diff options
Diffstat (limited to 'meta/recipes-connectivity')
74 files changed, 1062 insertions, 1386 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index c8a3f876aa..9bb5e5861e 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -10,9 +10,9 @@ HOMEPAGE = "http://avahi.org" BUGTRACKER = "https://github.com/lathiat/avahi/issues" SECTION = "network" -# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and -# python scripts are under GPLv2+ -LICENSE = "GPLv2+ & LGPLv2.1+" +# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and +# python scripts are under GPL-2.0-or-later +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ @@ -24,16 +24,21 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://99avahi-autoipd \ file://initscript.patch \ file://0001-Fix-opening-etc-resolv.conf-error.patch \ + file://handle-hup.patch \ + file://local-ping.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" +# Issue only affects Debian/SUSE, not us +CVE_CHECK_IGNORE += "CVE-2021-26720" + +DEPENDS = "expat libcap libdaemon glib-2.0" # For gtk related PACKAGECONFIGs: gtk, gtk3 -AVAHI_GTK ?= "gtk3" +AVAHI_GTK ?= "" PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" @@ -62,18 +67,18 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ # The distro choice determines what init scripts are installed EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" -do_configure_prepend() { +do_configure:prepend() { # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes rm "${S}/common/introspection.m4" || true } -do_compile_prepend() { +do_compile:prepend() { export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" } -RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" +RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" do_install() { autotools_do_install @@ -90,41 +95,41 @@ do_install() { PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" -FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" +FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" -RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" +RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" inherit update-rc.d systemd useradd PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" -FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*" -FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ +FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" +FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ ${datadir}/avahi/interfaces/avahi-discover.ui \ ${bindir}/avahi-discover-standalone \ " -LICENSE_libavahi-gobject = "LGPLv2.1+" -LICENSE_avahi-daemon = "LGPLv2.1+" -LICENSE_libavahi-common = "LGPLv2.1+" -LICENSE_libavahi-core = "LGPLv2.1+" -LICENSE_libavahi-client = "LGPLv2.1+" -LICENSE_avahi-dnsconfd = "LGPLv2.1+" -LICENSE_libavahi-glib = "LGPLv2.1+" -LICENSE_avahi-autoipd = "LGPLv2.1+" -LICENSE_avahi-utils = "LGPLv2.1+" +LICENSE:libavahi-gobject = "LGPL-2.1-or-later" +LICENSE:avahi-daemon = "LGPL-2.1-or-later" +LICENSE:libavahi-common = "LGPL-2.1-or-later" +LICENSE:libavahi-core = "LGPL-2.1-or-later" +LICENSE:libavahi-client = "LGPL-2.1-or-later" +LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" +LICENSE:libavahi-glib = "LGPL-2.1-or-later" +LICENSE:avahi-autoipd = "LGPL-2.1-or-later" +LICENSE:avahi-utils = "LGPL-2.1-or-later" # As avahi doesn't put any files into PN, clear the files list to avoid problems # if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ +FILES:${PN} = "" +FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ ${sysconfdir}/avahi/avahi-autoipd.action \ ${sysconfdir}/dhcp/*/avahi-autoipd \ ${sysconfdir}/udhcpc.d/00avahi-autoipd \ ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ +FILES:libavahi-common = "${libdir}/libavahi-common.so.*" +FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES:avahi-daemon = "${sbindir}/avahi-daemon \ ${sysconfdir}/avahi/avahi-daemon.conf \ ${sysconfdir}/avahi/hosts \ ${sysconfdir}/avahi/services \ @@ -134,44 +139,44 @@ FILES_avahi-daemon = "${sbindir}/avahi-daemon \ ${datadir}/avahi/avahi-service.dtd \ ${datadir}/avahi/service-types \ ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ +FILES:libavahi-client = "${libdir}/libavahi-client.so.*" +FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ ${sysconfdir}/avahi/avahi-dnsconfd.action \ ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" +FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" -RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" -RDEPENDS_${PN}-dnsconfd = "${PN}-daemon" +RDEPENDS:${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" +RDEPENDS:${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" +RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" +RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns" -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" +CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ +USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ --no-create-home --shell /bin/false \ --user-group avahi" -USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ +USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ --no-create-home --shell /bin/false \ --user-group \ -c \"Avahi autoip daemon\" \ avahi-autoipd" INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" +INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" +SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" -do_install_append() { +do_install:append() { install -d ${D}${sysconfdir}/udhcpc.d install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d @@ -179,7 +184,7 @@ do_install_append() { # At the time the postinst runs, dbus might not be setup so only restart if running # Don't exit early, because update-rc.d needs to run subsequently. -pkg_postinst_avahi-daemon () { +pkg_postinst:avahi-daemon () { if [ -z "$D" ]; then killall -q -HUP dbus-daemon || true fi diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch @@ -0,0 +1,153 @@ +CVE: CVE-2021-36217 +CVE: CVE-2021-3502 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5bcc16c9b2..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.16.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Mon, 27 Aug 2018 21:24:20 +0800 -Subject: [PATCH] `named/lwresd -V' and start log hide build options - -The build options expose build path directories, so hide them. -[snip] -$ named -V -|built by make with *** (options are hidden) -[snip] - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - -Refreshed for 9.16.0 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - bin/named/include/named/globals.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.16.0/bin/named/include/named/globals.h -=================================================================== ---- bind-9.16.0.orig/bin/named/include/named/globals.h -+++ bind-9.16.0/bin/named/include/named/globals.h -@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I - EXTERN const char *named_g_product INIT(PRODUCT); - EXTERN const char *named_g_description INIT(DESCRIPTION); - EXTERN const char *named_g_srcid INIT(SRCID); --EXTERN const char *named_g_configargs INIT(CONFIGARGS); -+EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); - EXTERN const char *named_g_builder INIT(BUILDER); - EXTERN in_port_t named_g_port INIT(0); - EXTERN isc_dscp_t named_g_dscp INIT(-1); diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.16.26/0001-avoid-start-failure-with-bind-user.patch index 8db96ec049..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.26/0001-avoid-start-failure-with-bind-user.patch @@ -17,7 +17,7 @@ index b2eec60..6e03936 100644 @@ -57,6 +57,7 @@ case "$1" in modprobe capability >/dev/null 2>&1 || true if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4dc6a5a2ae --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,37 @@ +From f5761bbaf743d291f3e7e859e69ebe61a1718cbf Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + bin/named/include/named/globals.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h +index 0572154..3147e04 100644 +--- a/bin/named/include/named/globals.h ++++ b/bin/named/include/named/globals.h +@@ -69,7 +69,7 @@ EXTERN const char *named_g_version INIT(VERSION); + EXTERN const char *named_g_product INIT(PRODUCT); + EXTERN const char *named_g_description INIT(DESCRIPTION); + EXTERN const char *named_g_srcid INIT(SRCID); +-EXTERN const char *named_g_configargs INIT(CONFIGARGS); ++EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); + EXTERN const char *named_g_builder INIT(BUILDER); + EXTERN in_port_t named_g_port INIT(0); + EXTERN isc_dscp_t named_g_dscp INIT(-1); +-- +2.20.1 + diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.16.26/bind-ensure-searching-for-json-headers-searches-sysr.patch index f9cdc7ca4d..f9cdc7ca4d 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.26/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/bind9 b/meta/recipes-connectivity/bind/bind-9.16.26/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/bind9 +++ b/meta/recipes-connectivity/bind/bind-9.16.26/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/conf.patch b/meta/recipes-connectivity/bind/bind-9.16.26/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/conf.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.26/conf.patch @@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d + + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ /usr/sbin/rndc-confgen -a -b 512 + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.26/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind-9.16.26/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.16.26/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.26/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.16.26/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.26/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.11/named.service b/meta/recipes-connectivity/bind/bind-9.16.26/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.11/named.service +++ b/meta/recipes-connectivity/bind/bind-9.16.26/named.service diff --git a/meta/recipes-connectivity/bind/bind_9.16.11.bb b/meta/recipes-connectivity/bind/bind_9.16.26.bb index f48cc74c2e..aa64a11b9c 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.11.bb +++ b/meta/recipes-connectivity/bind/bind_9.16.26.bb @@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" SECTION = "console/network" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ef10b4de6371115dcecdc38ca2af4561" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4e7b3c52170a348459a4ff3f5ce95e37" DEPENDS = "openssl libcap zlib libuv" @@ -20,11 +20,15 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "0111f64dd7d8f515cfa129e181cce96ff82070d1b27f11a21f6856110d0699c1" +SRC_URI[sha256sum] = "70b39a5eb71650358ec9ba41da3050d32aeac0aeb4a466684b23f35affa7fb45" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/" +# follow the ESV versions divisible by 2 +UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" + +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_CHECK_IGNORE += "CVE-2019-6470" inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives @@ -40,26 +44,24 @@ EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --en --sysconfdir=${sysconfdir}/bind \ --with-openssl=${STAGING_DIR_HOST}${prefix} \ " -LDFLAGS_append = " -lz" +LDFLAGS:append = " -lz" -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native setuptools3-base', '', d)} # dhcp needs .la so keep them REMOVE_LIBTOOL_LA = "0" USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ --user-group bind" INITSCRIPT_NAME = "bind" INITSCRIPT_PARAMS = "defaults" -SYSTEMD_SERVICE_${PN} = "named.service" +SYSTEMD_SERVICE:${PN} = "named.service" -do_install_append() { +do_install:append() { - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" install -d -o bind "${D}${localstatedir}/cache/bind" install -d "${D}${sysconfdir}/bind" install -d "${D}${sysconfdir}/init.d" @@ -75,11 +77,11 @@ do_install_append() { # Install systemd related files install -d ${D}${sbindir} install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service + ${D}${systemd_system_unitdir}/named.service install -d ${D}${sysconfdir}/default install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default @@ -92,7 +94,7 @@ do_install_append() { oe_multilib_header isc/platform.h } -CONFFILES_${PN} = " \ +CONFFILES:${PN} = " \ ${sysconfdir}/bind/named.conf \ ${sysconfdir}/bind/named.conf.local \ ${sysconfdir}/bind/named.conf.options \ @@ -103,22 +105,25 @@ CONFFILES_${PN} = " \ ${sysconfdir}/bind/db.root \ " -ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE:${PN}-utils = "nslookup" ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" ALTERNATIVE_PRIORITY = "100" PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" +# special arrangement below due to +# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 +FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" +FILES:${PN}-staticdev += "${libdir}/*.la" PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ +FILES:python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" +RDEPENDS:${PN}-dev = "" +RDEPENDS:python3-bind = "python3-core python3-ply" diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index a7b628ce1b..79d4645ca8 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -2,15 +2,15 @@ SUMMARY = "Linux Bluetooth Stack Userland V5" DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." HOMEPAGE = "http://www.bluez.org" SECTION = "libs" -LICENSE = "GPLv2+ & LGPLv2.1+" +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" DEPENDS = "dbus glib-2.0" PROVIDES += "bluez-hcidump" -RPROVIDES_${PN} += "bluez-hcidump" +RPROVIDES:${PN} += "bluez-hcidump" -RCONFLICTS_${PN} = "bluez4" +RCONFLICTS:${PN} = "bluez4" PACKAGECONFIG ??= "obex-profiles \ readline \ @@ -45,6 +45,7 @@ PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" +PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://init \ @@ -77,7 +78,7 @@ NOINST_TOOLS = " \ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ " -do_install_append() { +do_install:append() { install -d ${D}${INIT_D_DIR} install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth @@ -105,25 +106,25 @@ do_install_append() { PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" -FILES_${PN} += " \ +FILES:${PN} += " \ ${libdir}/bluetooth/plugins/*.so \ ${systemd_unitdir}/ ${datadir}/dbus-1 \ ${libdir}/cups \ " -FILES_${PN}-dev += " \ +FILES:${PN}-dev += " \ ${libdir}/bluetooth/plugins/*.la \ " -FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ +FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ ${exec_prefix}/lib/systemd/user/obex.service \ ${systemd_system_unitdir}/obex.service \ ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ ${datadir}/dbus-1/services/org.bluez.obex.service \ ${sysconfdir}/dbus-1/system.d/obexd.conf \ " -SYSTEMD_SERVICE_${PN}-obex = "obex.service" +SYSTEMD_SERVICE:${PN}-obex = "obex.service" -FILES_${PN}-testtools = "${libdir}/bluez/test/*" +FILES:${PN}-testtools = "${libdir}/bluez/test/*" def get_noinst_tools_paths (d, bb, tools): s = list() @@ -133,14 +134,14 @@ def get_noinst_tools_paths (d, bb, tools): s.append("%s/%s" % (bindir, f)) return "\n".join(s) -FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" +FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" -RDEPENDS_${PN}-testtools += "python3-core python3-dbus" -RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" +RDEPENDS:${PN}-testtools += "python3-core python3-dbus" +RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" +SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "bluetooth" +INITSCRIPT_NAME:${PN} = "bluetooth" do_compile_ptest() { oe_runmake buildtests @@ -151,4 +152,4 @@ do_install_ptest() { rm -f ${D}${PTEST_PATH}/unit/*.o } -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.56.bb b/meta/recipes-connectivity/bluez5/bluez5_5.63.bb index 676cb2dbb2..a9ee29135d 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.56.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.63.bb @@ -1,7 +1,9 @@ require bluez5.inc -SRC_URI[md5sum] = "e6c51b2aefa7c56ff072819a78611fa5" -SRC_URI[sha256sum] = "59c4dba9fc8aae2a6a5f8f12f19bc1b0c2dc27355c7ca3123eed3fe6bd7d0b9d" +SRC_URI[sha256sum] = "9349e11e8160bb3d720835d271250d8a7424d3690f5289e6db6fe07cc66c6d76" + +# These issues have kernel fixes rather than bluez fixes so exclude here +CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb index 85fee09258..6b9207c4cb 100644 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ b/meta/recipes-connectivity/connman/connman-conf.bb @@ -1,36 +1,19 @@ -SUMMARY = "Connman config to setup wired interface on qemu machines" -DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ -network interface for a qemu machine." -LICENSE = "GPLv2" +SUMMARY = "Connman config to ignore wired interface on qemu machines" +DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ +network interface inside qemu machines." +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -inherit systemd - -SRC_URI_append_qemuall = " file://wired.config \ - file://wired-setup \ - file://wired-connection.service \ -" PR = "r2" S = "${WORKDIR}" PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} = "${localstatedir}/* ${datadir}/*" +FILES:${PN} = "${sysconfdir}/*" -do_install() { - #Configure Wired network interface in case of qemu* machines - if test -e ${WORKDIR}/wired.config && - test -e ${WORKDIR}/wired-setup && - test -e ${WORKDIR}/wired-connection.service; then - install -d ${D}${localstatedir}/lib/connman - install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman - install -d ${D}${datadir}/connman - install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir} - sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service - fi +# Kernel IP-Config is perfectly capable of setting up networking passed in via ip= +do_install:append:qemuall() { + mkdir -p ${D}${sysconfdir}/default + echo "export EXTRA_PARAM=\"-I eth0\"" > ${D}${sysconfdir}/default/connman } - -SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service deleted file mode 100644 index 48adfc08ac..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Setup a wired interface -Before=connman.service - -[Service] -Type=oneshot -ExecStart=@SCRIPTDIR@/wired-setup - -[Install] -WantedBy=network.target diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup deleted file mode 100644 index c46899ef32..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -CONFIGF=/var/lib/connman/wired.config - -# Extract wired network config from /proc/cmdline -NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'` - -# Check if eth0 is already set via kernel cmdline -if [ "x$NET_CONF" = "x" ]; then - # Wired interface is not configured via kernel cmdline - # Remove connman config file template - rm -f ${CONFIGF} -else - # Setup a connman config accordingly - sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF} -fi diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config deleted file mode 100644 index 42998ce897..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config +++ /dev/null @@ -1,9 +0,0 @@ -[global] -Name = Wired -Description = Wired network configuration - -[service_ethernet] -Type = ethernet -IPv4 = -MAC = 52:54:00:12:34:56 -Nameservers = 8.8.8.8 diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index af986c4eab..fcd154b4b0 100644 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -1,7 +1,7 @@ SUMMARY = "GTK+ frontend for the ConnMan network connection manager" HOMEPAGE = "http://connman.net/" SECTION = "libs/network" -LICENSE = "GPLv2 & LGPLv2.1" +LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" @@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" # 0.7 tag SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git \ +SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ file://null_check_for_ipv4_config.patch \ file://images/ \ @@ -23,8 +23,8 @@ S = "${WORKDIR}/git" inherit autotools-brokensep gtk-icon-cache pkgconfig features_check ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -RDEPENDS_${PN} = "connman" +RDEPENDS:${PN} = "connman" -do_install_append() { +do_install:append() { install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ } diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index 776bbfbff2..5880ecd5d4 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc @@ -9,12 +9,14 @@ configuration methods, like DHCP and domain name resolving, are \ implemented using plug-ins." HOMEPAGE = "http://connman.net/" BUGTRACKER = "https://01.org/jira/browse/CM" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" inherit autotools pkgconfig systemd update-rc.d update-alternatives +CVE_PRODUCT = "connman connection_manager" + DEPENDS = "dbus glib-2.0 ppp" EXTRA_OECONF += "\ @@ -34,9 +36,9 @@ PACKAGECONFIG ??= "wispr iptables client\ # If you want ConnMan to support VPN, add following statement into # local.conf or distro config -# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" +# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" @@ -64,16 +66,16 @@ python __anonymous () { d.setVar('SYSTEMD_PACKAGES', systemd_packages) } -SYSTEMD_SERVICE_${PN} = "connman.service" -SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" -SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" +SYSTEMD_SERVICE:${PN} = "connman.service" +SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" +SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" +ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman @@ -100,7 +102,7 @@ do_install_append() { } # These used to be plugins, but now they are core -RPROVIDES_${PN} = "\ +RPROVIDES:${PN} = "\ connman-plugin-loopback \ connman-plugin-ethernet \ ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ @@ -108,7 +110,7 @@ RPROVIDES_${PN} = "\ ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ " -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ dbus \ " @@ -119,11 +121,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): if plugintype in depmap: rdepends = map(lambda x: multilib_prefix + x, \ depmap[plugintype].split()) - d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) + d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) if add_insane_skip: - d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") + d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") -python populate_packages_prepend() { +python populate_packages:prepend() { depmap = dict(pppd="ppp") multilib_prefix = (d.getVar("MLPREFIX") or "") @@ -144,72 +146,72 @@ python populate_packages_prepend() { PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" -FILES_${PN}-tools = "${bindir}/wispr" -RDEPENDS_${PN}-tools ="${PN}" +FILES:${PN}-tools = "${bindir}/wispr" +RDEPENDS:${PN}-tools ="${PN}" -FILES_${PN}-tests = "${bindir}/*-test" +FILES:${PN}-tests = "${bindir}/*-test" -FILES_${PN}-client = "${bindir}/connmanctl" -RDEPENDS_${PN}-client ="${PN}" +FILES:${PN}-client = "${bindir}/connmanctl" +RDEPENDS:${PN}-client ="${PN}" -FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ +FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ ${libdir}/connman/plugins \ ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ ${datadir}/dbus-1/system-services/* \ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" -FILES_${PN}-dev += "${libdir}/connman/*/*.la" +FILES:${PN}-dev += "${libdir}/connman/*/*.la" PACKAGES =+ "${PN}-vpn ${PN}-wait-online" -SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" -DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ +SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" +DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ managing VPN connections within embedded devices running the Linux \ operating system. The connman-vpnd handles all the VPN connections \ and starts/stops VPN client processes when necessary. The connman-vpnd \ provides a DBus API for managing VPN connections. All the different \ VPN technogies are implemented using plug-ins." -FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ +FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ ${datadir}/dbus-1/system-services/net.connman.vpn.service \ - ${systemd_unitdir}/system/connman-vpn.service" + ${systemd_system_unitdir}/connman-vpn.service" -SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" -DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ +SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" +DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ the system waits until a network connection is established." -FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ - ${systemd_unitdir}/system/connman-wait-online.service" +FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ + ${systemd_system_unitdir}/connman-wait-online.service" -SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ +SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ to create a VPN connection to OpenVPN server." -FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ +FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ ${libdir}/connman/plugins-vpn/openvpn.so" -RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" +RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" -SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ +SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ to create a VPN connection to Cisco3000 VPN Concentrator." -FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ +FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ ${libdir}/connman/plugins-vpn/vpnc.so \ ${libdir}/connman/scripts/vpn-script" -RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" +RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" -SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ +SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ to create a VPN connection to L2TP server." -FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/l2tp.so" -RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" -SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ +SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ to create a VPN connection to PPTP server." -FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/pptp.so" -RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 942b9c97b6..9dca21a02f 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,4 +1,4 @@ -From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 +From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 Subject: [PATCH] resolve: musl does not implement res_ninit @@ -15,7 +15,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 38a554e..a9e8740 100644 +index 954e7cf..2a9bc51 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c @@ -36,6 +36,7 @@ @@ -26,7 +26,7 @@ index 38a554e..a9e8740 100644 #include "gresolv.h" -@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index) +@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; @@ -35,7 +35,7 @@ index 38a554e..a9e8740 100644 return resolv; } -@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); @@ -44,7 +44,7 @@ index 38a554e..a9e8740 100644 g_free(resolv); } -@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman index c64fa0d715..310a696863 100644 --- a/meta/recipes-connectivity/connman/connman/connman +++ b/meta/recipes-connectivity/connman/connman/connman @@ -27,7 +27,6 @@ while read dev mtpt fstype rest; do done do_start() { - EXTRA_PARAM="" if test $nfsroot -eq 1 ; then NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'` NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'` @@ -36,13 +35,13 @@ do_start() { if [ "$NET_ADDR" = dhcp ]; then ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"` if [ ! -z "$ethn" ]; then - EXTRA_PARAM="-I $ethn" + EXTRA_PARAM="$EXTRA_PARAM -I $ethn" fi else for i in $NET_DEVS; do ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'` if [ "$NET_ADDR" = "$ADDR" ]; then - EXTRA_PARAM="-I $i" + EXTRA_PARAM="$EXTRA_PARAM -I $i" break fi done diff --git a/meta/recipes-connectivity/connman/connman_1.39.bb b/meta/recipes-connectivity/connman/connman_1.41.bb index df42e9ffb8..736b78eaeb 100644 --- a/meta/recipes-connectivity/connman/connman_1.39.bb +++ b/meta/recipes-connectivity/connman/connman_1.41.bb @@ -7,9 +7,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://no-version-scripts.patch \ " -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" +SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" -SRC_URI[sha256sum] = "9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3" +SRC_URI[sha256sum] = "79fb40f4fdd5530c45aa8e592fb16ba23d3674f3a98cf10b89a6576f198de589" -RRECOMMENDS_${PN} = "connman-conf" -RCONFLICTS_${PN} = "networkmanager" +RRECOMMENDS:${PN} = "connman-conf" +RCONFLICTS:${PN} = "networkmanager" diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 56fcf5cc0b..ab6ffe986c 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -7,7 +7,7 @@ DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d" UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" @@ -17,11 +17,11 @@ SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://dhcpcd@.service \ " -SRC_URI[sha256sum] = "41a69297f380bf15ee8f94f73154f8c2bca7157a087c0d5aca8de000ba1d4513" +SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" inherit pkgconfig autotools-brokensep systemd useradd -SYSTEMD_SERVICE_${PN} = "dhcpcd.service" +SYSTEMD_SERVICE:${PN} = "dhcpcd.service" PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" @@ -32,8 +32,11 @@ PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" +# add option to override DBDIR location +DBDIR ?= "${localstatedir}/lib/${BPN}" + EXTRA_OECONF = "--enable-ipv4 \ - --dbdir=${localstatedir}/lib/${BPN} \ + --dbdir=${DBDIR} \ --sbindir=${base_sbindir} \ --runstatedir=/run \ --enable-privsep \ @@ -43,15 +46,15 @@ EXTRA_OECONF = "--enable-ipv4 \ " USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd" +USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" -do_install_append () { +do_install:append () { # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} - chmod 700 ${D}${localstatedir}/lib/${BPN} - chown dhcpcd:dhcpcd ${D}${localstatedir}/lib/${BPN} + chmod 700 ${D}${DBDIR} + chown dhcpcd:dhcpcd ${D}${DBDIR} } -FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" +FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch index 7d5c087c9d..2343c03cb4 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch @@ -1,4 +1,4 @@ -From 684e45b34a33186bb17bcee0b01814c549a60bf6 Mon Sep 17 00:00:00 2001 +From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001 From: Kai Kang <kai.kang@windriver.com> Date: Wed, 6 Mar 2019 09:36:11 -0500 Subject: [PATCH] inetutils: Import version 1.9.4 @@ -15,10 +15,10 @@ Signed-off-by: Kai Kang <kai.kang@windriver.com> 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 86136fb..b220319 100644 +index 5e16c3a..18510a8 100644 --- a/configure.ac +++ b/configure.ac -@@ -183,6 +183,19 @@ AC_SUBST(LIBUTIL) +@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL) # See if we have libpam.a. Investigate PAM versus Linux-PAM. if test "$with_pam" = yes ; then @@ -38,12 +38,12 @@ index 86136fb..b220319 100644 AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then -@@ -620,7 +633,7 @@ AC_HEADER_DIRENT - AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h errno.h fcntl.h features.h \ +@@ -617,7 +630,7 @@ AC_HEADER_DIRENT + AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \ glob.h memory.h netinet/ether.h netinet/in_systm.h \ netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ - security/pam_appl.h shadow.h \ + shadow.h \ - stdarg.h stdlib.h string.h stropts.h sys/tty.h \ + stropts.h sys/tty.h \ sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index a4d05b0542..6c9a299b71 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.0.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -6,10 +6,11 @@ HOMEPAGE = "http://www.gnu.org/software/inetutils" SECTION = "net" DEPENDS = "ncurses netbase readline virtual/crypt" -LICENSE = "GPLv3" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" +SRC_URI[sha256sum] = "d547f69172df73afef691a0f7886280fd781acea28def4ff4b4b212086a89d80" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ file://inetutils-1.8-0003-wchar.patch \ @@ -22,8 +23,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ " -SRC_URI[md5sum] = "5e1018502cd131ed8e42339f6b5c98aa" - inherit autotools gettext update-alternatives texinfo acpaths = "-I ./m4" @@ -47,10 +46,10 @@ EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ " # These are horrible for security, disable them -EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ +EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" -do_configure_prepend () { +do_configure:prepend () { export HELP2MAN='true' cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} @@ -58,7 +57,7 @@ do_configure_prepend () { rm -f ${S}/glob/configure* } -do_install_append () { +do_install:append () { install -m 0755 -d ${D}${base_sbindir} install -m 0755 -d ${D}${sbindir} install -m 0755 -d ${D}${sysconfdir}/xinetd.d @@ -114,34 +113,34 @@ PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" NOAUTOPACKAGEDEBUG = "1" ALTERNATIVE_PRIORITY = "79" -ALTERNATIVE_${PN} = "whois dnsdomainname" +ALTERNATIVE:${PN} = "whois dnsdomainname" ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" ALTERNATIVE_PRIORITY_${PN}-logger = "60" -ALTERNATIVE_${PN}-logger = "logger" -ALTERNATIVE_${PN}-syslogd = "syslogd" +ALTERNATIVE:${PN}-logger = "logger" +ALTERNATIVE:${PN}-syslogd = "syslogd" ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" -ALTERNATIVE_${PN}-ftp = "ftp" -ALTERNATIVE_${PN}-ftpd = "ftpd" -ALTERNATIVE_${PN}-tftp = "tftp" -ALTERNATIVE_${PN}-tftpd = "tftpd" +ALTERNATIVE:${PN}-ftp = "ftp" +ALTERNATIVE:${PN}-ftpd = "ftpd" +ALTERNATIVE:${PN}-tftp = "tftp" +ALTERNATIVE:${PN}-tftpd = "tftpd" ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" -ALTERNATIVE_${PN}-telnet = "telnet" -ALTERNATIVE_${PN}-telnetd = "telnetd" +ALTERNATIVE:${PN}-telnet = "telnet" +ALTERNATIVE:${PN}-telnetd = "telnetd" ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" -ALTERNATIVE_${PN}-inetd= "inetd" -ALTERNATIVE_${PN}-traceroute = "traceroute" +ALTERNATIVE:${PN}-inetd= "inetd" +ALTERNATIVE:${PN}-traceroute = "traceroute" -ALTERNATIVE_${PN}-hostname = "hostname" +ALTERNATIVE:${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ +ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" @@ -151,62 +150,62 @@ ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" -ALTERNATIVE_${PN}-ifconfig = "ifconfig" +ALTERNATIVE:${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" -ALTERNATIVE_${PN}-ping = "ping" +ALTERNATIVE:${PN}-ping = "ping" ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" -ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" +ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" -FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" -FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" -FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" -FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" -FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" -FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" -FILES_${PN}-logger = "${bindir}/logger.${BPN}" +FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" +FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" +FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" +FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" +FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" +FILES:${PN}-logger = "${bindir}/logger.${BPN}" -FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" -RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" +FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" +RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" -FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" +FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" -FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" -FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" +FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" +FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" # We make us of RCONFLICTS / RPROVIDES here rather than using the normal # alternatives method as this leads to packaging QA issues when using # musl as that library does not provide what these applications need to # build. -FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" -RCONFLICTS_${PN}-rsh += "netkit-rsh-client" -RPROVIDES_${PN}-rsh = "rsh" +FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" +RCONFLICTS:${PN}-rsh += "netkit-rsh-client" +RPROVIDES:${PN}-rsh = "rsh" -FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ +FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" -FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" -RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" -RCONFLICTS_${PN}-rshd += "netkit-rshd-server" -RPROVIDES_${PN}-rshd = "rshd" +FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" +RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" +RCONFLICTS:${PN}-rshd += "netkit-rshd-server" +RPROVIDES:${PN}-rshd = "rshd" -FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" -FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" -RDEPENDS_${PN}-ftpd += "xinetd" +FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" +FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" +RDEPENDS:${PN}-ftpd += "xinetd" -FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" -FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" -RCONFLICTS_${PN}-tftpd += "netkit-tftpd" -RDEPENDS_${PN}-tftpd += "xinetd" +FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" +FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" +RCONFLICTS:${PN}-tftpd += "netkit-tftpd" +RDEPENDS:${PN}-tftpd += "xinetd" -FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" -FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" -RCONFLICTS_${PN}-telnetd += "netkit-telnet" -RPROVIDES_${PN}-telnetd = "telnetd" -RDEPENDS_${PN}-telnetd += "xinetd" +FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" +FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" +RCONFLICTS:${PN}-telnetd += "netkit-telnet" +RPROVIDES:${PN}-telnetd = "telnetd" +RDEPENDS:${PN}-telnetd += "xinetd" -FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" +FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" -RDEPENDS_${PN} = "xinetd" +RDEPENDS:${PN} = "xinetd" diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc index 6c8eea6799..b1bcc1434c 100644 --- a/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/meta/recipes-connectivity/iproute2/iproute2.inc @@ -5,7 +5,7 @@ and tc are the most important. ip controls IPv4 and IPv6 \ configuration and tc stands for traffic control." HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" SECTION = "base" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" @@ -32,7 +32,7 @@ EXTRA_OEMAKE = "\ LIBDIR='${libdir}' \ " -do_configure_append () { +do_configure:append () { sh configure ${STAGING_INCDIR} # Explicitly disable ATM support sed -i -e '/TC_CONFIG_ATM/d' config.mk @@ -47,7 +47,7 @@ do_install () { } # The .so files in iproute2-tc are modules, not traditional libraries -INSANE_SKIP_${PN}-tc = "dev-so" +INSANE_SKIP:${PN}-tc = "dev-so" IPROUTE2_PACKAGES =+ "\ ${PN}-devlink \ @@ -64,28 +64,28 @@ IPROUTE2_PACKAGES =+ "\ " PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" -RDEPENDS_${PN} += "${PN}-ip" +RDEPENDS:${PN} += "${PN}-ip" -FILES_${PN}-tc = "${base_sbindir}/tc* \ +FILES:${PN}-tc = "${base_sbindir}/tc* \ ${libdir}/tc/*.so" -FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ +FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ ${base_sbindir}/ctstat \ ${base_sbindir}/rtstat" -FILES_${PN}-ifstat = "${base_sbindir}/ifstat" -FILES_${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2" -FILES_${PN}-genl = "${base_sbindir}/genl" -FILES_${PN}-rtacct = "${base_sbindir}/rtacct" -FILES_${PN}-nstat = "${base_sbindir}/nstat" -FILES_${PN}-ss = "${base_sbindir}/ss" -FILES_${PN}-tipc = "${base_sbindir}/tipc" -FILES_${PN}-devlink = "${base_sbindir}/devlink" -FILES_${PN}-rdma = "${base_sbindir}/rdma" +FILES:${PN}-ifstat = "${base_sbindir}/ifstat" +FILES:${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2" +FILES:${PN}-genl = "${base_sbindir}/genl" +FILES:${PN}-rtacct = "${base_sbindir}/rtacct" +FILES:${PN}-nstat = "${base_sbindir}/nstat" +FILES:${PN}-ss = "${base_sbindir}/ss" +FILES:${PN}-tipc = "${base_sbindir}/tipc" +FILES:${PN}-devlink = "${base_sbindir}/devlink" +FILES:${PN}-rdma = "${base_sbindir}/rdma" -ALTERNATIVE_${PN}-ip = "ip" +ALTERNATIVE:${PN}-ip = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN}-tc = "tc" +ALTERNATIVE:${PN}-tc = "tc" ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch new file mode 100644 index 0000000000..e4c0cf4aa5 --- /dev/null +++ b/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch @@ -0,0 +1,37 @@ +From 8bced38a941a181f1468fa39541e872e51b6022f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 13 Jan 2022 08:14:13 +0000 +Subject: [PATCH] lib: fix ax25.h include for musl + +ax25.h isn't guaranteed to be avilable in netax25/*; +it's dependent on our choice of libc (it's not available +on musl at least) [0]. + +Let's use the version from linux-headers. + +[0] https://sourceware.org/glibc/wiki/Synchronizing_Headers +Bug: https://bugs.gentoo.org/831102 + +Signed-off-by: Sam James <sam@gentoo.org> +Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=8bced38a941a181f1468fa39541e872e51b6022f] +--- + lib/ax25_ntop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/ax25_ntop.c b/lib/ax25_ntop.c +index cfd0e04b..3a72a43e 100644 +--- a/lib/ax25_ntop.c ++++ b/lib/ax25_ntop.c +@@ -2,7 +2,7 @@ + + #include <errno.h> + #include <sys/socket.h> +-#include <netax25/ax25.h> ++#include <linux/ax25.h> + + #include "utils.h" + +-- +2.32.0 (Apple Git-132) diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.11.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.16.0.bb index e27b42d232..871f8d8fb7 100644 --- a/meta/recipes-connectivity/iproute2/iproute2_5.11.0.bb +++ b/meta/recipes-connectivity/iproute2/iproute2_5.16.0.bb @@ -2,10 +2,11 @@ require iproute2.inc SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://0001-libc-compat.h-add-musl-workaround.patch \ + file://0001-lib-fix-ax25.h-include-for-musl.patch \ " -SRC_URI[sha256sum] = "c5e2ea108212b3445051b35953ec267f9f3469e1d5c67ac034ab559849505c54" +SRC_URI[sha256sum] = "c064b66f6b001c2a35aa5224b5b1ac8aa4bee104d7dce30d6f10a84cb8b01e2f" # CFLAGS are computed in Makefile and reference CCOPTS # -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" +EXTRA_OEMAKE:append = " CCOPTS='${CFLAGS}'" diff --git a/meta/recipes-connectivity/iw/iw_5.9.bb b/meta/recipes-connectivity/iw/iw_5.16.bb index 3d1e1c7e79..cf176a349f 100644 --- a/meta/recipes-connectivity/iw/iw_5.9.bb +++ b/meta/recipes-connectivity/iw/iw_5.16.bb @@ -14,7 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://separate-objdir.patch \ " -SRC_URI[sha256sum] = "6e7d3c9f8b4ee68e412f20fe229c9854c2dba383e3e650ce6af8eb8dbd12efc3" +SRC_URI[sha256sum] = "9c91f2560b258d9660e656ad37fa5bd100ac255865dcfb26076a576b10d8f3a7" inherit pkgconfig diff --git a/meta/recipes-connectivity/kea/files/0001-ax_cpp11.m4-Include-memory-header.patch b/meta/recipes-connectivity/kea/files/0001-ax_cpp11.m4-Include-memory-header.patch deleted file mode 100644 index 4978cae87c..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-ax_cpp11.m4-Include-memory-header.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 5314a4815006e3a42f3ce265d1597db700cdb784 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 26 Feb 2021 23:14:20 -0800 -Subject: [PATCH] ax_cpp11.m4: Include <memory> header - -This is needed for std::shared_ptr -GCC-11 throws errors if header is not included - -Upstream-Status: Submitted [https://github.com/isc-projects/kea/pull/120] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - m4macros/ax_cpp11.m4 | 1 + - 1 file changed, 1 insertion(+) - ---- a/m4macros/ax_cpp11.m4 -+++ b/m4macros/ax_cpp11.m4 -@@ -182,6 +182,7 @@ for retry in "none" "--std=c++11" "--std - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [#include <thread> -+ #include <memory> - std::shared_ptr<std::thread> th;], - [th.reset(new std::thread([[]]() { return; })); - th->join();])], diff --git a/meta/recipes-connectivity/kea/files/0001-include-limits.h.patch b/meta/recipes-connectivity/kea/files/0001-include-limits.h.patch deleted file mode 100644 index 3856b3d523..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-include-limits.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 7bca122e15bbe98c7b8da851ef3e1cf9a714afd9 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 26 Feb 2021 23:31:15 -0800 -Subject: [PATCH] include limits.h - -Fixes build with gcc11 -backend_selector.cc:61:35: error: 'numeric_limits' is not a member of 'std' - -Upstream-Status: Submitted [https://github.com/isc-projects/kea/pull/120] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/lib/exceptions/exceptions.h | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/lib/database/backend_selector.cc -+++ b/src/lib/database/backend_selector.cc -@@ -6,7 +6,7 @@ - - #include <database/backend_selector.h> - #include <exceptions/exceptions.h> --#include <climits> -+#include <limits> - #include <sstream> - - using namespace isc::data; ---- a/src/lib/dhcpsrv/subnet_id.h -+++ b/src/lib/dhcpsrv/subnet_id.h -@@ -10,6 +10,7 @@ - #include <exceptions/exceptions.h> - #include <stdint.h> - #include <typeinfo> -+#include <limits> - - namespace isc { - namespace dhcp { diff --git a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch deleted file mode 100644 index ab3fd83946..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 639dc25cdabc9d1846000a542c8cc19158b69994 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Fri, 18 Sep 2020 08:18:08 +0000 -Subject: [PATCH] keactrl.in: create /var/lib/kea and /var/run/kea folder - -Create /var/lib/kea and /var/run/kea folder to fix below error: - # keactrl start - INFO/keactrl: Starting /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf - INFO/keactrl: Starting /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf - INFO/keactrl: Starting /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf - Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile - Service failed: Launch failed: Unable to open PID file '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write - [snip] - ERROR [kea-dhcp4.dhcp4/615.140641792751488] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv' - [snip] - -Upstream-Status: Inappropriate [config specific] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - src/bin/keactrl/keactrl.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in -index 12b2b3f..47cf6f9 100644 ---- a/src/bin/keactrl/keactrl.in -+++ b/src/bin/keactrl/keactrl.in -@@ -482,6 +482,8 @@ case ${command} in - # The variables (dhcp4_srv, dhcp6_serv, dhcp_ddns_srv etc) are set in the - # keactrl.conf file that shellcheck is unable to read. - # shellcheck disable=SC2154 -+ [ -d @LOCALSTATEDIR@/run/kea ] || mkdir -p @LOCALSTATEDIR@/run/kea -+ [ -d @LOCALSTATEDIR@/lib/kea ] || mkdir -p @LOCALSTATEDIR@/lib/kea - run_conditional "dhcp4" "start_server ${dhcp4_srv} -c ${kea_dhcp4_config_file} ${args}" 1 - run_conditional "dhcp6" "start_server ${dhcp6_srv} -c ${kea_dhcp6_config_file} ${args}" 1 - # shellcheck disable=SC2154 --- -2.26.2 - diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch index 226bc5b311..94fbd12737 100644 --- a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch +++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch @@ -1,4 +1,4 @@ -From 9985a03f13da4d7bb0a433f7305d2ffae3d82a27 Mon Sep 17 00:00:00 2001 +From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Tue, 10 Nov 2020 15:57:03 +0000 Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build @@ -8,12 +8,13 @@ This breaks reproducibility and is needed only in unit testing. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- src/lib/log/logger_unittest_support.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc -index 58dbef8..9a2929c 100644 +index fc01c6e..f46d17e 100644 --- a/src/lib/log/logger_unittest_support.cc +++ b/src/lib/log/logger_unittest_support.cc @@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { @@ -24,4 +25,4 @@ index 58dbef8..9a2929c 100644 + //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); // Initialize logging - initLogger(root, isc::log::DEBUG, isc::log::MAX_DEBUG_LEVEL, localfile); + initLogger(root, severity, dbglevel, localfile); diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 733adf5536..78f475a495 100644 --- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -1,4 +1,7 @@ -There are conflict of config files between kea and lib32-kea: +From d027b1d85a8c1a0193b6e4a00083d3038d699a59 Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 22 Sep 2020 15:02:33 +0800 +Subject: [PATCH] There are conflict of config files between kea and lib32-kea: | Error: Transaction test error: | file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of @@ -9,17 +12,19 @@ There are conflict of config files between kea and lib32-kea: Because they are all commented out, replace the expanded libdir path with '$libdir' in the config files to avoid conflict. +Upstream-Status: Pending Signed-off-by: Kai Kang <kai.kang@windriver.com> + --- src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- - src/bin/keactrl/kea-dhcp4.conf.pre | 6 ++++-- - 2 files changed, 6 insertions(+), 3 deletions(-) + src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre -index 211b7ff..d710ec7 100644 +index e6ae8b8..50a3092 100644 --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre +++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre -@@ -45,7 +45,8 @@ +@@ -51,7 +51,8 @@ // Agent will fail to start. "hooks-libraries": [ // { @@ -30,26 +35,24 @@ index 211b7ff..d710ec7 100644 // "param1": "foo" // } diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre -index 5f77a32..70ae3d9 100644 +index 26bf163..49ddb0a 100644 --- a/src/bin/keactrl/kea-dhcp4.conf.pre +++ b/src/bin/keactrl/kea-dhcp4.conf.pre -@@ -252,7 +252,8 @@ - // // of all devices serviced by Kea, including their identifiers - // // (like MAC address), their location in the network, times - // // when they were active etc. -- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so" -+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 -+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so" - // "parameters": { - // "path": "/var/lib/kea", - // "base-name": "kea-forensic4" -@@ -269,7 +270,8 @@ - // // of specific options or perhaps even a combination of several - // // options and fields to uniquely identify a client. Those scenarios - // // are addressed by the Flexible Identifiers hook application. -- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", -+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 -+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", - // "parameters": { - // "identifier-expression": "substring(relay6[0].option[18],0,8)" - // } +@@ -252,7 +252,7 @@ + // // of all devices serviced by Kea, including their identifiers + // // (like MAC address), their location in the network, times + // // when they were active etc. +- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", ++ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", + // "parameters": { + // "path": "/var/lib/kea", + // "base-name": "kea-forensic4" +@@ -269,7 +269,7 @@ + // // of specific options or perhaps even a combination of several + // // options and fields to uniquely identify a client. Those scenarios + // // are addressed by the Flexible Identifiers hook application. +- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", ++ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", + // "parameters": { + // "identifier-expression": "relay4[2].hex" + // } diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch index eeeb89942b..b7c2fd4f0d 100644 --- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch @@ -1,22 +1,29 @@ -Busybox does not support ps -p so use pgrep +From 18f4f6206c248d6169aa67b3ecf16bf54e9292e8 Mon Sep 17 00:00:00 2001 +From: Armin kuster <akuster808@gmail.com> +Date: Wed, 14 Oct 2020 22:48:31 -0700 +Subject: [PATCH] Busybox does not support ps -p so use pgrep Upstream-Status: Inappropriate [embedded specific] Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> Signed-off-by: Armin kuster <akuster808@gmail.com> -Index: kea-1.7.10/src/bin/keactrl/keactrl.in -=================================================================== ---- kea-1.7.10.orig/src/bin/keactrl/keactrl.in -+++ kea-1.7.10/src/bin/keactrl/keactrl.in -@@ -137,8 +137,8 @@ check_running() { +--- + src/bin/keactrl/keactrl.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in +index ae5bd8e..e9f9b73 100644 +--- a/src/bin/keactrl/keactrl.in ++++ b/src/bin/keactrl/keactrl.in +@@ -151,8 +151,8 @@ check_running() { # Get the PID from the PID file (if it exists) get_pid_from_file "${proc_name}" if [ ${_pid} -gt 0 ]; then - # Use ps to check if PID is alive -- ps -p ${_pid} 1>/dev/null +- if ps -p ${_pid} 1>/dev/null; then + # Use pgrep and grep to check if PID is alive -+ pgrep -v 1 | grep ${_pid} 1>/dev/null - retcode=$? - if [ $retcode -eq 0 ]; then ++ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then # No error, so PID IS ALIVE + _running=1 + fi diff --git a/meta/recipes-connectivity/kea/kea_1.8.2.bb b/meta/recipes-connectivity/kea/kea_2.0.2.bb index fe10d90620..13da1f858d 100644 --- a/meta/recipes-connectivity/kea/kea_1.8.2.bb +++ b/meta/recipes-connectivity/kea/kea_2.0.2.bb @@ -3,12 +3,11 @@ DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It HOMEPAGE = "http://kea.isc.org" SECTION = "connectivity" LICENSE = "MPL-2.0 & Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa" +LIC_FILES_CHKSUM = "file://COPYING;md5=b4ecee995eeb6780a17dd7e539e97abc" DEPENDS = "boost log4cplus openssl" SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ - file://0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch \ file://kea-dhcp4.service \ file://kea-dhcp6.service \ file://kea-dhcp-ddns.service \ @@ -18,34 +17,32 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ file://fix-multilib-conflict.patch \ file://fix_pid_keactrl.patch \ file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ - file://0001-ax_cpp11.m4-Include-memory-header.patch \ - file://0001-include-limits.h.patch \ " -SRC_URI[sha256sum] = "486ca7abedb9d6fdf8e4344ad8688d1171f2ef0f5506d118988aadeae80a1d39" +SRC_URI[sha256sum] = "8d28213bdc8e2bb870a383b30ac1e53d54e1eba43d2f86e5151b08b66aa6cf32" inherit autotools systemd update-rc.d upstream-version-is-even INITSCRIPT_NAME = "kea-dhcp4-server" INITSCRIPT_PARAMS = "defaults 30" -SYSTEMD_SERVICE_${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" +SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" SYSTEMD_AUTO_ENABLE = "disable" -DEBUG_OPTIMIZATION_remove_mips = " -Og" -DEBUG_OPTIMIZATION_append_mips = " -O" -BUILD_OPTIMIZATION_remove_mips = " -Og" -BUILD_OPTIMIZATION_append_mips = " -O" +DEBUG_OPTIMIZATION:remove:mips = " -Og" +DEBUG_OPTIMIZATION:append:mips = " -O" +BUILD_OPTIMIZATION:remove:mips = " -Og" +BUILD_OPTIMIZATION:append:mips = " -O" -DEBUG_OPTIMIZATION_remove_mipsel = " -Og" -DEBUG_OPTIMIZATION_append_mipsel = " -O" -BUILD_OPTIMIZATION_remove_mipsel = " -Og" -BUILD_OPTIMIZATION_append_mipsel = " -O" +DEBUG_OPTIMIZATION:remove:mipsel = " -Og" +DEBUG_OPTIMIZATION:append:mipsel = " -O" +BUILD_OPTIMIZATION:remove:mipsel = " -Og" +BUILD_OPTIMIZATION:append:mipsel = " -O" EXTRA_OECONF = "--with-boost-libs=-lboost_system \ --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ --with-openssl=${STAGING_DIR_TARGET}${prefix}" -do_configure_prepend() { +do_configure:prepend() { # replace abs_top_builddir to avoid introducing the build path # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" @@ -53,11 +50,11 @@ do_configure_prepend() { } # patch out build host paths for reproducibility -do_compile_prepend_class-target() { +do_compile:prepend:class-target() { sed -i -e "s,${WORKDIR},,g" ${B}/config.report } -do_install_append() { +do_install:append() { install -d ${D}${sysconfdir}/init.d install -d ${D}${systemd_system_unitdir} @@ -68,13 +65,13 @@ do_install_append() { ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl } -do_install_append() { +do_install:append() { rm -rf "${D}${localstatedir}" } -CONFFILES_${PN} = "${sysconfdir}/kea/keactrl.conf" +CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" -FILES_${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" -FILES_${PN} += "${libdir}/hooks/*.so" +FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" +FILES:${PN} += "${libdir}/hooks/*.so" PARALLEL_MAKEINST = "" diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb index 9a83898e52..0db609fc47 100644 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb +++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb @@ -3,27 +3,27 @@ HOMEPAGE = "https://github.com/lathiat/nss-mdns" DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." SECTION = "libs" -LICENSE = "LGPLv2.1+" +LICENSE = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "avahi" -SRC_URI = "git://github.com/lathiat/nss-mdns \ +SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ " -SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" +SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" S = "${WORKDIR}/git" inherit autotools pkgconfig -COMPATIBLE_HOST_libc-musl = 'null' +COMPATIBLE_HOST:libc-musl = 'null' EXTRA_OECONF = "--libdir=${base_libdir}" -RDEPENDS_${PN} = "avahi-daemon" +RDEPENDS:${PN} = "avahi-daemon" -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { sed ' /^hosts:/ !b /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b @@ -31,7 +31,7 @@ pkg_postinst_${PN} () { ' -i $D${sysconfdir}/nsswitch.conf } -pkg_prerm_${PN} () { +pkg_prerm:${PN} () { sed ' /^hosts:/ !b s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index 967eabcc13..dbe2fd8157 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ - " -SRC_URI[md5sum] = "8c12dc19dd7e0d02d2bb6596eb5a71c7" -SRC_URI[sha256sum] = "8d12b42623eeefee872f123bd0dc85d535b00df4d42e865f993c40f7bfc92b1e" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" inherit autotools binconfig-disabled pkgconfig @@ -21,10 +19,11 @@ BINCONFIG = "${bindir}/pcap-config" # Explicitly disable dag support. We don't have recipe for it and if enabled here, # configure script poisons the include dirs with /usr/local/include even when the -# support hasn't been detected. +# support hasn't been detected. Do the same thing for DPDK. EXTRA_OECONF = " \ --with-pcap=linux \ --without-dag \ + --without-dpdk \ " EXTRA_AUTORECONF += "--exclude=aclocal" @@ -36,7 +35,7 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" -do_configure_prepend () { +do_configure:prepend () { #remove hardcoded references to /usr/include sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac } diff --git a/meta/recipes-connectivity/libuv/libuv_1.41.0.bb b/meta/recipes-connectivity/libuv/libuv_1.44.1.bb index 4987331dc8..4c96d80a65 100644 --- a/meta/recipes-connectivity/libuv/libuv_1.41.0.bb +++ b/meta/recipes-connectivity/libuv/libuv_1.44.1.bb @@ -3,10 +3,11 @@ HOMEPAGE = "https://github.com/libuv/libuv" DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." BUGTRACKER = "https://github.com/libuv/libuv/issues" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d" -SRCREV = "1dff88e5161cba5c59276d2070d2e304e4dcb242" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x" +SRCREV = "e8b7eb6908a847ffbe6ab2eec7428e43a0aa53a2" +SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index f170cf4650..781b9216c5 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -4,11 +4,12 @@ DESCRIPTION = "Mobile Broadband Service Provider Database stores service provide SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a" -PV = "20201225" + +SRCREV = "4cbb44a9fe26aa6f0b28beb79f9488b37c097b5e" +PV = "20220315" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.16.bb index 7c124a3c0b..57f2a3e2e1 100644 --- a/meta/recipes-connectivity/neard/neard_0.16.bb +++ b/meta/recipes-connectivity/neard/neard_0.16.bb @@ -1,7 +1,7 @@ SUMMARY = "Linux NFC daemon" DESCRIPTION = "A daemon for the Linux Near Field Communication stack" HOMEPAGE = "http://01.org/linux-nfc" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" DEPENDS = "dbus glib-2.0 libnl" @@ -22,12 +22,12 @@ inherit autotools pkgconfig systemd update-rc.d PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" EXTRA_OECONF += "--enable-tools" # This would copy neard start-stop shell and test scripts -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/init.d/ sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ @@ -36,10 +36,10 @@ do_install_append() { fi } -RDEPENDS_${PN} = "dbus" +RDEPENDS:${PN} = "dbus" # Bluez & Wifi are not mandatory except for handover -RRECOMMENDS_${PN} = "\ +RRECOMMENDS:${PN} = "\ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ " @@ -47,4 +47,4 @@ RRECOMMENDS_${PN} = "\ INITSCRIPT_NAME = "neard" INITSCRIPT_PARAMS = "defaults 64" -SYSTEMD_SERVICE_${PN} = "neard.service" +SYSTEMD_SERVICE:${PN} = "neard.service" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index bd350144e3..7603eb680d 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -19,7 +19,7 @@ As there is already one source file named file.c as support/nsm/file.c in support/nsm/Makefile.am, so rename ../support/misc/file.c to ../support/misc/misc.c. -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2] Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.1.bb index d8c6391b3d..bbed5aea59 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.1.bb @@ -4,18 +4,18 @@ NFS server and related tools." HOMEPAGE = "http://nfs.sourceforge.net/" SECTION = "console/network" -LICENSE = "MIT & GPLv2+ & BSD" +LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" # util-linux for libblkid DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client" -RRECOMMENDS_${PN} = "kernel-module-nfsd" +RDEPENDS:${PN} = "${PN}-client" +RRECOMMENDS:${PN} = "kernel-module-nfsd" inherit useradd USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ +USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ --shell /bin/false --user-group rpcuser" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ @@ -31,7 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://clang-warnings.patch \ " -SRC_URI[sha256sum] = "b54d6d8ea2ee62d64111278301ba4631b7bb19174e7f717a724fe5d463900c80" +SRC_URI[sha256sum] = "60dfcd94a9f3d72a12bc7058d811787ec87a6d593d70da2123faf9aad3d7a1df" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -39,14 +39,14 @@ SRC_URI[sha256sum] = "b54d6d8ea2ee62d64111278301ba4631b7bb19174e7f717a724fe5d463 INITSCRIPT_PACKAGES = "${PN} ${PN}-client" INITSCRIPT_NAME = "nfsserver" INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" +INITSCRIPT_NAME:${PN}-client = "nfscommon" +INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" inherit autotools-brokensep update-rc.d systemd pkgconfig SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" +SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service" # --enable-uuid is need for cross-compiling EXTRA_OECONF = "--with-statduser=rpcuser \ @@ -62,7 +62,7 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ PACKAGECONFIG ??= "tcp-wrappers \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe @@ -72,46 +72,46 @@ PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ +CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ ${localstatedir}/lib/nfs/rmtab \ ${localstatedir}/lib/nfs/xtab \ ${localstatedir}/lib/nfs/statd/state \ ${sysconfdir}/nfsmount.conf" -FILES_${PN}-client = "${sbindir}/*statd \ +FILES:${PN}-client = "${sbindir}/*statd \ ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ ${sbindir}/showmount ${sbindir}/nfsstat \ ${localstatedir}/lib/nfs \ ${sysconfdir}/nfs-utils.conf \ ${sysconfdir}/nfsmount.conf \ ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + ${systemd_system_unitdir}/nfs-statd.service" +RDEPENDS:${PN}-client = "${PN}-mount rpcbind" -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" +FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" -RDEPENDS_${PN}-stats = "python3-core" +FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" +RDEPENDS:${PN}-stats = "python3-core" -FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" +FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" -FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" +FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" -do_configure_prepend() { +do_configure:prepend() { sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ ${S}/utils/mount/Makefile.am } # Make clean needed because the package comes with # precompiled 64-bit objects that break the build -do_compile_prepend() { +do_compile:prepend() { make clean } # Works on systemd only HIGH_RLIMIT_NOFILE ??= "4096" -do_install_append () { +do_install:append () { install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon @@ -119,18 +119,18 @@ do_install_append () { install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/ sed -i -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@SYSCONFDIR@,${sysconfdir},g' \ -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ - ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/*.service if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/ + install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount fi # kernel code as of 3.8 hard-codes this path as a default diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch new file mode 100644 index 0000000000..3655b3fd66 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch @@ -0,0 +1,28 @@ +From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Wed, 21 Apr 2021 11:01:34 +0000 +Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro + from ell/util.h + +Upstream-Status: Pending + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + drivers/mbimmodem/mbim-private.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h +index 51693eae..d917312c 100644 +--- a/drivers/mbimmodem/mbim-private.h ++++ b/drivers/mbimmodem/mbim-private.h +@@ -30,6 +30,10 @@ + __result; }) + #endif + ++/* used to be part of ell/util.h before 0.39: ++ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */ ++#define unlikely(x) __builtin_expect(!!(x), 0) ++ + enum mbim_control_message { + MBIM_OPEN_MSG = 0x1, + MBIM_CLOSE_MSG = 0x2, diff --git a/meta/recipes-connectivity/ofono/ofono_1.31.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb index 7d0976ad7f..23631747a7 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.31.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb @@ -2,7 +2,7 @@ SUMMARY = "open source telephony" DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." HOMEPAGE = "http://www.ofono.org" BUGTRACKER = "https://01.org/jira/browse/OF" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" @@ -11,40 +11,45 @@ SRC_URI = "\ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://ofono \ file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ + file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ " -SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc" -SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b" +SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7" inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data INITSCRIPT_NAME = "ofono" INITSCRIPT_PARAMS = "defaults 22" -SYSTEMD_SERVICE_${PN} = "ofono.service" +SYSTEMD_SERVICE:${PN} = "ofono.service" PACKAGECONFIG ??= "\ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ " -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" EXTRA_OECONF += "--enable-test --enable-external-ell" -do_install_append() { - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono +do_configure:prepend() { + bbnote "Removing bundled ell from ${S}/ell to prevent including it" + rm -rf ${S}/ell +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono } PACKAGES =+ "${PN}-tests" -FILES_${PN} += "${systemd_unitdir}" -FILES_${PN}-tests = "${libdir}/${BPN}/test" +FILES:${PN} += "${systemd_unitdir}" +FILES:${PN}-tests = "${libdir}/${BPN}/test" -RDEPENDS_${PN} += "dbus" -RDEPENDS_${PN}-tests = "\ +RDEPENDS:${PN} += "dbus" +RDEPENDS:${PN}-tests = "\ python3-core \ python3-dbus \ ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ " -RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" +RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" diff --git a/meta/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch b/meta/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch deleted file mode 100644 index b88bc18f12..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0f90440ca70abab947acbd77795e9f130967956c.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0f90440ca70abab947acbd77795e9f130967956c Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@dtucker.net> -Date: Fri, 20 Nov 2020 13:37:54 +1100 -Subject: [PATCH] Add new pselect6_time64 syscall on ARM. - -This is apparently needed on armhfp/armv7hl. bz#3232, patch from -jjelen at redhat.com. ---- - sandbox-seccomp-filter.c | 3 +++ - 1 file changed, 3 insertions(+) - -Upstream-Status: Backport -[fixes issues on 32bit IA and probably other 32 bit platforms too with glibc 2.33] - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index e0768c063..5065ae7ef 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_pselect6 - SC_ALLOW(__NR_pselect6), - #endif -+#ifdef __NR_pselect6_time64 -+ SC_ALLOW(__NR_pselect6_time64), -+#endif - #ifdef __NR_read - SC_ALLOW(__NR_read), - #endif diff --git a/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch b/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch new file mode 100644 index 0000000000..847c0a143c --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch @@ -0,0 +1,35 @@ +From f107467179428a0e3ea9e4aa9738ac12ff02822d Mon Sep 17 00:00:00 2001 +From: Colin Watson <cjwatson@debian.org> +Date: Thu, 24 Feb 2022 16:04:18 +0000 +Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support + +GCC doesn't tell us whether this option is supported unless it runs into +the situation where it would need to emit corresponding code. + +Upstream-Status: Backport +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + m4/openssh.m4 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/m4/openssh.m4 b/m4/openssh.m4 +index 4f9c3792dc1..8c33c701b8b 100644 +--- a/m4/openssh.m4 ++++ b/m4/openssh.m4 +@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include <stdlib.h> + #include <stdio.h> ++/* Trivial function to help test for -fzero-call-used-regs */ ++void f(int n) {} + int main(int argc, char **argv) { + (void)argv; + /* Some math to catch -ftrapv problems in the toolchain */ +@@ -21,6 +23,7 @@ int main(int argc, char **argv) { + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; ++ f(0); + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest index ae03e929b2..8a9b770d59 100755 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -5,7 +5,7 @@ export SKIP_UNIT=1 cd regress sed -i "/\t\tagent-ptrace /d" Makefile -make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ +make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' SSHAGENT=`which ssh-agent` diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7153..ef117de897 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 128e2e318a..6c5c1912e8 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -5,8 +5,8 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" +LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9" DEPENDS = "zlib openssl virtual/crypt" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -24,26 +24,32 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ - file://0f90440ca70abab947acbd77795e9f130967956c.patch \ + file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \ " -SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" +SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" + +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here +CVE_CHECK_IGNORE += "CVE-2007-2768" # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded -CVE_CHECK_WHITELIST += "CVE-2014-9278" +CVE_CHECK_IGNORE += "CVE-2014-9278" + +# CVE only applies to some distributed RHEL binaries +CVE_CHECK_IGNORE += "CVE-2008-3844" PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" +INITSCRIPT_NAME:${PN}-sshd = "sshd" +INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" +SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest @@ -69,7 +75,10 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ " # musl doesn't implement wtmp/utmp and logwtmp -EXTRA_OECONF_append_libc-musl = " --disable-wtmp --disable-lastlog" +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" + +# https://bugzilla.mindrot.org/show_bug.cgi?id=3398 +EXTRA_OECONF:append:powerpc = " --with-sandbox=no" # Since we do not depend on libbsd, we do not want configure to use it # just because it finds libutil.h. But, specifying --disable-libutil @@ -82,20 +91,17 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" # We don't want to depend on libblockfile CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" -do_configure_prepend () { +do_configure:prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ install -m 0644 ${WORKDIR}/ssh_config ${B}/ } do_compile_ptest() { - # skip regress/unittests/ binaries: this will silently skip - # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ - regress/check-perm regress/mkdtemp + oe_runmake regress-binaries regress-unit-binaries } -do_install_append () { +do_install:append () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config @@ -121,15 +127,15 @@ do_install_append () { echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ ${D}${sysconfdir}/init.d/sshd @@ -140,41 +146,42 @@ do_install_append () { do_install_ptest () { sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh cp -r regress ${D}${PTEST_PATH} + cp config.h ${D}${PTEST_PATH} } -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = "\ +FILES:${PN}-scp = "${bindir}/scp.${BPN}" +FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" +FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES:${PN}-sftp = "${bindir}/sftp" +FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES:${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS:${PN}-sshd:append:class-target = "\ ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ " # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" +RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" +RPROVIDES:${PN}-ssh = "ssh" +RPROVIDES:${PN}-sshd = "sshd" -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" +RCONFLICTS:${PN} = "dropbear" +RCONFLICTS:${PN}-sshd = "dropbear" -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" +CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" +ALTERNATIVE:${PN}-scp = "scp" +ALTERNATIVE:${PN}-ssh = "ssh" BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..5effa6c6f6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -0,0 +1,36 @@ +From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 14 Sep 2021 12:18:25 +0200 +Subject: [PATCH] Configure: do not tweak mips cflags + +This conflicts with mips machine definitons from yocto, +e.g. +| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + Configure | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/Configure b/Configure +index 821e680..0387a74 100755 +--- a/Configure ++++ b/Configure +@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } + +-if ($target =~ /linux.*-mips/ && !$disabled{asm} +- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +- # minimally required architecture flags for assembly modules +- my $value; +- $value = '-mips2' if ($target =~ /mips32/); +- $value = '-mips3' if ($target =~ /mips64/); +- unshift @{$config{cflags}}, $value; +- unshift @{$config{cxxflags}}, $value if $config{CXX}; +-} +- + # If threads aren't disabled, check how possible they are + unless ($disabled{threads}) { + if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..60890c666d 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -1,4 +1,4 @@ -From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 +From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> Date: Tue, 6 Nov 2018 14:50:47 +0100 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler @@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Martin Hundebøll <martin@geanix.com> - Update to fix buildpaths qa issue for '-fmacro-prefix-map'. Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Update to fix buildpaths qa issue for '-ffile-prefix-map'. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - Configurations/unix-Makefile.tmpl | 10 +++++++++- + Configurations/unix-Makefile.tmpl | 12 +++++++++++- crypto/build.info | 2 +- - 2 files changed, 10 insertions(+), 2 deletions(-) + 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 16af4d2087..54c162784c 100644 +index f88a70f..528cdef 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +@@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 +CFLAGS_Q={- for (@{$config{CFLAGS}}) { + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; ++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; + } + join(' ', @{$config{CFLAGS}}) -} + @@ -59,18 +64,15 @@ index 16af4d2087..54c162784c 100644 # For x86 assembler: Set PROCESSOR to 386 if you want to support diff --git a/crypto/build.info b/crypto/build.info -index b515b7318e..8c9cee2a09 100644 +index efca6cc..eda433e 100644 --- a/crypto/build.info +++ b/crypto/build.info -@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ - ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl +@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF + DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" - DEPEND[buildinf.h]=../configdata.pm - GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) --- -2.19.1 - + GENERATE[uplink-x86.s]=../ms/uplink-x86.pl + GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null @@ -1,46 +0,0 @@ -From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 2 Oct 2018 23:58:24 +0800 -Subject: [PATCH] skip test_symbol_presence - -We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' -as INSTALL told us the shared libraries will not be built. - -[INSTALL snip] - Notes on shared libraries - ------------------------- - - For most systems the OpenSSL Configure script knows what is needed to - build shared libraries for libcrypto and libssl. On these systems - the shared libraries will be created by default. This can be suppressed and - only static libraries created by using the "no-shared" option. On systems - where OpenSSL does not know how to build shared libraries the "no-shared" - option will be forced and only static libraries will be created. -[INSTALL snip] - -Hence directly modification the case to skip it. - -Upstream-Status: Inappropriate [OE Specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - test/recipes/01-test_symbol_presence.t | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 7f2a2d7..0b93745 100644 ---- a/test/recipes/01-test_symbol_presence.t -+++ b/test/recipes/01-test_symbol_presence.t -@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; - - setup("test_symbol_presence"); - --plan skip_all => "Only useful when building shared libraries" -- if disabled("shared"); -+plan skip_all => "The case needs debug symbols then we just disable it"; - - my @libnames = ("crypto", "ssl"); - my $testcount = scalar @libnames; --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch deleted file mode 100644 index a24260c95d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch +++ /dev/null @@ -1,32 +0,0 @@ -The value for perl_archname can vary depending on the host, e.g. -x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which -makes the ptest package non-reproducible. Its unused other than -these references so drop it. - -RP 2020/2/6 - -Upstream-Status: Pending -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Index: openssl-1.1.1d/Configure -=================================================================== ---- openssl-1.1.1d.orig/Configure -+++ openssl-1.1.1d/Configure -@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) - # Save away perl command information - $config{perl_cmd} = $^X; - $config{perl_version} = $Config{version}; --$config{perl_archname} = $Config{archname}; -+#$config{perl_archname} = $Config{archname}; - - $config{prefix}=""; - $config{openssldir}=""; -@@ -2517,7 +2517,7 @@ _____ - @{$config{perlargv}}), "\n"; - print "\nPerl information:\n\n"; - print ' ',$config{perl_cmd},"\n"; -- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; -+ print ' ',$config{perl_version},"\n"; - } - if ($dump || $options) { - my $longest = 0; diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..8dff79101f 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -9,4 +9,4 @@ export TOP=. # OPENSSL_ENGINES is relative from the test binaries export OPENSSL_ENGINES=../engines -perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' +perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/meta/recipes-connectivity/openssl/openssl_3.0.2.bb index 181790e6ab..ff2a22c6c3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.2.bb @@ -4,33 +4,28 @@ HOMEPAGE = "http://www.openssl.org/" BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" SECTION = "libs/network" -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://reproducible.patch \ + file://0001-Configure-do-not-tweak-mips-cflags.patch \ " -SRC_URI_append_class-nativesdk = " \ +SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf" +SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" -inherit lib_package multilib_header multilib_script ptest +inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" PACKAGECONFIG[no-tls1] = "no-tls1" @@ -42,33 +37,32 @@ do_configure[cleandirs] = "${B}" #| ./libcrypto.so: undefined reference to `getcontext' #| ./libcrypto.so: undefined reference to `setcontext' #| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" +EXTRA_OECONF:append:libc-musl = " no-async" +EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -# Disable deprecated crypto algorithms -# Retained for compatibilty -# des (curl) -# dh (python-ssl) -# dsa (rpm) -# md4 (cyrus-sasl freeradius hostapd) -# bf (wvstreams postgresql x11vnc crda znc cfengine) -# rc4 (freerdp librtorrent ettercap xrdp transmission pam-ssh-agent-auth php) -# rc2 (mailx) -# psk (qt5) -# srp (libest) -# whirlpool (qca) -DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-camellia no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4" +CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +# This allows disabling deprecated or undesirable crypto algorithms. +# The default is to trust upstream choices. +DEPRECATED_CRYPTO_FLAGS ?= "" do_configure () { + # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make + # the issue really clear that perl isn't functional due to symbol mismatch issues. + cat <<- EOF > ${WORKDIR}/perltest + #!/usr/bin/env perl + use POSIX; + EOF + chmod a+x ${WORKDIR}/perltest + ${WORKDIR}/perltest + os=${HOST_OS} case $os in linux-gnueabi |\ @@ -83,6 +77,9 @@ do_configure () { esac target="$os-${HOST_ARCH}" case $target in + linux-arc) + target=linux-latomic + ;; linux-arm*) target=linux-armv4 ;; @@ -141,7 +138,7 @@ do_configure () { # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -149,43 +146,50 @@ do_install () { oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install oe_multilib_header openssl/opensslconf.h + oe_multilib_header openssl/configuration.h # Create SSL structure for packages such as ca-certificates which # contain hard-coded paths to /etc/ssl. Debian does the same. install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ + mv ${D}${libdir}/ssl-3/certs \ + ${D}${libdir}/ssl-3/private \ + ${D}${libdir}/ssl-3/openssl.cnf \ ${D}${sysconfdir}/ssl/ # Although absolute symlinks would be OK for the target, they become # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf } -do_install_append_class-native () { +do_install:append:class-native () { create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 + OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-3/certs \ + SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-3 \ + OPENSSL_MODULES=${libdir}/ossl-modules } -do_install_append_class-nativesdk () { +do_install:append:class-nativesdk () { mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh } PTEST_BUILD_HOST_FILES += "configdata.pm" PTEST_BUILD_HOST_PATTERN = "perl_version =" do_install_ptest () { + install -d ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test + # Prune the build tree rm -f ${B}/fuzz/*.* ${B}/test/*.* cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} # For test_shlibload @@ -198,11 +202,21 @@ do_install_ptest () { install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines - # seems to be needed with perl 5.32.1 - install -d ${D}${PTEST_PATH}/util/perl/recipes - cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + install -d ${D}${PTEST_PATH}/providers + install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers + + install -d ${D}${PTEST_PATH}/Configurations + cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ + + # seems to be needed with perl 5.32.1 + install -d ${D}${PTEST_PATH}/util/perl/recipes + cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl } # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto @@ -212,25 +226,25 @@ do_install_ptest () { PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ - ${libdir}/ssl-1.1/openssl.cnf* \ +FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES:libssl = "${libdir}/libssl${SOLIBS}" +FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-3/openssl.cnf* \ " -FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES:${PN}-engines = "${libdir}/engines-3" # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) -FILES_${PN}-engines_append_mingw32_class-nativesdk = " ${prefix}${libdir}/engines-1_1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" +FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" +FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" +FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-misc = "perl" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" +RRECOMMENDS:libcrypto += "openssl-conf" +RDEPENDS:${PN}-misc = "perl" +RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed" -RDEPENDS_${PN}-bin += "openssl-conf" +RDEPENDS:${PN}-bin += "openssl-conf" BBCLASSEXTEND = "native nativesdk" @@ -240,4 +254,4 @@ CVE_VERSION_SUFFIX = "alphabetical" # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough -CVE_CHECK_WHITELIST += "CVE-2019-0190" +CVE_CHECK_IGNORE += "CVE-2019-0190" diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb index b0097aa480..8a6c297cb0 100644 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb @@ -2,7 +2,7 @@ SUMMARY = "Enables PPP dial-in through a serial connection" SECTION = "console/network" DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." DEPENDS = "ppp" -RDEPENDS_${PN} = "ppp" +RDEPENDS:${PN} = "ppp" PR = "r8" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" @@ -23,6 +23,6 @@ do_install() { } USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home /dev/null \ +USERADD_PARAM:${PN} = "--system --home /dev/null \ --no-create-home --shell ${sbindir}/ppp-dialin \ --no-user-group --gid nogroup ppp" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch new file mode 100644 index 0000000000..c91246dbf5 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch @@ -0,0 +1,36 @@ +From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Fri, 5 Nov 2021 12:41:35 -0400 +Subject: [PATCH] ppp: fix build against 5.15 headers + +The 5.15 kernel has removed ipx support, along with the userspace +visible header. + +This support wasn't used previously (as it hasn't been very well +maintained in the kernel for several years), so we can simply +disable it in our build and wait for upstream to do a release that +drops the support. + +Upstream-Status: Inappropriate [OE-specific configuration/headers] + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + pppd/Makefile.linux | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 22837c5..23b9b22 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -91,7 +91,7 @@ MAXOCTETS=y + + INCLUDE_DIRS= -I../include + +-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe ++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe + + CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb index a78992fa5e..700ece61dc 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb @@ -5,7 +5,7 @@ SECTION = "console/network" HOMEPAGE = "http://samba.org/ppp/" BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" DEPENDS = "libpcap openssl virtual/crypt" -LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" +LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ @@ -24,6 +24,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://ppp_on_boot \ file://provider \ file://ppp@.service \ + file://0001-ppp-fix-build-against-5.15-headers.patch \ " SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" @@ -39,11 +40,13 @@ EXTRA_OECONF = "--disable-strip" # EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' +EXTRA_OECONF:append:libc-musl = " --disable-ipxcp" + do_configure () { oe_runconf } -do_install_append () { +do_install:append () { make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ @@ -60,37 +63,37 @@ do_install_append () { install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/ppp@.service + ${D}${systemd_system_unitdir}/ppp@.service rm -rf ${D}/${mandir}/man8/man8 chmod u+s ${D}${sbindir}/pppd } -do_install_append_libc-musl () { +do_install:append:libc-musl () { install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h } -CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" +CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" -FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" -FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" -FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" -FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" -FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" -FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" -FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" -FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" -FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" -SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" -SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" -SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" -SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" -SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" -SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" -SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" -SUMMARY_${PN}-tools = "Additional tools for the PPP package" +FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" +FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" +FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" +FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" +FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" +FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" +FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" +FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" +FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" +SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" +SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" +SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" +SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" +SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" +SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" +SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" +SUMMARY:${PN}-tools = "Additional tools for the PPP package" # Ignore compatibility symlink rp-pppoe.so->pppoe.so -INSANE_SKIP_${PN}-oe += "dev-so" +INSANE_SKIP:${PN}-oe += "dev-so" diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch deleted file mode 100644 index 1aead07869..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch +++ /dev/null @@ -1,20 +0,0 @@ - -busybox installs readlink into /usr/bin, so ensure /usr/bin -is in the path. - -Upstream-Status: Submitted -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: resolvconf-1.76/etc/resolvconf/update.d/libc -=================================================================== ---- resolvconf-1.76.orig/etc/resolvconf/update.d/libc -+++ resolvconf-1.76/etc/resolvconf/update.d/libc -@@ -16,7 +16,7 @@ - # - - set -e --PATH=/sbin:/bin -+PATH=/sbin:/bin:/usr/bin - - [ -x /lib/resolvconf/list-records ] || exit 1 - diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.87.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb index 6df96b699c..94fd2c1a70 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.87.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb @@ -5,18 +5,17 @@ itself up as the intermediary between programs that supply \ nameserver information and programs that need nameserver \ information." SECTION = "console/network" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS_${PN} = "bash" +RDEPENDS:${PN} = "bash" SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ - file://fix-path-for-busybox.patch \ file://99_resolvconf \ " -SRCREV = "1dda36d8465e335c60190c41e7185d782da1bd7b" +SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1" S = "${WORKDIR}/git" @@ -55,7 +54,7 @@ do_install () { install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ } -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { if [ -z "$D" ]; then if command -v systemd-tmpfiles >/dev/null; then systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf @@ -65,4 +64,4 @@ pkg_postinst_${PN} () { fi } -FILES_${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN}" diff --git a/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch new file mode 100644 index 0000000000..fbfb0816dd --- /dev/null +++ b/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch @@ -0,0 +1,35 @@ +From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 17 Jan 2022 13:21:32 +0100 +Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK + +AC_TRY_COMPILE won't error out if the function is altogether absent +(e.g. on linux musl C library), the test needs to link all the way. + +Upstream-Status: Submitted [via email to socat@dest-unreach.org] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d4acc9e..973a7f2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror) + # getprotobynumber_r() is not standardized + AC_MSG_CHECKING(for getprotobynumber_r() variant) + AC_CACHE_VAL(sc_cv_getprotobynumber_r, +-[AC_TRY_COMPILE([#include <stddef.h> ++[AC_TRY_LINK([#include <stddef.h> + #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);], + [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux], +- [AC_TRY_COMPILE([#include <stddef.h> ++ [AC_TRY_LINK([#include <stddef.h> + #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);], + [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris], +- [AC_TRY_COMPILE([#include <stddef.h> ++ [AC_TRY_LINK([#include <stddef.h> + #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);], + [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX], + diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb b/meta/recipes-connectivity/socat/socat_1.7.4.3.bb index 5a13af91bc..a4a0a8933e 100644 --- a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb +++ b/meta/recipes-connectivity/socat/socat_1.7.4.3.bb @@ -10,10 +10,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ -" + file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \ + " -SRC_URI[md5sum] = "36cad050ecf4981ab044c3fbd75c643f" -SRC_URI[sha256sum] = "3faca25614e89123dff5045680549ecef519d02e331aaf3c4f5a8f6837c675e9" +SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007" inherit autotools @@ -29,15 +29,15 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ sc_cv_sys_tabdly_shift=11 \ sc_cv_sys_csize_shift=4" -TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -PACKAGECONFIG_class-target ??= "tcp-wrappers readline openssl" +PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" PACKAGECONFIG ??= "readline openssl" PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" @@ -45,7 +45,7 @@ PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" CFLAGS += "-fcommon" -do_install_prepend () { +do_install:prepend () { mkdir -p ${D}${bindir} install -d ${D}${bindir} ${D}${mandir}/man1 } diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch deleted file mode 100644 index 7b0713cf6d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +++ /dev/null @@ -1,82 +0,0 @@ -hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication -of disconnection in certain situations because source address validation is -mishandled. This is a denial of service that should have been prevented by PMF -(aka management frame protection). The attacker must send a crafted 802.11 frame -from a location that is within the 802.11 communications range. - -CVE: CVE-2019-16275 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Thu, 29 Aug 2019 11:52:04 +0300 -Subject: [PATCH] AP: Silently ignore management frame from unexpected source - address - -Do not process any received Management frames with unexpected/invalid SA -so that we do not add any state for unexpected STA addresses or end up -sending out frames to unexpected destination. This prevents unexpected -sequences where an unprotected frame might end up causing the AP to send -out a response to another device and that other device processing the -unexpected response. - -In particular, this prevents some potential denial of service cases -where the unexpected response frame from the AP might result in a -connected station dropping its association. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/drv_callbacks.c | 13 +++++++++++++ - src/ap/ieee802_11.c | 12 ++++++++++++ - 2 files changed, 25 insertions(+) - -diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c -index 31587685fe3b..34ca379edc3d 100644 ---- a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, - "hostapd_notif_assoc: Skip event with no address"); - return -1; - } -+ -+ if (is_multicast_ether_addr(addr) || -+ is_zero_ether_addr(addr) || -+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR -+ " in received indication - ignore this indication silently", -+ __func__, MAC2STR(addr)); -+ return 0; -+ } -+ - random_add_randomness(addr, ETH_ALEN); - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index c85a28db44b7..e7065372e158 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, - fc = le_to_host16(mgmt->frame_control); - stype = WLAN_FC_GET_STYPE(fc); - -+ if (is_multicast_ether_addr(mgmt->sa) || -+ is_zero_ether_addr(mgmt->sa) || -+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR -+ " in received frame - ignore this frame silently", -+ MAC2STR(mgmt->sa)); -+ return 0; -+ } -+ - if (stype == WLAN_FC_STYPE_BEACON) { - handle_beacon(hapd, mgmt, len, fi); - return 1; --- -2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch deleted file mode 100644 index 53ad5d028a..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Wed, 3 Jun 2020 23:17:35 +0300 -Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to - other networks - -The UPnP Device Architecture 2.0 specification errata ("UDA errata -16-04-2020.docx") addresses a problem with notifications being allowed -to go out to other domains by disallowing such cases. Do such filtering -for the notification callback URLs to avoid undesired connections to -external networks based on subscriptions that any device in the local -network could request when WPS support for external registrars is -enabled (the upnp_iface parameter in hostapd configuration). - -Upstream-Status: Backport -CVE: CVE-2020-12695 patch #1 -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/wps/wps_er.c | 2 +- - src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++-- - src/wps/wps_upnp_i.h | 3 ++- - 3 files changed, 39 insertions(+), 4 deletions(-) - -Index: wpa_supplicant-2.9/src/wps/wps_er.c -=================================================================== ---- wpa_supplicant-2.9.orig/src/wps/wps_er.c -+++ wpa_supplicant-2.9/src/wps/wps_er.c -@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con - "with %s", filter); - } - if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text, -- er->mac_addr)) { -+ NULL, er->mac_addr)) { - wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " - "for %s. Does it have IP address?", er->ifname); - wps_er_deinit(er, NULL, NULL); -Index: wpa_supplicant-2.9/src/wps/wps_upnp.c -=================================================================== ---- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c -+++ wpa_supplicant-2.9/src/wps/wps_upnp.c -@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct - } - - -+static int local_network_addr(struct upnp_wps_device_sm *sm, -+ struct sockaddr_in *addr) -+{ -+ return (addr->sin_addr.s_addr & sm->netmask.s_addr) == -+ (sm->ip_addr & sm->netmask.s_addr); -+} -+ -+ - /* subscr_addr_add_url -- add address(es) for one url to subscription */ - static void subscr_addr_add_url(struct subscription *s, const char *url, - size_t url_len) -@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s - - for (rp = result; rp; rp = rp->ai_next) { - struct subscr_addr *a; -+ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr; - - /* Limit no. of address to avoid denial of service attack */ - if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) { -@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s - break; - } - -+ if (!local_network_addr(s->sm, addr)) { -+ wpa_printf(MSG_INFO, -+ "WPS UPnP: Ignore a delivery URL that points to another network %s", -+ inet_ntoa(addr->sin_addr)); -+ continue; -+ } -+ - a = os_zalloc(sizeof(*a) + alloc_len); - if (a == NULL) - break; -@@ -889,11 +905,12 @@ static int eth_get(const char *device, u - * @net_if: Selected network interface name - * @ip_addr: Buffer for returning IP address in network byte order - * @ip_addr_text: Buffer for returning a pointer to allocated IP address text -+ * @netmask: Buffer for returning netmask or %NULL if not needed - * @mac: Buffer for returning MAC address - * Returns: 0 on success, -1 on failure - */ - int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, -- u8 mac[ETH_ALEN]) -+ struct in_addr *netmask, u8 mac[ETH_ALEN]) - { - struct ifreq req; - int sock = -1; -@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u - in_addr.s_addr = *ip_addr; - os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr)); - -+ if (netmask) { -+ os_memset(&req, 0, sizeof(req)); -+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); -+ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) { -+ wpa_printf(MSG_ERROR, -+ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)", -+ errno, strerror(errno)); -+ goto fail; -+ } -+ addr = (struct sockaddr_in *) &req.ifr_netmask; -+ netmask->s_addr = addr->sin_addr.s_addr; -+ } -+ - #ifdef __linux__ - os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); - if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) { -@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct - - /* Determine which IP and mac address we're using */ - if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text, -- sm->mac_addr)) { -+ &sm->netmask, sm->mac_addr)) { - wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " - "for %s. Does it have IP address?", net_if); - goto fail; - } -+ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr " -+ MACSTR, -+ sm->ip_addr_text, inet_ntoa(sm->netmask), -+ MAC2STR(sm->mac_addr)); - - /* Listen for incoming TCP connections so that others - * can fetch our "xml files" from us. -Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h -=================================================================== ---- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h -+++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h -@@ -128,6 +128,7 @@ struct upnp_wps_device_sm { - u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */ - char *ip_addr_text; /* IP address of network i.f. we use */ - unsigned ip_addr; /* IP address of network i.f. we use (host order) */ -+ struct in_addr netmask; - int multicast_sd; /* send multicast messages over this socket */ - int ssdp_sd; /* receive discovery UPD packets on socket */ - int ssdp_sd_registered; /* nonzero if we must unregister */ -@@ -158,7 +159,7 @@ struct subscription * subscription_find( - const u8 uuid[UUID_LEN]); - void subscr_addr_delete(struct subscr_addr *a); - int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, -- u8 mac[ETH_ALEN]); -+ struct in_addr *netmask, u8 mac[ETH_ALEN]); - - /* wps_upnp_ssdp.c */ - void msearchreply_state_machine_stop(struct advertisement_state_machine *a); diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch deleted file mode 100644 index a476cf040e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001 -From: Joshua DeWeese <jdeweese@hennypenny.com> -Date: Wed, 30 Jan 2019 16:19:47 -0500 -Subject: [PATCH] replace systemd install Alias with WantedBy - -According to the systemd documentation "WantedBy=foo.service in a -service bar.service is mostly equivalent to -Alias=foo.service.wants/bar.service in the same file." However, -this is not really the intended purpose of install Aliases. - -Upstream-Status: Submitted [hostap@lists.infradead.org] - -Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> ---- - wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -index 03ac507..da69a87 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -index c8a744d..ca3054b 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -index 7788b38..55d2b9c 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant@%i.service -+WantedBy=multi-user.target --- -2.7.4 - diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch deleted file mode 100644 index 59640859dd..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch +++ /dev/null @@ -1,62 +0,0 @@ -From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Wed, 3 Jun 2020 22:41:02 +0300 -Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL - path - -More than about 700 character URL ended up overflowing the wpabuf used -for building the event notification and this resulted in the wpabuf -buffer overflow checks terminating the hostapd process. Fix this by -allocating the buffer to be large enough to contain the full URL path. -However, since that around 700 character limit has been the practical -limit for more than ten years, start explicitly enforcing that as the -limit or the callback URLs since any longer ones had not worked before -and there is no need to enable them now either. - -Upstream-Status: Backport -CVE: CVE-2020-12695 patch #2 -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/wps/wps_upnp.c | 9 +++++++-- - src/wps/wps_upnp_event.c | 3 ++- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c -index 7d4b7439940e..ab685d52ecab 100644 ---- a/src/wps/wps_upnp.c -+++ b/src/wps/wps_upnp.c -@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, - int rerr; - size_t host_len, path_len; - -- /* url MUST begin with http: */ -- if (url_len < 7 || os_strncasecmp(url, "http://", 7)) -+ /* URL MUST begin with HTTP scheme. In addition, limit the length of -+ * the URL to 700 characters which is around the limit that was -+ * implicitly enforced for more than 10 years due to a bug in -+ * generating the event messages. */ -+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) { -+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL"); - goto fail; -+ } - url += 7; - url_len -= 7; - -diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c -index d7e6edcc6503..08a23612f338 100644 ---- a/src/wps/wps_upnp_event.c -+++ b/src/wps/wps_upnp_event.c -@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e) - struct wpabuf *buf; - char *b; - -- buf = wpabuf_alloc(1000 + wpabuf_len(e->data)); -+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + -+ wpabuf_len(e->data)); - if (buf == NULL) - return NULL; - wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); --- -2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch deleted file mode 100644 index 8a014ef28a..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Thu, 4 Jun 2020 21:24:04 +0300 -Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more - properly - -While it is appropriate to try to retransmit the event to another -callback URL on a failure to initiate the HTTP client connection, there -is no point in trying the exact same operation multiple times in a row. -Replve the event_retry() calls with event_addr_failure() for these cases -to avoid busy loops trying to repeat the same failing operation. - -These potential busy loops would go through eloop callbacks, so the -process is not completely stuck on handling them, but unnecessary CPU -would be used to process the continues retries that will keep failing -for the same reason. - -Upstream-Status: Backport -CVE: CVE-2020-12695 patch #2 -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/wps/wps_upnp_event.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c -index 08a23612f338..c0d9e41d9a38 100644 ---- a/src/wps/wps_upnp_event.c -+++ b/src/wps/wps_upnp_event.c -@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s) - - buf = event_build_message(e); - if (buf == NULL) { -- event_retry(e, 0); -+ event_addr_failure(e); - return -1; - } - -@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s) - event_http_cb, e); - if (e->http_event == NULL) { - wpabuf_free(buf); -- event_retry(e, 0); -+ event_addr_failure(e); - return -1; - } - --- -2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch deleted file mode 100644 index 8c90fa3421..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Mon, 9 Nov 2020 11:43:12 +0200 -Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group - client - -Parsing and copying of WPS secondary device types list was verifying -that the contents is not too long for the internal maximum in the case -of WPS messages, but similar validation was missing from the case of P2P -group information which encodes this information in a different -attribute. This could result in writing beyond the memory area assigned -for these entries and corrupting memory within an instance of struct -p2p_device. This could result in invalid operations and unexpected -behavior when trying to free pointers from that corrupted memory. - -Upstream-Status: Backport -CVE: CVE-2021-0326 - -Reference to upstream patch: -[https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e] - -Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 -Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - src/p2p/p2p.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c -index a08ba02..079270f 100644 ---- a/src/p2p/p2p.c -+++ b/src/p2p/p2p.c -@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, - dev->info.config_methods = cli->config_methods; - os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); - dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; -+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) -+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; - os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, - dev->info.wps_sec_dev_type_list_len); - } --- -2.17.1 - diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch deleted file mode 100644 index 004b1dbd19..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <jouni@codeaurora.org> -Date: Tue, 8 Dec 2020 23:52:50 +0200 -Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request - -p2p_add_device() may remove the oldest entry if there is no room in the -peer table for a new peer. This would result in any pointer to that -removed entry becoming stale. A corner case with an invalid PD Request -frame could result in such a case ending up using (read+write) freed -memory. This could only by triggered when the peer table has reached its -maximum size and the PD Request frame is received from the P2P Device -Address of the oldest remaining entry and the frame has incorrect P2P -Device Address in the payload. - -Fix this by fetching the dev pointer again after having called -p2p_add_device() so that the stale pointer cannot be used. - -Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") -Signed-off-by: Jouni Malinen <jouni@codeaurora.org> - -Upstream-Status: Backport -CVE: CVE-2021-27803 - -Reference to upstream patch: -[https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32] - -Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> ---- - src/p2p/p2p_pd.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c -index 3994ec0..05fd593 100644 ---- a/src/p2p/p2p_pd.c -+++ b/src/p2p/p2p_pd.c -@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, - goto out; - } - -+ dev = p2p_get_device(p2p, sa); - if (!dev) { -- dev = p2p_get_device(p2p, sa); -- if (!dev) { -- p2p_dbg(p2p, -- "Provision Discovery device not found " -- MACSTR, MAC2STR(sa)); -- goto out; -- } -+ p2p_dbg(p2p, -+ "Provision Discovery device not found " -+ MACSTR, MAC2STR(sa)); -+ goto out; - } - } else if (msg.wfd_subelems) { - wpabuf_free(dev->info.wfd_subelems); --- -2.17.1 - diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb index 357c28634a..6e80ac7de3 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -4,47 +4,39 @@ DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and BUGTRACKER = "http://w1.fi/security/" SECTION = "network" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \ - file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b" +LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ + file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \ + file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705" DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" +RRECOMMENDS:${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" -PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG ??= "openssl" PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" PACKAGECONFIG[openssl] = ",,openssl" inherit pkgconfig systemd -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service" +SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" SYSTEMD_AUTO_ENABLE = "disable" -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ +SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://defconfig \ file://wpa-supplicant.sh \ file://wpa_supplicant.conf \ file://wpa_supplicant.conf-sane \ file://99_wpa_supplicant \ - file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ - file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ - file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ - file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ - file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ - file://CVE-2021-0326.patch \ - file://CVE-2021-27803.patch \ - " -SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" -SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" + " +SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" CVE_PRODUCT = "wpa_supplicant" S = "${WORKDIR}/wpa_supplicant-${PV}" -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" +PACKAGES:prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " +FILES:wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" +FILES:wpa-supplicant-cli = "${sbindir}/wpa_cli" +FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" +CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" do_configure () { ${MAKE} -C wpa_supplicant clean @@ -99,15 +91,15 @@ do_install () { install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} fi install -d ${D}/etc/default/volatiles install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles } -pkg_postinst_wpa-supplicant () { +pkg_postinst:${PN} () { # If we're offline, we don't need to do this. if [ "x$D" = "x" ]; then killall -q -HUP dbus-daemon || true |