aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-support')
-rw-r--r--meta-networking/recipes-support/chrony/chrony_4.2.bb4
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch191
-rw-r--r--meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb1
-rw-r--r--meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb (renamed from meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb)2
-rw-r--r--meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb (renamed from meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb)3
-rw-r--r--meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb (renamed from meta-networking/recipes-support/ndisc6/ndisc6_git.bb)3
-rw-r--r--meta-networking/recipes-support/netperf/files/netserver_permissions.patch29
-rw-r--r--meta-networking/recipes-support/netperf/netperf_git.bb1
-rw-r--r--meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb26
-rw-r--r--meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb2
-rw-r--r--meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb4
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch48
-rw-r--r--[-rwxr-xr-x]meta-networking/recipes-support/openvpn/openvpn/openvpn0
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf1
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn/openvpn@.service12
-rw-r--r--meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb56
-rw-r--r--meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb (renamed from meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb)2
-rw-r--r--meta-networking/recipes-support/spice/spice_git.bb6
-rw-r--r--meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch92
-rw-r--r--meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb)7
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch24
-rw-r--r--meta-networking/recipes-support/stunnel/stunnel_5.65.bb (renamed from meta-networking/recipes-support/stunnel/stunnel_5.64.bb)2
-rw-r--r--meta-networking/recipes-support/unbound/unbound_1.16.1.bb (renamed from meta-networking/recipes-support/unbound/unbound_1.16.0.bb)2
-rw-r--r--meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb (renamed from meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb)2
24 files changed, 369 insertions, 151 deletions
diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb
index 57dd635dc..8ce9e1db5 100644
--- a/meta-networking/recipes-support/chrony/chrony_4.2.bb
+++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb
@@ -126,6 +126,10 @@ do_install() {
${D}${systemd_unitdir}/system/chronyd.service
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/chronyd
sed -i 's!^EnvironmentFile=.*!EnvironmentFile=-${sysconfdir}/default/chronyd!' ${D}${systemd_unitdir}/system/chronyd.service
+
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /var/lib/chrony 0755 root root -" > ${D}${sysconfdir}/tmpfiles.d/chronyd.conf
+
}
FILES:${PN} = "${sbindir}/chronyd ${sysconfdir} ${localstatedir}/lib/chrony ${localstatedir}"
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
new file mode 100644
index 000000000..6bd734d75
--- /dev/null
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq/CVE-2022-0934.patch
@@ -0,0 +1,191 @@
+From 3cdecc159e0f417a2f8d43d99632af26beea630f Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 31 Mar 2022 21:35:20 +0100
+Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934
+ refers.
+
+CVE: CVE-2022-0934
+
+Upstream-Status: Backport
+[https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=03345ecefe]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ CHANGELOG | 3 +++
+ src/rfc3315.c | 48 +++++++++++++++++++++++++++---------------------
+ 2 files changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index 5e54df9..a28da2a 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -1,4 +1,7 @@
+ version 2.86
++ Fix write-after-free error in DHCPv6 server code.
++ CVE-2022-0934 refers.
++
+ Handle DHCPREBIND requests in the DHCPv6 server code.
+ Thanks to Aichun Li for spotting this omission, and the initial
+ patch.
+diff --git a/src/rfc3315.c b/src/rfc3315.c
+index 5c2ff97..6ecfeeb 100644
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -33,9 +33,9 @@ struct state {
+ unsigned int mac_len, mac_type;
+ };
+
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now);
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
+ static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
+ static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
+ static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
+@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
+ }
+
+ /* This cost me blood to write, it will probably cost you blood to understand - srk. */
+-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz,
+ struct in6_addr *client_addr, int is_unicast, time_t now)
+ {
+ void *end = inbuff + sz;
+ void *opts = inbuff + 34;
+- int msg_type = *((unsigned char *)inbuff);
++ int msg_type = *inbuff;
+ unsigned char *outmsgtypep;
+ void *opt;
+ struct dhcp_vendor *vendor;
+@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
+ return 1;
+ }
+
+-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
+ {
+ void *opt;
+- int i, o, o1, start_opts;
++ int i, o, o1, start_opts, start_msg;
+ struct dhcp_opt *opt_cfg;
+ struct dhcp_netid *tagif;
+ struct dhcp_config *config = NULL;
+ struct dhcp_netid known_id, iface_id, v6_id;
+- unsigned char *outmsgtypep;
++ unsigned char outmsgtype;
+ struct dhcp_vendor *vendor;
+ struct dhcp_context *context_tmp;
+ struct dhcp_mac *mac_opt;
+@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ v6_id.next = state->tags;
+ state->tags = &v6_id;
+
+- /* copy over transaction-id, and save pointer to message type */
+- if (!(outmsgtypep = put_opt6(inbuff, 4)))
++ start_msg = save_counter(-1);
++ /* copy over transaction-id */
++ if (!put_opt6(inbuff, 4))
+ return 0;
+ start_opts = save_counter(-1);
+- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
+-
++ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
++
+ /* We're going to be linking tags from all context we use.
+ mark them as unused so we don't link one twice and break the list */
+ for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
+@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
+
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ o1 = new_opt6(OPTION6_STATUS_CODE);
+ put_opt6_short(DHCP6USEMULTI);
+ put_opt6_string("Use multicast");
+@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ struct dhcp_netid *solicit_tags;
+ struct dhcp_context *c;
+
+- *outmsgtypep = DHCP6ADVERTISE;
++ outmsgtype = DHCP6ADVERTISE;
+
+ if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
+ {
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+ o = new_opt6(OPTION6_RAPID_COMMIT);
+ end_opt6(o);
+@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int start = save_counter(-1);
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ state->lease_allocate = 1;
+
+ log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
+@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int address_assigned = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
+
+@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ int good_addr = 0;
+
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
+
+@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
+ if (ignore)
+ return 0;
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+ tagif = add_options(state, 1);
+ break;
+ }
+@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6RELEASE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPRELEASE", NULL, NULL);
+
+@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ case DHCP6DECLINE:
+ {
+ /* set reply message type */
+- *outmsgtypep = DHCP6REPLY;
++ outmsgtype = DHCP6REPLY;
+
+ log6_quiet(state, "DHCPDECLINE", NULL, NULL);
+
+@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
+ }
+
+ }
+-
++
++ /* Fill in the message type. Note that we store the offset,
++ not a direct pointer, since the packet memory may have been
++ reallocated. */
++ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
++
+ log_tags(tagif, state->xid);
+ log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
+
+--
+2.25.1
+
diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
index 31ca51ec6..0f7880ce8 100644
--- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
+++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.86.bb
@@ -3,5 +3,6 @@ require dnsmasq.inc
SRC_URI[dnsmasq-2.86.sha256sum] = "ef15f608a83ee2b1d1d2c1f11d089a7e0ac401ffb0991de73fc01ce5f290e512"
SRC_URI += "\
file://lua.patch \
+ file://CVE-2022-0934.patch \
"
diff --git a/meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb b/meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb
index d25600645..08255ae84 100644
--- a/meta-networking/recipes-support/htpdate/htpdate_1.3.4.bb
+++ b/meta-networking/recipes-support/htpdate/htpdate_1.3.5.bb
@@ -14,7 +14,7 @@ LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://htpdate.c;beginline=26;endline=30;md5=2b6cdb94bd5349646d7e33f9f501eef7"
SRC_URI = "http://www.vervest.org/htp/archive/c/htpdate-${PV}.tar.gz"
-SRC_URI[sha256sum] = "744f9200cfd3b008a5516c5eb6da727af532255a329126a7b8f49a5623985642"
+SRC_URI[sha256sum] = "a8734d4f1d84d0608d045508608f2d29d8b968da269f83120aaac67709b1bd03"
TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb b/meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb
index 2de32cc1e..373cdb054 100644
--- a/meta-networking/recipes-support/nbdkit/nbdkit_1.31.7.bb
+++ b/meta-networking/recipes-support/nbdkit/nbdkit_1.31.15.bb
@@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9dcc2d8acdde215fa4bd6ac12bb14f0"
SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https;branch=master \
"
-
-SRCREV = "7c0e2d19d30eb0bd2e079febb5a2c31f65e5023d"
+SRCREV = "a02ea15ec4e2c5ac533cee51824d5b9dd2933cc3"
S = "${WORKDIR}/git"
diff --git a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
index f5467794e..6861314a0 100644
--- a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
+++ b/meta-networking/recipes-support/ndisc6/ndisc6_1.0.6.bb
@@ -5,8 +5,7 @@ HOMEPAGE = "http://www.remlab.net/ndisc6/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-PV = "1.0.5"
-SRCREV = "b706f5f01aa82aa0db678fffd15a1527f330c507"
+SRCREV = "7e314b23329f9c24c4c097b8513673fed7e7158a"
SRC_URI = "git://git.remlab.net/git/ndisc6.git;protocol=http;branch=master \
file://0001-autogen-Do-not-symlink-gettext.h-from-build-host.patch \
"
diff --git a/meta-networking/recipes-support/netperf/files/netserver_permissions.patch b/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
new file mode 100644
index 000000000..55316363e
--- /dev/null
+++ b/meta-networking/recipes-support/netperf/files/netserver_permissions.patch
@@ -0,0 +1,29 @@
+From 78c9ae7d9a6735575bc72dd28a19b2bc3a251981 Mon Sep 17 00:00:00 2001
+From: Andrew Elble <aweits@rit.edu>
+Date: Mon, 8 Oct 2018 14:31:20 -0400
+Subject: [PATCH] netserver: don't change permissions on /dev/null
+
+the (now default) suppress_debug=1 changes permissions on /dev/null
+to 0644. Don't do this.
+
+Upstream-Status: Pending [https://github.com/HewlettPackard/netperf/pull/27/commits/78c9ae7d9a6735575bc72dd28a19b2bc3a251981]
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+---
+ src/netserver.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/netserver.c b/src/netserver.c
+index 00c8d23..86a1c45 100644
+--- a/src/netserver.c
++++ b/src/netserver.c
+@@ -278,7 +278,8 @@ open_debug_file()
+
+ #if !defined(WIN32)
+
+- chmod(FileName,0644);
++ if (!suppress_debug)
++ chmod(FileName,0644);
+
+ /* redirect stdin to "/dev/null" */
+ rd_null_fp = fopen(NETPERF_NULL,"r");
diff --git a/meta-networking/recipes-support/netperf/netperf_git.bb b/meta-networking/recipes-support/netperf/netperf_git.bb
index 62ba966d0..06b2eddbb 100644
--- a/meta-networking/recipes-support/netperf/netperf_git.bb
+++ b/meta-networking/recipes-support/netperf/netperf_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/HewlettPackard/netperf.git;branch=master;protocol=ht
file://netserver.service \
file://0001-netlib.c-Move-including-sched.h-out-og-function.patch \
file://0001-nettest_omni-Remove-duplicate-variable-definitions.patch \
+ file://netserver_permissions.patch \
"
SRCREV = "3bc455b23f901dae377ca0a558e1e32aa56b31c4"
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
index fe2bd0773..a30f720bb 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@@ -29,7 +29,31 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"
# CVE-2016-9312 is only for windows.
-CVE_CHECK_IGNORE += "CVE-2016-9312"
+# The other CVEs are not correctly identified because cve-check
+# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
+CVE_CHECK_IGNORE += "\
+ CVE-2016-9312 \
+ CVE-2015-5146 \
+ CVE-2015-5300 \
+ CVE-2015-7975 \
+ CVE-2015-7976 \
+ CVE-2015-7977 \
+ CVE-2015-7978 \
+ CVE-2015-7979 \
+ CVE-2015-8138 \
+ CVE-2015-8139 \
+ CVE-2015-8140 \
+ CVE-2015-8158 \
+ CVE-2016-1547 \
+ CVE-2016-2516 \
+ CVE-2016-2517 \
+ CVE-2016-2519 \
+ CVE-2016-7429 \
+ CVE-2016-7433 \
+ CVE-2016-9310 \
+ CVE-2016-9311 \
+"
+
inherit autotools update-rc.d useradd systemd pkgconfig
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
index 3efac7d98..cd8b396f1 100644
--- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
+++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
@@ -20,6 +20,8 @@ SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
+UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"
+
inherit pkgconfig python3-dir python3targetconfig systemd update-alternatives update-rc.d useradd waf features_check
# RDEPENDS on gnuplot with this restriction
diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
index c61303b81..8625afaa7 100644
--- a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
+++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb
@@ -85,6 +85,10 @@ do_configure () {
done
}
+do_compile:append () {
+ sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${S}/swig/perl/OpenIPMI_wrap.c
+}
+
do_install:append () {
echo "SAL: D = $D"
echo "SAL: libdir = $libdir"
diff --git a/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
new file mode 100644
index 000000000..03b454d62
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
@@ -0,0 +1,48 @@
+From ea179d83b0aa62719d90748cd1fb260f40055f15 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 13 Jun 2022 22:44:28 +0800
+Subject: [PATCH] configure.ac: eliminate build path from openvpn --version
+ option
+
+Before the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes
+with_libtool_sysroot=/buildarea/build/tmp/work/core2-64-poky-linux/openvpn/2.5.7-r0/recipe-sysroot
+with_mem_check=no with_openssl_engine=auto
+
+After the patch:
+$ openvpn --version
+OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
+[snip]
+Compile time defines: enable_async_push=no enable_comp_stub=no
+[snip]
+with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no
+with_openssl_engine=auto
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2f5f6bc..eddcbc5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1377,7 +1377,7 @@ if test "${enable_async_push}" = "yes"; then
+ esac
+ fi
+
+-CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
++CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*=' | grep -v 'libtool_sysroot'`"
+ AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
+
+ TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID"
+--
+2.25.1
+
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn b/meta-networking/recipes-support/openvpn/openvpn/openvpn
index e5af4b230..e5af4b230 100755..100644
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn
+++ b/meta-networking/recipes-support/openvpn/openvpn/openvpn
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf b/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
deleted file mode 100644
index 1205806d5..000000000
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d @LOCALSTATEDIR@/run/openvpn 0755 root root -
diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
deleted file mode 100644
index 01dd2e8c2..000000000
--- a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
-After=syslog.target network.target
-
-[Service]
-PrivateTmp=true
-Type=forking
-PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
index 3ed90a7c8..a28c73ab5 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.7.bb
@@ -5,12 +5,12 @@ LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b76abd82c14ee01cc34c4ff5e3627b89"
DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-inherit autotools systemd update-rc.d
+inherit autotools systemd update-rc.d pkgconfig
SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
+ file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \
file://openvpn \
- file://openvpn@.service \
- file://openvpn-volatile.conf"
+ "
UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
@@ -19,9 +19,6 @@ SRC_URI[sha256sum] = "08340a389905c84196b6cd750add1bc0fa2d46a1afebfd589c24120946
# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
-SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME:${PN} = "openvpn"
INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ."
@@ -35,31 +32,36 @@ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-p
# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip"
+EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \
+ TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \
+ "
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+ "
+
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
+
do_install:append() {
install -d ${D}/${sysconfdir}/init.d
install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
install -d ${D}/${sysconfdir}/openvpn
+ install -d ${D}/${sysconfdir}/openvpn/server
+ install -d ${D}/${sysconfdir}/openvpn/client
+
install -d ${D}/${sysconfdir}/openvpn/sample
- install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
- install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+ install -m 644 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts
+ install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files
install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+ install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
- install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
-
- install -d ${D}/${localstatedir}
- install -d ${D}/${localstatedir}/lib
- install -d -m 710 ${D}/${localstatedir}/lib/openvpn
-
- install -d ${D}${sysconfdir}/tmpfiles.d
- install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf
- fi
+ install -d -m 710 ${D}/${localstatedir}/lib/openvpn
}
PACKAGES =+ " ${PN}-sample "
@@ -67,9 +69,9 @@ PACKAGES =+ " ${PN}-sample "
RRECOMMENDS:${PN} = "kernel-module-tun"
FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
-FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \
- ${sysconfdir}/tmpfiles.d \
+FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \
+ ${systemd_system_unitdir}/openvpn-client@.service \
+ ${nonarch_libdir}/tmpfiles.d \
"
-FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
- ${systemd_unitdir}/system/openvpn@loopback-client.service \
- ${sysconfdir}/openvpn/sample/"
+FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \
+ "
diff --git a/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb b/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
index c567e3314..e5ecc5cd6 100644
--- a/meta-networking/recipes-support/rdma-core/rdma-core_40.0.bb
+++ b/meta-networking/recipes-support/rdma-core/rdma-core_41.0.bb
@@ -6,7 +6,7 @@ DEPENDS = "libnl"
RDEPENDS:${PN} = "bash perl"
SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=https"
-SRCREV = "a3e69268892bbd5ab30123748e89a26509a25ac5"
+SRCREV = "467363efbc0fea706752c1ba7a21c313823017e7"
S = "${WORKDIR}/git"
#Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index d9083bcbe..1887a5582 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -30,6 +30,12 @@ SRC_URI = " \
S = "${WORKDIR}/git"
+CVE_CHECK_IGNORE += "\
+ CVE-2016-0749 \
+ CVE-2016-2150 \
+ CVE-2018-10893 \
+"
+
inherit autotools gettext python3native python3-dir pkgconfig
DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python3-pyparsing-native python3-six-native glib-2.0-native"
diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd2c..000000000
--- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler. So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- .../plugins/openssl/openssl_plugin.c | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
-
- #include <library.h>
- #include <utils/debug.h>
--#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
- * public functions
- */
- openssl_plugin_t public;
--
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- /**
-- * Loaded providers
-- */
-- array_t *providers;
--#endif
- };
-
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
- private_openssl_plugin_t *this)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-- OSSL_PROVIDER *provider;
-- while (array_remove(this->providers, ARRAY_TAIL, &provider))
-- {
-- OSSL_PROVIDER_unload(provider);
-- }
-- array_destroy(this->providers);
--#endif /* OPENSSL_VERSION_NUMBER */
--
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
- * can't call it as we couldn't re-initialize the library (as required by the
- * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
- DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
- return NULL;
- }
-- array_insert_create(&this->providers, ARRAY_TAIL, fips);
- /* explicitly load the base provider containing encoding functions */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "base"));
-+ OSSL_PROVIDER_load(NULL, "base");
- }
- else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
- TRUE, lib->ns))
- {
- /* load the legacy provider for algorithms like MD4, DES, BF etc. */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "legacy"));
-+ OSSL_PROVIDER_load(NULL, "legacy");
- /* explicitly load the default provider, as mentioned by crypto(7) */
-- array_insert_create(&this->providers, ARRAY_TAIL,
-- OSSL_PROVIDER_load(NULL, "default"));
-+ OSSL_PROVIDER_load(NULL, "default");
- }
- ossl_provider_names_t data = {};
- OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
---
-2.25.1
-
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb
index cfb7b41fa..71ffb7ba4 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.7.bb
@@ -9,10 +9,9 @@ DEPENDS = "flex-native flex bison-native"
DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"
SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
- file://0001-openssl-Don-t-unload-providers.patch \
"
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf"
UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -147,9 +146,13 @@ RDEPENDS:${PN} += "\
${PN}-plugin-constraints \
${PN}-plugin-des \
${PN}-plugin-dnskey \
+ ${PN}-plugin-drbg \
+ ${PN}-plugin-fips-prf \
${PN}-plugin-hmac \
+ ${PN}-plugin-kdf \
${PN}-plugin-kernel-netlink \
${PN}-plugin-md5 \
+ ${PN}-plugin-mgf1 \
${PN}-plugin-nonce \
${PN}-plugin-pem \
${PN}-plugin-pgp \
diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
index aeb0bece9..0840cbbd8 100644
--- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
+++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
@@ -1,3 +1,8 @@
+From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 1 Nov 2017 09:23:41 -0400
+Subject: [PATCH] stunnel: fix compile error when openssl disable des support
+
Upstream-Status: Pending
When openssl disable des support with configure option 'no-des', it doesn't
@@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
library conditionaly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
---
+ src/common.h | 2 ++
+ src/protocol.c | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
diff --git a/src/common.h b/src/common.h
-index f7d38b0..bf485af 100644
+index bc37eb5..03ee3e5 100644
--- a/src/common.h
+++ b/src/common.h
-@@ -478,7 +478,9 @@ extern char *sys_errlist[];
+@@ -486,7 +486,9 @@ extern char *sys_errlist[];
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif /* !defined(OPENSSL_NO_MD4) */
@@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
diff --git a/src/protocol.c b/src/protocol.c
-index 587df09..8198eb6 100644
+index 804f115..d9b2b50 100644
--- a/src/protocol.c
+++ b/src/protocol.c
-@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE);
+@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
-#ifndef OPENSSL_NO_MD4
+#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
- NOEXPORT char *ntlm1();
+ NOEXPORT char *ntlm1(void);
NOEXPORT char *ntlm3(char *, char *, char *, char *);
-@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
if(opt->protocol_username && opt->protocol_password) {
if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -43,7 +53,7 @@ index 587df09..8198eb6 100644
ntlm(c, opt);
#else
s_log(LOG_ERR, "NTLM authentication is not available");
-@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
return NULL;
}
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
index 13ecd5c5b..ab7ff4322 100644
--- a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
file://fix-openssl-no-des.patch \
"
-SRC_URI[sha256sum] = "eebe53ed116ba43b2e786762b0c2b91511e7b74857ad4765824e7199e6faf883"
+SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"
inherit autotools bash-completion pkgconfig
diff --git a/meta-networking/recipes-support/unbound/unbound_1.16.0.bb b/meta-networking/recipes-support/unbound/unbound_1.16.1.bb
index cf59d2918..5eb9ec1bf 100644
--- a/meta-networking/recipes-support/unbound/unbound_1.16.0.bb
+++ b/meta-networking/recipes-support/unbound/unbound_1.16.1.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5308494bc0590c0cb036afd781d78f06"
SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=http;branch=master;protocol=https \
file://0001-contrib-add-yocto-compatible-init-script.patch \
"
-SRCREV = "edc1d07718fb0ecabf9ddd3cf65503de1810834c"
+SRCREV = "903538c76e1d8eb30d0814bb55c3ef1ea28164e8"
inherit autotools pkgconfig systemd update-rc.d
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index f1dba227a..38fdbce89 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.11.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -19,7 +19,7 @@ SRC_URI += " \
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[sha256sum] = "a0e227bce2cc3a51ef3301891a0243231990b52a39b68a84a6e32f69c4e75279"
+SRC_URI[sha256sum] = "881a13303e263b7dc7fe337534c8a541d4914552287879bed30bbe76c5bf68ca"
PE = "1"