd/idmapd.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/support/nfsidmap/idmapd.conf b/support/nfsidmap/idmapd.conf -index 2a2f79a1..e6f3724f 100644 ---- a/support/nfsidmap/idmapd.conf -+++ b/support/nfsidmap/idmapd.conf -@@ -41,7 +41,7 @@ - [Mapping] - - #Nobody-User = nobody --#Nobody-Group = nobody -+#Nobody-Group = nogroup - - [Translation] - -diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c -index cd9a965f..3be805e9 100644 ---- a/utils/idmapd/idmapd.c -+++ b/utils/idmapd/idmapd.c -@@ -89,7 +89,7 @@ - #endif - - #ifndef NFS4NOBODY_GROUP --#define NFS4NOBODY_GROUP "nobody" -+#define NFS4NOBODY_GROUP "nogroup" - #endif - - /* From Niels */ diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch deleted file mode 100644 index 3241e8e859..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a2af266f013722a64c5d04e0fe097cd711393a53 Mon Sep 17 00:00:00 2001 -From: Daniel McGregor -Date: Wed, 8 Nov 2023 16:24:20 -0600 -Subject: [PATCH] find OE provided Kerberos - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Daniel McGregor ---- - aclocal/kerberos5.m4 | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 -index f96f0fd4..ad85fdf2 100644 ---- a/aclocal/kerberos5.m4 -+++ b/aclocal/kerberos5.m4 -@@ -22,8 +22,8 @@ AC_DEFUN([AC_KERBEROS_V5],[ - dnl This ugly hack brought on by the split installation of - dnl MIT Kerberos on Fedora Core 1 - K5CONFIG="" -- if test -f $dir/bin/krb5-config; then -- K5CONFIG=$dir/bin/krb5-config -+ if test -f $dir/bin/crossscripts/krb5-config; then -+ K5CONFIG=$dir/bin/crossscripts/krb5-config - elif test -f "/usr/kerberos/bin/krb5-config"; then - K5CONFIG="/usr/kerberos/bin/krb5-config" - elif test -f "/usr/lib/mit/bin/krb5-config"; then -@@ -72,6 +72,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ - AC_MSG_RESULT($KRBDIR) - - dnl Check if -rpath=$(KRBDIR)/lib is needed -+ if false; then - echo "The current KRBDIR is $KRBDIR" - if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \ - -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then -@@ -81,6 +82,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ - else - KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib" - fi -+ fi - - dnl Now check for functions within gssapi library - AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon deleted file mode 100644 index 9b7fd17b41..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon +++ /dev/null @@ -1,279 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: nfs-common -# Required-Start: $portmap $time -# Required-Stop: $portmap $time -# Default-Start: S -# Default-Stop: 0 1 6 -# Short-Description: NFS support files common to client and server -# Description: NFS is a popular protocol for file sharing across -# TCP/IP networks. This service provides various -# support functions for NFS mounts. -### END INIT INFO - -# What is this? -DESC="NFS common utilities" - -# Read config -DEFAULTFILE=/etc/default/nfs-utils -NEED_STATD= -NEED_GSSD= -if nfsconf --isset general pipefs-directory; then - PIPEFS_MOUNTPOINT=$(nfsconf --get general pipefs-directory) -else - PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs -fi -if [ -f $DEFAULTFILE ]; then - . $DEFAULTFILE -fi - -. /etc/init.d/functions - -# Exit if required binaries are missing. -[ -x /usr/sbin/rpc.statd ] || exit 0 - -# -# Parse the fstab file, and determine whether we need gssd. (The -# /etc/defaults settings, if any, will override our autodetection.) This code -# is partially adapted from the mountnfs.sh script in the sysvinit package. -# -AUTO_NEED_GSSD=no - -if [ -f /etc/fstab ]; then - exec 9<&0 /dev/null 2>&1 - RET=$? - if [ $RET != 0 ]; then - echo - echo "Not starting: portmapper is not running" - exit 0 - fi - fi - start-stop-daemon --start --oknodo --quiet \ - --pidfile /run/rpc.statd.pid \ - --exec /usr/sbin/rpc.statd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - else - if [ -d /run/sendsigs.omit.d ]; then - rm -f /run/sendsigs.omit.d/statd - ln -s /run/rpc.statd.pid /run/sendsigs.omit.d/statd - fi - fi - fi - - # Don't start idmapd and gssd if we don't have them (say, if /usr is not - # up yet). - [ -x /usr/sbin/rpc.idmapd ] || NEED_IDMAPD=no - [ -x /usr/sbin/rpc.gssd ] || NEED_GSSD=no - - if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ] - then - do_modprobe sunrpc - do_modprobe nfs - do_modprobe nfsd - mkdir -p "$PIPEFS_MOUNTPOINT" - if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT - then - if [ "$NEED_IDMAPD" = yes ] - then - ecno -n " idmapd" - start-stop-daemon --start --oknodo --quiet \ - --exec /usr/sbin/rpc.idmapd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - fi - fi - if [ "$NEED_GSSD" = yes ] - then - do_modprobe rpcsec_gss_krb5 - echo -n " gssd" - - start-stop-daemon --start --oknodo --quiet \ - --exec /usr/sbin/rpc.gssd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - fi - fi - fi - fi - echo " done" - ;; - - stop) - echo -n "Stopping $DESC ..." - - if [ "$NEED_GSSD" = yes ] - then - echo -n " gssd" - start-stop-daemon --stop --oknodo --quiet \ - --name rpc.gssd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - fi - fi - if [ "$NEED_IDMAPD" = yes ] - then - echo -n " idmapd" - start-stop-daemon --stop --oknodo --quiet \ - --name rpc.idmapd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - fi - fi - if [ "$NEED_STATD" = yes ] - then - echo -n " statd" - start-stop-daemon --stop --oknodo --quiet \ - --name rpc.statd - RET=$? - if [ $RET != 0 ]; then - echo " failed" $RET - exit $RET - fi - fi - do_umount $PIPEFS_MOUNTPOINT 2>/dev/null || true - echo " done" - ;; - - status) - if [ "$NEED_STATD" = yes ] - then - if ! pidof rpc.statd >/dev/null - then - echo "rpc.statd not running" - exit 3 - fi - fi - - if [ "$NEED_GSSD" = yes ] - then - if ! pidof rpc.gssd >/dev/null - then - echo "rpc.gssd not running" - exit 3 - fi - fi - - if [ "$NEED_IDMAPD" = yes ] - then - if ! pidof rpc.idmapd >/dev/null - then - echo "rpc.idmapd not running" - exit 3 - fi - fi - - echo "all daemons running" - exit 0 - ;; - - restart | force-reload) - $0 stop - sleep 1 - $0 start - ;; - - *) - echo "Usage: nfscommon {start|stop|status|restart}" - exit 1 - ;; -esac - -exit 0 diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver deleted file mode 100644 index 99ec280b35..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: nfs-kernel-server -# Required-Start: $remote_fs nfs-common $portmap $time -# Required-Stop: $remote_fs nfs-common $portmap $time -# Should-Start: $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Kernel NFS server support -# Description: NFS is a popular protocol for file sharing across -# TCP/IP networks. This service provides NFS server -# functionality, which is configured via the -# /etc/exports file. -### END INIT INFO -# -# Startup script for nfs-utils -# -# Source function library. -. /etc/init.d/functions -# -# The environment variable NFS_SERVERS may be set in /etc/default/nfsd -# Other control variables may be overridden here too -test -r /etc/default/nfs-utils && . /etc/default/nfs-utils -# -# Location of executables: -test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd -test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd -test -x "$NFS_SVCGSSD" || NFS_SVCGSSD=/usr/sbin/rpc.svcgssd -# -# The user mode program must also exist (it just starts the kernel -# threads using the kernel module code). -test -x "$NFS_MOUNTD" || exit 0 -test -x "$NFS_NFSD" || exit 0 - -case "$NEED_SVCGSSD" in - yes|no) - ;; - *) - NEED_SVCGSSD=no - ;; -esac -# -#---------------------------------------------------------------------- -# Startup and shutdown functions. -# Actual startup/shutdown is at the end of this file. -#mountd -start_mountd(){ - echo -n 'starting mountd: ' - start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@" - echo done -} -stop_mountd(){ - echo -n 'stopping mountd: ' - start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD" - echo done -} -# -#svcgssd -start_svcgssd(){ - modprobe -q rpcsec_gss_krb5 - if [ "$NEED_SVCGSSD" = "yes" ]; then - echo -n "starting svcgssd: " - start-stop-daemon --start --exec "$NFS_SVCGSSD" -- "$@" - echo done - fi -} -stop_svcgssd(){ - if [ "$NEED_SVCGSSD" = "yes" ]; then - echo -n "stop svcgssd: " - start-stop-daemon --stop --exec "$NFS_SVCGSSD" - echo done - fi -} -#nfsd -start_nfsd(){ - modprobe -q nfsd - grep -q nfsd /proc/filesystems || { - echo NFS daemon support not enabled in kernel - exit 1 - } - grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd - grep -q nfsd /proc/mounts || { - echo nfsd filesystem could not be mounted at /proc/fs/nfsd - exit 1 - } - - echo -n "starting nfsd: " - start-stop-daemon --start --exec "$NFS_NFSD" -- "$@" - echo done -} -stop_nfsd(){ - echo -n 'stopping nfsd: ' - $NFS_NFSD 0 - if pidof nfsd - then - echo failed - else - echo done - fi -} - -#---------------------------------------------------------------------- -# -# supported options: -# start -# stop -# reload: reloads the exports file -# restart: stops and starts mountd -#FIXME: need to create the /var/lib/nfs/... directories -case "$1" in - start) - test -r /etc/exports && exportfs -r - start_nfsd - start_svcgssd - start_mountd - test -r /etc/exports && exportfs -a;; - stop) exportfs -ua - stop_mountd - stop_svcgssd - stop_nfsd;; - status) - status /usr/sbin/rpc.mountd - RETVAL=$? - status nfsd - rval=$? - [ $RETVAL -eq 0 ] && exit $rval - exit $RETVAL;; - reload) test -r /etc/exports && exportfs -r;; - restart) - $0 stop - $0 start;; - *) echo "Usage: $0 {start|stop|status|reload|restart}" - exit 1;; -esac diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb deleted file mode 100644 index b68a55edcd..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb +++ /dev/null @@ -1,159 +0,0 @@ -SUMMARY = "userspace utilities for kernel nfs" -DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ -NFS server and related tools." -HOMEPAGE = "http://nfs.sourceforge.net/" -SECTION = "console/network" - -LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" - -# util-linux for libblkid -DEPENDS = "libcap libevent util-linux sqlite3 libtirpc libxml2" -RDEPENDS:${PN} = "${PN}-client" -RRECOMMENDS:${PN} = "kernel-module-nfsd" - -inherit useradd - -USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ - --shell /bin/false --user-group rpcuser" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ - file://nfsserver \ - file://nfscommon \ - file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ - file://0004-Use-nogroup-for-nobody-group.patch \ - file://0005-find-OE-provided-Kerberos.patch \ - " - -SRC_URI[sha256sum] = "11c4cc598a434d7d340bad3e072a373ba1dcc2c49f855d44b202222b78ecdbf5" - -# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will -# pull in the remainder of the dependencies. - -INITSCRIPT_PACKAGES = "${PN} ${PN}-client" -INITSCRIPT_NAME = "nfsserver" -INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME:${PN}-client = "nfscommon" -INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" - -inherit autotools-brokensep update-rc.d systemd pkgconfig - -SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE:${PN} = "nfs-server.service" -SYSTEMD_SERVICE:${PN}-client = "nfs-client.target" - -# --enable-uuid is need for cross-compiling -EXTRA_OECONF = "--with-statduser=rpcuser \ - --enable-mountconfig \ - --enable-libmount-mount \ - --enable-uuid \ - --with-statdpath=/var/lib/nfs/statd \ - --with-pluginpath=${libdir}/libnfsidmap \ - --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ - " - -LDFLAGS += "-lsqlite3 -levent" - -PACKAGECONFIG ??= "tcp-wrappers \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} \ -" - -PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" -#krb5 is available in meta-oe -PACKAGECONFIG[gssapi] = "--with-krb5=${STAGING_EXECPREFIXDIR} --enable-gss --enable-svcgss,--disable-gss --disable-svcgss,krb5" -PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -# libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" -# keyutils is available in meta-oe -PACKAGECONFIG[nfsv4] = "--enable-nfsv4 --enable-nfsdcltrack,--disable-nfsv4 --disable-nfsdcltrack,keyutils,python3-core" -PACKAGECONFIG[nfsdctl] = "--enable-nfsdctl,--disable-nfsdctl,libnl readline," -PACKAGECONFIG[systemd] = "--with-systemd=${systemd_unitdir}/system,--without-systemd" - -PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl" - -CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ - ${localstatedir}/lib/nfs/rmtab \ - ${localstatedir}/lib/nfs/xtab \ - ${localstatedir}/lib/nfs/statd/state \ - ${sysconfdir}/idmapd.conf \ - ${sysconfdir}/nfs.conf \ - ${sysconfdir}/nfsmount.conf" - -FILES:${PN}-client = "${sbindir}/*statd \ - ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ - ${sbindir}/showmount ${sbindir}/nfsstat \ - ${sbindir}/rpc.gssd \ - ${sbindir}/nfsconf \ - ${libdir}/libnfsidmap.so.* \ - ${libdir}/libnfsidmap/*.so \ - ${libexecdir}/nfsrahead \ - ${localstatedir}/lib/nfs \ - ${sysconfdir}/idmapd.conf \ - ${sysconfdir}/init.d/nfscommon \ - ${sysconfdir}/nfs.conf \ - ${sysconfdir}/nfsmount.conf \ - ${systemd_system_unitdir}/auth-rpcgss-module.service \ - ${systemd_system_unitdir}/nfs-client.target \ - ${systemd_system_unitdir}/nfs-idmapd.service \ - ${systemd_system_unitdir}/nfs-statd.service \ - ${systemd_system_unitdir}/nfscommon.service \ - ${systemd_system_unitdir}/rpc-gssd.service \ - ${systemd_system_unitdir}/rpc-statd-notify.service \ - ${systemd_system_unitdir}/rpc-statd.service \ - ${systemd_system_unitdir}/rpc_pipefs.target \ - ${systemd_system_unitdir}/var-lib-nfs-rpc_pipefs.mount \ - ${nonarch_libdir}/udev/rules.d/*" -RDEPENDS:${PN}-client = "${PN}-mount rpcbind" - -FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" - -FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" -RDEPENDS:${PN}-stats = "python3-core" - -FILES:${PN}-rpcctl = "${sbindir}/rpcctl" -RDEPENDS:${PN}-rpcctl = "python3-core" - -FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" - -FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d" - -do_configure:prepend() { - sed -i -e 's,sbindir = .*,sbindir = ${base_sbindir},g' \ - -e 's,udev_rulesdir = .*,udev_rulesdir = ${nonarch_base_libdir}/udev/rules.d/,g' \ - ${S}/utils/mount/Makefile.am ${S}/utils/nfsdcltrack/Makefile.am \ - ${S}/systemd/Makefile.am ${S}/tools/nfsrahead/Makefile.am -} - -# Make clean needed because the package comes with -# precompiled 64-bit objects that break the build -do_compile:prepend() { - make clean -} - -# Works on systemd only -HIGH_RLIMIT_NOFILE ??= "4096" - -do_install:append () { - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${UNPACKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver - install -m 0755 ${UNPACKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon - - install -m 0644 ${S}/support/nfsidmap/idmapd.conf ${D}${sysconfdir} - install -m 0644 ${S}/nfs.conf ${D}${sysconfdir} - - install -d ${D}${systemd_system_unitdir} - # Retain historical service name so old scripts keep working - ln -s rpc-statd.service ${D}${systemd_system_unitdir}/nfs-statd.service - # Add compatibility symlinks for the sysvinit scripts - ln -s nfs-server.service ${D}${systemd_system_unitdir}/nfsserver.service - ln -s /dev/null ${D}${systemd_system_unitdir}/nfscommon.service - - # kernel code as of 3.8 hard-codes this path as a default - install -d ${D}/var/lib/nfs/v4recovery - - # chown the directories and files - chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd - chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state -} diff --git a/meta/recipes-connectivity/ofono/ofono/ofono b/meta/recipes-connectivity/ofono/ofono/ofono deleted file mode 100644 index cc9970929c..0000000000 --- a/meta/recipes-connectivity/ofono/ofono/ofono +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -DAEMON=/usr/sbin/ofonod -PIDFILE=/var/run/ofonod.pid -DESC="Telephony daemon" - -if [ -f /etc/default/ofono ] ; then - . /etc/default/ofono -fi - -set -e - -do_start() { - $DAEMON -} - -do_stop() { - start-stop-daemon --stop --name ofonod --quiet -} - -case "$1" in - start) - echo "Starting $DESC" - do_start - ;; - stop) - echo "Stopping $DESC" - do_stop - ;; - restart|force-reload) - echo "Restarting $DESC" - do_stop - sleep 1 - do_start - ;; - *) - echo "Usage: $0 {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/meta/recipes-connectivity/ofono/ofono_2.18.bb b/meta/recipes-connectivity/ofono/ofono_2.18.bb deleted file mode 100644 index e2666b3e7e..0000000000 --- a/meta/recipes-connectivity/ofono/ofono_2.18.bb +++ /dev/null @@ -1,46 +0,0 @@ -SUMMARY = "open source telephony" -DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." -HOMEPAGE = "http://www.ofono.org" -BUGTRACKER = "https://01.org/jira/browse/OF" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277" -DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://ofono \ - " -SRC_URI[sha256sum] = "f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00" - -inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data - -INITSCRIPT_NAME = "ofono" -INITSCRIPT_PARAMS = "defaults 22" -SYSTEMD_SERVICE:${PN} = "ofono.service" - -PACKAGECONFIG ??= "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ -" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" -PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" - -EXTRA_OECONF += "--enable-test --enable-external-ell" - -do_install:append() { - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${UNPACKDIR}/ofono ${D}${sysconfdir}/init.d/ofono -} - -PACKAGES =+ "${PN}-tests" - -FILES:${PN} += "${systemd_unitdir}" -FILES:${PN}-tests = "${libdir}/${BPN}/test" - -RDEPENDS:${PN}-tests = "\ - python3-core \ - python3-dbus \ - ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ -" - -RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch deleted file mode 100644 index f424288e37..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 5cc897fe2effe549e1e280c2f606bce8b532b61e Mon Sep 17 00:00:00 2001 -From: Mikko Rapeli -Date: Mon, 11 Sep 2023 09:55:21 +0100 -Subject: [PATCH] regress/banner.sh: log input and output files on error - -Some test environments like yocto with qemu are seeing these -tests failing. There may be additional error messages in the -stderr of ssh cloent command. busybox cmp shows this error when -first input file has less new line characters then second -input file: - -cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in - -Logging the full banner.out will show what other error messages -are captured in addition of the expected banner. - -Full log of a failing banner test runs is: - -run test banner.sh ... -test banner: missing banner file -test banner: size 0 -cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in -banner size 0 mismatch -test banner: size 10 -test banner: size 100 -cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in -banner size 100 mismatch -test banner: size 1000 -test banner: size 10000 -test banner: size 100000 -test banner: suppress banner (-q) -FAIL: banner -return value: 1 - -See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 - -Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] - -Signed-off-by: Mikko Rapeli -Signed-off-by: Jose Quaresma ---- - regress/banner.sh | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/regress/banner.sh b/regress/banner.sh -index a84feb5..de84957 100644 ---- a/regress/banner.sh -+++ b/regress/banner.sh -@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do - verbose "test $tid: size $s" - ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ - cmp $OBJ/banner.in $OBJ/banner.out ) || \ -- fail "banner size $s mismatch" -+ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ -+ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ -+ fail "banner size $s mismatch" ) - done - - trace "test suppress banner (-q)" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch deleted file mode 100644 index 360b62af34..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9dcccafe44ea17e972e7cddea205bbe9fe71d8d6 Mon Sep 17 00:00:00 2001 -From: Jose Quaresma -Date: Mon, 15 Jul 2024 18:43:08 +0100 -Subject: [PATCH] regress/test-exec: use the absolute path in the SSH env - -The SSHAGENT_BIN was changed in [1] to SSH_BIN but -the last one don't use the absolute path and consequently -the function increase_datafile_size can loops forever -if the binary not found. - -[1] https://github.com/openssh/openssh-portable/commit/a68f80f2511f0e0c5cef737a8284cc2dfabad818 - -Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/510] - -Signed-off-by: Jose Quaresma ---- - regress/test-exec.sh | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/regress/test-exec.sh b/regress/test-exec.sh -index 8a00c72..2891f27 100644 ---- a/regress/test-exec.sh -+++ b/regress/test-exec.sh -@@ -179,6 +179,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then - fi - - # Path to sshd must be absolute for rexec -+case "$SSH" in -+/*) ;; -+*) SSH=`which $SSH` ;; -+esac -+ - case "$SSHD" in - /*) ;; - *) SSHD=`which $SSHD` ;; diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init deleted file mode 100644 index 8887e3af13..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/init +++ /dev/null @@ -1,90 +0,0 @@ -#! /bin/sh -set -e - -PIDFILE=/var/run/sshd.pid - -# source function library -. /etc/init.d/functions - -# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon - -test -x /usr/sbin/sshd || exit 0 -( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 - -# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS -if test -f /etc/default/ssh; then - . /etc/default/ssh -fi - -[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh -mkdir -p $SYSCONFDIR - -check_for_no_start() { - # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists - if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then - echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)" - exit 0 - fi -} - -check_privsep_dir() { - # Create the PrivSep empty dir if necessary - if [ ! -d /var/run/sshd ]; then - mkdir /var/run/sshd - chmod 0755 /var/run/sshd - fi -} - -check_config() { - /usr/sbin/sshd $SSHD_OPTS -t || exit 1 -} - -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" - -case "$1" in - start) - check_for_no_start - echo "Starting OpenBSD Secure Shell server: sshd" - @LIBEXECDIR@/sshd_check_keys - check_privsep_dir - start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS - echo "done." - ;; - stop) - echo -n "Stopping OpenBSD Secure Shell server: sshd" - start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd - echo "." - ;; - - reload|force-reload) - check_for_no_start - @LIBEXECDIR@/sshd_check_keys - check_config - echo -n "Reloading OpenBSD Secure Shell server's configuration" - start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd - echo "." - ;; - - restart) - @LIBEXECDIR@/sshd_check_keys - check_config - echo -n "Restarting OpenBSD Secure Shell server: sshd" - start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd - check_for_no_start - check_privsep_dir - sleep 2 - start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS - echo "." - ;; - - status) - status /usr/sbin/sshd - exit $? - ;; - - *) - echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest deleted file mode 100755 index c9100f9f37..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh - -export TEST_SSH_SSH=ssh -export TEST_SHELL=sh -export SKIP_UNIT=1 - -cd regress - -# copied from openssh-portable/.github/run_test.sh -output_failed_logs() { - for i in failed*.log; do - if [ -f "$i" ]; then - echo ------------------------------------------------------------------------- - echo LOGFILE $i - cat $i - echo ------------------------------------------------------------------------- - fi - done -} -trap output_failed_logs 0 - -sed -i "/\t\tagent-ptrace /d" Makefile -make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \ - | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' - -SSHAGENT=`which ssh-agent` -GDB=`which gdb` - -if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then - echo "SKIP: agent-ptrace" - exit -fi - -useradd openssh-test - -eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null -r=$? -if [ $r -ne 0 ]; then - echo "FAIL: could not start ssh-agent: exit code $r" -else - su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF - quit -EOF - r=$? - if [ $r -ne 0 ]; then - echo "gdb failed: exit code $r" - fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out - r=$? - rm -f /tmp/gdb.out - if [ $r -ne 0 ]; then - echo "FAIL: ptrace agent" - else - echo "PASS: ptrace agent" - fi - - ${SSHAGENT} -k > /dev/null -fi -userdel openssh-test - diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config deleted file mode 100644 index cb2774a163..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ /dev/null @@ -1,48 +0,0 @@ -# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Include /etc/ssh/ssh_config.d/*.conf - -# Host * -# ForwardAgent no -# ForwardX11 no -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/meta/recipes-connectivity/openssh/openssh/sshd b/meta/recipes-connectivity/openssh/openssh/sshd deleted file mode 100644 index cf675a4dad..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 - -auth include common-auth -account required pam_nologin.so -account include common-account -password include common-password -session optional pam_keyinit.so force revoke -session include common-session -session required pam_loginuid.so -session required pam_env.so diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service deleted file mode 100644 index c71fff1cc1..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -Wants=sshdgenkeys.service -After=sshdgenkeys.service -After=nss-user-lookup.target - -[Service] -Type=notify-reload -Environment="SSHD_OPTS=" -EnvironmentFile=-/etc/default/ssh -ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd -ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS -KillMode=process -Restart=on-failure -RestartSec=42s - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket deleted file mode 100644 index 7dd2ed0626..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Conflicts=sshd.service -Wants=sshdgenkeys.service -After=nss-user-lookup.target - -[Socket] -ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service deleted file mode 100644 index 9d9965e624..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH Per-Connection Daemon -After=sshdgenkeys.service - -[Service] -Environment="SSHD_OPTS=" -EnvironmentFile=-/etc/default/ssh -ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -StandardInput=socket -KillMode=process diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys deleted file mode 100644 index bbb6a14908..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ /dev/null @@ -1,78 +0,0 @@ -#! /bin/sh - -generate_key() { - local FILE=$1 - local TYPE=$2 - local DIR="$(dirname "$FILE")" - - mkdir -p "$DIR" - rm -f ${FILE}.tmp - ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE - chmod go-rwx "$FILE.tmp" - # Atomically rename file public key - mv -f "${FILE}.tmp.pub" "${FILE}.pub" - - # This sync does double duty: Ensuring that the data in the temporary - # private key file is on disk before the rename, and ensuring that the - # public key rename is completed before the private key rename, since we - # switch on the existence of the private key to trigger key generation. - # This does mean it is possible for the public key to exist, but be garbage - # but this is OK because in that case the private key won't exist and the - # keys will be regenerated. - # - # In the event that sync understands arguments that limit what it tries to - # fsync(), we provided them. If it does not, it will simply call sync() - # which is just as well - sync "${FILE}.pub" "$DIR" "${FILE}.tmp" - - mv "${FILE}.tmp" "$FILE" - - # sync to ensure the atomic rename is committed - sync "$DIR" -} - -# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS -if test -f /etc/default/ssh; then - . /etc/default/ssh -fi - -[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh -mkdir -p $SYSCONFDIR - -# parse sshd options -set -- ${SSHD_OPTS} -- -sshd_config=/etc/ssh/sshd_config -while true ; do - case "$1" in - -f*) if [ "$1" = "-f" ] ; then - sshd_config="$2" - shift - else - sshd_config="${1#-f}" - fi - shift - ;; - --) shift; break;; - *) shift;; - esac -done - -HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') - -for key in ${HOST_KEYS} ; do - [ -f $key ] && continue - case $key in - *_rsa_key) - echo " generating ssh RSA host key..." - generate_key $key rsa - ;; - *_ecdsa_key) - echo " generating ssh ECDSA host key..." - generate_key $key ecdsa - ;; - *_ed25519_key) - echo " generating ssh ED25519 host key..." - generate_key $key ed25519 - ;; - esac -done diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config deleted file mode 100644 index e9eaf93157..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ /dev/null @@ -1,119 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Include /etc/ssh/sshd_config.d/*.conf - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable keyboard-interactive authentication (beware issues -# with some PAM modules and threads) -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -#UsePAM no - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -Compression no -ClientAliveInterval 15 -ClientAliveCountMax 4 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service deleted file mode 100644 index fd81793d51..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=OpenSSH Key Generation -RequiresMountsFor=/var /run - -[Service] -ExecStart=@LIBEXECDIR@/sshd_check_keys -Type=oneshot -RemainAfterExit=yes -Nice=10 diff --git a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd deleted file mode 100644 index a0d2af3c65..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd +++ /dev/null @@ -1,2 +0,0 @@ -d root root 0755 /var/run/sshd none -f root root 0644 /var/log/lastlog none diff --git a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb b/meta/recipes-connectivity/openssh/openssh_10.1p1.bb deleted file mode 100644 index 83b6183858..0000000000 --- a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb +++ /dev/null @@ -1,227 +0,0 @@ -SUMMARY = "A suite of security-related network utilities based on \ -the SSH protocol including the ssh client and sshd server" -DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ -Ssh (Secure Shell) is a program for logging into a remote machine \ -and for executing commands on a remote machine." -HOMEPAGE = "http://www.openssh.com/" -SECTION = "console/network" -LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=78ffb36e5a48c0d8c5648603a3b6c8eb" - -DEPENDS = "zlib openssl virtual/crypt" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ - file://sshd_config \ - file://ssh_config \ - file://init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://sshd.service \ - file://sshd.socket \ - file://sshd@.service \ - file://sshdgenkeys.service \ - file://volatiles.99_sshd \ - file://run-ptest \ - file://sshd_check_keys \ - file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ - file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \ - " -SRC_URI[sha256sum] = "b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758" - -CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." - -# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 -# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded -CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ -Red Hat Enterprise Linux 7 and when running in a Kerberos environment" - -CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." -CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1." - -PAM_SRC_URI = "file://sshd" - -inherit manpages useradd update-rc.d update-alternatives systemd - -USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" -INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME:${PN}-sshd = "sshd" -INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" - -inherit autotools-brokensep ptest pkgconfig - -# systemd-sshd-socket-mode means installing sshd.socket -# and systemd-sshd-service-mode corresponding to sshd.service -PACKAGECONFIG ??= "systemd-sshd-socket-mode hostkey-ecdsa" -PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2" -PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" -PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" -PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" -PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" -PACKAGECONFIG[systemd-sshd-socket-mode] = "" -PACKAGECONFIG[systemd-sshd-service-mode] = "" -PACKAGECONFIG[hostkey-rsa] = "" -PACKAGECONFIG[hostkey-ecdsa] = "" -PACKAGECONFIG[hostkey-ed25519] = "" - -EXTRA_AUTORECONF += "--exclude=aclocal" - -# login path is hardcoded in sshd -EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - --without-zlib-version-check \ - --with-privsep-path=${localstatedir}/run/sshd \ - --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=${bindir}/xauth \ - --disable-strip \ - " - -# musl doesn't implement wtmp/utmp and logwtmp -EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" - -# Work around ICE on mips/mips64 starting in 9.6p1 -EXTRA_OECONF:append:mips = " --without-hardening" -EXTRA_OECONF:append:mips64 = " --without-hardening" - -# Work around ICE on powerpc64le starting in 9.6p1 -EXTRA_OECONF:append:powerpc64le = " --without-hardening" - -# Since we do not depend on libbsd, we do not want configure to use it -# just because it finds libutil.h. But, specifying --disable-libutil -# causes compile errors, so... -CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" - -# passwd path is hardcoded in sshd -CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" - -# We don't want to depend on libblockfile -CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" - -do_configure:prepend () { - export LD="${CC}" - install -m 0600 ${UNPACKDIR}/sshd_config ${B}/ - install -m 0644 ${UNPACKDIR}/ssh_config ${B}/ -} - -do_compile_ptest() { - oe_runmake regress-binaries regress-unit-binaries -} - -sshd_hostkey_setup() { - # Enable specific ssh host keys - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then - echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config - fi - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then - echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config - fi - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then - echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config - fi - - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - fi - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - fi - if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - fi -} - -do_install:append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/sshd - rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin - rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} - install -d ${D}/${sysconfdir}/default/volatiles - install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} - - # Limit sshd_config access to the owner (default is 0644) - chmod 0600 ${D}${sysconfdir}/ssh/sshd_config - - # Create config files for read-only rootfs - install -d ${D}${sysconfdir}/ssh - install -m 0600 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly - - install -d ${D}${systemd_system_unitdir} - if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then - install -c -m 0644 ${UNPACKDIR}/sshd.socket ${D}${systemd_system_unitdir} - install -c -m 0644 ${UNPACKDIR}/sshd@.service ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_system_unitdir}/sshd.socket - fi - if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then - install -c -m 0644 ${UNPACKDIR}/sshd.service ${D}${systemd_system_unitdir} - fi - install -c -m 0644 ${UNPACKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_system_unitdir}/*.service - - sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${sysconfdir}/init.d/sshd - - install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys - sshd_hostkey_setup -} - -do_install_ptest () { - sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh - cp -r regress ${D}${PTEST_PATH} - cp config.h ${D}${PTEST_PATH} -} - -ALLOW_EMPTY:${PN} = "1" - -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES:${PN}-scp = "${bindir}/scp.${BPN}" -FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES:${PN}-sshd = "${sbindir}/sshd ${libexecdir}/sshd-session ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" -FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys ${libexecdir}/sshd-auth" -FILES:${PN}-sftp = "${bindir}/sftp" -FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES:${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" -RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin" - -RPROVIDES:${PN}-ssh = "ssh" -RPROVIDES:${PN}-sshd = "sshd" - -RCONFLICTS:${PN} = "dropbear" -RCONFLICTS:${PN}-sshd = "dropbear" - -CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" - -ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE:${PN}-scp = "scp" -ALTERNATIVE:${PN}-ssh = "ssh" - -BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh deleted file mode 100644 index 0e75e34f9d..0000000000 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ /dev/null @@ -1,24 +0,0 @@ -export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf" -export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" -export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" -export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" - -# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools -# CAFILE/CAPATH is auto-deteced when source buildtools -if [ -z "${SSL_CERT_FILE:-}" ]; then - if [ -n "${CAFILE:-}" ];then - export SSL_CERT_FILE="$CAFILE" - elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" - fi -fi - -if [ -z "${SSL_CERT_DIR:-}" ]; then - if [ -n "${CAPATH:-}" ];then - export SSL_CERT_DIR="$CAPATH" - elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" - fi -fi - -export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch deleted file mode 100644 index 5b7365a353..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch +++ /dev/null @@ -1,367 +0,0 @@ -From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 -From: William Lyu -Date: Fri, 20 Oct 2023 16:22:37 -0400 -Subject: [PATCH] Added handshake history reporting when test fails - -Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] - -Signed-off-by: William Lyu ---- - test/helpers/handshake.c | 137 +++++++++++++++++++++++++++++---------- - test/helpers/handshake.h | 70 +++++++++++++++++++- - test/ssl_test.c | 44 +++++++++++++ - 3 files changed, 217 insertions(+), 34 deletions(-) - -diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c -index f611b3a..5703b48 100644 ---- a/test/helpers/handshake.c -+++ b/test/helpers/handshake.c -@@ -25,6 +25,102 @@ - #include - #endif - -+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ -+/* Maps string names to various enumeration type */ -+typedef struct { -+ const char *name; -+ int value; -+} enum_name_map; -+ -+static const enum_name_map connect_phase_names[] = { -+ {"Handshake", HANDSHAKE}, -+ {"RenegAppData", RENEG_APPLICATION_DATA}, -+ {"RenegSetup", RENEG_SETUP}, -+ {"RenegHandshake", RENEG_HANDSHAKE}, -+ {"AppData", APPLICATION_DATA}, -+ {"Shutdown", SHUTDOWN}, -+ {"ConnectionDone", CONNECTION_DONE} -+}; -+ -+static const enum_name_map peer_status_names[] = { -+ {"PeerSuccess", PEER_SUCCESS}, -+ {"PeerRetry", PEER_RETRY}, -+ {"PeerError", PEER_ERROR}, -+ {"PeerWaiting", PEER_WAITING}, -+ {"PeerTestFail", PEER_TEST_FAILURE} -+}; -+ -+static const enum_name_map handshake_status_names[] = { -+ {"HandshakeSuccess", HANDSHAKE_SUCCESS}, -+ {"ClientError", CLIENT_ERROR}, -+ {"ServerError", SERVER_ERROR}, -+ {"InternalError", INTERNAL_ERROR}, -+ {"HandshakeRetry", HANDSHAKE_RETRY} -+}; -+ -+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ -+static const char *enum_name(const enum_name_map *enums, size_t num_enums, -+ int value) -+{ -+ size_t i; -+ for (i = 0; i < num_enums; i++) { -+ if (enums[i].value == value) { -+ return enums[i].name; -+ } -+ } -+ return "InvalidValue"; -+} -+ -+const char *handshake_connect_phase_name(connect_phase_t phase) -+{ -+ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), -+ (int)phase); -+} -+ -+const char *handshake_status_name(handshake_status_t handshake_status) -+{ -+ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), -+ (int)handshake_status); -+} -+ -+const char *handshake_peer_status_name(peer_status_t peer_status) -+{ -+ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), -+ (int)peer_status); -+} -+ -+static void save_loop_history(HANDSHAKE_HISTORY *history, -+ connect_phase_t phase, -+ handshake_status_t handshake_status, -+ peer_status_t server_status, -+ peer_status_t client_status, -+ int client_turn_count, -+ int is_client_turn) -+{ -+ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; -+ -+ /* -+ * Create a new history entry for a handshake loop with statuses given in -+ * the arguments. Potentially evicting the oldest entry when the -+ * ring buffer is full. -+ */ -+ ++(history->last_idx); -+ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; -+ -+ new_entry = &((history->entries)[history->last_idx]); -+ new_entry->phase = phase; -+ new_entry->handshake_status = handshake_status; -+ new_entry->server_status = server_status; -+ new_entry->client_status = client_status; -+ new_entry->client_turn_count = client_turn_count; -+ new_entry->is_client_turn = is_client_turn; -+ -+ /* Evict the oldest handshake loop entry when the ring buffer is full. */ -+ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { -+ ++(history->entry_count); -+ } -+} -+ - HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) - { - HANDSHAKE_RESULT *ret; -@@ -726,15 +822,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, - SSL_set_post_handshake_auth(client, 1); - } - --/* The status for each connection phase. */ --typedef enum { -- PEER_SUCCESS, -- PEER_RETRY, -- PEER_ERROR, -- PEER_WAITING, -- PEER_TEST_FAILURE --} peer_status_t; -- - /* An SSL object and associated read-write buffers. */ - typedef struct peer_st { - SSL *ssl; -@@ -1081,17 +1168,6 @@ static void do_shutdown_step(PEER *peer) - } - } - --typedef enum { -- HANDSHAKE, -- RENEG_APPLICATION_DATA, -- RENEG_SETUP, -- RENEG_HANDSHAKE, -- APPLICATION_DATA, -- SHUTDOWN, -- CONNECTION_DONE --} connect_phase_t; -- -- - static int renegotiate_op(const SSL_TEST_CTX *test_ctx) - { - switch (test_ctx->handshake_mode) { -@@ -1169,19 +1245,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, - } - } - --typedef enum { -- /* Both parties succeeded. */ -- HANDSHAKE_SUCCESS, -- /* Client errored. */ -- CLIENT_ERROR, -- /* Server errored. */ -- SERVER_ERROR, -- /* Peers are in inconsistent state. */ -- INTERNAL_ERROR, -- /* One or both peers not done. */ -- HANDSHAKE_RETRY --} handshake_status_t; -- - /* - * Determine the handshake outcome. - * last_status: the status of the peer to have acted last. -@@ -1546,6 +1609,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( - - start = time(NULL); - -+ save_loop_history(&(ret->history), -+ phase, status, server.status, client.status, -+ client_turn_count, client_turn); -+ - /* - * Half-duplex handshake loop. - * Client and server speak to each other synchronously in the same process. -@@ -1567,6 +1634,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( - 0 /* server went last */); - } - -+ save_loop_history(&(ret->history), -+ phase, status, server.status, client.status, -+ client_turn_count, client_turn); -+ - switch (status) { - case HANDSHAKE_SUCCESS: - client_turn_count = 0; -diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h -index 78b03f9..b9967c2 100644 ---- a/test/helpers/handshake.h -+++ b/test/helpers/handshake.h -@@ -1,5 +1,5 @@ - /* -- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -12,6 +12,11 @@ - - #include "ssl_test_ctx.h" - -+#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 -+#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) -+#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ -+ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) -+ - typedef struct ctx_data_st { - unsigned char *npn_protocols; - size_t npn_protocols_len; -@@ -22,6 +27,63 @@ typedef struct ctx_data_st { - char *session_ticket_app_data; - } CTX_DATA; - -+typedef enum { -+ HANDSHAKE, -+ RENEG_APPLICATION_DATA, -+ RENEG_SETUP, -+ RENEG_HANDSHAKE, -+ APPLICATION_DATA, -+ SHUTDOWN, -+ CONNECTION_DONE -+} connect_phase_t; -+ -+/* The status for each connection phase. */ -+typedef enum { -+ PEER_SUCCESS, -+ PEER_RETRY, -+ PEER_ERROR, -+ PEER_WAITING, -+ PEER_TEST_FAILURE -+} peer_status_t; -+ -+typedef enum { -+ /* Both parties succeeded. */ -+ HANDSHAKE_SUCCESS, -+ /* Client errored. */ -+ CLIENT_ERROR, -+ /* Server errored. */ -+ SERVER_ERROR, -+ /* Peers are in inconsistent state. */ -+ INTERNAL_ERROR, -+ /* One or both peers not done. */ -+ HANDSHAKE_RETRY -+} handshake_status_t; -+ -+/* Stores the various status information in a handshake loop. */ -+typedef struct handshake_history_entry_st { -+ connect_phase_t phase; -+ handshake_status_t handshake_status; -+ peer_status_t server_status; -+ peer_status_t client_status; -+ int client_turn_count; -+ int is_client_turn; -+} HANDSHAKE_HISTORY_ENTRY; -+ -+typedef struct handshake_history_st { -+ /* Implemented using ring buffer. */ -+ /* -+ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, -+ * ..., etc., going up to |entry_count| number of entries. Note that when -+ * the index into the array |entries| becomes < 0, we wrap around to -+ * the end of |entries|. -+ */ -+ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; -+ /* The number of valid entries in |entries| array. */ -+ size_t entry_count; -+ /* The index of the last valid entry in the |entries| array. */ -+ size_t last_idx; -+} HANDSHAKE_HISTORY; -+ - typedef struct handshake_result { - ssl_test_result_t result; - /* These alerts are in the 2-byte format returned by the info_callback. */ -@@ -77,6 +139,8 @@ typedef struct handshake_result { - char *cipher; - /* session ticket application data */ - char *result_session_ticket_app_data; -+ /* handshake loop history */ -+ HANDSHAKE_HISTORY history; - } HANDSHAKE_RESULT; - - HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); -@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - CTX_DATA *server2_ctx_data, - CTX_DATA *client_ctx_data); - -+const char *handshake_connect_phase_name(connect_phase_t phase); -+const char *handshake_status_name(handshake_status_t handshake_status); -+const char *handshake_peer_status_name(peer_status_t peer_status); -+ - #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ -diff --git a/test/ssl_test.c b/test/ssl_test.c -index ea60851..9d6b093 100644 ---- a/test/ssl_test.c -+++ b/test/ssl_test.c -@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; - /* Currently the section names are of the form test-, e.g. test-15. */ - #define MAX_TESTCASE_NAME_LENGTH 100 - -+static void print_handshake_history(const HANDSHAKE_HISTORY *history) -+{ -+ size_t first_idx; -+ size_t i; -+ size_t cur_idx; -+ const HANDSHAKE_HISTORY_ENTRY *cur_entry; -+ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; -+ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; -+ -+ TEST_info("The following is the server/client state " -+ "in the most recent %d handshake loops.", -+ MAX_HANDSHAKE_HISTORY_ENTRY); -+ -+ TEST_note("==================================================" -+ "=================================================="); -+ TEST_note(header_template, -+ "phase", "handshake status", "server status", -+ "client status", "client turn count", "is client turn"); -+ TEST_note("+--------------+----------------+----------------" -+ "+----------------+-----------------+--------------+"); -+ -+ first_idx = (history->last_idx - history->entry_count + 1) & -+ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; -+ for (i = 0; i < history->entry_count; ++i) { -+ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; -+ cur_entry = &(history->entries)[cur_idx]; -+ TEST_note(body_template, -+ handshake_connect_phase_name(cur_entry->phase), -+ handshake_status_name(cur_entry->handshake_status), -+ handshake_peer_status_name(cur_entry->server_status), -+ handshake_peer_status_name(cur_entry->client_status), -+ cur_entry->client_turn_count, -+ cur_entry->is_client_turn ? "true" : "false"); -+ } -+ TEST_note("==================================================" -+ "=================================================="); -+} -+ - static const char *print_alert(int alert) - { - return alert ? SSL_alert_desc_string_long(alert) : "no alert"; -@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) - ret &= check_client_sign_type(result, test_ctx); - ret &= check_client_ca_names(result, test_ctx); - } -+ -+ /* Print handshake loop history if any check fails. */ -+ if (!ret) { -+ print_handshake_history(&(result->history)); -+ } -+ - return ret; - } - --- -2.25.1 - diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch deleted file mode 100644 index cf5ff356ee..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Tue, 30 May 2023 09:11:27 -0700 -Subject: [PATCH] Configure: do not tweak mips cflags - -This conflicts with mips machine definitons from yocto, -e.g. -| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin - -Refreshed for openssl-3.1.1 -Signed-off-by: Tim Orling ---- - Configure | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/Configure b/Configure -index fff97bd..5ee54c1 100755 ---- a/Configure -+++ b/Configure -@@ -1552,16 +1552,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) - push @{$config{shared_ldflag}}, "-mno-cygwin"; - } - --if ($target =~ /linux.*-mips/ && !$disabled{asm} -- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { -- # minimally required architecture flags for assembly modules -- my $value; -- $value = '-mips2' if ($target =~ /mips32/); -- $value = '-mips3' if ($target =~ /mips64/); -- unshift @{$config{cflags}}, $value; -- unshift @{$config{cxxflags}}, $value if $config{CXX}; --} -- - # If threads aren't disabled, check how possible they are - unless ($disabled{threads}) { - if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch deleted file mode 100644 index dadc034c91..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= -Date: Tue, 6 Nov 2018 14:50:47 +0100 -Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler - info -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The openssl build system generates buildinf.h containing the full -compiler command line used to compile objects. This breaks -reproducibility, as the compile command is baked into libcrypto, where -it is used when running `openssl version -f`. - -Add stripped build variables for the compiler and cflags lines, and use -those when generating buildinfo.h. - -This is based on a similar patch for older openssl versions: -https://patchwork.openembedded.org/patch/147229/ - -Upstream-Status: Inappropriate [OE specific] -Signed-off-by: Martin Hundebøll - -Update to fix buildpaths qa issue for '-fmacro-prefix-map'. - -Signed-off-by: Kai Kang - -Update to fix buildpaths qa issue for '-ffile-prefix-map'. - -Signed-off-by: Khem Raj - ---- - Configurations/unix-Makefile.tmpl | 16 +++++++++++++++- - crypto/build.info | 2 +- - 2 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 09303c4..011bda1 100644 ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl -@@ -513,13 +513,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} - BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) - --# CPPFLAGS_Q is used for one thing only: to build up buildinf.h -+# *_Q variables are used for one thing only: to build up buildinf.h - CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; -+ $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g; - $cppflags2 =~ s|([\\"])|\\$1|g; -+ $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g; - $lib_cppflags =~ s|([\\"])|\\$1|g; -+ $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g; - join(' ', $lib_cppflags || (), $cppflags2 || (), - $cppflags1 || ()) -} - -+CFLAGS_Q={- for (@{$config{CFLAGS}}) { -+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; -+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; -+ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; -+ s|-isystem/[^ ]+/usr/include ||g; -+ } -+ join(' ', @{$config{CFLAGS}}) -} -+ -+CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g; -+ join(' ', $config{CC}) -} -+ - PERLASM_SCHEME= {- $target{perlasm_scheme} -} - - # For x86 assembler: Set PROCESSOR to 386 if you want to support -diff --git a/crypto/build.info b/crypto/build.info -index aee5c46..95c9577 100644 ---- a/crypto/build.info -+++ b/crypto/build.info -@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF - - DEPEND[info.o]=buildinf.h - DEPEND[cversion.o]=buildinf.h --GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" -+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" - - GENERATE[uplink-x86.S]=../ms/uplink-x86.pl - GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch b/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch deleted file mode 100644 index d02d42f1b5..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c7000672296f4c367341aa3415f26c4d9f5e4749 Mon Sep 17 00:00:00 2001 -From: Gyorgy Sarvari -Date: Thu, 23 Oct 2025 11:24:36 +0200 -Subject: [PATCH] extend check_cwm test timeout - -The default, 3s long test timeout isn't always enough for this -particular test in case there is a high load on the host machine -(assuming it is running in qemu). Extend the default timeout to 6s -for the check_cwm test to avoid timeouts. - -Upstream-Status: Inappropriate [upstream issue: https://github.com/openssl/openssl/issues/28983] -Signed-off-by: Gyorgy Sarvari ---- - test/radix/main.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/test/radix/main.c b/test/radix/main.c -index 4a1e886a71..39f8c61ef9 100644 ---- a/test/radix/main.c -+++ b/test/radix/main.c -@@ -25,6 +25,11 @@ static int test_script(int idx) - int testresult; - TERP_CONFIG cfg = {0}; - -+ // check_cwm test sometimes times out, the default 3000ms is -+ // not enough if the test execution starves for CPU -+ if (!strncmp("check_cwm", script_info->name, strlen("check_cwm"))) -+ cfg.max_execution_time = ossl_ms2time(6000); -+ - if (!TEST_true(bindings_process_init(0, 0))) - return 0; - diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest deleted file mode 100644 index cd29bb1446..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -set -eu - -# Optional arguments are 'list' to lists the tests, or the test name (base name -# ie test_evp, not 03_test_evp.t). Without any arguments we run all tests. - -if test $# -gt 0; then - TESTS=$* -else - # Skip test_symbol_presence as this is for developers - TESTS="alltests -test_symbol_presence" -fi - -export TOP=. -# Run four jobs in parallel -export HARNESS_JOBS=4 - -{ perl ./test/run_tests.pl $TESTS || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb b/meta/recipes-connectivity/openssl/openssl_3.5.4.bb deleted file mode 100644 index e760baf3a0..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb +++ /dev/null @@ -1,289 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://0001-Configure-do-not-tweak-mips-cflags.patch \ - file://0001-Added-handshake-history-reporting-when-test-fails.patch \ - file://0001-extend-check_cwm-test-timeout.patch \ - " - -SRC_URI:append:class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[sha256sum] = "967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99" - -inherit lib_package multilib_header multilib_script ptest perlnative manpages -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG:class-native = "" -PACKAGECONFIG:class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" -PACKAGECONFIG[no-tls1] = "no-tls1" -PACKAGECONFIG[no-tls1_1] = "no-tls1_1" -PACKAGECONFIG[manpages] = "" -PACKAGECONFIG[fips] = "enable-fips" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -EXTRA_OECONF = "${@bb.utils.contains('PTEST_ENABLED', '1', '', 'no-tests', d)}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF:append:libc-musl = " no-async" -EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom" -EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' -EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' - -#| threads_pthread.c:(.text+0x372): undefined reference to `__atomic_is_lock_free' -EXTRA_OECONF:append:toolchain-clang:x86 = " -latomic" - -# This allows disabling deprecated or undesirable crypto algorithms. -# The default is to trust upstream choices. -DEPRECATED_CRYPTO_FLAGS ?= "" - -do_configure () { - # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make - # the issue really clear that perl isn't functional due to symbol mismatch issues. - cat <<- EOF > ${WORKDIR}/perltest - #!/usr/bin/env perl - use POSIX; - EOF - chmod a+x ${WORKDIR}/perltest - ${WORKDIR}/perltest - - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arc | linux-microblaze*) - target=linux-latomic - ;; - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-loongarch64) - target=linux64-loongarch64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-powerpc64le) - target=linux-ppc64le - ;; - linux-riscv32) - target=linux32-riscv32 - ;; - linux-riscv64) - target=linux64-riscv64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - mingw32-x86_64) - target=mingw64 - ;; - esac - - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" - test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" - HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target - perl ${B}/configdata.pm --dump -} - -do_compile:append () { - # The test suite binaries are large and we don't need the debugging in them - if test -d ${B}/test; then - find ${B}/test -type f -executable -exec ${STRIP} {} \; - fi -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs \ - ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'install_fips', '', d)} - - oe_multilib_header openssl/opensslconf.h - oe_multilib_header openssl/configuration.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-3/certs \ - ${D}${libdir}/ssl-3/private \ - ${D}${libdir}/ssl-3/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private - ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf - - # Generate fipsmodule.cnf in pkg_postinst_ontarget - if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then - rm -f ${D}${libdir}/ssl-3/fipsmodule.cnf - fi -} - -do_install:append:class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \ - SSL_CERT_DIR=\${SSL_CERT_DIR:-${libdir}/ssl-3/certs} \ - SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \ - OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \ - OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules} - - # Setting ENGINESDIR and MODULESDIR to invalid paths prevents host contamination, - # but also breaks the generated libcrypto.pc file. Post-Fix it manually here. - sed -i 's|^enginesdir=\($.libdir.\)/.*|enginesdir=\1/engines-3|' ${D}${libdir}/pkgconfig/libcrypto.pc - sed -i 's|^modulesdir=\($.libdir.\)/.*|modulesdir=\1/ossl-modules|' ${D}${libdir}/pkgconfig/libcrypto.pc -} - -do_install:append:class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest() { - install -m644 ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -rf ${S}/Configurations ${S}/external ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - - cd ${S} - find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find util -name \*.p[lm] -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - - cd ${B} - # Everything but .? (.o and .d) - find test -type f -name \*[^.]? -exec install -m755 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - find apps test -name \*.srl -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; - install -m755 ${B}/util/*wrap.* ${D}${PTEST_PATH}/util/ - - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps/ - install -m755 ${S}/test/*.pl ${D}${PTEST_PATH}/test/ - install -m755 ${S}/test/shibboleth.pfx ${D}${PTEST_PATH}/test/ - install -m755 ${S}/test/*.bin ${D}${PTEST_PATH}/test/ - install -m755 ${S}/test/dane*.in ${D}${PTEST_PATH}/test/ - install -m755 ${S}/test/smcont*.txt ${D}${PTEST_PATH}/test/ - install -m755 ${S}/test/ssl_test.tmpl ${D}${PTEST_PATH}/test/ - - sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm ${D}${PTEST_PATH}/util/wrap.pl - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines/ - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines/ - ln -s ${libdir}/engines-3/loader_attic.so ${D}${PTEST_PATH}/engines/ - ln -s ${libdir}/ossl-modules/ ${D}${PTEST_PATH}/providers -} - -pkg_postinst_ontarget:${PN}-ossl-module-fips () { - if test -f ${libdir}/ossl-modules/fips.so; then - ${bindir}/openssl fipsinstall -out ${libdir}/ssl-3/fipsmodule.cnf -module ${libdir}/ossl-modules/fips.so - fi -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy ${PN}-ossl-module-fips" - -FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES:libssl = "${libdir}/libssl${SOLIBS}" -FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ - ${libdir}/ssl-3/openssl.cnf* \ - " -FILES:${PN}-engines = "${libdir}/engines-3" -# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) -FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" -FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" -FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" -FILES:${PN}-ossl-module-fips = "${libdir}/ossl-modules/fips.so" -FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" -FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" -RDEPENDS:${PN}-misc = "perl" -RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy" - -RDEPENDS:${PN}-bin += "openssl-conf" - -# The test suite is installed stripped -INSANE_SKIP:${PN} = "already-stripped" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" diff --git a/meta/recipes-connectivity/ppp-dialin/files/host-peer b/meta/recipes-connectivity/ppp-dialin/files/host-peer deleted file mode 100644 index e7e2e11d49..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/files/host-peer +++ /dev/null @@ -1,11 +0,0 @@ --detach -defaultroute -nocrtscts -lock -noauth -lcp-echo-interval 5 -lcp-echo-failure 3 -usepeerdns -115200 -local -asyncmap 0 diff --git a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin deleted file mode 100644 index ea2771311a..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/sbin/pppd call host diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb deleted file mode 100644 index 5c9c8219d7..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "Enables PPP dial-in through a serial connection" -SECTION = "console/network" -DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." -DEPENDS = "ppp" -RDEPENDS:${PN} = "ppp" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - -SRC_URI = "file://host-peer \ - file://ppp-dialin" - -inherit allarch useradd - -S = "${UNPACKDIR}" - -do_install() { - install -d ${D}${sysconfdir}/ppp/peers - install -m 0644 ${S}/host-peer ${D}${sysconfdir}/ppp/peers/host - - install -d ${D}${sbindir} - install -m 0755 ${S}/ppp-dialin ${D}${sbindir} -} - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home /dev/null \ - --no-create-home --shell ${sbindir}/ppp-dialin \ - --no-user-group --gid nogroup ppp" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch deleted file mode 100644 index a00706c184..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch +++ /dev/null @@ -1,98 +0,0 @@ -From a6eb65162db5bcc5ec26cff7361885c0a44cbbfa Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Mon, 17 Mar 2025 11:12:07 +0100 -Subject: [PATCH] pppd/pppdconf.h: remove erroneous generated header - -Upstream-Status: Inappropriate [tarball generation issue tracked at https://github.com/ppp-project/ppp/issues/541] -Signed-off-by: Alexander Kanavin ---- - pppd/pppdconf.h | 80 ------------------------------------------------- - 1 file changed, 80 deletions(-) - delete mode 100644 pppd/pppdconf.h - -diff --git a/pppd/pppdconf.h b/pppd/pppdconf.h -deleted file mode 100644 -index 51a8f02..0000000 ---- a/pppd/pppdconf.h -+++ /dev/null -@@ -1,80 +0,0 @@ --/* pppd/pppdconf.h. Generated from pppdconf.h.in by configure. */ --/* -- * Copyright (c) 2022 Eivind Næss. All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in -- * the documentation and/or other materials provided with the -- * distribution. -- * -- * 3. The name(s) of the authors of this software must not be used to -- * endorse or promote products derived from this software without -- * prior written permission. -- * -- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -- */ -- --/* -- * This file is generated by configure and sets the features enabled -- * in pppd when configured. -- */ -- --#ifndef PPP_PPPDCONF_H --#define PPP_PPPDCONF_H -- --/* Have Microsoft CHAP support */ --#define PPP_WITH_CHAPMS 1 -- --/* Have Microsoft LAN Manager support */ --/* #undef PPP_WITH_MSLANMAN */ -- --/* Have Microsoft MPPE support */ --#define PPP_WITH_MPPE 1 -- --/* Have multilink support */ --#define PPP_WITH_MULTILINK 1 -- --/* Have packet activity filter support */ --#define PPP_WITH_FILTER 1 -- --/* Have support for loadable plugins */ --#define PPP_WITH_PLUGINS 1 -- --/* Have Callback Protocol support */ --/* #undef PPP_WITH_CBCP */ -- --/* Include TDB support */ --#define PPP_WITH_TDB 1 -- --/* Have IPv6 Control Protocol */ --#define PPP_WITH_IPV6CP 1 -- --/* Support for Pluggable Authentication Modules */ --/* #undef PPP_WITH_PAM */ -- --/* Have EAP-SRP authentication support */ --/* #undef PPP_WITH_SRP */ -- --/* Have EAP-TLS authentication support */ --#define PPP_WITH_EAPTLS 1 -- --/* Have PEAP authentication support */ --#define PPP_WITH_PEAP 1 -- --/* The pppd version */ --#define PPPD_VERSION "2.5.2" -- --#endif diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch deleted file mode 100644 index d95c72e96b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 5edcb01f1d8d521c819d45df1f1bb87697252130 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 17 Mar 2025 14:38:26 -0700 -Subject: [PATCH] pppd/session: Fixed building with GCC 15 - -Fixed building with GCC 15 which defaults to C23 -and find conflicting declration of getspnam() here -with the one provided by shadow.h (extern struct spwd *getspnam (const char *__name);) - -Fixes -../../ppp-2.5.2/pppd/session.c: In function 'session_start': -../../ppp-2.5.2/pppd/session.c:185:18: error: conflicting types for 'getspnam'; have 'struct spwd *(void)' - 185 | struct spwd *getspnam(); - | ^~~~~~~~ - -Upstream-Status: Submitted [https://github.com/ppp-project/ppp/pull/553] -Signed-off-by: Khem Raj ---- - pppd/session.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/pppd/session.c b/pppd/session.c -index f08d8e1..9cc7538 100644 ---- a/pppd/session.c -+++ b/pppd/session.c -@@ -182,7 +182,6 @@ session_start(const int flags, const char *user, const char *passwd, const char - char *cbuf; - #ifdef HAVE_SHADOW_H - struct spwd *spwd; -- struct spwd *getspnam(); - long now = 0; - #endif /* #ifdef HAVE_SHADOW_H */ - #endif /* #ifdef PPP_WITH_PAM */ diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch deleted file mode 100644 index 2a3b3cc84a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 44a766a3d086f10cb584a0c423e5bed6af2e3615 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= -Date: Thu, 27 Feb 2025 23:00:16 +0100 -Subject: [PATCH] pppdump: Fixed building with GCC 15 (#548) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -GCC 15 defaults to C23 which does not allow K&R declarations. - -Credit Yaakov Selkowitz in: -https://src.fedoraproject.org/rpms/ppp/pull-request/12 - -Upstream-Status: Backport [https://github.com/ppp-project/ppp/pull/548] - -Signed-off-by: Jaroslav Škarvada -Signed-off-by: Khem Raj ---- - pppdump/pppdump.c | 20 +++++++------------- - 1 file changed, 7 insertions(+), 13 deletions(-) - -diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c -index c24208a..1534036 100644 ---- a/pppdump/pppdump.c -+++ b/pppdump/pppdump.c -@@ -42,14 +42,12 @@ int tot_sent, tot_rcvd; - extern int optind; - extern char *optarg; - --void dumplog(); --void dumpppp(); --void show_time(); -+void dumplog(FILE *); -+void dumpppp(FILE *); -+void show_time(FILE *, int); - - int --main(ac, av) -- int ac; -- char **av; -+main(int ac, char **av) - { - int i; - char *p; -@@ -97,8 +95,7 @@ main(ac, av) - } - - void --dumplog(f) -- FILE *f; -+dumplog(FILE *f) - { - int c, n, k, col; - int nb, c2; -@@ -241,8 +238,7 @@ struct pkt { - unsigned char dbuf[8192]; - - void --dumpppp(f) -- FILE *f; -+dumpppp(FILE *f) - { - int c, n, k; - int nb, nl, dn, proto, rv; -@@ -375,9 +371,7 @@ dumpppp(f) - } - - void --show_time(f, c) -- FILE *f; -- int c; -+show_time(FILE *f, int c) - { - time_t t; - int n; diff --git a/meta/recipes-connectivity/ppp/ppp/08setupdns b/meta/recipes-connectivity/ppp/ppp/08setupdns deleted file mode 100644 index 998219de97..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/08setupdns +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -ACTUALCONF=/var/run/resolv.conf -PPPCONF=/var/run/ppp/resolv.conf -if [ -f $PPPCONF ] ; then - if [ -f $ACTUALCONF ] ; then - if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then - mv $ACTUALCONF $ACTUALCONF.ppporig - fi - fi - - ln -sf $PPPCONF $ACTUALCONF -fi diff --git a/meta/recipes-connectivity/ppp/ppp/92removedns b/meta/recipes-connectivity/ppp/ppp/92removedns deleted file mode 100644 index 2eadec6899..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/92removedns +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -ACTUALCONF=/var/run/resolv.conf -if [ -f $ACTUALCONF.ppporig ] ; then - mv $ACTUALCONF.ppporig $ACTUALCONF -fi diff --git a/meta/recipes-connectivity/ppp/ppp/init b/meta/recipes-connectivity/ppp/ppp/init deleted file mode 100755 index 0c0136049b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/init +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# -# /etc/init.d/ppp: start or stop PPP link. -# -# If you want PPP started on boot time (most dialup systems won't need it) -# rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and -# follow the instructions in the comments in that file. - -# Source function library. -. /etc/init.d/functions - -test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0 -if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi - -case "$1" in - start) - echo -n "Starting up PPP link: pppd" - if [ "$RUNFILE" = "1" ]; then - /etc/ppp/ppp_on_boot - else - pppd call provider - fi - echo "." - ;; - stop) - echo -n "Shutting down PPP link: pppd" - if [ "$RUNFILE" = "1" ]; then - poff - else - poff provider - fi - echo "." - ;; - status) - status /usr/sbin/pppd; - exit $? - ;; - restart|force-reload) - echo -n "Restarting PPP link: pppd" - if [ "$RUNFILE" = "1" ]; then - poff - sleep 5 - /etc/ppp/ppp_on_boot - else - poff provider - sleep 5 - pppd call provider - fi - echo "." - ;; - *) - echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}" - exit 1 - ;; -esac - -exit 0 diff --git a/meta/recipes-connectivity/ppp/ppp/ip-down b/meta/recipes-connectivity/ppp/ppp/ip-down deleted file mode 100755 index 06d35487a5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ip-down +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# -# $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $ -# -# This script is run by the pppd _after_ the link is brought down. -# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete -# routes, unset IP addresses etc. you should create script(s) there. -# -# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named -# after that package), so choose local script names with that in mind. -# -# This script is called with the following arguments: -# Arg Name Example -# $1 Interface name ppp0 -# $2 The tty ttyS1 -# $3 The link speed 38400 -# $4 Local IP number 12.34.56.78 -# $5 Peer IP number 12.34.56.99 -# $6 Optional ``ipparam'' value foo - -# The environment is cleared before executing this script -# so the path must be reset -PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin -export PATH -# These variables are for the use of the scripts run by run-parts -PPP_IFACE="$1" -PPP_TTY="$2" -PPP_SPEED="$3" -PPP_LOCAL="$4" -PPP_REMOTE="$5" -PPP_IPPARAM="$6" -export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM - -# as an additional convenience, $PPP_TTYNAME is set to the tty name, -# stripped of /dev/ (if present) for easier matching. -PPP_TTYNAME=`/usr/bin/basename "$2"` -export PPP_TTYNAME - -# Main Script starts here - -run-parts /etc/ppp/ip-down.d - -# last line diff --git a/meta/recipes-connectivity/ppp/ppp/ip-up b/meta/recipes-connectivity/ppp/ppp/ip-up deleted file mode 100755 index fc2fae9fe0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ip-up +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $ -# -# This script is run by the pppd after the link is established. -# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes, -# set IP address, run the mailq etc. you should create script(s) there. -# -# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named -# after that package), so choose local script names with that in mind. -# -# This script is called with the following arguments: -# Arg Name Example -# $1 Interface name ppp0 -# $2 The tty ttyS1 -# $3 The link speed 38400 -# $4 Local IP number 12.34.56.78 -# $5 Peer IP number 12.34.56.99 -# $6 Optional ``ipparam'' value foo - -# The environment is cleared before executing this script -# so the path must be reset -PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin -export PATH -# These variables are for the use of the scripts run by run-parts -PPP_IFACE="$1" -PPP_TTY="$2" -PPP_SPEED="$3" -PPP_LOCAL="$4" -PPP_REMOTE="$5" -PPP_IPPARAM="$6" -export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM - - -# as an additional convenience, $PPP_TTYNAME is set to the tty name, -# stripped of /dev/ (if present) for easier matching. -PPP_TTYNAME=`/usr/bin/basename "$2"` -export PPP_TTYNAME - -# Main Script starts here - -run-parts /etc/ppp/ip-up.d - -# last line diff --git a/meta/recipes-connectivity/ppp/ppp/pap b/meta/recipes-connectivity/ppp/ppp/pap deleted file mode 100644 index 093c32607a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pap +++ /dev/null @@ -1,22 +0,0 @@ -# You can use this script unmodified to connect to sites which allow -# authentication via PAP, CHAP and similar protocols. -# This script can be shared among different pppd peer configurations. -# To use it, add something like this to your /etc/ppp/peers/ file: -# -# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER" -# user YOUR-USERNAME-IN-PAP-SECRETS -# noauth - -# Uncomment the following line to see the connect speed. -# It will be logged to stderr or to the file specified with the -r chat option. -#REPORT CONNECT - -ABORT BUSY -ABORT VOICE -ABORT "NO CARRIER" -ABORT "NO DIALTONE" -ABORT "NO DIAL TONE" -"" ATZ -OK ATDT\T -CONNECT "" - diff --git a/meta/recipes-connectivity/ppp/ppp/poff b/meta/recipes-connectivity/ppp/ppp/poff deleted file mode 100644 index 0521a9406a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/poff +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -# Lets see how many pppds are running.... -set -- `cat /var/run/ppp*.pid 2>/dev/null` - -case $# in - 0) # pppd only creates a pid file once ppp is up, so let's try killing pppd - # on the assumption that we've not got that far yet. - killall pppd - ;; - 1) # If only one was running then it can be killed (apparently killall - # caused problems for some, so lets try killing the pid from the file) - kill $1 - ;; - *) # More than one! Aieehh.. Dont know which one to kill. - echo "More than one pppd running. None stopped" - exit 1 - ;; -esac - -if [ -r /var/run/ppp-quick ] -then - rm -f /var/run/ppp-quick -fi - -exit 0 diff --git a/meta/recipes-connectivity/ppp/ppp/pon b/meta/recipes-connectivity/ppp/ppp/pon deleted file mode 100644 index 91c059501a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pon +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -if [ "$1" = "quick" ] -then - touch /var/run/ppp-quick - shift -fi - -/usr/sbin/pppd call ${1:-provider} diff --git a/meta/recipes-connectivity/ppp/ppp/ppp@.service b/meta/recipes-connectivity/ppp/ppp/ppp@.service deleted file mode 100644 index 2bf0b5e347..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ppp@.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=PPP link to %I -Before=network.target - -[Service] -ExecStart=@SBINDIR@/pppd call %I nodetach nolog - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/meta/recipes-connectivity/ppp/ppp/ppp_on_boot deleted file mode 100644 index 9793761840..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot +++ /dev/null @@ -1,21 +0,0 @@ -###!/bin/sh -# -# Rename this file to ppp_on_boot and pppd will be fired up as -# soon as the system comes up, connecting to `provider'. -# -# If you also make this file executable, and replace the first line -# with just "#!/bin/sh", the commands below will be executed instead. -# - -# The location of the ppp daemon itself (shouldn't need to be changed) -PPPD=/usr/sbin/pppd - -# The default provider to connect to -$PPPD call provider - -# Additional connections, which would just use settings from -# /etc/ppp/options. -#$PPPD ttyS0 -#$PPPD ttyS1 -#$PPPD ttyS2 -#$PPPD ttyS3 diff --git a/meta/recipes-connectivity/ppp/ppp/provider b/meta/recipes-connectivity/ppp/ppp/provider deleted file mode 100644 index e74d71a8eb..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/provider +++ /dev/null @@ -1,35 +0,0 @@ -# example configuration for a dialup connection authenticated with PAP or CHAP -# -# This is the default configuration used by pon(1) and poff(1). -# See the manual page pppd(8) for information on all the options. - -# MUST CHANGE: replace myusername@realm with the PPP login name given to -# your by your provider. -# There should be a matching entry with the password in /etc/ppp/pap-secrets -# and/or /etc/ppp/chap-secrets. -user "myusername@realm" - -# MUST CHANGE: replace ******** with the phone number of your provider. -# The /etc/chatscripts/pap chat script may be modified to change the -# modem initialization string. -connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********" - -# Serial device to which the modem is connected. -/dev/modem - -# Speed of the serial line. -115200 - -# Assumes that your IP address is allocated dynamically by the ISP. -noipdefault -# Try to get the name server addresses from the ISP. -usepeerdns -# Use this connection as the default route. -defaultroute - -# Makes pppd "dial again" when the connection is lost. -persist - -# Do not ask the remote to authenticate. -noauth - diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb b/meta/recipes-connectivity/ppp/ppp_2.5.2.bb deleted file mode 100644 index 607678db8b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb +++ /dev/null @@ -1,81 +0,0 @@ -SUMMARY = "Point-to-Point Protocol (PPP) support" -DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ -the Point-to-Point Protocol (PPP) on Linux and Solaris systems." -SECTION = "console/network" -HOMEPAGE = "http://samba.org/ppp/" -BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" -DEPENDS = "libpcap virtual/crypt" -LICENSE = "BSD-2-Clause & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD & MIT" -LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=25;md5=f0463bd67ae70535c709fca554089bd8 \ - file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ - file://chat/chat.c;beginline=1;endline=1;md5=234d7d4edd08962c0144e4604050e0b6 \ - " - -SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ - file://pon \ - file://poff \ - file://init \ - file://ip-up \ - file://ip-down \ - file://08setupdns \ - file://92removedns \ - file://pap \ - file://ppp_on_boot \ - file://provider \ - file://ppp@.service \ - file://0001-pppdump-Fixed-building-with-GCC-15-548.patch \ - file://0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch \ - file://0001-pppd-session-Fixed-building-with-GCC-15.patch \ - " - -SRC_URI[sha256sum] = "47da358de54a10cb10bf6ff2cf9b1c03c0d3555518f6182e8f701b8e55733cb2" - -inherit autotools pkgconfig systemd - -PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" -PACKAGECONFIG[pam] = "--with-pam=yes,--with-pam=no,libpam" -PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl" -PACKAGECONFIG[multilink] = "--enable-multilink,--disable-multilink" - -do_install:append () { - mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d - mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ - mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ - install -m 0755 ${UNPACKDIR}/pon ${D}${bindir}/pon - install -m 0755 ${UNPACKDIR}/poff ${D}${bindir}/poff - install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/ppp - install -m 0755 ${UNPACKDIR}/ip-up ${D}${sysconfdir}/ppp/ - install -m 0755 ${UNPACKDIR}/ip-down ${D}${sysconfdir}/ppp/ - install -m 0755 ${UNPACKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ - install -m 0755 ${UNPACKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ - mkdir -p ${D}${sysconfdir}/chatscripts - mkdir -p ${D}${sysconfdir}/ppp/peers - install -m 0755 ${UNPACKDIR}/pap ${D}${sysconfdir}/chatscripts - install -m 0755 ${UNPACKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot - install -m 0755 ${UNPACKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${UNPACKDIR}/ppp@.service ${D}${systemd_system_unitdir} - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_system_unitdir}/ppp@.service -} - -CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" -PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" -FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" -FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" -FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" -FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" -FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" -FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" -FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" -FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" -FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" -SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" -SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" -SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" -SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" -SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" -SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" -SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" -SUMMARY:${PN}-tools = "Additional tools for the PPP package" - diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch deleted file mode 100644 index ab32f26754..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Thu, 17 Nov 2022 17:26:30 +0800 -Subject: [PATCH] avoid using -m option for readlink - -Use a more widely used option '-f' instead of '-m' here to -avoid dependency on coreutils. - -Looking at the git history of the resolvconf repo, the '-m' -is deliberately used. And it wants to depend on coreutils. -But in case of OE, the existence of /etc is ensured, and busybox -readlink provides '-f' option, so we can just use '-f'. In this -way, the coreutils dependency is not necessary any more. - -Upstream-Status: Inappropriate [OE Specific] - -Signed-off-by: Chen Qi ---- - etc/resolvconf/update.d/libc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc -index 1c4f6bc..f75d22c 100755 ---- a/etc/resolvconf/update.d/libc -+++ b/etc/resolvconf/update.d/libc -@@ -57,7 +57,7 @@ fi - report_warning() { echo "$0: Warning: $*" >&2 ; } - - resolv_conf_is_symlinked_to_dynamic_file() { -- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] -+ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] - } - - if ! resolv_conf_is_symlinked_to_dynamic_file ; then --- -2.17.1 - diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf deleted file mode 100644 index 3790d774a7..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf +++ /dev/null @@ -1,4 +0,0 @@ -d root root 0755 /var/run/resolvconf/interface none -f root root 0644 /etc/resolvconf/run/resolv.conf none -f root root 0644 /etc/resolvconf/run/enable-updates none -l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb deleted file mode 100644 index c10c57267a..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb +++ /dev/null @@ -1,65 +0,0 @@ -SUMMARY = "name server information handler" -DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \ -information about currently available nameservers. It sets \ -itself up as the intermediary between programs that supply \ -nameserver information and programs that need nameserver \ -information." -SECTION = "console/network" -LICENSE = "GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" -HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS:${PN} = "bash sed util-linux-flock" - -SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ - file://99_resolvconf \ - file://0001-avoid-using-m-option-for-readlink.patch \ - " - -SRCREV = "ab766fa31f7939f6d879123236b4275320b7ff64" - -# the package is taken from snapshots.debian.org; that source is static and goes stale -# so we check the latest upstream from a directory that does get updated -UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" - -do_compile () { - : -} - -do_install () { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${UNPACKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/${BPN}/interface - - - -" \ - > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf - fi - install -d ${D}${base_libdir}/${BPN} - install -d ${D}${sysconfdir}/${BPN} - install -d ${D}${nonarch_base_libdir}/${BPN} - ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run - install -d ${D}${sysconfdir} ${D}${base_sbindir} - install -d ${D}${mandir}/man8 ${D}${docdir}/${P} - cp -pPR etc/resolvconf ${D}${sysconfdir}/ - chown -R root:root ${D}${sysconfdir}/ - install -m 0755 bin/resolvconf ${D}${base_sbindir}/ - install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} - install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} - install -d ${D}/${sysconfdir}/network/if-up.d - install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf - install -d ${D}/${sysconfdir}/network/if-down.d - install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf - install -m 0644 README ${D}${docdir}/${P}/ - install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ -} - -pkg_postinst:${PN} () { - if [ -z "$D" ]; then - if command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - fi -} - -FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" diff --git a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb b/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb deleted file mode 100644 index 9f7005d709..0000000000 --- a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb +++ /dev/null @@ -1,14 +0,0 @@ -SUMMARY = "A general purpose TCP-IP emulator" -DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services." -HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp" -LICENSE = "BSD-3-Clause & MIT" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727" - -SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master" -SRCREV = "9c744e1e52aa0d9646ed91d789d588696292c21e" - -DEPENDS = "glib-2.0" - -inherit meson pkgconfig - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch deleted file mode 100644 index ea00dfa0a9..0000000000 --- a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c4c3d5f2d4dfe8167205e8d20b4cb7a197706c16 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Wed, 27 Nov 2024 04:09:59 -0800 -Subject: [PATCH] fix compile procan.c failed - -1. Compile socat failed if out of tree build (build dir != source dir) -... -gcc -c -D CC="gcc" -o procan.o procan.c -cc1: fatal error: procan.c: No such file or directory -... -Explicitly add $srcdir to makefile rule - -2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" -... -from ../socat-1.8.0.0/procan.c:10: -../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory - 18 | #include /* uint16_t */ -... - -In commit [Procan: print umask, CC, and couple more new infos][1], -it defeines marcro CC in C source, the space in CC will break -C source compile. Use first word of $(CC) to defeine marco CC - -[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 - -Upstream-Status: Submitted [socat@dest-unreach.org] - -Rebase to 1.8.0.1 -Signed-off-by: Hongxu Jia ---- - Makefile.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 631d31d..103d4d1 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -110,7 +110,7 @@ socat: socat.o libxio.a - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) - - procan.o: $(srcdir)/procan.c -- $(CC) $(CFLAGS) -c -D CC="\"$(CC)\"" -o $@ $(srcdir)/procan.c -+ $(CC) $(CFLAGS) -c -D CC="\"$(firstword $(CC))\"" -o $@ $(srcdir)/procan.c - - PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o - procan: $(PROCAN_OBJS) -@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 - mkdir -p $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 - ln -sf socat1 $(DESTDIR)$(BINDEST)/socat -- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) -- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) -- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) -+ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) -+ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) -+ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) - mkdir -p $(DESTDIR)$(MANDEST)/man1 --- -2.25.1 - diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb deleted file mode 100644 index ee6ca1fe44..0000000000 --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "Multipurpose relay for bidirectional data transfer" -DESCRIPTION = "Socat is a relay for bidirectional data \ -transfer between two independent data channels." -HOMEPAGE = "http://www.dest-unreach.org/socat/" - -SECTION = "console/network" - -LICENSE = "GPL-2.0-with-OpenSSL-exception" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" - -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ - file://0001-fix-compile-procan.c-failed.patch \ -" - -SRC_URI[sha256sum] = "01eb017361d95bb3a6941e840b59e4463a3fabf92df4154ed02b16a2ed6a0095" - -inherit autotools - -EXTRA_AUTORECONF += "--exclude=autoheader" - -EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ - ac_cv_header_bsd_libutil_h=no \ - sc_cv_termios_ispeed=no \ - ${TERMBITS_SHIFTS} \ -" - -TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ - sc_cv_sys_tabdly_shift=11 \ - sc_cv_sys_csize_shift=4" - -TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ - sc_cv_sys_tabdly_shift=10 \ - sc_cv_sys_csize_shift=8" - -TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ - sc_cv_sys_tabdly_shift=10 \ - sc_cv_sys_csize_shift=8" - -PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" -PACKAGECONFIG ??= "readline openssl" -PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" -PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" -PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" - -CFLAGS += "-fcommon" - -do_install:prepend () { - mkdir -p ${D}${bindir} - install -d ${D}${bindir} ${D}${mandir}/man1 -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key deleted file mode 100644 index 30443c9438..0000000000 Binary files a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key and /dev/null differ diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key deleted file mode 100644 index 86c2104ec8..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS -1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF -rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN -uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30 -07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E -cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw -cwECAw== ------END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub deleted file mode 100644 index a358aeb88a..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key deleted file mode 100644 index 00ed9adae2..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV -dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw -AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K -awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM= ------END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub deleted file mode 100644 index cc0e2f43ed..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key deleted file mode 100644 index a8e4406ba3..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn -NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC -i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8 -KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL -EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z -PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz -kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y -59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq -tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2 -EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO -7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf -X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E -nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L -NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM -HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL -NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY -9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U -mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb -N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK -m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+ -ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/ -SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk -b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot -JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA -wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0 -jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM -lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD -8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52 -p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt -cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV -p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J -BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx -WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP -2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49 -tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F -9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ== ------END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub deleted file mode 100644 index 9eb8c3838f..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb deleted file mode 100644 index 57b0534929..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests" - -SRC_URI = "file://dropbear_rsa_host_key \ - file://openssh" - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" - -S = "${UNPACKDIR}" - -INHIBIT_DEFAULT_DEPS = "1" - -COMPATIBLE_MACHINE = "^qemu.*$" - -do_install () { - install -d ${D}${sysconfdir}/dropbear - install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ - - install -d ${D}${sysconfdir}/ssh - install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/ - chmod 0600 ${D}${sysconfdir}/ssh/* - chmod 0644 ${D}${sysconfdir}/ssh/*.pub -} diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch deleted file mode 100644 index f9634e47c9..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 809d9d8172db8e2a08ff639875f838b5b86d2641 Mon Sep 17 00:00:00 2001 -From: Sergey Matyukevich -Date: Thu, 22 Aug 2024 00:03:41 +0300 -Subject: [PATCH] macsec_linux: Hardware offload requires Linux headers >= v5.7 - -Hardware offload in Linux macsec driver is enabled in compile time if -libnl version is >= v3.6. This is not sufficient for successful build -since enum 'macsec_offload' has been added to Linux header if_link.h -in kernels v5.6 and v5.7, see commits: -- https://github.com/torvalds/linux/commit/21114b7feec29e4425a3ac48a037569c016a46c8 -- https://github.com/torvalds/linux/commit/76564261a7db80c5f5c624e0122a28787f266bdf - -New libnl with older Linux headers is a valid combination. This is how -hostapd build failure has been detected by Buildroot autobuilder, see: -- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/ - -Extend compile time condition for the enablement of the macsec hardware -offload adding Linux headers version check. - -Fixes: 40c139664439 ("macsec_linux: Add support for MACsec hardware offload") -Signed-off-by: Sergey Matyukevich - -Upstream-Status: Backport [https://w1.fi/cgit/hostap/patch/?id=809d9d8172db8e2a08ff639875f838b5b86d2641] -Signed-off-by: Jon Mason ---- - src/drivers/driver_macsec_linux.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c -index c867154981e9..fad47a292f9f 100644 ---- a/src/drivers/driver_macsec_linux.c -+++ b/src/drivers/driver_macsec_linux.c -@@ -19,6 +19,7 @@ - #include - #include - #include -+#include - #include - - #include "utils/common.h" -@@ -32,7 +33,8 @@ - - #define UNUSED_SCI 0xffffffffffffffff - --#if LIBNL_VER_NUM >= LIBNL_VER(3, 6) -+#if (LIBNL_VER_NUM >= LIBNL_VER(3, 6) && \ -+ LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - #define LIBNL_HAS_OFFLOAD - #endif - --- -2.39.2 - diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant deleted file mode 100644 index 6ff4dd8826..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant +++ /dev/null @@ -1 +0,0 @@ -d root root 0700 /var/run/wpa_supplicant none diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch deleted file mode 100644 index 36660b5880..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 726432d7622cc0088ac353d073b59628b590ea44 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sat, 25 Jan 2025 11:21:16 +0200 -Subject: [PATCH] RADIUS: Drop pending request only when accepting the response - -The case of an invalid authenticator in a RADIUS response could imply -that the response is not from the correct RADIUS server and as such, -such a response should be discarded without changing internal state for -the pending request. The case of an unknown response (RADIUS_RX_UNKNOWN) -is somewhat more complex since it could have been indicated before -validating the authenticator. In any case, it seems better to change the -state for the pending request only when we have fully accepted the -response. - -Allowing the internal state of pending RADIUS request to change based on -responses that are not fully validation could have allow at least a -theoretical DoS attack if an attacker were to have means for injecting -RADIUS messages to the network using the IP address of the real RADIUS -server and being able to do so more quickly than the real server and -with the matching identifier from the request header (i.e., either by -flooding 256 responses quickly or by having means to capture the RADIUS -request). These should not really be realistic options in a properly -protected deployment, but nevertheless it is good to be more careful in -processing RADIUS responses. - -Remove a pending RADIUS request from the internal list only when having -fully accepted a matching RADIUS response, i.e., after one of the -registered handlers has confirmed that the authenticator is valid and -processing of the response has succeeded. - -Signed-off-by: Jouni Malinen - -CVE: CVE-2025-24912 -Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44] -Signed-off-by: Peter Marko ---- - src/radius/radius_client.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c -index 2a7f36170..7909b29a7 100644 ---- a/src/radius/radius_client.c -+++ b/src/radius/radius_client.c -@@ -1259,13 +1259,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - roundtrip / 100, roundtrip % 100); - rconf->round_trip_time = roundtrip; - -- /* Remove ACKed RADIUS packet from retransmit list */ -- if (prev_req) -- prev_req->next = req->next; -- else -- radius->msgs = req->next; -- radius->num_msgs--; -- - for (i = 0; i < num_handlers; i++) { - RadiusRxResult res; - res = handlers[i].handler(msg, req->msg, req->shared_secret, -@@ -1276,6 +1269,13 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - radius_msg_free(msg); - /* fall through */ - case RADIUS_RX_QUEUED: -+ /* Remove ACKed RADIUS packet from retransmit list */ -+ if (prev_req) -+ prev_req->next = req->next; -+ else -+ radius->msgs = req->next; -+ radius->num_msgs--; -+ - radius_client_msg_free(req); - return; - case RADIUS_RX_INVALID_AUTHENTICATOR: -@@ -1297,7 +1297,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - msg_type, hdr->code, hdr->identifier, - invalid_authenticator ? " [INVALID AUTHENTICATOR]" : - ""); -- radius_client_msg_free(req); - - fail: - radius_msg_free(msg); diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch deleted file mode 100644 index add2e47048..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 339a334551ca911187cc870f4f97ef08e11db109 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 5 Feb 2025 19:23:39 +0200 -Subject: [PATCH] RADIUS: Fix pending request dropping - -A recent change to this moved the place where the processed RADIUS -request was removed from the pending list to happen after the message -handler had been called. This did not take into account possibility of -the handler adding a new pending request in the list and the prev_req -pointer not necessarily pointing to the correct entry anymore. As such, -some of the pending requests could have been lost and that would result -in not being able to process responses to those requests and also, to a -memory leak. - -Fix this by determining prev_req at the point when the pending request -is being removed, i.e., after the handler function has already added a -new entry. - -Fixes: 726432d7622c ("RADIUS: Drop pending request only when accepting the response") -Signed-off-by: Jouni Malinen - -CVE: CVE-2025-24912 -Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109] -Signed-off-by: Peter Marko ---- - src/radius/radius_client.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c -index 7909b29a7..d4faa7936 100644 ---- a/src/radius/radius_client.c -+++ b/src/radius/radius_client.c -@@ -1099,7 +1099,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - struct radius_hdr *hdr; - struct radius_rx_handler *handlers; - size_t num_handlers, i; -- struct radius_msg_list *req, *prev_req; -+ struct radius_msg_list *req, *prev_req, *r; - struct os_reltime now; - struct hostapd_radius_server *rconf; - int invalid_authenticator = 0; -@@ -1224,7 +1224,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - break; - } - -- prev_req = NULL; - req = radius->msgs; - while (req) { - /* TODO: also match by src addr:port of the packet when using -@@ -1236,7 +1235,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - hdr->identifier) - break; - -- prev_req = req; - req = req->next; - } - -@@ -1270,6 +1268,12 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) - /* fall through */ - case RADIUS_RX_QUEUED: - /* Remove ACKed RADIUS packet from retransmit list */ -+ prev_req = NULL; -+ for (r = radius->msgs; r; r = r->next) { -+ if (r == req) -+ break; -+ prev_req = r; -+ } - if (prev_req) - prev_req->next = req->next; - else diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh deleted file mode 100644 index 35a1aa639e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh - - -WPA_SUP_BIN="/usr/sbin/wpa_supplicant" -WPA_SUP_PNAME="wpa_supplicant" -WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid" -WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant" -WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE" - -VERBOSITY=0 - - -if [ -s "$IF_WPA_CONF" ]; then - WPA_SUP_CONF="-c $IF_WPA_CONF" -else - exit 0 -fi - -if [ ! -x "$WPA_SUP_BIN" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN" - fi - - exit 1 -fi - -if [ "$MODE" = "start" ] ; then - # driver type of interface, defaults to wext when undefined - if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then - IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE") - elif [ -z "$IF_WPA_DRIVER" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\"" - fi - - IF_WPA_DRIVER="wext" - fi - - # if we have passed the criteria, start wpa_supplicant - if [ -n "$WPA_SUP_CONF" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER" - fi - - start-stop-daemon --start --quiet \ - --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \ - -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER - fi - - # if the interface socket exists, then wpa_supplicant was invoked successfully - if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE" - fi - - exit 0 - - fi - -elif [ "$MODE" = "stop" ]; then - - if [ -f "$WPA_SUP_PIDFILE" ]; then - - if [ "$VERBOSITY" = "1" ]; then - echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon" - fi - - start-stop-daemon --stop --quiet \ - --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE - - if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then - rm -f $WPA_COMMON_CTRL_IFACE/$IFACE - fi - - if [ -f "$WPA_SUP_PIDFILE" ]; then - rm -f $WPA_SUP_PIDFILE - fi - fi - -fi - -exit 0 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf deleted file mode 100644 index 68258f5ee2..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf +++ /dev/null @@ -1,690 +0,0 @@ -##### Example wpa_supplicant configuration file ############################### -# -# This file describes configuration file format and lists all available option. -# Please also take a look at simpler configuration examples in 'examples' -# subdirectory. -# -# Empty lines and lines starting with # are ignored - -# NOTE! This file may contain password information and should probably be made -# readable only by root user on multiuser systems. - -# Note: All file paths in this configuration file should use full (absolute, -# not relative to working directory) path in order to allow working directory -# to be changed. This can happen if wpa_supplicant is run in the background. - -# Whether to allow wpa_supplicant to update (overwrite) configuration -# -# This option can be used to allow wpa_supplicant to overwrite configuration -# file whenever configuration is changed (e.g., new network block is added with -# wpa_cli or wpa_gui, or a password is changed). This is required for -# wpa_cli/wpa_gui to be able to store the configuration changes permanently. -# Please note that overwriting configuration file will remove the comments from -# it. -#update_config=1 - -# global configuration (shared by all network blocks) -# -# Parameters for the control interface. If this is specified, wpa_supplicant -# will open a control interface that is available for external programs to -# manage wpa_supplicant. The meaning of this string depends on which control -# interface mechanism is used. For all cases, the existence of this parameter -# in configuration is used to determine whether the control interface is -# enabled. -# -# For UNIX domain sockets (default on Linux and BSD): This is a directory that -# will be created for UNIX domain sockets for listening to requests from -# external programs (CLI/GUI, etc.) for status information and configuration. -# The socket file will be named based on the interface name, so multiple -# wpa_supplicant processes can be run at the same time if more than one -# interface is used. -# /var/run/wpa_supplicant is the recommended directory for sockets and by -# default, wpa_cli will use it when trying to connect with wpa_supplicant. -# -# Access control for the control interface can be configured by setting the -# directory to allow only members of a group to use sockets. This way, it is -# possible to run wpa_supplicant as root (since it needs to change network -# configuration and open raw sockets) and still allow GUI/CLI components to be -# run as non-root users. However, since the control interface can be used to -# change the network configuration, this access needs to be protected in many -# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you -# want to allow non-root users to use the control interface, add a new group -# and change this value to match with that group. Add users that should have -# control interface access to this group. If this variable is commented out or -# not included in the configuration file, group will not be changed from the -# value it got by default when the directory or socket was created. -# -# When configuring both the directory and group, use following format: -# DIR=/var/run/wpa_supplicant GROUP=wheel -# DIR=/var/run/wpa_supplicant GROUP=0 -# (group can be either group name or gid) -# -# For UDP connections (default on Windows): The value will be ignored. This -# variable is just used to select that the control interface is to be created. -# The value can be set to, e.g., udp (ctrl_interface=udp) -# -# For Windows Named Pipe: This value can be used to set the security descriptor -# for controlling access to the control interface. Security descriptor can be -# set using Security Descriptor String Format (see http://msdn.microsoft.com/ -# library/default.asp?url=/library/en-us/secauthz/security/ -# security_descriptor_string_format.asp). The descriptor string needs to be -# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty -# DACL (which will reject all connections). See README-Windows.txt for more -# information about SDDL string format. -# -ctrl_interface=/var/run/wpa_supplicant - -# IEEE 802.1X/EAPOL version -# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines -# EAPOL version 2. However, there are many APs that do not handle the new -# version number correctly (they seem to drop the frames completely). In order -# to make wpa_supplicant interoperate with these APs, the version number is set -# to 1 by default. This configuration value can be used to set it to the new -# version (2). -eapol_version=1 - -# AP scanning/selection -# By default, wpa_supplicant requests driver to perform AP scanning and then -# uses the scan results to select a suitable AP. Another alternative is to -# allow the driver to take care of AP scanning and selection and use -# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association -# information from the driver. -# 1: wpa_supplicant initiates scanning and AP selection -# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association -# parameters (e.g., WPA IE generation); this mode can also be used with -# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with -# APs (i.e., external program needs to control association). This mode must -# also be used when using wired Ethernet drivers. -# 2: like 0, but associate with APs using security policy and SSID (but not -# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to -# enable operation with hidden SSIDs and optimized roaming; in this mode, -# the network blocks in the configuration file are tried one by one until -# the driver reports successful association; each network block should have -# explicit security policy (i.e., only one option in the lists) for -# key_mgmt, pairwise, group, proto variables -ap_scan=1 - -# EAP fast re-authentication -# By default, fast re-authentication is enabled for all EAP methods that -# support it. This variable can be used to disable fast re-authentication. -# Normally, there is no need to disable this. -fast_reauth=1 - -# OpenSSL Engine support -# These options can be used to load OpenSSL engines. -# The two engines that are supported currently are shown below: -# They are both from the opensc project (http://www.opensc.org/) -# By default no engines are loaded. -# make the opensc engine available -#opensc_engine_path=/usr/lib/opensc/engine_opensc.so -# make the pkcs11 engine available -#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so -# configure the path to the pkcs11 module required by the pkcs11 engine -#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so - -# Dynamic EAP methods -# If EAP methods were built dynamically as shared object files, they need to be -# loaded here before being used in the network blocks. By default, EAP methods -# are included statically in the build, so these lines are not needed -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so - -# Driver interface parameters -# This field can be used to configure arbitrary driver interace parameters. The -# format is specific to the selected driver interface. This field is not used -# in most cases. -#driver_param="field=value" - -# Maximum lifetime for PMKSA in seconds; default 43200 -#dot11RSNAConfigPMKLifetime=43200 -# Threshold for reauthentication (percentage of PMK lifetime); default 70 -#dot11RSNAConfigPMKReauthThreshold=70 -# Timeout for security association negotiation in seconds; default 60 -#dot11RSNAConfigSATimeout=60 - -# network block -# -# Each network (usually AP's sharing the same SSID) is configured as a separate -# block in this configuration file. The network blocks are in preference order -# (the first match is used). -# -# network block fields: -# -# disabled: -# 0 = this network can be used (default) -# 1 = this network block is disabled (can be enabled through ctrl_iface, -# e.g., with wpa_cli or wpa_gui) -# -# id_str: Network identifier string for external scripts. This value is passed -# to external action script through wpa_cli as WPA_ID_STR environment -# variable to make it easier to do network specific configuration. -# -# ssid: SSID (mandatory); either as an ASCII string with double quotation or -# as hex string; network name -# -# scan_ssid: -# 0 = do not scan this SSID with specific Probe Request frames (default) -# 1 = scan with SSID-specific Probe Request frames (this can be used to -# find APs that do not accept broadcast SSID or use multiple SSIDs; -# this will add latency to scanning, so enable this only when needed) -# -# bssid: BSSID (optional); if set, this network block is used only when -# associating with the AP using the configured BSSID -# -# priority: priority group (integer) -# By default, all networks will get same priority group (0). If some of the -# networks are more desirable, this field can be used to change the order in -# which wpa_supplicant goes through the networks when selecting a BSS. The -# priority groups will be iterated in decreasing priority (i.e., the larger the -# priority value, the sooner the network is matched against the scan results). -# Within each priority group, networks will be selected based on security -# policy, signal strength, etc. -# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not -# using this priority to select the order for scanning. Instead, they try the -# networks in the order that used in the configuration file. -# -# mode: IEEE 802.11 operation mode -# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) -# 1 = IBSS (ad-hoc, peer-to-peer) -# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) -# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has -# to be set to 2 for IBSS. WPA-None requires following network block options: -# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not -# both), and psk must also be set. -# -# proto: list of accepted protocols -# WPA = WPA/IEEE 802.11i/D3.0 -# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) -# If not set, this defaults to: WPA RSN -# -# key_mgmt: list of accepted authenticated key management protocols -# WPA-PSK = WPA pre-shared key (this requires 'psk' field) -# WPA-EAP = WPA using EAP authentication (this can use an external -# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication -# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically -# generated WEP keys -# NONE = WPA is not used; plaintext or static WEP could be used -# If not set, this defaults to: WPA-PSK WPA-EAP -# -# auth_alg: list of allowed IEEE 802.11 authentication algorithms -# OPEN = Open System authentication (required for WPA/WPA2) -# SHARED = Shared Key authentication (requires static WEP keys) -# LEAP = LEAP/Network EAP (only used with LEAP) -# If not set, automatic selection is used (Open System with LEAP enabled if -# LEAP is allowed as one of the EAP methods). -# -# pairwise: list of accepted pairwise (unicast) ciphers for WPA -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] -# NONE = Use only Group Keys (deprecated, should not be included if APs support -# pairwise keys) -# If not set, this defaults to: CCMP TKIP -# -# group: list of accepted group (broadcast/multicast) ciphers for WPA -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] -# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key -# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] -# If not set, this defaults to: CCMP TKIP WEP104 WEP40 -# -# psk: WPA preshared key; 256-bit pre-shared key -# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., -# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be -# generated using the passphrase and SSID). ASCII passphrase must be between -# 8 and 63 characters (inclusive). -# This field is not needed, if WPA-EAP is used. -# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys -# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant -# startup and reconfiguration time can be optimized by generating the PSK only -# only when the passphrase or SSID has actually changed. -# -# eapol_flags: IEEE 802.1X/EAPOL options (bit field) -# Dynamic WEP key required for non-WPA mode -# bit0 (1): require dynamically generated unicast WEP key -# bit1 (2): require dynamically generated broadcast WEP key -# (3 = require both keys; default) -# Note: When using wired authentication, eapol_flags must be set to 0 for the -# authentication to be completed successfully. -# -# proactive_key_caching: -# Enable/disable opportunistic PMKSA caching for WPA2. -# 0 = disabled (default) -# 1 = enabled -# -# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or -# hex without quotation, e.g., 0102030405) -# wep_tx_keyidx: Default WEP key index (TX) (0..3) -# -# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is -# allowed. This is only used with RSN/WPA2. -# 0 = disabled (default) -# 1 = enabled -#peerkey=1 -# -# Following fields are only used with internal EAP implementation. -# eap: space-separated list of accepted EAP methods -# MD5 = EAP-MD5 (unsecure and does not generate keying material -> -# cannot be used with WPA; to be used as a Phase 2 method -# with EAP-PEAP or EAP-TTLS) -# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# OTP = EAP-OTP (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# GTC = EAP-GTC (cannot be used separately with WPA; to be used -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) -# TLS = EAP-TLS (client and server certificate) -# PEAP = EAP-PEAP (with tunnelled EAP authentication) -# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 -# authentication) -# If not set, all compiled in methods are allowed. -# -# identity: Identity string for EAP -# anonymous_identity: Anonymous identity string for EAP (to be used as the -# unencrypted identity with EAP types that support different tunnelled -# identity, e.g., EAP-TTLS) -# password: Password string for EAP -# ca_cert: File path to CA certificate file (PEM/DER). This file can have one -# or more trusted CA certificates. If ca_cert and ca_path are not -# included, server certificate will not be verified. This is insecure and -# a trusted CA certificate should always be configured when using -# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may -# change when wpa_supplicant is run in the background. -# On Windows, trusted CA certificates can be loaded from the system -# certificate store by setting this to cert_store://, e.g., -# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". -# Note that when running wpa_supplicant as an application, the user -# certificate store (My user account) is used, whereas computer store -# (Computer account) is used when running wpasvc as a service. -# ca_path: Directory path for CA certificate files (PEM). This path may -# contain multiple CA certificates in OpenSSL format. Common use for this -# is to point to system trusted CA list which is often installed into -# directory like /etc/ssl/certs. If configured, these certificates are -# added to the list of trusted CAs. ca_cert may also be included in that -# case, but it is not required. -# client_cert: File path to client certificate file (PEM/DER) -# Full path should be used since working directory may change when -# wpa_supplicant is run in the background. -# Alternatively, a named configuration blob can be used by setting this -# to blob://. -# private_key: File path to client private key file (PEM/DER/PFX) -# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be -# commented out. Both the private key and certificate will be read from -# the PKCS#12 file in this case. Full path should be used since working -# directory may change when wpa_supplicant is run in the background. -# Windows certificate store can be used by leaving client_cert out and -# configuring private_key in one of the following formats: -# cert://substring_to_match -# hash://certificate_thumbprint_in_hex -# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4" -# Note that when running wpa_supplicant as an application, the user -# certificate store (My user account) is used, whereas computer store -# (Computer account) is used when running wpasvc as a service. -# Alternatively, a named configuration blob can be used by setting this -# to blob://. -# private_key_passwd: Password for private key file (if left out, this will be -# asked through control interface) -# dh_file: File path to DH/DSA parameters file (in PEM format) -# This is an optional configuration file for setting parameters for an -# ephemeral DH key exchange. In most cases, the default RSA -# authentication does not use this configuration. However, it is possible -# setup RSA to use ephemeral DH key exchange. In addition, ciphers with -# DSA keys always use ephemeral DH keys. This can be used to achieve -# forward secrecy. If the file is in DSA parameters format, it will be -# automatically converted into DH params. -# subject_match: Substring to be matched against the subject of the -# authentication server certificate. If this string is set, the server -# sertificate is only accepted if it contains this string in the subject. -# The subject string is in following format: -# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com -# altsubject_match: Semicolon separated string of entries to be matched against -# the alternative subject name of the authentication server certificate. -# If this string is set, the server sertificate is only accepted if it -# contains one of the entries in an alternative subject name extension. -# altSubjectName string is in following format: TYPE:VALUE -# Example: EMAIL:server@example.com -# Example: DNS:server.example.com;DNS:server2.example.com -# Following types are supported: EMAIL, DNS, URI -# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters -# (string with field-value pairs, e.g., "peapver=0" or -# "peapver=1 peaplabel=1") -# 'peapver' can be used to force which PEAP version (0 or 1) is used. -# 'peaplabel=1' can be used to force new label, "client PEAP encryption", -# to be used during key derivation when PEAPv1 or newer. Most existing -# PEAPv1 implementation seem to be using the old label, "client EAP -# encryption", and wpa_supplicant is now using that as the default value. -# Some servers, e.g., Radiator, may require peaplabel=1 configuration to -# interoperate with PEAPv1; see eap_testing.txt for more details. -# 'peap_outer_success=0' can be used to terminate PEAP authentication on -# tunneled EAP-Success. This is required with some RADIUS servers that -# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., -# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode) -# include_tls_length=1 can be used to force wpa_supplicant to include -# TLS Message Length field in all TLS messages even if they are not -# fragmented. -# sim_min_num_chal=3 can be used to configure EAP-SIM to require three -# challenges (by default, it accepts 2 or 3) -# phase2: Phase2 (inner authentication with TLS tunnel) parameters -# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or -# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS) -# Following certificate/private key fields are used in inner Phase2 -# authentication when using EAP-TTLS or EAP-PEAP. -# ca_cert2: File path to CA certificate file. This file can have one or more -# trusted CA certificates. If ca_cert2 and ca_path2 are not included, -# server certificate will not be verified. This is insecure and a trusted -# CA certificate should always be configured. -# ca_path2: Directory path for CA certificate files (PEM) -# client_cert2: File path to client certificate file -# private_key2: File path to client private key file -# private_key2_passwd: Password for private key file -# dh_file2: File path to DH/DSA parameters file (in PEM format) -# subject_match2: Substring to be matched against the subject of the -# authentication server certificate. -# altsubject_match2: Substring to be matched against the alternative subject -# name of the authentication server certificate. -# -# fragment_size: Maximum EAP fragment size in bytes (default 1398). -# This value limits the fragment size for EAP methods that support -# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set -# small enough to make the EAP messages fit in MTU of the network -# interface used for EAPOL. The default value is suitable for most -# cases. -# -# EAP-PSK variables: -# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format -# nai: user NAI -# -# EAP-PAX variables: -# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format -# -# EAP-SAKE variables: -# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format -# (this is concatenation of Root-Secret-A and Root-Secret-B) -# nai: user NAI (PEERID) -# -# EAP-GPSK variables: -# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits) -# nai: user NAI (ID_Client) -# -# EAP-FAST variables: -# pac_file: File path for the PAC entries. wpa_supplicant will need to be able -# to create this file and write updates to it when PAC is being -# provisioned or refreshed. Full path to the file should be used since -# working directory may change when wpa_supplicant is run in the -# background. Alternatively, a named configuration blob can be used by -# setting this to blob:// -# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST -# credentials (PAC) -# -# wpa_supplicant supports number of "EAP workarounds" to work around -# interoperability issues with incorrectly behaving authentication servers. -# These are enabled by default because some of the issues are present in large -# number of authentication servers. Strict EAP conformance mode can be -# configured by disabling workarounds with eap_workaround=0. - -# Example blocks: - -# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers -network={ - ssid="simple" - psk="very secret passphrase" - priority=5 -} - -# Same as previous, but request SSID-specific scanning (for APs that reject -# broadcast SSID) -network={ - ssid="second ssid" - scan_ssid=1 - psk="very secret passphrase" - priority=2 -} - -# Only WPA-PSK is used. Any valid cipher combination is accepted. -network={ - ssid="example" - proto=WPA - key_mgmt=WPA-PSK - pairwise=CCMP TKIP - group=CCMP TKIP WEP104 WEP40 - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb - priority=2 -} - -# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 -# or WEP40 as the group cipher will not be accepted. -network={ - ssid="example" - proto=RSN - key_mgmt=WPA-EAP - pairwise=CCMP TKIP - group=CCMP TKIP - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - priority=1 -} - -# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel -# (e.g., Radiator) -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=PEAP - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase1="peaplabel=1" - phase2="auth=MSCHAPV2" - priority=10 -} - -# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the -# unencrypted use. Real identity is sent only within an encrypted TLS tunnel. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - priority=2 -} - -# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted -# use. Real identity is sent only within an encrypted TLS tunnel. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase2="auth=MSCHAPV2" -} - -# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner -# authentication. -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - # Phase1 / outer authentication - anonymous_identity="anonymous@example.com" - ca_cert="/etc/cert/ca.pem" - # Phase 2 / inner authentication - phase2="autheap=TLS" - ca_cert2="/etc/cert/ca2.pem" - client_cert2="/etc/cer/user.pem" - private_key2="/etc/cer/user.prv" - private_key2_passwd="password" - priority=2 -} - -# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and -# group cipher. -network={ - ssid="example" - bssid=00:11:22:33:44:55 - proto=WPA RSN - key_mgmt=WPA-PSK WPA-EAP - pairwise=CCMP - group=CCMP - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb -} - -# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP -# and all valid ciphers. -network={ - ssid=00010203 - psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f -} - - -# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using -# EAP-TLS for authentication and key generation; require both unicast and -# broadcast WEP keys. -network={ - ssid="1x-test" - key_mgmt=IEEE8021X - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - eapol_flags=3 -} - - -# LEAP with dynamic WEP keys -network={ - ssid="leap-example" - key_mgmt=IEEE8021X - eap=LEAP - identity="user" - password="foobar" -} - -# Plaintext connection (no WPA, no IEEE 802.1X) -network={ - ssid="plaintext-test" - key_mgmt=NONE -} - - -# Shared WEP key connection (no WPA, no IEEE 802.1X) -network={ - ssid="static-wep-test" - key_mgmt=NONE - wep_key0="abcde" - wep_key1=0102030405 - wep_key2="1234567890123" - wep_tx_keyidx=0 - priority=5 -} - - -# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key -# IEEE 802.11 authentication -network={ - ssid="static-wep-test2" - key_mgmt=NONE - wep_key0="abcde" - wep_key1=0102030405 - wep_key2="1234567890123" - wep_tx_keyidx=0 - priority=5 - auth_alg=SHARED -} - - -# IBSS/ad-hoc network with WPA-None/TKIP. -network={ - ssid="test adhoc" - mode=1 - proto=WPA - key_mgmt=WPA-NONE - pairwise=NONE - group=TKIP - psk="secret passphrase" -} - - -# Catch all example that allows more or less all configuration modes -network={ - ssid="example" - scan_ssid=1 - key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE - pairwise=CCMP TKIP - group=CCMP TKIP WEP104 WEP40 - psk="very secret passphrase" - eap=TTLS PEAP TLS - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - phase1="peaplabel=0" -} - -# Example of EAP-TLS with smartcard (openssl engine) -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TLS - proto=RSN - pairwise=CCMP TKIP - group=CCMP TKIP - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - - engine=1 - - # The engine configured here must be available. Look at - # OpenSSL engine support in the global section. - # The key available through the engine must be the private key - # matching the client certificate configured above. - - # use the opensc engine - #engine_id="opensc" - #key_id="45" - - # use the pkcs11 engine - engine_id="pkcs11" - key_id="id_45" - - # Optional PIN configuration; this can be left out and PIN will be - # asked through the control interface - pin="1234" -} - -# Example configuration showing how to use an inlined blob as a CA certificate -# data instead of using external file -network={ - ssid="example" - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="blob://exampleblob" - priority=20 -} - -blob-base64-exampleblob={ -SGVsbG8gV29ybGQhCg== -} - - -# Wildcard match for SSID (plaintext APs only). This example select any -# open AP regardless of its SSID. -network={ - key_mgmt=NONE -} diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane deleted file mode 100644 index c91ffe0c84..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane +++ /dev/null @@ -1,7 +0,0 @@ -ctrl_interface=/var/run/wpa_supplicant -ctrl_interface_group=0 -update_config=1 - -network={ - key_mgmt=NONE -} diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb deleted file mode 100644 index ffb1cf617d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb +++ /dev/null @@ -1,139 +0,0 @@ -SUMMARY = "Client for Wi-Fi Protected Access (WPA)" -DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." -HOMEPAGE = "http://w1.fi/wpa_supplicant/" -BUGTRACKER = "http://w1.fi/security/" -SECTION = "network" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ - file://README;beginline=1;endline=56;md5=6e4b25e7d74bfc44a32ba37bdf5210a6 \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=f5ccd57ea91e04800edb88267bf8eae4" - -DEPENDS = "dbus libnl" - -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ - file://wpa-supplicant.sh \ - file://wpa_supplicant.conf \ - file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ - file://0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch \ - file://CVE-2025-24912-01.patch \ - file://CVE-2025-24912-02.patch \ - " -SRC_URI[sha256sum] = "912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a" - -S = "${UNPACKDIR}/wpa_supplicant-${PV}" - -inherit pkgconfig systemd - -PACKAGECONFIG ?= "openssl" -PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" -PACKAGECONFIG[openssl] = ",,openssl" - -CVE_PRODUCT = "wpa_supplicant" - -CVE_STATUS[CVE-2024-5290] = "not-applicable-platform: this only affects Ubuntu and other platforms patching wpa-supplicant" - -EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'" - -do_configure () { - ${MAKE} -C wpa_supplicant clean - sed -e '/^CONFIG_TLS=/d' wpa_supplicant/.config - - if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then - echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config - elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then - echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config - sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ - -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ - -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config - fi - - # For rebuild - rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d -} - -do_compile () { - oe_runmake -C wpa_supplicant - if [ -z "${DISABLE_STATIC}" ]; then - oe_runmake -C wpa_supplicant libwpa_client.a - fi -} - -do_install () { - oe_runmake -C wpa_supplicant DESTDIR="${D}" install - - install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${UNPACKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant - - install -d ${D}${sysconfdir} - install -m 600 ${UNPACKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf - - install -d ${D}${sysconfdir}/network/if-pre-up.d/ - install -d ${D}${sysconfdir}/network/if-post-down.d/ - install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${UNPACKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant - ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant - - install -d ${D}/${sysconfdir}/dbus-1/system.d - install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d - install -d ${D}/${datadir}/dbus-1/system-services - install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_system_unitdir} - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} - fi - - install -d ${D}/etc/default/volatiles - install -m 0644 ${UNPACKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles - - install -d ${D}${includedir} - install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} - - if [ -z "${DISABLE_STATIC}" ]; then - install -d ${D}${libdir} - install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir} - fi -} - -pkg_postinst:${PN} () { - # If we're offline, we don't need to do this. - if [ "x$D" = "x" ]; then - killall -q -HUP dbus-daemon || true - fi -} - -PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli" -PACKAGES =+ "${PN}-lib" -PACKAGES += "${PN}-plugins" -ALLOW_EMPTY:${PN}-plugins = "1" - -PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" -NOAUTOPACKAGEDEBUG = "1" - -FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase" -FILES:${PN}-cli = "${sbindir}/wpa_cli" -FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}" -FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" -FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug" - -CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" - -RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins" - -SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" -SYSTEMD_AUTO_ENABLE = "disable" - -python split_wpa_supplicant_libs () { - libdir = d.expand('${libdir}/wpa_supplicant') - dbglibdir = os.path.join(libdir, '.debug') - - split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True) - split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') - - if split_packages: - pn = d.getVar('PN') - d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) - d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) -} -PACKAGESPLITFUNCS += "split_wpa_supplicant_libs" -- cgit v1.2.3-54-g00ecf