diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-02-25 22:55:05 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-15 14:22:49 +0000 |
commit | d7bf8c17eca8f8c89898a7794462c773c449e983 (patch) | |
tree | d18618fca85ca5f0c077032cc7b009344b60f663 /import-layers/yocto-poky/meta/recipes-connectivity | |
parent | e2b5abdc9f28cdf8578e5b9be803c8e697443c20 (diff) | |
download | blackbird-openbmc-d7bf8c17eca8f8c89898a7794462c773c449e983.tar.gz blackbird-openbmc-d7bf8c17eca8f8c89898a7794462c773c449e983.zip |
Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity')
114 files changed, 2042 insertions, 3654 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc index faa8741dc..781446494 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc @@ -63,10 +63,6 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" - -LDFLAGS_append_libc-uclibc = " -lintl" -LDFLAGS_append_uclinux-uclibc = " -lintl" - do_configure_prepend() { sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac @@ -111,7 +107,6 @@ FILES_avahi-utils = "${bindir}/avahi-*" RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" -# uclibc has no nss RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch index 8ccef08df..942607a84 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch @@ -1,17 +1,18 @@ -From a59f13fab31a6e25bb03b2c2bc3aea576f857b6c Mon Sep 17 00:00:00 2001 +From 6ff255eff4fea6350b5e0462fee176fadc26fc1c Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen <jussi.kukkonen@intel.com> Date: Sun, 12 Jun 2016 18:32:49 +0300 Subject: [PATCH] configure.ac: install GtkBuilder interface files for GTK+3 too -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/130] Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> +Signed-off-by: Dengke Du <dengke.du@windriver.com> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index aebb716..48bdf63 100644 +index 87a9a17..9860dcc 100644 --- a/configure.ac +++ b/configure.ac @@ -965,7 +965,7 @@ AC_SUBST(avahi_socket) @@ -24,5 +25,5 @@ index aebb716..48bdf63 100644 AC_SUBST(interfacesdir) fi -- -2.1.4 +2.8.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch index 805cbb331..1e23c0f56 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch @@ -7,15 +7,19 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> Update context for version 9.10.3-P2. Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Update context for version 9.10.5-P3. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> --- configure.in | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/configure.in b/configure.in -index 0db826d..75819eb 100644 +index 4da73a4..6f2a754 100644 --- a/configure.in +++ b/configure.in -@@ -2107,26 +2107,9 @@ case "$use_libxml2" in +@@ -2282,26 +2282,9 @@ case "$use_libxml2" in DST_LIBXML2_INC="" ;; auto|yes) @@ -25,7 +29,7 @@ index 0db826d..75819eb 100644 - libxml2_cflags=`xml2-config --cflags` - ;; - *) -- if test "$use_libxml2" = "yes" ; then +- if test "yes" = "$use_libxml2" ; then - AC_MSG_RESULT(no) - AC_MSG_ERROR(required libxml2 version not available) - else diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch deleted file mode 100644 index 2149bd180..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Thu, 18 Feb 2016 12:11:27 +1100 -Subject: [PATCH] 4318. [security] Malformed control messages can - trigger assertions in named and rndc. (CVE-2016-1285) - [RT #41666] - -(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e) - -CVE: CVE-2016-1285 -Upstream-Status: Backport -[Removed doc/arm/notes.xml changes from upstream patch] - -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> ---- - CHANGES | 3 +++ - bin/named/control.c | 2 +- - bin/named/controlconf.c | 2 +- - bin/rndc/rndc.c | 8 ++++---- - doc/arm/notes.xml | 11 +++++++++++ - lib/isccc/cc.c | 14 +++++++------- - 6 files changed, 27 insertions(+), 13 deletions(-) - -diff --git a/CHANGES b/CHANGES -index b9bd9ef..2c727d5 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,6 @@ -+4318. [security] Malformed control messages can trigger assertions -+ in named and rndc. (CVE-2016-1285) [RT #41666] -+ - --- 9.10.3-P3 released --- - - 4288. [bug] Fixed a regression in resolver.c:possibly_mark() -diff --git a/bin/named/control.c b/bin/named/control.c -index 8554335..81340ca 100644 ---- a/bin/named/control.c -+++ b/bin/named/control.c -@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { - #endif - - data = isccc_alist_lookup(message, "_data"); -- if (data == NULL) { -+ if (!isccc_alist_alistp(data)) { - /* - * No data section. - */ -diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c -index 765afdd..a39ab8b 100644 ---- a/bin/named/controlconf.c -+++ b/bin/named/controlconf.c -@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { - * Limit exposure to replay attacks. - */ - _ctrl = isccc_alist_lookup(request, "_ctrl"); -- if (_ctrl == NULL) { -+ if (!isccc_alist_alistp(_ctrl)) { - log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup_request; - } -diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c -index cb17050..b6e05c8 100644 ---- a/bin/rndc/rndc.c -+++ b/bin/rndc/rndc.c -@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { - isccc_cc_fromwire(&source, &response, algorithm, &secret)); - - data = isccc_alist_lookup(response, "_data"); -- if (data == NULL) -- fatal("no data section in response"); -+ if (!isccc_alist_alistp(data)) -+ fatal("bad or missing data section in response"); - result = isccc_cc_lookupstring(data, "err", &errormsg); - if (result == ISC_R_SUCCESS) { - failed = ISC_TRUE; -@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { - isccc_cc_fromwire(&source, &response, algorithm, &secret)); - - _ctrl = isccc_alist_lookup(response, "_ctrl"); -- if (_ctrl == NULL) -- fatal("_ctrl section missing"); -+ if (!isccc_alist_alistp(_ctrl)) -+ fatal("bad or missing ctrl section in response"); - nonce = 0; - if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) - nonce = 0; -diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c -index 47a3b74..2bb961e 100644 ---- a/lib/isccc/cc.c -+++ b/lib/isccc/cc.c -@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length, - * Extract digest. - */ - _auth = isccc_alist_lookup(alist, "_auth"); -- if (_auth == NULL) -+ if (!isccc_alist_alistp(_auth)) - return (ISC_R_FAILURE); - if (algorithm == ISCCC_ALG_HMACMD5) - hmac = isccc_alist_lookup(_auth, "hmd5"); - else - hmac = isccc_alist_lookup(_auth, "hsha"); -- if (hmac == NULL) -+ if (!isccc_sexpr_binaryp(hmac)) - return (ISC_R_FAILURE); - /* - * Compute digest. -@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok, - REQUIRE(ackp != NULL && *ackp == NULL); - - _ctrl = isccc_alist_lookup(message, "_ctrl"); -- if (_ctrl == NULL || -+ if (!isccc_alist_alistp(_ctrl) || - isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || - isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS) - return (ISC_R_FAILURE); -@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message) - isccc_sexpr_t *_ctrl; - - _ctrl = isccc_alist_lookup(message, "_ctrl"); -- if (_ctrl == NULL) -+ if (!isccc_alist_alistp(_ctrl)) - return (ISC_FALSE); - if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS) - return (ISC_TRUE); -@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message) - isccc_sexpr_t *_ctrl; - - _ctrl = isccc_alist_lookup(message, "_ctrl"); -- if (_ctrl == NULL) -+ if (!isccc_alist_alistp(_ctrl)) - return (ISC_FALSE); - if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS) - return (ISC_TRUE); -@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, - - _ctrl = isccc_alist_lookup(message, "_ctrl"); - _data = isccc_alist_lookup(message, "_data"); -- if (_ctrl == NULL || _data == NULL || -+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) || - isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || - isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS) - return (ISC_R_FAILURE); -@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message, - isccc_sexpr_t *_ctrl; - - _ctrl = isccc_alist_lookup(message, "_ctrl"); -- if (_ctrl == NULL || -+ if (!isccc_alist_alistp(_ctrl) || - isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS || - isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS) - return (ISC_R_FAILURE); --- -1.9.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch deleted file mode 100644 index ae5cc48d9..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch +++ /dev/null @@ -1,79 +0,0 @@ -From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001 -From: Mukund Sivaraman <muks@isc.org> -Date: Mon, 22 Feb 2016 12:22:43 +0530 -Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling - (CVE-2016-1286) (#41753) - -(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673) - -CVE: CVE-2016-1286 -Upstream-Status: Backport - -[Removed doc/arm/notes.xml changes from upstream patch.] - -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> ---- -diff -ruN a/CHANGES b/CHANGES ---- a/CHANGES 2016-04-13 07:28:44.940873629 +0200 -+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200 -@@ -1,3 +1,7 @@ -+4319. [security] Fix resolver assertion failure due to improper -+ DNAME handling when parsing fetch reply messages. -+ (CVE-2016-1286) [RT #41753] -+ - 4318. [security] Malformed control messages can trigger assertions - in named and rndc. (CVE-2016-1285) [RT #41666] - -diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c ---- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200 -+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200 -@@ -6967,21 +6967,26 @@ - isc_boolean_t found_dname = ISC_FALSE; - dns_name_t *dname_name; - -+ /* -+ * Only pass DNAME or RRSIG(DNAME). -+ */ -+ if (rdataset->type != dns_rdatatype_dname && -+ (rdataset->type != dns_rdatatype_rrsig || -+ rdataset->covers != dns_rdatatype_dname)) -+ continue; -+ -+ /* -+ * If we're not chaining, then the DNAME and -+ * its signature should not be external. -+ */ -+ if (!chaining && external) { -+ log_formerr(fctx, "external DNAME"); -+ return (DNS_R_FORMERR); -+ } -+ - found = ISC_FALSE; - aflag = 0; - if (rdataset->type == dns_rdatatype_dname) { -- /* -- * We're looking for something else, -- * but we found a DNAME. -- * -- * If we're not chaining, then the -- * DNAME should not be external. -- */ -- if (!chaining && external) { -- log_formerr(fctx, -- "external DNAME"); -- return (DNS_R_FORMERR); -- } - found = ISC_TRUE; - want_chaining = ISC_TRUE; - POST(want_chaining); -@@ -7010,9 +7015,7 @@ - &fctx->domain)) { - return (DNS_R_SERVFAIL); - } -- } else if (rdataset->type == dns_rdatatype_rrsig -- && rdataset->covers == -- dns_rdatatype_dname) { -+ } else { - /* - * We've found a signature that - * covers the DNAME. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch deleted file mode 100644 index 5f5cb0d34..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch +++ /dev/null @@ -1,317 +0,0 @@ -From 7602be276a73a6eb5431c5acd9718e68a55e8b61 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Mon, 29 Feb 2016 07:16:48 +1100 -Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion - failure due to improper DNAME handling when parsing - fetch reply messages. (CVE-2016-1286) [RT #41753] - -CVE: CVE-2016-1286 -Upstream-Status: Backport - -(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374) -Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> ---- - lib/dns/resolver.c | 192 ++++++++++++++++++++++++++--------------------------- - 1 file changed, 93 insertions(+), 99 deletions(-) - -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 70aba87..41e9df4 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -6074,14 +6074,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) { - } - - static inline isc_result_t --dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname, -- dns_name_t *oname, dns_fixedname_t *fixeddname) -+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, -+ unsigned int nlabels, dns_fixedname_t *fixeddname) - { - isc_result_t result; - dns_rdata_t rdata = DNS_RDATA_INIT; -- unsigned int nlabels; -- int order; -- dns_namereln_t namereln; - dns_rdata_dname_t dname; - dns_fixedname_t prefix; - -@@ -6096,21 +6093,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname, - if (result != ISC_R_SUCCESS) - return (result); - -- /* -- * Get the prefix of qname. -- */ -- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels); -- if (namereln != dns_namereln_subdomain) { -- char qbuf[DNS_NAME_FORMATSIZE]; -- char obuf[DNS_NAME_FORMATSIZE]; -- -- dns_rdata_freestruct(&dname); -- dns_name_format(qname, qbuf, sizeof(qbuf)); -- dns_name_format(oname, obuf, sizeof(obuf)); -- log_formerr(fctx, "unrelated DNAME in answer: " -- "%s is not in %s", qbuf, obuf); -- return (DNS_R_FORMERR); -- } - dns_fixedname_init(&prefix); - dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL); - dns_fixedname_init(fixeddname); -@@ -6736,13 +6718,13 @@ static isc_result_t - answer_response(fetchctx_t *fctx) { - isc_result_t result; - dns_message_t *message; -- dns_name_t *name, *qname, tname, *ns_name; -+ dns_name_t *name, *dname, *qname, tname, *ns_name; - dns_rdataset_t *rdataset, *ns_rdataset; - isc_boolean_t done, external, chaining, aa, found, want_chaining; - isc_boolean_t have_answer, found_cname, found_type, wanted_chaining; - unsigned int aflag; - dns_rdatatype_t type; -- dns_fixedname_t dname, fqname; -+ dns_fixedname_t fdname, fqname; - dns_view_t *view; - - FCTXTRACE("answer_response"); -@@ -6770,10 +6752,15 @@ answer_response(fetchctx_t *fctx) { - view = fctx->res->view; - result = dns_message_firstname(message, DNS_SECTION_ANSWER); - while (!done && result == ISC_R_SUCCESS) { -+ dns_namereln_t namereln; -+ int order; -+ unsigned int nlabels; -+ - name = NULL; - dns_message_currentname(message, DNS_SECTION_ANSWER, &name); - external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); -- if (dns_name_equal(name, qname)) { -+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels); -+ if (namereln == dns_namereln_equal) { - wanted_chaining = ISC_FALSE; - for (rdataset = ISC_LIST_HEAD(name->list); - rdataset != NULL; -@@ -6898,10 +6885,11 @@ answer_response(fetchctx_t *fctx) { - */ - INSIST(!external); - if (aflag == -- DNS_RDATASETATTR_ANSWER) -+ DNS_RDATASETATTR_ANSWER) { - have_answer = ISC_TRUE; -- name->attributes |= -- DNS_NAMEATTR_ANSWER; -+ name->attributes |= -+ DNS_NAMEATTR_ANSWER; -+ } - rdataset->attributes |= aflag; - if (aa) - rdataset->trust = -@@ -6956,6 +6944,8 @@ answer_response(fetchctx_t *fctx) { - if (wanted_chaining) - chaining = ISC_TRUE; - } else { -+ dns_rdataset_t *dnameset = NULL; -+ - /* - * Look for a DNAME (or its SIG). Anything else is - * ignored. -@@ -6963,10 +6953,8 @@ answer_response(fetchctx_t *fctx) { - wanted_chaining = ISC_FALSE; - for (rdataset = ISC_LIST_HEAD(name->list); - rdataset != NULL; -- rdataset = ISC_LIST_NEXT(rdataset, link)) { -- isc_boolean_t found_dname = ISC_FALSE; -- dns_name_t *dname_name; -- -+ rdataset = ISC_LIST_NEXT(rdataset, link)) -+ { - /* - * Only pass DNAME or RRSIG(DNAME). - */ -@@ -6980,20 +6968,41 @@ answer_response(fetchctx_t *fctx) { - * its signature should not be external. - */ - if (!chaining && external) { -- log_formerr(fctx, "external DNAME"); -+ char qbuf[DNS_NAME_FORMATSIZE]; -+ char obuf[DNS_NAME_FORMATSIZE]; -+ -+ dns_name_format(name, qbuf, -+ sizeof(qbuf)); -+ dns_name_format(&fctx->domain, obuf, -+ sizeof(obuf)); -+ log_formerr(fctx, "external DNAME or " -+ "RRSIG covering DNAME " -+ "in answer: %s is " -+ "not in %s", qbuf, obuf); -+ return (DNS_R_FORMERR); -+ } -+ -+ if (namereln != dns_namereln_subdomain) { -+ char qbuf[DNS_NAME_FORMATSIZE]; -+ char obuf[DNS_NAME_FORMATSIZE]; -+ -+ dns_name_format(qname, qbuf, -+ sizeof(qbuf)); -+ dns_name_format(name, obuf, -+ sizeof(obuf)); -+ log_formerr(fctx, "unrelated DNAME " -+ "in answer: %s is " -+ "not in %s", qbuf, obuf); - return (DNS_R_FORMERR); - } - -- found = ISC_FALSE; - aflag = 0; - if (rdataset->type == dns_rdatatype_dname) { -- found = ISC_TRUE; - want_chaining = ISC_TRUE; - POST(want_chaining); - aflag = DNS_RDATASETATTR_ANSWER; -- result = dname_target(fctx, rdataset, -- qname, name, -- &dname); -+ result = dname_target(rdataset, qname, -+ nlabels, &fdname); - if (result == ISC_R_NOSPACE) { - /* - * We can't construct the -@@ -7005,14 +7014,12 @@ answer_response(fetchctx_t *fctx) { - } else if (result != ISC_R_SUCCESS) - return (result); - else -- found_dname = ISC_TRUE; -+ dnameset = rdataset; - -- dname_name = dns_fixedname_name(&dname); -+ dname = dns_fixedname_name(&fdname); - if (!is_answertarget_allowed(view, -- qname, -- rdataset->type, -- dname_name, -- &fctx->domain)) { -+ qname, rdataset->type, -+ dname, &fctx->domain)) { - return (DNS_R_SERVFAIL); - } - } else { -@@ -7020,73 +7027,60 @@ answer_response(fetchctx_t *fctx) { - * We've found a signature that - * covers the DNAME. - */ -- found = ISC_TRUE; - aflag = DNS_RDATASETATTR_ANSWERSIG; - } - -- if (found) { -+ /* -+ * We've found an answer to our -+ * question. -+ */ -+ name->attributes |= DNS_NAMEATTR_CACHE; -+ rdataset->attributes |= DNS_RDATASETATTR_CACHE; -+ rdataset->trust = dns_trust_answer; -+ if (!chaining) { - /* -- * We've found an answer to our -- * question. -+ * This data is "the" answer to -+ * our question only if we're -+ * not chaining. - */ -- name->attributes |= -- DNS_NAMEATTR_CACHE; -- rdataset->attributes |= -- DNS_RDATASETATTR_CACHE; -- rdataset->trust = dns_trust_answer; -- if (!chaining) { -- /* -- * This data is "the" answer -- * to our question only if -- * we're not chaining. -- */ -- INSIST(!external); -- if (aflag == -- DNS_RDATASETATTR_ANSWER) -- have_answer = ISC_TRUE; -+ INSIST(!external); -+ if (aflag == DNS_RDATASETATTR_ANSWER) { -+ have_answer = ISC_TRUE; - name->attributes |= - DNS_NAMEATTR_ANSWER; -- rdataset->attributes |= aflag; -- if (aa) -- rdataset->trust = -- dns_trust_authanswer; -- } else if (external) { -- rdataset->attributes |= -- DNS_RDATASETATTR_EXTERNAL; -- } -- -- /* -- * DNAME chaining. -- */ -- if (found_dname) { -- /* -- * Copy the dname into the -- * qname fixed name. -- * -- * Although we check for -- * failure of the copy -- * operation, in practice it -- * should never fail since -- * we already know that the -- * result fits in a fixedname. -- */ -- dns_fixedname_init(&fqname); -- result = dns_name_copy( -- dns_fixedname_name(&dname), -- dns_fixedname_name(&fqname), -- NULL); -- if (result != ISC_R_SUCCESS) -- return (result); -- wanted_chaining = ISC_TRUE; -- name->attributes |= -- DNS_NAMEATTR_CHAINING; -- rdataset->attributes |= -- DNS_RDATASETATTR_CHAINING; -- qname = dns_fixedname_name( -- &fqname); - } -+ rdataset->attributes |= aflag; -+ if (aa) -+ rdataset->trust = -+ dns_trust_authanswer; -+ } else if (external) { -+ rdataset->attributes |= -+ DNS_RDATASETATTR_EXTERNAL; - } - } -+ -+ /* -+ * DNAME chaining. -+ */ -+ if (dnameset != NULL) { -+ /* -+ * Copy the dname into the qname fixed name. -+ * -+ * Although we check for failure of the copy -+ * operation, in practice it should never fail -+ * since we already know that the result fits -+ * in a fixedname. -+ */ -+ dns_fixedname_init(&fqname); -+ qname = dns_fixedname_name(&fqname); -+ result = dns_name_copy(dname, qname, NULL); -+ if (result != ISC_R_SUCCESS) -+ return (result); -+ wanted_chaining = ISC_TRUE; -+ name->attributes |= DNS_NAMEATTR_CHAINING; -+ dnameset->attributes |= -+ DNS_RDATASETATTR_CHAINING; -+ } - if (wanted_chaining) - chaining = ISC_TRUE; - } --- -1.9.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch deleted file mode 100644 index 1b84d46b7..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch +++ /dev/null @@ -1,247 +0,0 @@ -CVE-2016-2088 - -Backport commit d7ff9a1c41bf0ba9773cb3adb08b48b9fd57c956 from the -v9_10_3_patch branch. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088 -https://kb.isc.org/article/AA-01351 - -CVE: CVE-2016-2088 -Upstream-Status: Backport -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - - -Original commit message from Mark Andrews <marka@isc.org> below: - -4322. [security] Duplicate EDNS COOKIE options in a response could - trigger an assertion failure. (CVE-2016-2088) - [RT #41809] - -(cherry picked from commit 455c0848f80a8acda27aad1466c72987cafaa029) -(cherry picked from commit 7cd300abd6ee8b8ee8730593daf742ba53f90bc3) ---- - CHANGES | 4 ++++ - bin/dig/dighost.c | 9 +++++++++ - bin/named/client.c | 33 +++++++++++++++++++++++---------- - doc/arm/notes.xml | 7 +++++++ - lib/dns/resolver.c | 14 +++++++++++++- - 5 files changed, 56 insertions(+), 11 deletions(-) - -diff --git a/CHANGES b/CHANGES -index c5b5d2b..d2e3360 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,7 @@ -+4322. [security] Duplicate EDNS COOKIE options in a response could -+ trigger an assertion failure. (CVE-2016-2088) -+ [RT #41809] -+ - 4319. [security] Fix resolver assertion failure due to improper - DNAME handling when parsing fetch reply messages. - (CVE-2016-1286) [RT #41753] -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index ca82f8e..340904f 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -3458,6 +3458,7 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) { - isc_buffer_t optbuf; - isc_uint16_t optcode, optlen; - dns_rdataset_t *opt = msg->opt; -+ isc_boolean_t seen_cookie = ISC_FALSE; - - result = dns_rdataset_first(opt); - if (result == ISC_R_SUCCESS) { -@@ -3470,7 +3471,15 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) { - optlen = isc_buffer_getuint16(&optbuf); - switch (optcode) { - case DNS_OPT_COOKIE: -+ /* -+ * Only process the first cookie option. -+ */ -+ if (seen_cookie) { -+ isc_buffer_forward(&optbuf, optlen); -+ break; -+ } - process_sit(l, msg, &optbuf, optlen); -+ seen_cookie = ISC_TRUE; - break; - default: - isc_buffer_forward(&optbuf, optlen); -diff --git a/bin/named/client.c b/bin/named/client.c -index 683305c..0d7331a 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -120,7 +120,10 @@ - */ - #endif - --#define SIT_SIZE 24U /* 8 + 4 + 4 + 8 */ -+#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */ -+ -+#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0) -+#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0) - - /*% nameserver client manager structure */ - struct ns_clientmgr { -@@ -1395,7 +1398,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, - { - char nsid[BUFSIZ], *nsidp; - #ifdef ISC_PLATFORM_USESIT -- unsigned char sit[SIT_SIZE]; -+ unsigned char sit[COOKIE_SIZE]; - #endif - isc_result_t result; - dns_view_t *view; -@@ -1420,7 +1423,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, - flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE; - - /* Set EDNS options if applicable */ -- if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 && -+ if (WANTNSID(client) && - (ns_g_server->server_id != NULL || - ns_g_server->server_usehostname)) { - if (ns_g_server->server_usehostname) { -@@ -1453,7 +1456,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, - - INSIST(count < DNS_EDNSOPTIONS); - ednsopts[count].code = DNS_OPT_COOKIE; -- ednsopts[count].length = SIT_SIZE; -+ ednsopts[count].length = COOKIE_SIZE; - ednsopts[count].value = sit; - count++; - } -@@ -1661,19 +1664,26 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce, - - static void - process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { -- unsigned char dbuf[SIT_SIZE]; -+ unsigned char dbuf[COOKIE_SIZE]; - unsigned char *old; - isc_stdtime_t now; - isc_uint32_t when; - isc_uint32_t nonce; - isc_buffer_t db; - -+ /* -+ * If we have already seen a ECS option skip this ECS option. -+ */ -+ if ((client->attributes & NS_CLIENTATTR_WANTSIT) != 0) { -+ isc_buffer_forward(buf, optlen); -+ return; -+ } - client->attributes |= NS_CLIENTATTR_WANTSIT; - - isc_stats_increment(ns_g_server->nsstats, - dns_nsstatscounter_sitopt); - -- if (optlen != SIT_SIZE) { -+ if (optlen != COOKIE_SIZE) { - /* - * Not our token. - */ -@@ -1717,14 +1727,13 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { - isc_buffer_init(&db, dbuf, sizeof(dbuf)); - compute_sit(client, when, nonce, &db); - -- if (!isc_safe_memequal(old, dbuf, SIT_SIZE)) { -+ if (!isc_safe_memequal(old, dbuf, COOKIE_SIZE)) { - isc_stats_increment(ns_g_server->nsstats, - dns_nsstatscounter_sitnomatch); - return; - } - isc_stats_increment(ns_g_server->nsstats, - dns_nsstatscounter_sitmatch); -- - client->attributes |= NS_CLIENTATTR_HAVESIT; - } - #endif -@@ -1783,7 +1792,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { - optlen = isc_buffer_getuint16(&optbuf); - switch (optcode) { - case DNS_OPT_NSID: -- isc_stats_increment(ns_g_server->nsstats, -+ if (!WANTNSID(client)) -+ isc_stats_increment( -+ ns_g_server->nsstats, - dns_nsstatscounter_nsidopt); - client->attributes |= NS_CLIENTATTR_WANTNSID; - isc_buffer_forward(&optbuf, optlen); -@@ -1794,7 +1805,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { - break; - #endif - case DNS_OPT_EXPIRE: -- isc_stats_increment(ns_g_server->nsstats, -+ if (!WANTEXPIRE(client)) -+ isc_stats_increment( -+ ns_g_server->nsstats, - dns_nsstatscounter_expireopt); - client->attributes |= NS_CLIENTATTR_WANTEXPIRE; - isc_buffer_forward(&optbuf, optlen); -diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index ebf4f55..095eb5b 100644 ---- a/doc/arm/notes.xml -+++ b/doc/arm/notes.xml -@@ -51,6 +51,13 @@ - <title>Security Fixes</title> - <itemizedlist> - <listitem> -+ <para> -+ Duplicate EDNS COOKIE options in a response could trigger -+ an assertion failure. This flaw is disclosed in CVE-2016-2088. -+ [RT #41809] -+ </para> -+ </listitem> -+ <listitem> - <para> - Specific APL data could trigger an INSIST. This flaw - was discovered by Brian Mitchell and is disclosed in -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index a797e3f..ba1ae23 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -7502,7 +7502,9 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { - unsigned char *sit; - dns_adbaddrinfo_t *addrinfo; - unsigned char cookie[8]; -+ isc_boolean_t seen_cookie = ISC_FALSE; - #endif -+ isc_boolean_t seen_nsid = ISC_FALSE; - - result = dns_rdataset_first(opt); - if (result == ISC_R_SUCCESS) { -@@ -7516,14 +7518,23 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { - INSIST(optlen <= isc_buffer_remaininglength(&optbuf)); - switch (optcode) { - case DNS_OPT_NSID: -- if (query->options & DNS_FETCHOPT_WANTNSID) -+ if (!seen_nsid && -+ query->options & DNS_FETCHOPT_WANTNSID) - log_nsid(&optbuf, optlen, query, - ISC_LOG_DEBUG(3), - query->fctx->res->mctx); - isc_buffer_forward(&optbuf, optlen); -+ seen_nsid = ISC_TRUE; - break; - #ifdef ISC_PLATFORM_USESIT - case DNS_OPT_COOKIE: -+ /* -+ * Only process the first cookie option. -+ */ -+ if (seen_cookie) { -+ isc_buffer_forward(&optbuf, optlen); -+ break; -+ } - sit = isc_buffer_current(&optbuf); - compute_cc(query, cookie, sizeof(cookie)); - INSIST(query->fctx->rmessage->sitbad == 0 && -@@ -7541,6 +7552,7 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { - isc_buffer_forward(&optbuf, optlen); - inc_stats(query->fctx->res, - dns_resstatscounter_sitin); -+ seen_cookie = ISC_TRUE; - break; - #endif - default: --- -2.1.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch deleted file mode 100644 index 5393063c5..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 9d8aba8a7778721ae2cee6e4670a8e6be6590b05 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Wed, 12 Oct 2016 19:52:59 +0900 -Subject: [PATCH] -4406. [security] getrrsetbyname with a non absolute name could - trigger an infinite recursion bug in lwresd - and named with lwres configured if when combined - with a search list entry the resulting name is - too long. (CVE-2016-2775) [RT #42694] - -Backport commit 38cc2d14e218e536e0102fa70deef99461354232 from the -v9.11.0_patch branch. - -CVE: CVE-2016-2775 -Upstream-Status: Backport - -Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> - ---- - CHANGES | 6 ++++++ - bin/named/lwdgrbn.c | 16 ++++++++++------ - bin/tests/system/lwresd/lwtest.c | 9 ++++++++- - 3 files changed, 24 insertions(+), 7 deletions(-) - -diff --git a/CHANGES b/CHANGES -index d2e3360..d0a9d12 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,9 @@ -+4406. [security] getrrsetbyname with a non absolute name could -+ trigger an infinite recursion bug in lwresd -+ and named with lwres configured if when combined -+ with a search list entry the resulting name is -+ too long. (CVE-2016-2775) [RT #42694] -+ - 4322. [security] Duplicate EDNS COOKIE options in a response could - trigger an assertion failure. (CVE-2016-2088) - [RT #41809] -diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c -index 3e7b15b..e1e9adc 100644 ---- a/bin/named/lwdgrbn.c -+++ b/bin/named/lwdgrbn.c -@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) { - INSIST(client->lookup == NULL); - - dns_fixedname_init(&absname); -- result = ns_lwsearchctx_current(&client->searchctx, -- dns_fixedname_name(&absname)); -+ - /* -- * This will return failure if relative name + suffix is too long. -- * In this case, just go on to the next entry in the search path. -+ * Perform search across all search domains until success -+ * is returned. Return in case of failure. - */ -- if (result != ISC_R_SUCCESS) -- start_lookup(client); -+ while (ns_lwsearchctx_current(&client->searchctx, -+ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) { -+ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) { -+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); -+ return; -+ } -+ } - - result = dns_lookup_create(cm->mctx, - dns_fixedname_name(&absname), -diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c -index ad9b551..3eb4a66 100644 ---- a/bin/tests/system/lwresd/lwtest.c -+++ b/bin/tests/system/lwresd/lwtest.c -@@ -768,7 +768,14 @@ main(void) { - test_getrrsetbyname("e.example1.", 1, 2, 1, 1, 1); - test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1); - test_getrrsetbyname("", 1, 1, 0, 0, 0); -- -+ test_getrrsetbyname("123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789.123456789.123456789.123456789." -+ "123456789", 1, 1, 0, 0, 0); -+ - if (fails == 0) - printf("I:ok\n"); - return (fails); --- -2.7.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch deleted file mode 100644 index 738bf6005..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 1171111657081970585f9f0e03b476358c33a6c0 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Wed, 12 Oct 2016 20:36:52 +0900 -Subject: [PATCH] -4467. [security] It was possible to trigger an assertion when - rendering a message. (CVE-2016-2776) [RT #43139] - -Backport commit 2bd0922cf995b9ac205fc83baf7e220b95c6bf12 from the -v9.11.0_patch branch. - -CVE: CVE-2016-2776 -Upstream-Status: Backport - -Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com> - ---- - CHANGES | 3 +++ - lib/dns/message.c | 42 +++++++++++++++++++++++++++++++----------- - 2 files changed, 34 insertions(+), 11 deletions(-) - -diff --git a/CHANGES b/CHANGES -index d0a9d12..5c8c61a 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,6 @@ -+4467. [security] It was possible to trigger an assertion when -+ rendering a message. (CVE-2016-2776) [RT #43139] -+ - 4406. [security] getrrsetbyname with a non absolute name could - trigger an infinite recursion bug in lwresd - and named with lwres configured if when combined -diff --git a/lib/dns/message.c b/lib/dns/message.c -index 6b5b4bb..b74dc81 100644 ---- a/lib/dns/message.c -+++ b/lib/dns/message.c -@@ -1754,7 +1754,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx, - if (r.length < DNS_MESSAGE_HEADERLEN) - return (ISC_R_NOSPACE); - -- if (r.length < msg->reserved) -+ if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved) - return (ISC_R_NOSPACE); - - /* -@@ -1895,8 +1895,29 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options, - - return (ISC_TRUE); - } -- - #endif -+ -+static isc_result_t -+renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name, -+ dns_compress_t *cctx, isc_buffer_t *target, -+ unsigned int reserved, unsigned int options, unsigned int *countp) -+{ -+ isc_result_t result; -+ -+ /* -+ * Shrink the space in the buffer by the reserved amount. -+ */ -+ if (target->length - target->used < reserved) -+ return (ISC_R_NOSPACE); -+ -+ target->length -= reserved; -+ result = dns_rdataset_towire(rdataset, owner_name, -+ cctx, target, options, countp); -+ target->length += reserved; -+ -+ return (result); -+} -+ - isc_result_t - dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, - unsigned int options) -@@ -1939,6 +1960,8 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, - /* - * Shrink the space in the buffer by the reserved amount. - */ -+ if (msg->buffer->length - msg->buffer->used < msg->reserved) -+ return (ISC_R_NOSPACE); - msg->buffer->length -= msg->reserved; - - total = 0; -@@ -2214,9 +2237,8 @@ dns_message_renderend(dns_message_t *msg) { - * Render. - */ - count = 0; -- result = dns_rdataset_towire(msg->opt, dns_rootname, -- msg->cctx, msg->buffer, 0, -- &count); -+ result = renderset(msg->opt, dns_rootname, msg->cctx, -+ msg->buffer, msg->reserved, 0, &count); - msg->counts[DNS_SECTION_ADDITIONAL] += count; - if (result != ISC_R_SUCCESS) - return (result); -@@ -2232,9 +2254,8 @@ dns_message_renderend(dns_message_t *msg) { - if (result != ISC_R_SUCCESS) - return (result); - count = 0; -- result = dns_rdataset_towire(msg->tsig, msg->tsigname, -- msg->cctx, msg->buffer, 0, -- &count); -+ result = renderset(msg->tsig, msg->tsigname, msg->cctx, -+ msg->buffer, msg->reserved, 0, &count); - msg->counts[DNS_SECTION_ADDITIONAL] += count; - if (result != ISC_R_SUCCESS) - return (result); -@@ -2255,9 +2276,8 @@ dns_message_renderend(dns_message_t *msg) { - * the owner name of a SIG(0) is irrelevant, and will not - * be set in a message being rendered. - */ -- result = dns_rdataset_towire(msg->sig0, dns_rootname, -- msg->cctx, msg->buffer, 0, -- &count); -+ result = renderset(msg->sig0, dns_rootname, msg->cctx, -+ msg->buffer, msg->reserved, 0, &count); - msg->counts[DNS_SECTION_ADDITIONAL] += count; - if (result != ISC_R_SUCCESS) - return (result); --- -2.7.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch deleted file mode 100644 index 75bc211cb..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch +++ /dev/null @@ -1,1090 +0,0 @@ -From 1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Wed, 2 Nov 2016 17:31:27 +1100 -Subject: [PATCH] 4504. [security] Allow the maximum number of records in a - zone to be specified. This provides a control for issues raised in - CVE-2016-6170. [RT #42143] - -(cherry picked from commit 5f8412a4cb5ee14a0e8cddd4107854b40ee3291e) - -Upstream-Status: Backport -[https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f] - -CVE: CVE-2016-6170 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - CHANGES | 4 + - bin/named/config.c | 1 + - bin/named/named.conf.docbook | 3 + - bin/named/update.c | 16 +++ - bin/named/zoneconf.c | 7 ++ - bin/tests/system/nsupdate/clean.sh | 1 + - bin/tests/system/nsupdate/ns3/named.conf | 7 ++ - bin/tests/system/nsupdate/ns3/too-big.test.db.in | 10 ++ - bin/tests/system/nsupdate/setup.sh | 2 + - bin/tests/system/nsupdate/tests.sh | 15 +++ - bin/tests/system/xfer/clean.sh | 1 + - bin/tests/system/xfer/ns1/axfr-too-big.db | 10 ++ - bin/tests/system/xfer/ns1/ixfr-too-big.db.in | 13 +++ - bin/tests/system/xfer/ns1/named.conf | 11 ++ - bin/tests/system/xfer/ns6/named.conf | 14 +++ - bin/tests/system/xfer/setup.sh | 2 + - bin/tests/system/xfer/tests.sh | 26 +++++ - doc/arm/Bv9ARM-book.xml | 21 ++++ - doc/arm/notes.xml | 9 ++ - lib/bind9/check.c | 2 + - lib/dns/db.c | 13 +++ - lib/dns/ecdb.c | 3 +- - lib/dns/include/dns/db.h | 20 ++++ - lib/dns/include/dns/rdataslab.h | 13 +++ - lib/dns/include/dns/result.h | 6 +- - lib/dns/include/dns/zone.h | 28 ++++- - lib/dns/rbtdb.c | 127 +++++++++++++++++++++-- - lib/dns/rdataslab.c | 13 +++ - lib/dns/result.c | 9 +- - lib/dns/sdb.c | 3 +- - lib/dns/sdlz.c | 3 +- - lib/dns/xfrin.c | 22 +++- - lib/dns/zone.c | 23 +++- - lib/isccfg/namedconf.c | 1 + - 34 files changed, 444 insertions(+), 15 deletions(-) - create mode 100644 bin/tests/system/nsupdate/ns3/too-big.test.db.in - create mode 100644 bin/tests/system/xfer/ns1/axfr-too-big.db - create mode 100644 bin/tests/system/xfer/ns1/ixfr-too-big.db.in - -diff --git a/CHANGES b/CHANGES -index 41cfce5..97d2e60 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,7 @@ -+4504. [security] Allow the maximum number of records in a zone to -+ be specified. This provides a control for issues -+ raised in CVE-2016-6170. [RT #42143] -+ - 4489. [security] It was possible to trigger assertions when processing - a response. (CVE-2016-8864) [RT #43465] - -diff --git a/bin/named/config.c b/bin/named/config.c -index f06348c..c24e334 100644 ---- a/bin/named/config.c -+++ b/bin/named/config.c -@@ -209,6 +209,7 @@ options {\n\ - max-transfer-time-out 120;\n\ - max-transfer-idle-in 60;\n\ - max-transfer-idle-out 60;\n\ -+ max-records 0;\n\ - max-retry-time 1209600; /* 2 weeks */\n\ - min-retry-time 500;\n\ - max-refresh-time 2419200; /* 4 weeks */\n\ -diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook -index 4c99a61..c2d173a 100644 ---- a/bin/named/named.conf.docbook -+++ b/bin/named/named.conf.docbook -@@ -338,6 +338,7 @@ options { - }; - - max-journal-size <replaceable>size_no_default</replaceable>; -+ max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; - max-transfer-idle-in <replaceable>integer</replaceable>; -@@ -527,6 +528,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> - }; - - max-journal-size <replaceable>size_no_default</replaceable>; -+ max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; - max-transfer-idle-in <replaceable>integer</replaceable>; -@@ -624,6 +626,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> - }; - - max-journal-size <replaceable>size_no_default</replaceable>; -+ max-records <replaceable>integer</replaceable>; - max-transfer-time-in <replaceable>integer</replaceable>; - max-transfer-time-out <replaceable>integer</replaceable>; - max-transfer-idle-in <replaceable>integer</replaceable>; -diff --git a/bin/named/update.c b/bin/named/update.c -index 83b1a05..cc2a611 100644 ---- a/bin/named/update.c -+++ b/bin/named/update.c -@@ -2455,6 +2455,8 @@ update_action(isc_task_t *task, isc_event_t *event) { - isc_boolean_t had_dnskey; - dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone); - dns_ttl_t maxttl = 0; -+ isc_uint32_t maxrecords; -+ isc_uint64_t records; - - INSIST(event->ev_type == DNS_EVENT_UPDATE); - -@@ -3138,6 +3140,20 @@ update_action(isc_task_t *task, isc_event_t *event) { - } - } - -+ maxrecords = dns_zone_getmaxrecords(zone); -+ if (maxrecords != 0U) { -+ result = dns_db_getsize(db, ver, &records, NULL); -+ if (result == ISC_R_SUCCESS && records > maxrecords) { -+ update_log(client, zone, ISC_LOG_ERROR, -+ "records in zone (%" -+ ISC_PRINT_QUADFORMAT -+ "u) exceeds max-records (%u)", -+ records, maxrecords); -+ result = DNS_R_TOOMANYRECORDS; -+ goto failure; -+ } -+ } -+ - journalfile = dns_zone_getjournal(zone); - if (journalfile != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, -diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c -index 4ee3dfe..14dd8ce 100644 ---- a/bin/named/zoneconf.c -+++ b/bin/named/zoneconf.c -@@ -978,6 +978,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, - dns_zone_setmaxttl(raw, maxttl); - } - -+ obj = NULL; -+ result = ns_config_get(maps, "max-records", &obj); -+ INSIST(result == ISC_R_SUCCESS && obj != NULL); -+ dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj)); -+ if (zone != mayberaw) -+ dns_zone_setmaxrecords(zone, 0); -+ - if (raw != NULL && filename != NULL) { - #define SIGNED ".signed" - size_t signedlen = strlen(filename) + sizeof(SIGNED); -diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh -index aaefc02..ea25545 100644 ---- a/bin/tests/system/nsupdate/clean.sh -+++ b/bin/tests/system/nsupdate/clean.sh -@@ -32,6 +32,7 @@ rm -f ns3/example.db.jnl ns3/example.db - rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test. - rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test. - rm -f ns3/K* -+rm -f ns3/too-big.test.db - rm -f dig.out.* - rm -f jp.out.ns3.* - rm -f Kxxx.* -diff --git a/bin/tests/system/nsupdate/ns3/named.conf b/bin/tests/system/nsupdate/ns3/named.conf -index 2abd522..68ff27a 100644 ---- a/bin/tests/system/nsupdate/ns3/named.conf -+++ b/bin/tests/system/nsupdate/ns3/named.conf -@@ -60,3 +60,10 @@ zone "dnskey.test" { - allow-update { any; }; - file "dnskey.test.db.signed"; - }; -+ -+zone "too-big.test" { -+ type master; -+ allow-update { any; }; -+ max-records 3; -+ file "too-big.test.db"; -+}; -diff --git a/bin/tests/system/nsupdate/ns3/too-big.test.db.in b/bin/tests/system/nsupdate/ns3/too-big.test.db.in -new file mode 100644 -index 0000000..7ff1e4a ---- /dev/null -+++ b/bin/tests/system/nsupdate/ns3/too-big.test.db.in -@@ -0,0 +1,10 @@ -+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -+; -+; This Source Code Form is subject to the terms of the Mozilla Public -+; License, v. 2.0. If a copy of the MPL was not distributed with this -+; file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+$TTL 10 -+too-big.test. IN SOA too-big.test. hostmaster.too-big.test. 1 3600 900 2419200 3600 -+too-big.test. IN NS too-big.test. -+too-big.test. IN A 10.53.0.3 -diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh -index 828255e..43c4094 100644 ---- a/bin/tests/system/nsupdate/setup.sh -+++ b/bin/tests/system/nsupdate/setup.sh -@@ -27,12 +27,14 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE - rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk - rm -f ns2/update.bk ns2/update.alt.bk - rm -f ns3/example.db.jnl -+rm -f ns3/too-big.test.db.jnl - - cp -f ns1/example1.db ns1/example.db - sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db - sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db - sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db - cp -f ns3/example.db.in ns3/example.db -+cp -f ns3/too-big.test.db.in ns3/too-big.test.db - - # update_test.pl has its own zone file because it - # requires a specific NS record set. -diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh -index 78d501e..0a6bbd3 100755 ---- a/bin/tests/system/nsupdate/tests.sh -+++ b/bin/tests/system/nsupdate/tests.sh -@@ -581,5 +581,20 @@ if [ $ret -ne 0 ]; then - status=1 - fi - -+n=`expr $n + 1` -+echo "I:check that adding too many records is blocked ($n)" -+ret=0 -+$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1 -+server 10.53.0.3 5300 -+zone too-big.test. -+update add r1.too-big.test 3600 IN TXT r1.too-big.test -+send -+EOF -+grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1 -+DIG +tcp @10.53.0.3 -p 5300 r1.too-big.test TXT > dig.out.ns3.test$n -+grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 -+grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1 -+[ $ret = 0 ] || { echo I:failed; status=1; } -+ - echo "I:exit status: $status" - exit $status -diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh -index 48aa159..da62a33 100644 ---- a/bin/tests/system/xfer/clean.sh -+++ b/bin/tests/system/xfer/clean.sh -@@ -36,3 +36,4 @@ rm -f ns7/*.db ns7/*.bk ns7/*.jnl - rm -f */named.memstats - rm -f */named.run - rm -f */ans.run -+rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl -diff --git a/bin/tests/system/xfer/ns1/axfr-too-big.db b/bin/tests/system/xfer/ns1/axfr-too-big.db -new file mode 100644 -index 0000000..d43760d ---- /dev/null -+++ b/bin/tests/system/xfer/ns1/axfr-too-big.db -@@ -0,0 +1,10 @@ -+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -+; -+; This Source Code Form is subject to the terms of the Mozilla Public -+; License, v. 2.0. If a copy of the MPL was not distributed with this -+; file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+$TTL 3600 -+@ IN SOA . . 0 0 0 0 0 -+@ IN NS . -+$GENERATE 1-29 host$ A 1.2.3.$ -diff --git a/bin/tests/system/xfer/ns1/ixfr-too-big.db.in b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in -new file mode 100644 -index 0000000..318bb77 ---- /dev/null -+++ b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in -@@ -0,0 +1,13 @@ -+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") -+; -+; This Source Code Form is subject to the terms of the Mozilla Public -+; License, v. 2.0. If a copy of the MPL was not distributed with this -+; file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+$TTL 3600 -+@ IN SOA . . 0 0 0 0 0 -+@ IN NS ns1 -+@ IN NS ns6 -+ns1 IN A 10.53.0.1 -+ns6 IN A 10.53.0.6 -+$GENERATE 1-25 host$ A 1.2.3.$ -diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf -index 07dad85..1d29292 100644 ---- a/bin/tests/system/xfer/ns1/named.conf -+++ b/bin/tests/system/xfer/ns1/named.conf -@@ -44,3 +44,14 @@ zone "slave" { - type master; - file "slave.db"; - }; -+ -+zone "axfr-too-big" { -+ type master; -+ file "axfr-too-big.db"; -+}; -+ -+zone "ixfr-too-big" { -+ type master; -+ allow-update { any; }; -+ file "ixfr-too-big.db"; -+}; -diff --git a/bin/tests/system/xfer/ns6/named.conf b/bin/tests/system/xfer/ns6/named.conf -index c9421b1..a12a92c 100644 ---- a/bin/tests/system/xfer/ns6/named.conf -+++ b/bin/tests/system/xfer/ns6/named.conf -@@ -52,3 +52,17 @@ zone "slave" { - masters { 10.53.0.1; }; - file "slave.bk"; - }; -+ -+zone "axfr-too-big" { -+ type slave; -+ max-records 30; -+ masters { 10.53.0.1; }; -+ file "axfr-too-big.bk"; -+}; -+ -+zone "ixfr-too-big" { -+ type slave; -+ max-records 30; -+ masters { 10.53.0.1; }; -+ file "ixfr-too-big.bk"; -+}; -diff --git a/bin/tests/system/xfer/setup.sh b/bin/tests/system/xfer/setup.sh -index 56ca901..c55abf8 100644 ---- a/bin/tests/system/xfer/setup.sh -+++ b/bin/tests/system/xfer/setup.sh -@@ -33,3 +33,5 @@ cp -f ns4/named.conf.base ns4/named.conf - - cp ns2/slave.db.in ns2/slave.db - touch -t 200101010000 ns2/slave.db -+ -+cp -f ns1/ixfr-too-big.db.in ns1/ixfr-too-big.db -diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh -index 67b2a1a..fe33f0a 100644 ---- a/bin/tests/system/xfer/tests.sh -+++ b/bin/tests/system/xfer/tests.sh -@@ -368,5 +368,31 @@ $DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && { - status=1 - } - -+n=`expr $n + 1` -+echo "I:test that a zone with too many records is rejected (AXFR) ($n)" -+tmp=0 -+grep "'axfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 -+if test $tmp != 0 ; then echo "I:failed"; fi -+status=`expr $status + $tmp` -+ -+n=`expr $n + 1` -+echo "I:test that a zone with too many records is rejected (IXFR) ($n)" -+tmp=0 -+grep "'ixfr-too-big./IN.*: too many records" ns6/named.run >/dev/null && tmp=1 -+$NSUPDATE << EOF -+zone ixfr-too-big -+server 10.53.0.1 5300 -+update add the-31st-record.ixfr-too-big 0 TXT this is it -+send -+EOF -+for i in 1 2 3 4 5 6 7 8 -+do -+ grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null && break -+ sleep 1 -+done -+grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 -+if test $tmp != 0 ; then echo "I:failed"; fi -+status=`expr $status + $tmp` -+ - echo "I:exit status: $status" - exit $status -diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 848b582..0369505 100644 ---- a/doc/arm/Bv9ARM-book.xml -+++ b/doc/arm/Bv9ARM-book.xml -@@ -4858,6 +4858,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] - <optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional> - <optional> queryport-pool-ports <replaceable>number</replaceable>; </optional> - <optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional> -+ <optional> max-records <replaceable>number</replaceable>; </optional> - <optional> max-transfer-time-in <replaceable>number</replaceable>; </optional> - <optional> max-transfer-time-out <replaceable>number</replaceable>; </optional> - <optional> max-transfer-idle-in <replaceable>number</replaceable>; </optional> -@@ -8164,6 +8165,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - </varlistentry> - - <varlistentry> -+ <term><command>max-records</command></term> -+ <listitem> -+ <para> -+ The maximum number of records permitted in a zone. -+ The default is zero which means unlimited. -+ </para> -+ </listitem> -+ </varlistentry> -+ -+ <varlistentry> - <term><command>host-statistics-max</command></term> - <listitem> - <para> -@@ -12056,6 +12067,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea - </varlistentry> - - <varlistentry> -+ <term><command>max-records</command></term> -+ <listitem> -+ <para> -+ See the description of -+ <command>max-records</command> in <xref linkend="server_resource_limits"/>. -+ </para> -+ </listitem> -+ </varlistentry> -+ -+ <varlistentry> - <term><command>max-transfer-time-in</command></term> - <listitem> - <para> -diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index 095eb5b..36495e7 100644 ---- a/doc/arm/notes.xml -+++ b/doc/arm/notes.xml -@@ -52,6 +52,15 @@ - <itemizedlist> - <listitem> - <para> -+ Added the ability to specify the maximum number of records -+ permitted in a zone (max-records #;). This provides a mechanism -+ to block overly large zone transfers, which is a potential risk -+ with slave zones from other parties, as described in CVE-2016-6170. -+ [RT #42143] -+ </para> -+ </listitem> -+ <listitem> -+ <para> - Duplicate EDNS COOKIE options in a response could trigger - an assertion failure. This flaw is disclosed in CVE-2016-2088. - [RT #41809] -diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index b8c05dd..edb7534 100644 ---- a/lib/bind9/check.c -+++ b/lib/bind9/check.c -@@ -1510,6 +1510,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, - REDIRECTZONE }, - { "masters", SLAVEZONE | STUBZONE | REDIRECTZONE }, - { "max-ixfr-log-size", MASTERZONE | SLAVEZONE | STREDIRECTZONE }, -+ { "max-records", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE | -+ STATICSTUBZONE | REDIRECTZONE }, - { "max-refresh-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-retry-time", SLAVEZONE | STUBZONE | STREDIRECTZONE }, - { "max-transfer-idle-in", SLAVEZONE | STUBZONE | STREDIRECTZONE }, -diff --git a/lib/dns/db.c b/lib/dns/db.c -index 7e4f357..ced94a5 100644 ---- a/lib/dns/db.c -+++ b/lib/dns/db.c -@@ -999,6 +999,19 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, - } - - isc_result_t -+dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, -+ isc_uint64_t *bytes) -+{ -+ REQUIRE(DNS_DB_VALID(db)); -+ REQUIRE(dns_db_iszone(db) == ISC_TRUE); -+ -+ if (db->methods->getsize != NULL) -+ return ((db->methods->getsize)(db, version, records, bytes)); -+ -+ return (ISC_R_NOTFOUND); -+} -+ -+isc_result_t - dns_db_setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, - isc_stdtime_t resign) - { -diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c -index 553a339..b5d04d2 100644 ---- a/lib/dns/ecdb.c -+++ b/lib/dns/ecdb.c -@@ -587,7 +587,8 @@ static dns_dbmethods_t ecdb_methods = { - NULL, /* findnodeext */ - NULL, /* findext */ - NULL, /* setcachestats */ -- NULL /* hashsize */ -+ NULL, /* hashsize */ -+ NULL /* getsize */ - }; - - static isc_result_t -diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h -index a4a4482..aff42d6 100644 ---- a/lib/dns/include/dns/db.h -+++ b/lib/dns/include/dns/db.h -@@ -195,6 +195,8 @@ typedef struct dns_dbmethods { - dns_rdataset_t *sigrdataset); - isc_result_t (*setcachestats)(dns_db_t *db, isc_stats_t *stats); - unsigned int (*hashsize)(dns_db_t *db); -+ isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version, -+ isc_uint64_t *records, isc_uint64_t *bytes); - } dns_dbmethods_t; - - typedef isc_result_t -@@ -1485,6 +1487,24 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, - */ - - isc_result_t -+dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, -+ isc_uint64_t *bytes); -+/*%< -+ * Get the number of records in the given version of the database as well -+ * as the number bytes used to store those records. -+ * -+ * Requires: -+ * \li 'db' is a valid zone database. -+ * \li 'version' is NULL or a valid version. -+ * \li 'records' is NULL or a pointer to return the record count in. -+ * \li 'bytes' is NULL or a pointer to return the byte count in. -+ * -+ * Returns: -+ * \li #ISC_R_SUCCESS -+ * \li #ISC_R_NOTIMPLEMENTED -+ */ -+ -+isc_result_t - dns_db_findnsec3node(dns_db_t *db, dns_name_t *name, - isc_boolean_t create, dns_dbnode_t **nodep); - /*%< -diff --git a/lib/dns/include/dns/rdataslab.h b/lib/dns/include/dns/rdataslab.h -index 3ac44b8..2e1e759 100644 ---- a/lib/dns/include/dns/rdataslab.h -+++ b/lib/dns/include/dns/rdataslab.h -@@ -104,6 +104,7 @@ dns_rdataslab_tordataset(unsigned char *slab, unsigned int reservelen, - * Ensures: - *\li 'rdataset' is associated and points to a valid rdataest. - */ -+ - unsigned int - dns_rdataslab_size(unsigned char *slab, unsigned int reservelen); - /*%< -@@ -116,6 +117,18 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen); - *\li The number of bytes in the slab, including the reservelen. - */ - -+unsigned int -+dns_rdataslab_count(unsigned char *slab, unsigned int reservelen); -+/*%< -+ * Return the number of records in the rdataslab -+ * -+ * Requires: -+ *\li 'slab' points to a slab. -+ * -+ * Returns: -+ *\li The number of records in the slab. -+ */ -+ - isc_result_t - dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, - unsigned int reservelen, isc_mem_t *mctx, -diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h -index 7d11c2b..93d1fd5 100644 ---- a/lib/dns/include/dns/result.h -+++ b/lib/dns/include/dns/result.h -@@ -157,8 +157,12 @@ - #define DNS_R_BADCDS (ISC_RESULTCLASS_DNS + 111) - #define DNS_R_BADCDNSKEY (ISC_RESULTCLASS_DNS + 112) - #define DNS_R_OPTERR (ISC_RESULTCLASS_DNS + 113) -+#define DNS_R_BADDNSTAP (ISC_RESULTCLASS_DNS + 114) -+#define DNS_R_BADTSIG (ISC_RESULTCLASS_DNS + 115) -+#define DNS_R_BADSIG0 (ISC_RESULTCLASS_DNS + 116) -+#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117) - --#define DNS_R_NRESULTS 114 /*%< Number of results */ -+#define DNS_R_NRESULTS 118 /*%< Number of results */ - - /* - * DNS wire format rcodes. -diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h -index a9367f1..227540b 100644 ---- a/lib/dns/include/dns/zone.h -+++ b/lib/dns/include/dns/zone.h -@@ -296,6 +296,32 @@ dns_zone_getfile(dns_zone_t *zone); - */ - - void -+dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t records); -+/*%< -+ * Sets the maximim number of records permitted in a zone. -+ * 0 implies unlimited. -+ * -+ * Requires: -+ *\li 'zone' to be valid initialised zone. -+ * -+ * Returns: -+ *\li void -+ */ -+ -+isc_uint32_t -+dns_zone_getmaxrecords(dns_zone_t *zone); -+/*%< -+ * Gets the maximim number of records permitted in a zone. -+ * 0 implies unlimited. -+ * -+ * Requires: -+ *\li 'zone' to be valid initialised zone. -+ * -+ * Returns: -+ *\li isc_uint32_t maxrecords. -+ */ -+ -+void - dns_zone_setmaxttl(dns_zone_t *zone, isc_uint32_t maxttl); - /*%< - * Sets the max ttl of the zone. -@@ -316,7 +342,7 @@ dns_zone_getmaxttl(dns_zone_t *zone); - *\li 'zone' to be valid initialised zone. - * - * Returns: -- *\li isc_uint32_t maxttl. -+ *\li dns_ttl_t maxttl. - */ - - isc_result_t -diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index 62becfc..72d722f 100644 ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -209,6 +209,7 @@ typedef isc_uint64_t rbtdb_serial_t; - #define free_rbtdb_callback free_rbtdb_callback64 - #define free_rdataset free_rdataset64 - #define getnsec3parameters getnsec3parameters64 -+#define getsize getsize64 - #define getoriginnode getoriginnode64 - #define getrrsetstats getrrsetstats64 - #define getsigningtime getsigningtime64 -@@ -589,6 +590,13 @@ typedef struct rbtdb_version { - isc_uint16_t iterations; - isc_uint8_t salt_length; - unsigned char salt[DNS_NSEC3_SALTSIZE]; -+ -+ /* -+ * records and bytes are covered by rwlock. -+ */ -+ isc_rwlock_t rwlock; -+ isc_uint64_t records; -+ isc_uint64_t bytes; - } rbtdb_version_t; - - typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; -@@ -1130,6 +1138,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { - INSIST(refs == 0); - UNLINK(rbtdb->open_versions, rbtdb->current_version, link); - isc_refcount_destroy(&rbtdb->current_version->references); -+ isc_rwlock_destroy(&rbtdb->current_version->rwlock); - isc_mem_put(rbtdb->common.mctx, rbtdb->current_version, - sizeof(rbtdb_version_t)); - } -@@ -1383,6 +1392,7 @@ allocate_version(isc_mem_t *mctx, rbtdb_serial_t serial, - - static isc_result_t - newversion(dns_db_t *db, dns_dbversion_t **versionp) { -+ isc_result_t result; - dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; - rbtdb_version_t *version; - -@@ -1415,13 +1425,28 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { - version->salt_length = 0; - memset(version->salt, 0, sizeof(version->salt)); - } -- rbtdb->next_serial++; -- rbtdb->future_version = version; -- } -+ result = isc_rwlock_init(&version->rwlock, 0, 0); -+ if (result != ISC_R_SUCCESS) { -+ isc_refcount_destroy(&version->references); -+ isc_mem_put(rbtdb->common.mctx, version, -+ sizeof(*version)); -+ version = NULL; -+ } else { -+ RWLOCK(&rbtdb->current_version->rwlock, -+ isc_rwlocktype_read); -+ version->records = rbtdb->current_version->records; -+ version->bytes = rbtdb->current_version->bytes; -+ RWUNLOCK(&rbtdb->current_version->rwlock, -+ isc_rwlocktype_read); -+ rbtdb->next_serial++; -+ rbtdb->future_version = version; -+ } -+ } else -+ result = ISC_R_NOMEMORY; - RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); - - if (version == NULL) -- return (ISC_R_NOMEMORY); -+ return (result); - - *versionp = version; - -@@ -2681,6 +2706,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { - - if (cleanup_version != NULL) { - INSIST(EMPTY(cleanup_version->changed_list)); -+ isc_rwlock_destroy(&cleanup_version->rwlock); - isc_mem_put(rbtdb->common.mctx, cleanup_version, - sizeof(*cleanup_version)); - } -@@ -6254,6 +6280,26 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, - else - rbtnode->data = newheader; - newheader->next = topheader->next; -+ if (rbtversion != NULL) -+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); -+ if (rbtversion != NULL && !header_nx) { -+ rbtversion->records -= -+ dns_rdataslab_count((unsigned char *)header, -+ sizeof(*header)); -+ rbtversion->bytes -= -+ dns_rdataslab_size((unsigned char *)header, -+ sizeof(*header)); -+ } -+ if (rbtversion != NULL && !newheader_nx) { -+ rbtversion->records += -+ dns_rdataslab_count((unsigned char *)newheader, -+ sizeof(*newheader)); -+ rbtversion->bytes += -+ dns_rdataslab_size((unsigned char *)newheader, -+ sizeof(*newheader)); -+ } -+ if (rbtversion != NULL) -+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); - if (loading) { - /* - * There are no other references to 'header' when -@@ -6355,6 +6401,16 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, - newheader->down = NULL; - rbtnode->data = newheader; - } -+ if (rbtversion != NULL && !newheader_nx) { -+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write); -+ rbtversion->records += -+ dns_rdataslab_count((unsigned char *)newheader, -+ sizeof(*newheader)); -+ rbtversion->bytes += -+ dns_rdataslab_size((unsigned char *)newheader, -+ sizeof(*newheader)); -+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); -+ } - idx = newheader->node->locknum; - if (IS_CACHE(rbtdb)) { - ISC_LIST_PREPEND(rbtdb->rdatasets[idx], -@@ -6811,6 +6867,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - */ - newheader->additional_auth = NULL; - newheader->additional_glue = NULL; -+ rbtversion->records += -+ dns_rdataslab_count((unsigned char *)newheader, -+ sizeof(*newheader)); -+ rbtversion->bytes += -+ dns_rdataslab_size((unsigned char *)newheader, -+ sizeof(*newheader)); - } else if (result == DNS_R_NXRRSET) { - /* - * This subtraction would remove all of the rdata; -@@ -6846,6 +6908,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - * topheader. - */ - INSIST(rbtversion->serial >= topheader->serial); -+ rbtversion->records -= -+ dns_rdataslab_count((unsigned char *)header, -+ sizeof(*header)); -+ rbtversion->bytes -= -+ dns_rdataslab_size((unsigned char *)header, -+ sizeof(*header)); - if (topheader_prev != NULL) - topheader_prev->next = newheader; - else -@@ -7172,6 +7240,7 @@ rbt_datafixer(dns_rbtnode_t *rbtnode, void *base, size_t filesize, - unsigned char *limit = ((unsigned char *) base) + filesize; - unsigned char *p; - size_t size; -+ unsigned int count; - - REQUIRE(rbtnode != NULL); - -@@ -7179,6 +7248,9 @@ rbt_datafixer(dns_rbtnode_t *rbtnode, void *base, size_t filesize, - p = (unsigned char *) header; - - size = dns_rdataslab_size(p, sizeof(*header)); -+ count = dns_rdataslab_count(p, sizeof(*header));; -+ rbtdb->current_version->records += count; -+ rbtdb->current_version->bytes += size; - isc_crc64_update(crc, p, size); - #ifdef DEBUG - hexdump("hashing header", p, sizeof(rdatasetheader_t)); -@@ -7777,6 +7849,33 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash, - } - - static isc_result_t -+getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records, -+ isc_uint64_t *bytes) -+{ -+ dns_rbtdb_t *rbtdb; -+ isc_result_t result = ISC_R_SUCCESS; -+ rbtdb_version_t *rbtversion = version; -+ -+ rbtdb = (dns_rbtdb_t *)db; -+ -+ REQUIRE(VALID_RBTDB(rbtdb)); -+ INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb); -+ -+ if (rbtversion == NULL) -+ rbtversion = rbtdb->current_version; -+ -+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_read); -+ if (records != NULL) -+ *records = rbtversion->records; -+ -+ if (bytes != NULL) -+ *bytes = rbtversion->bytes; -+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_read); -+ -+ return (result); -+} -+ -+static isc_result_t - setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, isc_stdtime_t resign) { - dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; - isc_stdtime_t oldresign; -@@ -7972,7 +8071,8 @@ static dns_dbmethods_t zone_methods = { - NULL, - NULL, - NULL, -- hashsize -+ hashsize, -+ getsize - }; - - static dns_dbmethods_t cache_methods = { -@@ -8018,7 +8118,8 @@ static dns_dbmethods_t cache_methods = { - NULL, - NULL, - setcachestats, -- hashsize -+ hashsize, -+ NULL - }; - - isc_result_t -@@ -8310,6 +8411,20 @@ dns_rbtdb_create - rbtdb->current_version->salt_length = 0; - memset(rbtdb->current_version->salt, 0, - sizeof(rbtdb->current_version->salt)); -+ result = isc_rwlock_init(&rbtdb->current_version->rwlock, 0, 0); -+ if (result != ISC_R_SUCCESS) { -+ isc_refcount_destroy(&rbtdb->current_version->references); -+ isc_mem_put(mctx, rbtdb->current_version, -+ sizeof(*rbtdb->current_version)); -+ rbtdb->current_version = NULL; -+ isc_refcount_decrement(&rbtdb->references, NULL); -+ isc_refcount_destroy(&rbtdb->references); -+ free_rbtdb(rbtdb, ISC_FALSE, NULL); -+ return (result); -+ } -+ -+ rbtdb->current_version->records = 0; -+ rbtdb->current_version->bytes = 0; - rbtdb->future_version = NULL; - ISC_LIST_INIT(rbtdb->open_versions); - /* -diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c -index e29dc84..63e3728 100644 ---- a/lib/dns/rdataslab.c -+++ b/lib/dns/rdataslab.c -@@ -523,6 +523,19 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen) { - return ((unsigned int)(current - slab)); - } - -+unsigned int -+dns_rdataslab_count(unsigned char *slab, unsigned int reservelen) { -+ unsigned int count; -+ unsigned char *current; -+ -+ REQUIRE(slab != NULL); -+ -+ current = slab + reservelen; -+ count = *current++ * 256; -+ count += *current++; -+ return (count); -+} -+ - /* - * Make the dns_rdata_t 'rdata' refer to the slab item - * beginning at '*current', which is part of a slab of type -diff --git a/lib/dns/result.c b/lib/dns/result.c -index 7be4f57..a621909 100644 ---- a/lib/dns/result.c -+++ b/lib/dns/result.c -@@ -167,11 +167,16 @@ static const char *text[DNS_R_NRESULTS] = { - "covered by negative trust anchor", /*%< 110 DNS_R_NTACOVERED */ - "bad CDS", /*%< 111 DNS_R_BADCSD */ - "bad CDNSKEY", /*%< 112 DNS_R_BADCDNSKEY */ -- "malformed OPT option" /*%< 113 DNS_R_OPTERR */ -+ "malformed OPT option", /*%< 113 DNS_R_OPTERR */ -+ "malformed DNSTAP data", /*%< 114 DNS_R_BADDNSTAP */ -+ -+ "TSIG in wrong location", /*%< 115 DNS_R_BADTSIG */ -+ "SIG(0) in wrong location", /*%< 116 DNS_R_BADSIG0 */ -+ "too many records", /*%< 117 DNS_R_TOOMANYRECORDS */ - }; - - static const char *rcode_text[DNS_R_NRCODERESULTS] = { -- "NOERROR", /*%< 0 DNS_R_NOEROR */ -+ "NOERROR", /*%< 0 DNS_R_NOERROR */ - "FORMERR", /*%< 1 DNS_R_FORMERR */ - "SERVFAIL", /*%< 2 DNS_R_SERVFAIL */ - "NXDOMAIN", /*%< 3 DNS_R_NXDOMAIN */ -diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c -index abfeeb0..19397e0 100644 ---- a/lib/dns/sdb.c -+++ b/lib/dns/sdb.c -@@ -1298,7 +1298,8 @@ static dns_dbmethods_t sdb_methods = { - findnodeext, - findext, - NULL, /* setcachestats */ -- NULL /* hashsize */ -+ NULL, /* hashsize */ -+ NULL /* getsize */ - }; - - static isc_result_t -diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c -index b1198a4..0e3163d 100644 ---- a/lib/dns/sdlz.c -+++ b/lib/dns/sdlz.c -@@ -1269,7 +1269,8 @@ static dns_dbmethods_t sdlzdb_methods = { - findnodeext, - findext, - NULL, /* setcachestats */ -- NULL /* hashsize */ -+ NULL, /* hashsize */ -+ NULL /* getsize */ - }; - - /* -diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c -index 2a6c1b4..ac566e1 100644 ---- a/lib/dns/xfrin.c -+++ b/lib/dns/xfrin.c -@@ -149,6 +149,9 @@ struct dns_xfrin_ctx { - unsigned int nrecs; /*%< Number of records recvd */ - isc_uint64_t nbytes; /*%< Number of bytes received */ - -+ unsigned int maxrecords; /*%< The maximum number of -+ records set for the zone */ -+ - isc_time_t start; /*%< Start time of the transfer */ - isc_time_t end; /*%< End time of the transfer */ - -@@ -309,10 +312,18 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, - static isc_result_t - axfr_apply(dns_xfrin_ctx_t *xfr) { - isc_result_t result; -+ isc_uint64_t records; - - CHECK(dns_diff_load(&xfr->diff, xfr->axfr.add, xfr->axfr.add_private)); - xfr->difflen = 0; - dns_diff_clear(&xfr->diff); -+ if (xfr->maxrecords != 0U) { -+ result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); -+ if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { -+ result = DNS_R_TOOMANYRECORDS; -+ goto failure; -+ } -+ } - result = ISC_R_SUCCESS; - failure: - return (result); -@@ -396,6 +407,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, - static isc_result_t - ixfr_apply(dns_xfrin_ctx_t *xfr) { - isc_result_t result; -+ isc_uint64_t records; - - if (xfr->ver == NULL) { - CHECK(dns_db_newversion(xfr->db, &xfr->ver)); -@@ -403,6 +415,13 @@ ixfr_apply(dns_xfrin_ctx_t *xfr) { - CHECK(dns_journal_begin_transaction(xfr->ixfr.journal)); - } - CHECK(dns_diff_apply(&xfr->diff, xfr->db, xfr->ver)); -+ if (xfr->maxrecords != 0U) { -+ result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); -+ if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { -+ result = DNS_R_TOOMANYRECORDS; -+ goto failure; -+ } -+ } - if (xfr->ixfr.journal != NULL) { - result = dns_journal_writediff(xfr->ixfr.journal, &xfr->diff); - if (result != ISC_R_SUCCESS) -@@ -759,7 +778,7 @@ xfrin_reset(dns_xfrin_ctx_t *xfr) { - - static void - xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) { -- if (result != DNS_R_UPTODATE) { -+ if (result != DNS_R_UPTODATE && result != DNS_R_TOOMANYRECORDS) { - xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s", - msg, isc_result_totext(result)); - if (xfr->is_ixfr) -@@ -852,6 +871,7 @@ xfrin_create(isc_mem_t *mctx, - xfr->nmsg = 0; - xfr->nrecs = 0; - xfr->nbytes = 0; -+ xfr->maxrecords = dns_zone_getmaxrecords(zone); - isc_time_now(&xfr->start); - - xfr->tsigkey = NULL; -diff --git a/lib/dns/zone.c b/lib/dns/zone.c -index 90e558d..2b0d8e4 100644 ---- a/lib/dns/zone.c -+++ b/lib/dns/zone.c -@@ -253,6 +253,8 @@ struct dns_zone { - isc_uint32_t maxretry; - isc_uint32_t minretry; - -+ isc_uint32_t maxrecords; -+ - isc_sockaddr_t *masters; - isc_dscp_t *masterdscps; - dns_name_t **masterkeynames; -@@ -10088,6 +10090,20 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val) { - zone->maxretry = val; - } - -+isc_uint32_t -+dns_zone_getmaxrecords(dns_zone_t *zone) { -+ REQUIRE(DNS_ZONE_VALID(zone)); -+ -+ return (zone->maxrecords); -+} -+ -+void -+dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t val) { -+ REQUIRE(DNS_ZONE_VALID(zone)); -+ -+ zone->maxrecords = val; -+} -+ - static isc_boolean_t - notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name, - isc_sockaddr_t *addr, dns_tsigkey_t *key) -@@ -14431,7 +14447,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { - DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR); - - TIME_NOW(&now); -- switch (result) { -+ switch (xfrresult) { - case ISC_R_SUCCESS: - DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); - /*FALLTHROUGH*/ -@@ -14558,6 +14574,11 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { - DNS_ZONE_SETFLAG(zone, DNS_ZONEFLAG_NOIXFR); - goto same_master; - -+ case DNS_R_TOOMANYRECORDS: -+ DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime); -+ inc_stats(zone, dns_zonestatscounter_xfrfail); -+ break; -+ - default: - next_master: - /* -diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c -index 780ab46..e7ff1cc 100644 ---- a/lib/isccfg/namedconf.c -+++ b/lib/isccfg/namedconf.c -@@ -1679,6 +1679,7 @@ zone_clauses[] = { - { "masterfile-format", &cfg_type_masterformat, 0 }, - { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE }, - { "max-journal-size", &cfg_type_sizenodefault, 0 }, -+ { "max-records", &cfg_type_uint32, 0 }, - { "max-refresh-time", &cfg_type_uint32, 0 }, - { "max-retry-time", &cfg_type_uint32, 0 }, - { "max-transfer-idle-in", &cfg_type_uint32, 0 }, --- -2.7.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch deleted file mode 100644 index b52d6800f..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch +++ /dev/null @@ -1,219 +0,0 @@ -From c1d0599a246f646d1c22018f8fa09459270a44b8 Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Fri, 21 Oct 2016 14:55:10 +1100 -Subject: [PATCH] 4489. [security] It was possible to trigger assertions when - processing a response. (CVE-2016-8864) [RT #43465] - -(cherry picked from commit bd6f27f5c353133b563fe69100b2f168c129f3ca) - -Upstream-Status: Backport -[https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8] - -CVE: CVE-2016-8864 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - CHANGES | 3 +++ - lib/dns/resolver.c | 69 +++++++++++++++++++++++++++++++++++++----------------- - 2 files changed, 50 insertions(+), 22 deletions(-) - -diff --git a/CHANGES b/CHANGES -index 5c8c61a..41cfce5 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,6 @@ -+4489. [security] It was possible to trigger assertions when processing -+ a response. (CVE-2016-8864) [RT #43465] -+ - 4467. [security] It was possible to trigger an assertion when - rendering a message. (CVE-2016-2776) [RT #43139] - -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index ba1ae23..13c8b44 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -612,7 +612,9 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name, - valarg->addrinfo = addrinfo; - - if (!ISC_LIST_EMPTY(fctx->validators)) -- INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0); -+ valoptions |= DNS_VALIDATOR_DEFER; -+ else -+ valoptions &= ~DNS_VALIDATOR_DEFER; - - result = dns_validator_create(fctx->res->view, name, type, rdataset, - sigrdataset, fctx->rmessage, -@@ -5526,13 +5528,6 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, - rdataset, - sigrdataset, - valoptions, task); -- /* -- * Defer any further validations. -- * This prevents multiple validators -- * from manipulating fctx->rmessage -- * simultaneously. -- */ -- valoptions |= DNS_VALIDATOR_DEFER; - } - } else if (CHAINING(rdataset)) { - if (rdataset->type == dns_rdatatype_cname) -@@ -5647,6 +5642,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, - eresult == DNS_R_NCACHENXRRSET); - } - event->result = eresult; -+ if (adbp != NULL && *adbp != NULL) { -+ if (anodep != NULL && *anodep != NULL) -+ dns_db_detachnode(*adbp, anodep); -+ dns_db_detach(adbp); -+ } - dns_db_attach(fctx->cache, adbp); - dns_db_transfernode(fctx->cache, &node, anodep); - clone_results(fctx); -@@ -5897,6 +5897,11 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, - fctx->attributes |= FCTX_ATTR_HAVEANSWER; - if (event != NULL) { - event->result = eresult; -+ if (adbp != NULL && *adbp != NULL) { -+ if (anodep != NULL && *anodep != NULL) -+ dns_db_detachnode(*adbp, anodep); -+ dns_db_detach(adbp); -+ } - dns_db_attach(fctx->cache, adbp); - dns_db_transfernode(fctx->cache, &node, anodep); - clone_results(fctx); -@@ -6718,13 +6723,15 @@ static isc_result_t - answer_response(fetchctx_t *fctx) { - isc_result_t result; - dns_message_t *message; -- dns_name_t *name, *dname, *qname, tname, *ns_name; -+ dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name; -+ dns_name_t *cname = NULL; - dns_rdataset_t *rdataset, *ns_rdataset; - isc_boolean_t done, external, chaining, aa, found, want_chaining; -- isc_boolean_t have_answer, found_cname, found_type, wanted_chaining; -+ isc_boolean_t have_answer, found_cname, found_dname, found_type; -+ isc_boolean_t wanted_chaining; - unsigned int aflag; - dns_rdatatype_t type; -- dns_fixedname_t fdname, fqname; -+ dns_fixedname_t fdname, fqname, fqdname; - dns_view_t *view; - - FCTXTRACE("answer_response"); -@@ -6738,6 +6745,7 @@ answer_response(fetchctx_t *fctx) { - - done = ISC_FALSE; - found_cname = ISC_FALSE; -+ found_dname = ISC_FALSE; - found_type = ISC_FALSE; - chaining = ISC_FALSE; - have_answer = ISC_FALSE; -@@ -6747,12 +6755,13 @@ answer_response(fetchctx_t *fctx) { - aa = ISC_TRUE; - else - aa = ISC_FALSE; -- qname = &fctx->name; -+ dqname = qname = &fctx->name; - type = fctx->type; - view = fctx->res->view; -+ dns_fixedname_init(&fqdname); - result = dns_message_firstname(message, DNS_SECTION_ANSWER); - while (!done && result == ISC_R_SUCCESS) { -- dns_namereln_t namereln; -+ dns_namereln_t namereln, dnamereln; - int order; - unsigned int nlabels; - -@@ -6760,6 +6769,8 @@ answer_response(fetchctx_t *fctx) { - dns_message_currentname(message, DNS_SECTION_ANSWER, &name); - external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); - namereln = dns_name_fullcompare(qname, name, &order, &nlabels); -+ dnamereln = dns_name_fullcompare(dqname, name, &order, -+ &nlabels); - if (namereln == dns_namereln_equal) { - wanted_chaining = ISC_FALSE; - for (rdataset = ISC_LIST_HEAD(name->list); -@@ -6854,7 +6865,7 @@ answer_response(fetchctx_t *fctx) { - } - } else if (rdataset->type == dns_rdatatype_rrsig - && rdataset->covers == -- dns_rdatatype_cname -+ dns_rdatatype_cname - && !found_type) { - /* - * We're looking for something else, -@@ -6884,11 +6895,18 @@ answer_response(fetchctx_t *fctx) { - * a CNAME or DNAME). - */ - INSIST(!external); -- if (aflag == -- DNS_RDATASETATTR_ANSWER) { -+ if ((rdataset->type != -+ dns_rdatatype_cname) || -+ !found_dname || -+ (aflag == -+ DNS_RDATASETATTR_ANSWER)) -+ { - have_answer = ISC_TRUE; -+ if (rdataset->type == -+ dns_rdatatype_cname) -+ cname = name; - name->attributes |= -- DNS_NAMEATTR_ANSWER; -+ DNS_NAMEATTR_ANSWER; - } - rdataset->attributes |= aflag; - if (aa) -@@ -6982,11 +7000,11 @@ answer_response(fetchctx_t *fctx) { - return (DNS_R_FORMERR); - } - -- if (namereln != dns_namereln_subdomain) { -+ if (dnamereln != dns_namereln_subdomain) { - char qbuf[DNS_NAME_FORMATSIZE]; - char obuf[DNS_NAME_FORMATSIZE]; - -- dns_name_format(qname, qbuf, -+ dns_name_format(dqname, qbuf, - sizeof(qbuf)); - dns_name_format(name, obuf, - sizeof(obuf)); -@@ -7001,7 +7019,7 @@ answer_response(fetchctx_t *fctx) { - want_chaining = ISC_TRUE; - POST(want_chaining); - aflag = DNS_RDATASETATTR_ANSWER; -- result = dname_target(rdataset, qname, -+ result = dname_target(rdataset, dqname, - nlabels, &fdname); - if (result == ISC_R_NOSPACE) { - /* -@@ -7018,10 +7036,13 @@ answer_response(fetchctx_t *fctx) { - - dname = dns_fixedname_name(&fdname); - if (!is_answertarget_allowed(view, -- qname, rdataset->type, -- dname, &fctx->domain)) { -+ dqname, rdataset->type, -+ dname, &fctx->domain)) -+ { - return (DNS_R_SERVFAIL); - } -+ dqname = dns_fixedname_name(&fqdname); -+ dns_name_copy(dname, dqname, NULL); - } else { - /* - * We've found a signature that -@@ -7046,6 +7067,10 @@ answer_response(fetchctx_t *fctx) { - INSIST(!external); - if (aflag == DNS_RDATASETATTR_ANSWER) { - have_answer = ISC_TRUE; -+ found_dname = ISC_TRUE; -+ if (cname != NULL) -+ cname->attributes &= -+ ~DNS_NAMEATTR_ANSWER; - name->attributes |= - DNS_NAMEATTR_ANSWER; - } --- -2.7.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch index 096d5d84f..8bc4ea30f 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch @@ -17,24 +17,28 @@ problem. Upstream-Status: Pending Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +Update context(trailing whitespace) for version 9.10.5-P3. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> --- bin/confgen/Makefile.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index 8b3e5aa..4868a24 100644 +index dca272f..02becce 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c ddns-confgen.@O@: ddns-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c --rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} +-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} +rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} --ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} +-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} +ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh index db201270f..ef915c0ae 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh @@ -3,5 +3,6 @@ if [ ! -s /etc/bind/rndc.key ]; then echo -n "Generating /etc/bind/rndc.key:" /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + chown root:bind /etc/bind/rndc.key chmod 0640 /etc/bind/rndc.key fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff deleted file mode 100644 index 2930796b6..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff +++ /dev/null @@ -1,104 +0,0 @@ -bind: port a patch to fix a build failure - -mips1 does not support ll and sc instructions, and lead to below error, now -we port a patch from debian to fix it -[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz] - -| {standard input}: Assembler messages: -| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)' -| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)' - -Upstream-Status: Pending - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - ---- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h -+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h -@@ -31,18 +31,20 @@ - isc_atomic_xadd(isc_int32_t *p, int val) { - isc_int32_t orig; - -- /* add is a cheat, since MIPS has no mov instruction */ -- __asm__ volatile ( -- "1:" -- "ll $3, %1\n" -- "add %0, $0, $3\n" -- "add $3, $3, %2\n" -- "sc $3, %1\n" -- "beq $3, 0, 1b" -- : "=&r"(orig) -- : "m"(*p), "r"(val) -- : "memory", "$3" -- ); -+ __asm__ __volatile__ ( -+ " .set push \n" -+ " .set mips2 \n" -+ " .set noreorder \n" -+ " .set noat \n" -+ "1: ll $1, %1 \n" -+ " addu %0, $1, %2 \n" -+ " sc %0, %1 \n" -+ " beqz %0, 1b \n" -+ " move %0, $1 \n" -+ " .set pop \n" -+ : "=&r" (orig), "+R" (*p) -+ : "r" (val) -+ : "memory"); - - return (orig); - } -@@ -52,16 +54,7 @@ - */ - static inline void - isc_atomic_store(isc_int32_t *p, isc_int32_t val) { -- __asm__ volatile ( -- "1:" -- "ll $3, %0\n" -- "add $3, $0, %1\n" -- "sc $3, %0\n" -- "beq $3, 0, 1b" -- : -- : "m"(*p), "r"(val) -- : "memory", "$3" -- ); -+ *p = val; - } - - /* -@@ -72,20 +65,23 @@ - static inline isc_int32_t - isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { - isc_int32_t orig; -+ isc_int32_t tmp; - -- __asm__ volatile( -- "1:" -- "ll $3, %1\n" -- "add %0, $0, $3\n" -- "bne $3, %2, 2f\n" -- "add $3, $0, %3\n" -- "sc $3, %1\n" -- "beq $3, 0, 1b\n" -- "2:" -- : "=&r"(orig) -- : "m"(*p), "r"(cmpval), "r"(val) -- : "memory", "$3" -- ); -+ __asm__ __volatile__ ( -+ " .set push \n" -+ " .set mips2 \n" -+ " .set noreorder \n" -+ " .set noat \n" -+ "1: ll $1, %1 \n" -+ " bne $1, %3, 2f \n" -+ " move %2, %4 \n" -+ " sc %2, %1 \n" -+ " beqz %2, 1b \n" -+ "2: move %0, $1 \n" -+ " .set pop \n" -+ : "=&r"(orig), "+R" (*p), "=r" (tmp) -+ : "r"(cmpval), "r"(val) -+ : "memory"); - - return (orig); - } diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch new file mode 100644 index 000000000..9829f1588 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch @@ -0,0 +1,36 @@ +Use python3 rather default python which maybe links to python2 for oe. And add +option for setup.py to install files to right directory. + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- +diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in +index a43a3c1..2e727f2 100644 +--- a/bin/python/Makefile.in ++++ b/bin/python/Makefile.in +@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs + ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8 + if test -n "${PYTHON}" ; then \ + if test -n "${DESTDIR}" ; then \ +- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \ ++ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ + else \ +- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \ ++ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ + fi \ + fi + +diff --git a/configure.in b/configure.in +index 314bb90..867923e 100644 +--- a/configure.in ++++ b/configure.in +@@ -227,7 +227,7 @@ AC_ARG_WITH(python, + [ --with-python=PATH specify path to python interpreter], + use_python="$withval", use_python="unspec") + +-python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" ++python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" + + testargparse='try: import argparse + except: exit(1)' diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.5-P3.bb index a80227482..13724a82e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.5-P3.bb @@ -3,14 +3,13 @@ HOMEPAGE = "http://www.isc.org/sw/bind/" SECTION = "console/network" LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0a95f52a0ab6c5f52dedc9a45e7abb3f" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43" DEPENDS = "openssl libcap" -SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://conf.patch \ file://make-etc-initd-bind-stop-work.patch \ - file://mips1-not-support-opcode.diff \ file://dont-test-on-host.patch \ file://generate-rndc-key.sh \ file://named.service \ @@ -21,33 +20,33 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://CVE-2016-1285.patch \ - file://CVE-2016-1286_1.patch \ - file://CVE-2016-1286_2.patch \ - file://CVE-2016-2088.patch \ - file://CVE-2016-2775.patch \ - file://CVE-2016-2776.patch \ - file://CVE-2016-8864.patch \ - file://CVE-2016-6170.patch \ + file://use-python3-and-fix-install-lib-path.patch \ " -SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a" -SRC_URI[sha256sum] = "690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83" +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/" + +SRC_URI[md5sum] = "d79cafbd9ac76239ee532dd89d05cc83" +SRC_URI[sha256sum] = "8d7e96b5b0bbac7b900d4c4bbb82e0956b4e509433c5fa392bb72a929b96606a" ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ - --disable-devpoll --disable-epoll --with-gost=no \ +EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ + --disable-devpoll --enable-epoll --with-gost=no \ --with-gssapi=no --with-ecdsa=yes \ --sysconfdir=${sysconfdir}/bind \ --with-openssl=${STAGING_LIBDIR}/.. \ " -inherit autotools update-rc.d systemd useradd pkgconfig + +inherit autotools update-rc.d systemd useradd pkgconfig python3-dir + +export PYTHON_SITEPACKAGES_DIR # PACKAGECONFIGs readline and libedit should NOT be set at same time PACKAGECONFIG ?= "readline" PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ @@ -66,7 +65,7 @@ RDEPENDS_${PN}-dev = "" PACKAGE_BEFORE_PN += "${PN}-utils" FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}" do_install_prepend() { # clean host path in isc-config.sh before the hardlink created @@ -98,6 +97,13 @@ do_install_append() { install -d ${D}${sysconfdir}/default install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi + + rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc } CONFFILES_${PN} = " \ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc index 882873a48..1807aa7c9 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -6,16 +6,41 @@ LICENSE = "GPLv2+ & LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" -DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck" +DEPENDS = "udev dbus-glib glib-2.0 libcheck" PROVIDES += "bluez-hcidump" RPROVIDES_${PN} += "bluez-hcidump" RCONFLICTS_${PN} = "bluez4" -PACKAGECONFIG ??= "obex-profiles readline" +PACKAGECONFIG ??= "obex-profiles \ + readline \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + a2dp-profiles \ + avrcp-profiles \ + network-profiles \ + hid-profiles \ + hog-profiles \ + tools \ + deprecated \ +" PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical" -PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental," PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline," +PACKAGECONFIG[testing] = "--enable-testing,--disable-testing" +PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib" +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" +PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups" +PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc" +PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap" +PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp" +PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp" +PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network" +PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid" +PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog" +PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health" +PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" +PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" +PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" +PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" SRC_URI = "\ ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ @@ -24,6 +49,7 @@ SRC_URI = "\ file://run-ptest \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch \ file://cve-2017-1000250.patch \ " S = "${WORKDIR}/bluez-${PV}" @@ -33,21 +59,20 @@ CVE_PRODUCT = "bluez" inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest EXTRA_OECONF = "\ - --enable-tools \ - --disable-cups \ --enable-test \ --enable-datafiles \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd', '--disable-systemd', d)} \ --enable-library \ " # bluez5 builds a large number of useful utilities but does not # install them. Specify which ones we want put into ${PN}-noinst-tools. NOINST_TOOLS_READLINE ??= "" -NOINST_TOOLS_EXPERIMENTAL ??= "" +NOINST_TOOLS_TESTING ??= "" +NOINST_TOOLS_BT ??= "" NOINST_TOOLS = " \ ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'experimental', '${NOINST_TOOLS_EXPERIMENTAL}', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ " do_install_append() { @@ -55,38 +80,36 @@ do_install_append() { install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth install -d ${D}${sysconfdir}/bluetooth/ - if [ -f ${S}/profiles/audio/audio.conf ]; then - install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/ - fi if [ -f ${S}/profiles/network/network.conf ]; then - install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ + install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ fi if [ -f ${S}/profiles/input/input.conf ]; then - install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ + install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ fi - if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then - sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth - fi + if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then + sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth + fi # Install desired tools that upstream leaves in build area - for f in ${NOINST_TOOLS} ; do - install -m 755 ${B}/$f ${D}/${bindir} + for f in ${NOINST_TOOLS} ; do + install -m 755 ${B}/$f ${D}/${bindir} done - # Patch python tools to use Python 3; they should be source compatible, but - # still refer to Python 2 in the shebang - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/* + # Patch python tools to use Python 3; they should be source compatible, but + # still refer to Python 2 in the shebang + sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/* } -ALLOW_EMPTY_libasound-module-bluez = "1" -PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools" +PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" -FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa" -FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${systemd_unitdir}/ ${datadir}/dbus-1" -FILES_${PN}-dev += "\ - ${libdir}/bluetooth/plugins/*.la \ - ${libdir}/alsa-lib/*.la \ +FILES_${PN} += " \ + ${libdir}/bluetooth/plugins/*.so \ + ${systemd_unitdir}/ ${datadir}/dbus-1 \ + ${libdir}/cups \ +" +FILES_${PN}-dev += " \ + ${libdir}/bluetooth/plugins/*.la \ " FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ @@ -109,17 +132,17 @@ FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TO RDEPENDS_${PN}-testtools += "python3 python3-dbus python3-pygobject" -SYSTEMD_SERVICE_${PN} = "bluetooth.service" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME_${PN} = "bluetooth" EXCLUDE_FROM_WORLD = "1" do_compile_ptest() { - oe_runmake buildtests + oe_runmake buildtests } do_install_ptest() { - cp -r ${B}/unit/ ${D}${PTEST_PATH} - rm -f ${D}${PTEST_PATH}/unit/*.o + cp -r ${B}/unit/ ${D}${PTEST_PATH} + rm -f ${D}${PTEST_PATH}/unit/*.o } diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch new file mode 100644 index 000000000..46794381f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch @@ -0,0 +1,36 @@ +From 3b341fb421ef61db7782bf1314ec693828467de9 Mon Sep 17 00:00:00 2001 +From: Andy Duan <fugang.duan@nxp.com> +Date: Wed, 23 Nov 2016 17:12:12 +0800 +Subject: [PATCH] hciattach: bcm43xx: fix the delay timer for firmware download + +From the log in .bcm43xx_load_firmware(): + /* Wait 50ms to let the firmware placed in download mode */ + nanosleep(&tm_mode, NULL); + +But timespec tm_mode is real is 50us. Correct the delayed timer count. + +Upstream-Status: Accepted [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=76255f732d68aef2b90d36d9c7be51a9e1739ce7] + +Signed-off-by: Fugang Duan <fugang.duan@nxp.com> +--- + tools/hciattach_bcm43xx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/hciattach_bcm43xx.c b/tools/hciattach_bcm43xx.c +index 81f38cb..ac1b3c1 100644 +--- a/tools/hciattach_bcm43xx.c ++++ b/tools/hciattach_bcm43xx.c +@@ -228,8 +228,8 @@ static int bcm43xx_set_speed(int fd, struct termios *ti, uint32_t speed) + static int bcm43xx_load_firmware(int fd, const char *fw) + { + unsigned char cmd[] = { HCI_COMMAND_PKT, 0x2e, 0xfc, 0x00 }; +- struct timespec tm_mode = { 0, 50000 }; +- struct timespec tm_ready = { 0, 2000000 }; ++ struct timespec tm_mode = { 0, 50000000 }; ++ struct timespec tm_ready = { 0, 200000000 }; + unsigned char resp[CC_MIN_SIZE]; + unsigned char tx_buf[1024]; + int len, fd_fw, n; +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init index 489e9b9eb..d7972f2d9 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init @@ -21,25 +21,22 @@ set -e case $1 in start) - echo "Starting $DESC" - + echo -n "Starting $DESC: " if test "$BLUETOOTH_ENABLED" = 0; then - echo "disabled. see /etc/default/bluetooth" + echo "disabled (see /etc/default/bluetooth)." exit 0 fi - start-stop-daemon --start --background $SSD_OPTIONS - echo "${DAEMON##*/}" - + echo "${DAEMON##*/}." ;; stop) - echo "Stopping $DESC" + echo -n "Stopping $DESC: " if test "$BLUETOOTH_ENABLED" = 0; then - echo "disabled." + echo "disabled (see /etc/default/bluetooth)." exit 0 fi start-stop-daemon --stop $SSD_OPTIONS - echo "${DAEMON}" + echo "${DAEMON##*/}." ;; restart|force-reload) $0 stop diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.43.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.46.bb index e10b82dd6..e1f85879c 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.43.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.46.bb @@ -2,13 +2,13 @@ require bluez5.inc REQUIRED_DISTRO_FEATURES = "bluez5" -SRC_URI[md5sum] = "698def88df96840dfbb0858bb6d73350" -SRC_URI[sha256sum] = "16c9c05d2a1da644ce3570d975ada3643d2e60c007a955bac09c0a0efeb58d15" +SRC_URI[md5sum] = "913f35d6fa4ca5772c53adb936bf1947" +SRC_URI[sha256sum] = "ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28" # noinst programs in Makefile.tools that are conditional on READLINE # support NOINST_TOOLS_READLINE ?= " \ - attrib/gatttool \ + ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ tools/obex-client-tool \ tools/obex-server-tool \ tools/bluetooth-player \ @@ -16,12 +16,13 @@ NOINST_TOOLS_READLINE ?= " \ tools/btmgmt \ " -# noinst programs in Makefile.tools that are conditional on EXPERIMENTAL +# noinst programs in Makefile.tools that are conditional on TESTING # support -NOINST_TOOLS_EXPERIMENTAL ?= " \ +NOINST_TOOLS_TESTING ?= " \ emulator/btvirt \ emulator/b1ee \ emulator/hfp \ + peripheral/btsensor \ tools/3dsp \ tools/mgmt-tester \ tools/gap-tester \ @@ -30,6 +31,13 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \ tools/smp-tester \ tools/hci-tester \ tools/rfcomm-tester \ + tools/bnep-tester \ + tools/userchan-tester \ +" + +# noinst programs in Makefile.tools that are conditional on TOOLS +# support +NOINST_TOOLS_BT ?= " \ tools/bdaddr \ tools/avinfo \ tools/avtest \ @@ -39,17 +47,23 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \ tools/hcieventmask \ tools/hcisecfilter \ tools/btinfo \ - tools/btattach \ tools/btsnoop \ tools/btproxy \ tools/btiotest \ + tools/bneptest \ tools/mcaptest \ tools/cltest \ tools/oobtest \ + tools/advtest \ tools/seq2bseq \ + tools/nokfw \ + tools/create-image \ + tools/eddystone \ tools/ibeacon \ tools/btgatt-client \ tools/btgatt-server \ + tools/test-runner \ + tools/check-selftest \ tools/gatt-service \ profiles/iap/iapd \ " diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc index 64a5418c6..2b03f9cb0 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc @@ -13,9 +13,9 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" -inherit autotools pkgconfig systemd update-rc.d bluetooth +inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives -DEPENDS = "dbus glib-2.0 ppp iptables readline" +DEPENDS = "dbus glib-2.0 ppp readline" INC_PR = "r20" @@ -33,6 +33,7 @@ EXTRA_OECONF += "\ PACKAGECONFIG ??= "wispr \ ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ + iptables \ " # If you want ConnMan to support VPN, add following statement into @@ -50,6 +51,8 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" # WISPr support for logging into hotspots, requires TLS PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," +PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat" +PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables" INITSCRIPT_NAME = "connman" INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." @@ -66,6 +69,11 @@ SYSTEMD_SERVICE_${PN} = "connman.service" SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" +ALTERNATIVE_PRIORITY = "100" +ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" +ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" +ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" + do_install_append() { if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then install -d ${D}${sysconfdir}/init.d @@ -86,6 +94,11 @@ do_install_append() { # Automake 1.12 won't install empty directories, but we need the # plugins directory to be present for ownership mkdir -p ${D}${libdir}/connman/plugins + + # For read-only filesystem, do not create links during bootup + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman + fi } # These used to be plugins, but now they are core diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch deleted file mode 100644 index bf3b86d86..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c8bfad4ee9d2c505c00ccbb8b2139543b5ad6fcb Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Mon, 23 Jan 2017 17:41:39 +0200 -Subject: [PATCH] Fix compile on musl with kernel 4.9 headers - -Kernel headers break when musl defines IFF_LOWER_UP. While -waiting for more proper fix in musl, add a hack to connman. - -Upstream-Status: Inappropriate [Workaround] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - src/6to4.c | 4 ++++ - src/firewall.c | 4 ++++ - src/iptables.c | 4 ++++ - 3 files changed, 12 insertions(+) - -diff --git a/src/6to4.c b/src/6to4.c -index 71a2882..1938afb 100644 ---- a/src/6to4.c -+++ b/src/6to4.c -@@ -24,6 +24,10 @@ - #include <config.h> - #endif - -+/* hack to make sure kernel headers understand that libc (musl) -+ does define IFF_LOWER_UP et al. */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 -+ - #include <errno.h> - #include <stdio.h> - #include <stdlib.h> -diff --git a/src/firewall.c b/src/firewall.c -index c440df6..c83def9 100644 ---- a/src/firewall.c -+++ b/src/firewall.c -@@ -23,6 +23,10 @@ - #include <config.h> - #endif - -+/* hack to make sure kernel headers understand that libc (musl) -+ does define IFF_LOWER_UP et al. */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 -+ - #include <errno.h> - - #include <xtables.h> -diff --git a/src/iptables.c b/src/iptables.c -index 82e3ac4..46ad9e2 100644 ---- a/src/iptables.c -+++ b/src/iptables.c -@@ -23,6 +23,10 @@ - #include <config.h> - #endif - -+/* hack to make sure kernel headers understand that libc (musl) -+ does define IFF_LOWER_UP et al. */ -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 -+ - #include <getopt.h> - #include <stdlib.h> - #include <stdio.h> --- -2.1.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch new file mode 100644 index 000000000..8e2e0bd02 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch @@ -0,0 +1,29 @@ +From 9f70b94ebf18f52c115634642652830fa77f27a1 Mon Sep 17 00:00:00 2001 +From: "Maxin B. John" <maxin.john@intel.com> +Date: Mon, 12 Jun 2017 16:52:39 +0300 +Subject: [PATCH] connman.service: stop systemd-resolved when we use connman + +Stop systemd-resolved service when we use connman as network manager. + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- + src/connman.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/connman.service.in b/src/connman.service.in +index 9f5c10f..dab48bc 100644 +--- a/src/connman.service.in ++++ b/src/connman.service.in +@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman + After=dbus.service network-pre.target systemd-sysusers.service + Before=network.target multi-user.target shutdown.target + Wants=network.target ++Conflicts=systemd-resolved.service + + [Service] + Type=dbus +-- +2.4.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch new file mode 100644 index 000000000..cfafbd127 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch @@ -0,0 +1,72 @@ +From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001 +From: "Maxin B. John" <maxin.john@intel.com> +Date: Mon, 8 May 2017 10:53:18 +0300 +Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7 + +We need these updates to accommodate the changes caused by the following +commit in libnftnl-1.0.7 + +commit 907a9f8e5a93f5bcd449643eb3916a656d634758 +Author: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Tue Dec 20 13:47:11 2016 +0100 + +src: get rid of aliases and compat + +This machinery was introduced to avoid sudden compilation breakage of +old nftables releases. With the upcoming release of 0.7 (and 0.6 which +is now 6 months old) this is not required anymore. + +Moreover, users gain nothing from older releases since they are +half-boiled and buggy. + +So let's get rid of aliases now. Bump LIBVERSION and update map file. + +Upstream-Status: Submitted + +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- + src/firewall-nftables.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c +index 583d1c4..83b137b 100644 +--- a/src/firewall-nftables.c ++++ b/src/firewall-nftables.c +@@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op, + if (!expr) + return -ENOMEM; + +- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg); +- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op); +- nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op); ++ nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len); + + nftnl_rule_add_expr(rule, expr); + +@@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen, + expr = nftnl_expr_alloc("meta"); + if (!expr) + goto err; +- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME); +- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1); + nftnl_rule_add_expr(rule, expr); + err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface, + strlen(interface) + 1); +@@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address, + expr = nftnl_expr_alloc("meta"); + if (!expr) + goto err; +- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF); +- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF); ++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1); + nftnl_rule_add_expr(rule, expr); + err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index)); + if (err < 0) +-- +2.4.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch deleted file mode 100644 index c545811ee..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch +++ /dev/null @@ -1,102 +0,0 @@ -From c7f4151fb053b0d0691d8f10d7e3690265d28889 Mon Sep 17 00:00:00 2001 -From: Lukasz Nowak <lnowak@tycoint.com> -Date: Wed, 26 Oct 2016 18:13:02 +0100 -Subject: [PATCH] stats: Fix bad file descriptor initialisation - -Stats file code initialises its file descriptor field to 0. But 0 is -a valid fd value. -1 should be used instead. This causes problems -when an error happens before a stats file is open (e.g. mkdir -fails). The clean-up procedure, stats_free() calls close(fd). When fd -is 0, this first closes stdin, and then any files/sockets which -received fd=0, re-used by the OS. - -Fixed several instances of bad file descriptor field handling, in case -of errors. - -The bug results with connman freezing if there is no read/write storage -directory available, and there are multiple active interfaces -(fd=0 gets re-used for sockets in that case). - -The patch was imported from the Connman git repository -(git://git.kernel.org/pub/scm/network/connman) as of commit id -c7f4151fb053b0d0691d8f10d7e3690265d28889. - -Upstream-Status: Accepted -Signed-off-by: Lukasz Nowak <lnowak@tycoint.com> ---- - src/stats.c | 15 +++++++++++++++ - src/util.c | 4 ++-- - 2 files changed, 17 insertions(+), 2 deletions(-) - -diff --git a/src/stats.c b/src/stats.c -index 26343b1..c3ca738 100644 ---- a/src/stats.c -+++ b/src/stats.c -@@ -378,6 +378,7 @@ static int stats_file_setup(struct stats_file *file) - strerror(errno), file->name); - - TFR(close(file->fd)); -+ file->fd = -1; - g_free(file->name); - file->name = NULL; - -@@ -393,6 +394,7 @@ static int stats_file_setup(struct stats_file *file) - err = stats_file_remap(file, size); - if (err < 0) { - TFR(close(file->fd)); -+ file->fd = -1; - g_free(file->name); - file->name = NULL; - -@@ -649,6 +651,13 @@ static int stats_file_history_update(struct stats_file *data_file) - bzero(history_file, sizeof(struct stats_file)); - bzero(temp_file, sizeof(struct stats_file)); - -+ /* -+ * 0 is a valid file descriptor - fd needs to be initialized -+ * to -1 to handle errors correctly -+ */ -+ history_file->fd = -1; -+ temp_file->fd = -1; -+ - err = stats_open(history_file, data_file->history_name); - if (err < 0) - return err; -@@ -682,6 +691,12 @@ int __connman_stats_service_register(struct connman_service *service) - if (!file) - return -ENOMEM; - -+ /* -+ * 0 is a valid file descriptor - fd needs to be initialized -+ * to -1 to handle errors correctly -+ */ -+ file->fd = -1; -+ - g_hash_table_insert(stats_hash, service, file); - } else { - return -EALREADY; -diff --git a/src/util.c b/src/util.c -index e6532c8..732d451 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -63,7 +63,7 @@ int __connman_util_init(void) - { - int r = 0; - -- if (f > 0) -+ if (f >= 0) - return 0; - - f = open(URANDOM, O_RDONLY); -@@ -86,7 +86,7 @@ int __connman_util_init(void) - - void __connman_util_cleanup(void) - { -- if (f > 0) -+ if (f >= 0) - close(f); - - f = -1; --- -2.7.4 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.34.bb index ee04d9b35..dc2c688f4 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.34.bb @@ -2,16 +2,17 @@ require connman.inc SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \ + file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ file://connman \ file://no-version-scripts.patch \ file://includes.patch \ - file://0003-stats-Fix-bad-file-descriptor-initialisation.patch \ file://CVE-2017-12865.patch \ " SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - file://0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch" + " -SRC_URI[md5sum] = "c51903fd3e7a6a371d12ac5d72a1fa01" -SRC_URI[sha256sum] = "bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0" +SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef" +SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e" RRECOMMENDS_${PN} = "connman-conf" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc index aafdd0a13..e94370786 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -12,30 +12,33 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1 DEPENDS = "openssl bind" -SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ - file://define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ +SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://init-relay file://default-relay \ file://init-server file://default-server \ file://dhclient.conf file://dhcpd.conf \ + file://dhclient-systemd-wrapper \ + file://dhclient.service \ file://dhcpd.service file://dhcrelay.service \ file://dhcpd6.service \ - file://search-for-libxml2.patch " - + " UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/" inherit autotools systemd useradd update-rc.d USERADD_PACKAGES = "${PN}-server" -USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${PN} --shell /bin/false --user-group ${PN}" +USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}" -SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay" +SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client" SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service" SYSTEMD_AUTO_ENABLE_${PN}-server = "disable" SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service" SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable" +SYSTEMD_SERVICE_${PN}-client = "dhclient.service" +SYSTEMD_AUTO_ENABLE_${PN}-client = "disable" + INITSCRIPT_PACKAGES = "dhcp-server" INITSCRIPT_NAME_dhcp-server = "dhcp-server" INITSCRIPT_PARAMS_dhcp-server = "defaults" @@ -46,7 +49,7 @@ EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \ --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ --with-libbind=${STAGING_LIBDIR}/ \ - --enable-paranoia \ + --enable-paranoia --disable-static \ --with-randomdev=/dev/random \ " @@ -79,15 +82,23 @@ do_install_append () { sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service + + install -d ${D}${base_sbindir} + install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper + install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service + sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service } -PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" +PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" -FILES_${PN} = "" +PACKAGES_remove = "${PN}" RDEPENDS_${PN}-dev = "" RDEPENDS_${PN}-staticdev = "" +FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0*" + FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server" RRECOMMENDS_${PN}-server = "dhcp-server-config" @@ -95,7 +106,11 @@ FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhc FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay" -FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf" +FILES_${PN}-client = "${base_sbindir}/dhclient \ + ${base_sbindir}/dhclient-script \ + ${sysconfdir}/dhcp/dhclient.conf \ + ${base_sbindir}/dhclient-systemd-wrapper \ + " FILES_${PN}-omshell = "${bindir}/omshell" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch index 32bdaf08e..e5b3cf9bc 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch @@ -1,17 +1,21 @@ -define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF +From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Tue, 15 Aug 2017 16:14:22 +0800 +Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF Upstream-Status: Inappropriate [OE specific] +Rebase to 4.3.6 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- includes/site.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/site.h b/includes/site.h -index d87b309..17bc40d 100644 +index b2f7fd7..280fbb9 100644 --- a/includes/site.h +++ b/includes/site.h -@@ -139,7 +139,8 @@ +@@ -149,7 +149,8 @@ /* Define this if you want the dhcpd.conf file to go somewhere other than the default location. By default, it goes in /etc/dhcpd.conf. */ @@ -22,5 +26,5 @@ index d87b309..17bc40d 100644 /* Network API definitions. You do not need to choose one of these - if you don't choose, one will be chosen for you in your system's config -- -1.9.1 +1.8.3.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch new file mode 100644 index 000000000..6459dc009 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch @@ -0,0 +1,117 @@ +From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Tue, 15 Aug 2017 14:56:56 +0800 +Subject: [PATCH 02/11] dhclient dbus + +upstream-Status: Inappropriate [distribution] + +Rebase to 4.3.6 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + client/scripts/bsdos | 5 +++++ + client/scripts/freebsd | 5 +++++ + client/scripts/linux | 5 +++++ + client/scripts/netbsd | 5 +++++ + client/scripts/openbsd | 5 +++++ + client/scripts/solaris | 5 +++++ + 6 files changed, 30 insertions(+) + +diff --git a/client/scripts/bsdos b/client/scripts/bsdos +index d69d0d8..095b143 100755 +--- a/client/scripts/bsdos ++++ b/client/scripts/bsdos +@@ -45,6 +45,11 @@ exit_with_hooks() { + . /etc/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +diff --git a/client/scripts/freebsd b/client/scripts/freebsd +index 8f3e2a2..ad7fb44 100755 +--- a/client/scripts/freebsd ++++ b/client/scripts/freebsd +@@ -89,6 +89,11 @@ exit_with_hooks() { + . /etc/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +diff --git a/client/scripts/linux b/client/scripts/linux +index 5fb1612..3d447b6 100755 +--- a/client/scripts/linux ++++ b/client/scripts/linux +@@ -174,6 +174,11 @@ exit_with_hooks() { + exit_status=$? + fi + ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +diff --git a/client/scripts/netbsd b/client/scripts/netbsd +index 07383b7..aaba8e8 100755 +--- a/client/scripts/netbsd ++++ b/client/scripts/netbsd +@@ -45,6 +45,11 @@ exit_with_hooks() { + . /etc/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +diff --git a/client/scripts/openbsd b/client/scripts/openbsd +index e7f4746..56b980c 100644 +--- a/client/scripts/openbsd ++++ b/client/scripts/openbsd +@@ -45,6 +45,11 @@ exit_with_hooks() { + . /etc/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +diff --git a/client/scripts/solaris b/client/scripts/solaris +index af553b9..4a2aa69 100755 +--- a/client/scripts/solaris ++++ b/client/scripts/solaris +@@ -26,6 +26,11 @@ exit_with_hooks() { + . /etc/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch index 0d0e0dd08..810c7b6da 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch @@ -1,24 +1,28 @@ -Author: Andrei Gherzan <andrei@gherzan.ro> -Date: Thu Feb 2 23:59:11 2012 +0200 +From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan <andrei@gherzan.ro> +Date: Tue, 15 Aug 2017 15:05:47 +0800 +Subject: [PATCH 03/11] link with lcrypto -From 4.2.0 final release, -lcrypto check was removed and we compile static libraries -from bind that are linked to libcrypto. This is why i added a patch in order to add +From 4.2.0 final release, -lcrypto check was removed and we compile +static libraries +from bind that are linked to libcrypto. This is why i added a patch in +order to add -lcrypto to LIBS. Upstream-Status: Pending Signed-off-by: Andrei Gherzan <andrei@gherzan.ro> -Rebase to 4.3.4 +Rebase to 4.3.6 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac -index 097b0c3..726c88e 100644 +index cdfa352..44fb57e 100644 --- a/configure.ac +++ b/configure.ac -@@ -584,6 +584,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); +@@ -591,6 +591,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); # Look for optional headers. AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) @@ -30,5 +34,5 @@ index 097b0c3..726c88e 100644 AC_SEARCH_LIBS(socket, [socket]) AC_SEARCH_LIBS(inet_ntoa, [nsl]) -- -2.8.1 +1.8.3.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch index 2f44147ad..7d1d86798 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch @@ -1,10 +1,13 @@ -Fix out of tree builds +From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Tue, 15 Aug 2017 15:08:22 +0800 +Subject: [PATCH 04/11] Fix out of tree builds Upstream-Status: Pending RP 2013/03/21 -Rebase to 4.3.4 +Rebase to 4.3.6 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- @@ -93,5 +96,5 @@ index 54feedf..3990b9c 100644 dist_sysconf_DATA = dhcpd.conf.example sbin_PROGRAMS = dhcpd -- -2.8.1 +1.8.3.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch new file mode 100644 index 000000000..dd56381b1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch @@ -0,0 +1,36 @@ +From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Tue, 15 Aug 2017 15:24:14 +0800 +Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on + Read-only file system + +In read-only file system, '/etc' is on the readonly partition, +and '/etc/resolv.conf' is symlinked to a separate writable +partition. + +In this situation, we create temp files 'resolv.conf.dhclient-new' +in /tmp dir. + +Upstream-Status: Pending + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + client/scripts/linux | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/client/scripts/linux b/client/scripts/linux +index 3d447b6..3122a75 100755 +--- a/client/scripts/linux ++++ b/client/scripts/linux +@@ -40,7 +40,7 @@ make_resolv_conf() { + # DHCPv4 + if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] || + [ -n "$new_domain_name_servers" ]; then +- new_resolv_conf=/etc/resolv.conf.dhclient-new ++ new_resolv_conf=/tmp/resolv.conf.dhclient-new + rm -f $new_resolv_conf + + if [ -n "$new_domain_name" ]; then +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch index 47443a50e..c62b283d5 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch @@ -1,17 +1,22 @@ -Upstream-Status: Inappropriate [configuration] - -Subject: [PATCH] site.h: enable gentle shutdown +From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 15 Aug 2017 15:37:49 +0800 +Subject: [PATCH 06/11] site.h: enable gentle shutdown +Upstream-Status: Inappropriate [configuration] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +Rebase to 4.3.6 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- includes/site.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/site.h b/includes/site.h -index 1dd1251..abb66e4 100644 +index 280fbb9..e6c2972 100644 --- a/includes/site.h +++ b/includes/site.h -@@ -289,7 +289,7 @@ +@@ -296,7 +296,7 @@ situations. We plan to revisit this feature and may make non-backwards compatible changes including the removal of this define. Use at your own risk. */ @@ -21,5 +26,5 @@ index 1dd1251..abb66e4 100644 /* Include old error codes. This is provided in case you are building an external program similar to omshell for -- -2.8.1 +1.8.3.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch new file mode 100644 index 000000000..43c26ea21 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch @@ -0,0 +1,42 @@ +From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001 +From: Christopher Larson <chris_larson@mentor.com> +Date: Tue, 15 Aug 2017 16:17:49 +0800 +Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency + explicit and determinisitic. + +Upstream-Status: Pending + +Signed-off-by: Christopher Larson <chris_larson@mentor.com> + +Rebase to 4.3.6 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + configure.ac | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 44fb57e..8e9f509 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -611,6 +611,17 @@ AC_CHECK_FUNCS(strlcat) + # For HP/UX we need -lipv6 for if_nametoindex, perhaps others. + AC_SEARCH_LIBS(if_nametoindex, [ipv6]) + ++AC_ARG_WITH(libxml2, ++ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), ++ with_libxml2="$withval", with_libxml2="no") ++ ++if test x$with_libxml2 != xno; then ++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], ++ [if test x$with_libxml2 != xauto; then ++ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) ++ fi]) ++fi ++ + # check for /dev/random (declares HAVE_DEV_RANDOM) + AC_MSG_CHECKING(for random device) + AC_ARG_WITH(randomdev, +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch index 03c6abb79..006d18ae7 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch @@ -1,7 +1,7 @@ -From ad7bb401f47714fc30c408853b796ce0f1c7e65f Mon Sep 17 00:00:00 2001 +From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Sat, 11 Jun 2016 22:51:44 -0400 -Subject: [PATCH] tweak to support external bind +Subject: [PATCH 08/11] tweak to support external bind Tweak the external bind to oe-core's sysroot rather than external bind source build. @@ -34,7 +34,7 @@ index 4730bb3..84d8131 100644 AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am -index da69ea9..fe35e57 100644 +index 5031d0c..a8dfd26 100644 --- a/client/tests/Makefile.am +++ b/client/tests/Makefile.am @@ -1,6 +1,6 @@ @@ -46,7 +46,7 @@ index da69ea9..fe35e57 100644 AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index f8d6b0e..05cd9c1 100644 +index f6a43e4..2f98d22 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -1,6 +1,6 @@ @@ -101,7 +101,7 @@ index 3990b9c..b5d8c2d 100644 AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index 65a9f74..2892309 100644 +index a87c5e7..9821081 100644 --- a/server/tests/Makefile.am +++ b/server/tests/Makefile.am @@ -1,6 +1,6 @@ @@ -113,5 +113,5 @@ index 65a9f74..2892309 100644 AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) -- -2.8.1 +1.8.3.1 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch new file mode 100644 index 000000000..912b6d631 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch @@ -0,0 +1,28 @@ +From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001 +From: Andre McCurdy <armccurdy@gmail.com> +Date: Tue, 15 Aug 2017 15:49:31 +0800 +Subject: [PATCH 09/11] remove dhclient-script bash dependency + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Andre McCurdy <armccurdy@gmail.com> + +Rebase to 4.3.6 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + client/scripts/linux | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/client/scripts/linux b/client/scripts/linux +index 3122a75..1712d7d 100755 +--- a/client/scripts/linux ++++ b/client/scripts/linux +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # dhclient-script for Linux. Dan Halbert, March, 1997. + # Updated for Linux 2.[12] by Brian J. Murrell, January 1999. + # No guarantees about this. I'm a novice at the details of Linux +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch new file mode 100644 index 000000000..f128731c6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch @@ -0,0 +1,208 @@ +From 76c370a929e5ab5dbc81c2fbcf4e50f4fbc08ce9 Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 15 Aug 2017 15:53:37 +0800 +Subject: [PATCH 10/11] build shared libs + +Upstream-Status: Pending + +Port patches from Fedora to build shared libs rather than static libs. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Rebase to 4.3.6 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + client/Makefile.am | 4 ++-- + common/tests/Makefile.am | 13 +++++-------- + configure.ac | 12 ++---------- + dhcpctl/Makefile.am | 14 ++++++-------- + omapip/Makefile.am | 7 +++---- + relay/Makefile.am | 5 ++--- + server/Makefile.am | 7 +++---- + server/tests/Makefile.am | 7 +++---- + 8 files changed, 26 insertions(+), 43 deletions(-) + +diff --git a/client/Makefile.am b/client/Makefile.am +index 84d8131..e776bf0 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \ + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ ++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am +index 2f98d22..8745e88 100644 +--- a/common/tests/Makefile.am ++++ b/common/tests/Makefile.am +@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest + alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c + alloc_unittest_LDADD = $(ATF_LDFLAGS) + alloc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc + + dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + dns_unittest_LDADD = $(ATF_LDFLAGS) + dns_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc + + misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c + misc_unittest_LDADD = $(ATF_LDFLAGS) + misc_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc + + ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c + ns_name_unittest_LDADD = $(ATF_LDFLAGS) + ns_name_unittest_LDADD += ../libdhcp.a \ +- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++ ../../omapip/libomapi.a -L$(BINDLIBDIR) \ ++ -ldns -lisccfg -lisc + + check: $(ATF_TESTS) + @if test $(top_srcdir) != ${top_builddir}; then \ +diff --git a/configure.ac b/configure.ac +index 8e9f509..bfe988a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes") + # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. + AC_USE_SYSTEM_EXTENSIONS + +-AC_PROG_RANLIB +- +-AC_PATH_PROG(AR, ar) +-AC_SUBST(AR) +- +-if test "X$AR" = "X"; then +- AC_MSG_ERROR([ +-ar program not found. Please fix your PATH to include the directory in +-which ar resides, or set AR in the environment with the full path to ar.]) +-fi ++# Use libtool to simplify building of shared libraries ++AC_PROG_LIBTOOL + + AC_CONFIG_HEADERS([includes/config.h]) + +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index 9b2486e..784cdf7 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@ + AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) + + bin_PROGRAMS = omshell +-lib_LIBRARIES = libdhcpctl.a ++lib_LTLIBRARIES = libdhcpctl.la + noinst_PROGRAMS = cltest + man_MANS = omshell.1 dhcpctl.3 + EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c +-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ ++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc + +-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c ++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c +-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ ++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index e4a8599..c0c7a1e 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -1,10 +1,10 @@ + BINDLIBDIR = @BINDDIR@ + AM_CPPFLAGS = -I$(top_srcdir)/includes + +-lib_LIBRARIES = libomapi.a ++lib_LTLIBRARIES = libomapi.la + noinst_PROGRAMS = svtest + +-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ ++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ + errwarn.c listener.c dispatch.c generic.c support.c \ + handle.c message.c convert.c hash.c auth.c inet_addr.c \ + array.c trace.c toisc.c iscprint.c isclib.c +@@ -13,6 +13,5 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc + +diff --git a/relay/Makefile.am b/relay/Makefile.am +index b3bf578..f47009f 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c +-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ +- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a ++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ ++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/server/Makefile.am b/server/Makefile.am +index b5d8c2d..d7f876d 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ + dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c + + dhcpd_CFLAGS = $(LDAP_CFLAGS) +-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ +- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS) ++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ ++ ../dhcpctl/libdhcpctl.la -L$(BINDLIBDIR) \ ++ -lirs -ldns -lisccfg -lisc $(LDAP_LIBS) + + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) +diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am +index 9821081..de95872 100644 +--- a/server/tests/Makefile.am ++++ b/server/tests/Makefile.am +@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ + ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ + ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c + +-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ +- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ +- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ +- $(BINDLIBDIR)/libisc.a ++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ ++ $(top_builddir)/dhcpctl/libdhcpctl.la \ ++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc + + ATF_TESTS = + if HAVE_ATF +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch new file mode 100644 index 000000000..67bb4631a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch @@ -0,0 +1,81 @@ +From 37725f3e22edb50e0ca2d1fff971321a5a4d5112 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Wed, 12 Jul 2017 03:05:13 -0400 +Subject: [PATCH 11/11] Moved the call to isc_app_ctxstart() to not get signal + block by all threads + +Signed-off-by: Francis Dupont <fdupont@isc.org> + +In https://source.isc.org/git/bind9.git, since the following +commit applied: +... +commit b99bfa184bc9375421b5df915eea7dfac6a68a99 +Author: Evan Hunt <each@isc.org> +Date: Wed Apr 10 13:49:57 2013 -0700 + + [master] unify internal and export libraries + + 3550. [func] Unified the internal and export versions of the + BIND libraries, allowing external clients to use + the same libraries as BIND. [RT #33131] +... +(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c) + +In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS), +it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart. +Which caused dhclient/dhcpd could not be stopped by SIGTERM. + +It caused systemd's reboot hung which send SIGTERM by default. + +Upstream-Status: Backport [https://source.isc.org/git/dhcp.git] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + omapip/isclib.c | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +diff --git a/omapip/isclib.c b/omapip/isclib.c +index ce86490..6a04345 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -185,16 +185,6 @@ dhcp_context_create(int flags, + if (result != ISC_R_SUCCESS) + goto cleanup; + +- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); +- if (result != ISC_R_SUCCESS) +- return (result); +- dhcp_gbl_ctx.actx_started = ISC_TRUE; +- +- /* Not all OSs support suppressing SIGPIPE through socket +- * options, so set the sigal action to be ignore. This allows +- * broken connections to fail gracefully with EPIPE on writes */ +- handle_signal(SIGPIPE, SIG_IGN); +- + result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, + dhcp_gbl_ctx.actx, + 1, 0, +@@ -217,6 +207,21 @@ dhcp_context_create(int flags, + result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); + if (result != ISC_R_SUCCESS) + goto cleanup; ++ ++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ return (result); ++ dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ ++ /* Not all OSs support suppressing SIGPIPE through socket ++ * options, so set the sigal action to be ignore. This allows ++ * broken connections to fail gracefully with EPIPE on writes */ ++ handle_signal(SIGPIPE, SIG_IGN); ++ ++ /* Reset handlers installed by isc_app_ctxstart() ++ * to default for control-c and kill */ ++ handle_signal(SIGINT, SIG_DFL); ++ handle_signal(SIGTERM, SIG_DFL); + } + + #if defined (NSUPDATE) +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch new file mode 100644 index 000000000..2d3af9db0 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch @@ -0,0 +1,37 @@ +From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001 +From: Awais Belal <awais_belal@mentor.com> +Date: Wed, 25 Oct 2017 21:00:05 +0500 +Subject: [PATCH] dhcp: correct the intention for xml2 lib search + +A missing case breaks the build when libxml2 is +required and found appropriately. The third argument +to the function AC_SEARCH_LIB is action-if-found which +was mistakenly been used for the case where the library +is not found and hence breaks the configure phase +where it shoud actually pass. +We now pass on silently when action-if-found is +executed. + +Upstream-Status: Pending + +Signed-off-by: Awais Belal <awais_belal@mentor.com> +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index bfe988a..f0459e6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -608,7 +608,7 @@ AC_ARG_WITH(libxml2, + with_libxml2="$withval", with_libxml2="no") + + if test x$with_libxml2 != xno; then +- AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], ++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],, + [if test x$with_libxml2 != xauto; then + AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) + fi]) +-- +2.11.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch deleted file mode 100644 index 96095a5e0..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch +++ /dev/null @@ -1,70 +0,0 @@ -dhcp-client: fix invoke dhclient-script failed on Read-only file system - -In read-only file system, '/etc' is on the readonly partition, -and '/etc/resolv.conf' is symlinked to a separate writable -partition. - -In this situation, we should use shell variable to instead of -temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'. - -Upstream-Status: Pending -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 20 +++++++++----------- - 1 file changed, 9 insertions(+), 11 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -27,27 +27,25 @@ ip=/sbin/ip - - make_resolv_conf() { - if [ x"$new_domain_name_servers" != x ]; then -- cat /dev/null > /etc/resolv.conf.dhclient -- chmod 644 /etc/resolv.conf.dhclient -+ resolv_conf="" - if [ x"$new_domain_search" != x ]; then -- echo search $new_domain_search >> /etc/resolv.conf.dhclient -+ resolv_conf="search ${new_domain_search}\n" - elif [ x"$new_domain_name" != x ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. -- echo search $new_domain_name >> /etc/resolv.conf.dhclient -+ resolv_conf="search ${new_domain_name}\n" - fi - for nameserver in $new_domain_name_servers; do -- echo nameserver $nameserver >>/etc/resolv.conf.dhclient -+ resolv_conf="${resolv_conf}nameserver ${nameserver}\n" - done - -- mv /etc/resolv.conf.dhclient /etc/resolv.conf -+ echo -e "${resolv_conf}" > /etc/resolv.conf - elif [ "x${new_dhcp6_name_servers}" != x ] ; then -- cat /dev/null > /etc/resolv.conf.dhclient6 -- chmod 644 /etc/resolv.conf.dhclient6 -+ resolv_conf="" - - if [ "x${new_dhcp6_domain_search}" != x ] ; then -- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 -+ resolv_conf="search ${new_dhcp6_domain_search}\n" - fi - shopt -s nocasematch - for nameserver in ${new_dhcp6_name_servers} ; do -@@ -59,11 +57,11 @@ make_resolv_conf() { - else - zone_id= - fi -- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 -+ resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n" - done - shopt -u nocasematch - -- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf -+ echo -e "${resolv_conf}" > /etc/resolv.conf - fi - } - --- -2.8.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch deleted file mode 100644 index b4a666d10..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch +++ /dev/null @@ -1,86 +0,0 @@ -Upstream-Status: Inappropriate [distribution] - ---- client/scripts/bsdos -+++ client/scripts/bsdos -@@ -47,6 +47,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - ---- client/scripts/freebsd -+++ client/scripts/freebsd -@@ -57,6 +57,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - ---- client/scripts/linux -+++ client/scripts/linux -@@ -69,6 +69,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - ---- client/scripts/netbsd -+++ client/scripts/netbsd -@@ -47,6 +47,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - ---- client/scripts/openbsd -+++ client/scripts/openbsd -@@ -47,6 +47,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - ---- client/scripts/solaris -+++ client/scripts/solaris -@@ -47,6 +47,11 @@ - . /etc/dhcp/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch deleted file mode 100644 index 14356621c..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch +++ /dev/null @@ -1,38 +0,0 @@ -Add configure argument to make the libxml2 dependency explicit and -determinisitic. - -Upstream-Status: Pending - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> - -Rebase to 4.3.4 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 726c88e..1684df1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -718,7 +718,16 @@ AC_SUBST(BINDSRCDIR) - - # We need to find libxml2 if bind was built with support enabled - # otherwise we'll fail to build omapip/test.c --AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],) -+AC_ARG_WITH(libxml2, -+ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), -+ with_libxml2="$withval", with_libxml2="no") -+ -+if test x$with_libxml2 != xno; then -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], -+ [if test x$with_libxml2 != xauto; then -+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) -+ fi]) -+fi - - # OpenLDAP support. - AC_ARG_WITH(ldap, --- -2.8.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch deleted file mode 100644 index 997b9f6ba..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 8aed2a9ff09cb0d584ad0a7340fe3a596879d9b1 Mon Sep 17 00:00:00 2001 -From: Andre McCurdy <armccurdy@gmail.com> -Date: Thu, 21 Jul 2016 19:07:02 -0700 -Subject: [PATCH] remove dhclient-script bash dependency - -Take the dash compatible IPv6 link-local address test from the Debian -version of dhclient-script. - -Note that although "echo -e" in the OE version of dhclient-script is -technically bash specific too, it is supported by Busybox echo when -Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which -is the default in the OE Busybox defconfig) therefore leave as-is. - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> ---- - client/scripts/linux | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 232a0aa..1383f46 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - # dhclient-script for Linux. Dan Halbert, March, 1997. - # Updated for Linux 2.[12] by Brian J. Murrell, January 1999. - # No guarantees about this. I'm a novice at the details of Linux -@@ -47,11 +47,11 @@ make_resolv_conf() { - if [ "x${new_dhcp6_domain_search}" != x ] ; then - resolv_conf="search ${new_dhcp6_domain_search}\n" - fi -- shopt -s nocasematch - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a <zone_id> (interface name) to it. -- if [[ "$nameserver" =~ ^fe80:: ]] -+ if [ "${nameserver##fe80::}" != "$nameserver" ] || -+ [ "${nameserver##FE80::}" != "$nameserver" ] - then - zone_id="%$interface" - else -@@ -59,7 +59,6 @@ make_resolv_conf() { - fi - resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n" - done -- shopt -u nocasematch - - echo -e "${resolv_conf}" > /etc/resolv.conf - fi --- -1.9.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch deleted file mode 100644 index d84df5cd3..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch +++ /dev/null @@ -1,188 +0,0 @@ -Found this patch here: -https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html - -and made some adjustments/updates to make it work with this version. -Wasn't able to find that why this patch was not accepted by ISC DHCP developers. - -Upstream-Status: Pending - -Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> - -Rebase to 4.3.4 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 82 ++++++++++++++++++++++++++++------------------------ - 1 file changed, 45 insertions(+), 37 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index a02cfd9..232a0aa 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -101,17 +101,11 @@ fi - if [ x$old_broadcast_address != x ]; then - old_broadcast_arg="broadcast $old_broadcast_address" - fi --if [ x$new_subnet_mask != x ]; then -- new_subnet_arg="netmask $new_subnet_mask" -+if [ -n "$new_subnet_mask" ]; then -+ new_mask="/$new_subnet_mask" - fi --if [ x$old_subnet_mask != x ]; then -- old_subnet_arg="netmask $old_subnet_mask" --fi --if [ x$alias_subnet_mask != x ]; then -- alias_subnet_arg="netmask $alias_subnet_mask" --fi --if [ x$new_interface_mtu != x ]; then -- mtu_arg="mtu $new_interface_mtu" -+if [ -n "$alias_subnet_mask" ]; then -+ alias_mask="/$alias_subnet_mask" - fi - if [ x$IF_METRIC != x ]; then - metric_arg="metric $IF_METRIC" -@@ -125,9 +119,9 @@ fi - if [ x$reason = xPREINIT ]; then - if [ x$alias_ip_address != x ]; then - # Bring down alias interface. Its routes will disappear too. -- ifconfig $interface:0- inet 0 -+ ${ip} -4 addr flush dev ${interface} label ${interface}:0 - fi -- ifconfig $interface 0 up -+ ${ip} link set dev ${interface} up - - # We need to give the kernel some time to get the interface up. - sleep 1 -@@ -154,25 +148,30 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ - if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \ - [ x$alias_ip_address != x$old_ip_address ]; then - # Possible new alias. Remove old alias. -- ifconfig $interface:0- inet 0 -+ ${ip} -4 addr flush dev ${interface} label ${interface}:0 - fi - if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then - # IP address changed. Bringing down the interface will delete all routes, - # and clear the ARP cache. -- ifconfig $interface inet 0 down -+ ${ip} -4 addr flush dev ${interface} label ${interface} - - fi - if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \ - [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then - -- ifconfig $interface inet $new_ip_address $new_subnet_arg \ -- $new_broadcast_arg $mtu_arg -+ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \ -+ dev ${interface} label ${interface} -+ if [ -n "$new_interface_mtu" ]; then -+ # set MTU -+ ${ip} link set dev ${interface} mtu ${new_interface_mtu} -+ fi - # Add a network route to the computed network address. - for router in $new_routers; do - if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then -- route add -host $router dev $interface -+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 - fi -- route add default gw $router $metric_arg dev $interface -+ ${ip} -4 route add default via ${router} dev ${interface} \ -+ ${metric_arg} >/dev/null 2>&1 - done - else - # we haven't changed the address, have we changed other options -@@ -180,21 +179,23 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ - if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then - # if we've changed routers delete the old and add the new. - for router in $old_routers; do -- route del default gw $router -+ ${ip} -4 route delete default via ${router} - done - for router in $new_routers; do - if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then -- route add -host $router dev $interface -- fi -- route add default gw $router $metric_arg dev $interface -+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 -+ fi -+ ${ip} -4 route add default via ${router} dev ${interface} \ -+ ${metric_arg} >/dev/null 2>&1 - done - fi - fi - if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; - then -- ifconfig $interface:0- inet 0 -- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -- route add -host $alias_ip_address $interface:0 -+ ${ip} -4 addr flush dev ${interface} label ${interface}:0 -+ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \ -+ dev ${interface} label ${interface}:0 -+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 - fi - make_resolv_conf - exit_with_hooks 0 -@@ -204,42 +205,49 @@ if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \ - || [ x$reason = xSTOP ]; then - if [ x$alias_ip_address != x ]; then - # Turn off alias interface. -- ifconfig $interface:0- inet 0 -+ ${ip} -4 addr flush dev ${interface} label ${interface}:0 - fi - if [ x$old_ip_address != x ]; then - # Shut down interface, which will delete routes and clear arp cache. -- ifconfig $interface inet 0 down -+ ${ip} -4 addr flush dev ${interface} label ${interface} - fi - if [ x$alias_ip_address != x ]; then -- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -- route add -host $alias_ip_address $interface:0 -+ ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \ -+ dev ${interface} label ${interface}:0 -+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 - fi - exit_with_hooks 0 - fi - - if [ x$reason = xTIMEOUT ]; then - if [ x$alias_ip_address != x ]; then -- ifconfig $interface:0- inet 0 -+ ${ip} -4 addr flush dev ${interface} label ${interface}:0 -+ fi -+ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \ -+ dev ${interface} label ${interface} -+ if [ -n "$new_interface_mtu" ]; then -+ # set MTU -+ ip link set dev ${interface} mtu ${new_interface_mtu} - fi -- ifconfig $interface inet $new_ip_address $new_subnet_arg \ -- $new_broadcast_arg $mtu_arg - set $new_routers - if ping -q -c 1 $1; then - if [ x$new_ip_address != x$alias_ip_address ] && \ - [ x$alias_ip_address != x ]; then -- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg -- route add -host $alias_ip_address dev $interface:0 -+ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \ -+ dev ${interface} label ${interface}:0 -+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 - fi - for router in $new_routers; do - if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then -- route add -host $router dev $interface -+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 - fi -- route add default gw $router $metric_arg dev $interface -+ ${ip} -4 route add default via ${router} dev ${interface} \ -+ ${metric_arg} >/dev/null 2>&1 - done - make_resolv_conf - exit_with_hooks 0 - fi -- ifconfig $interface inet 0 down -+ ${ip} -4 addr flush dev ${interface} - exit_with_hooks 1 - fi - --- -2.8.1 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch deleted file mode 100644 index a08a5b725..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch +++ /dev/null @@ -1,23 +0,0 @@ -libdns requires libxml2 if bind was built with libxml2 support -enabled. Compilation will fail for omapip/test.c in case -lxml2 isn't used during the build. So, we add losely coupled -search path which will pick up the lib if it is present. - -Signed-off-by: Awais Belal <awais_belal@mentor.com> -Upstream-Status: Pending - -diff --git a/configure.ac b/configure.ac -index c9dc8b5..85f59be 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -602,6 +602,10 @@ no) - esac - AC_SUBST([libbind]) - -+# We need to find libxml2 if bind was built with support enabled -+# otherwise we'll fail to build omapip/test.c -+AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],) -+ - # OpenLDAP support. - AC_ARG_WITH(ldap, - AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]), diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb deleted file mode 100644 index 678c29a28..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb +++ /dev/null @@ -1,18 +0,0 @@ -require dhcp.inc - -SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \ - file://link-with-lcrypto.patch \ - file://fixsepbuild.patch \ - file://dhclient-script-drop-resolv.conf.dhclient.patch \ - file://replace-ifconfig-route.patch \ - file://0001-site.h-enable-gentle-shutdown.patch \ - file://libxml2-configure-argument.patch \ - file://tweak-to-support-external-bind.patch \ - file://remove-dhclient-script-bash-dependency.patch \ - " - -SRC_URI[md5sum] = "2b5e5b2fa31c2e27e487039d86f83d3f" -SRC_URI[sha256sum] = "eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb new file mode 100644 index 000000000..6615ae255 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb @@ -0,0 +1,21 @@ +require dhcp.inc + +SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ + file://0002-dhclient-dbus.patch \ + file://0003-link-with-lcrypto.patch \ + file://0004-Fix-out-of-tree-builds.patch \ + file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ + file://0006-site.h-enable-gentle-shutdown.patch \ + file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ + file://0008-tweak-to-support-external-bind.patch \ + file://0009-remove-dhclient-script-bash-dependency.patch \ + file://0010-build-shared-libs.patch \ + file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \ + file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ + " + +SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc" +SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b" + +PACKAGECONFIG ?= "" +PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper new file mode 100644 index 000000000..7d0e224a1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper @@ -0,0 +1,39 @@ +#!/bin/sh + +# In case the interface is used for nfs, skip it. +nfsroot=0 +interfaces="" +exec 9<&0 < /proc/mounts +while read dev mtpt fstype rest; do + if test $mtpt = "/" ; then + case $fstype in + nfs | nfs4) + nfsroot=1 + nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'` + break + ;; + *) + ;; + esac + fi +done +exec 0<&9 9<&- + +if [ $nfsroot -eq 0 ]; then + interfaces="$INTERFACES" +else + if [ -x /bin/ip -o -x /sbin/ip ] ; then + nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'` + fi + for i in $INTERFACES; do + if test "x$i" = "x$nfs_iface"; then + echo "dhclient skipping nfsroot interface $i" + else + interfaces="$interfaces $i" + fi + done +fi + +if test "x$interfaces" != "x"; then + /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces +fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service new file mode 100644 index 000000000..9ddb4d1df --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service @@ -0,0 +1,13 @@ +[Unit] +Description=Dynamic Host Configuration Protocol (DHCP) +Wants=network.target +Before=network.target +After=systemd-udevd.service + +[Service] +EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client +ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc index ce64888a0..a578eb3af 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -13,7 +13,10 @@ DEPENDS = "flex-native bison-native iptables elfutils" inherit update-alternatives bash-completion pkgconfig -EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" +PACKAGECONFIG ??= "tipc" +PACKAGECONFIG[tipc] = ",,libmnl," + +EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" do_configure_append () { sh configure ${STAGING_INCDIR} @@ -32,7 +35,7 @@ do_install () { # The .so files in iproute2-tc are modules, not traditional libraries INSANE_SKIP_${PN}-tc = "dev-so" -PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss" +PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}" FILES_${PN}-tc = "${base_sbindir}/tc* \ ${libdir}/tc/*.so" FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat" @@ -41,6 +44,7 @@ FILES_${PN}-genl = "${base_sbindir}/genl" FILES_${PN}-rtacct = "${base_sbindir}/rtacct" FILES_${PN}-nstat = "${base_sbindir}/nstat" FILES_${PN}-ss = "${base_sbindir}/ss" +FILES_${PN}-tipc = "${base_sbindir}/tipc" ALTERNATIVE_${PN} = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch new file mode 100644 index 000000000..eb0c0abba --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch @@ -0,0 +1,32 @@ +From 3c885d87befc706bb923933b9819de6fe2de897e Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 20 May 2017 14:03:19 -0700 +Subject: [PATCH] include stdint.h explicitly for UINT16_MAX) + +Fixes +| tc_core.c:190:29: error: 'UINT16_MAX' undeclared (first use in this function); did you mean '__INT16_MAX__'? +| if ((sz >> s->size_log) > UINT16_MAX) { +| ^~~~~~~~~~ + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + tc/tc_core.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tc/tc_core.c b/tc/tc_core.c +index 7bbe0d7..821b741 100644 +--- a/tc/tc_core.c ++++ b/tc/tc_core.c +@@ -12,6 +12,7 @@ + + #include <stdio.h> + #include <stdlib.h> ++#include <stdint.h> + #include <unistd.h> + #include <syslog.h> + #include <fcntl.h> +-- +2.13.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch new file mode 100644 index 000000000..a9f8db694 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch @@ -0,0 +1,30 @@ +From f58fc99c88a54135e55a6e0956ce8ae71078d1cc Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae <changhyeok.bae@gmail.com> +Date: Mon, 12 Jun 2017 04:29:07 +0000 +Subject: [PATCH] ip: Remove unneed header + +Fix redefinition of struct ethhdr with a suitably patched musl libc +that suppresses the kernel if_ether.h. + +Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> + +Upstream-Status: Submitted [netdev@vger.kernel.org] +--- + ip/iplink_bridge.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c +index 818b43c..f065b22 100644 +--- a/ip/iplink_bridge.c ++++ b/ip/iplink_bridge.c +@@ -15,7 +15,6 @@ + #include <netinet/in.h> + #include <linux/if_link.h> + #include <linux/if_bridge.h> +-#include <netinet/ether.h> + #include <net/if.h> + + #include "rt_names.h" +-- +2.7.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.10.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.11.0.bb index a050e8737..dbd054543 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.10.0.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.11.0.bb @@ -4,10 +4,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://configure-cross.patch \ file://0001-iproute2-de-bash-scripts.patch \ file://0001-libc-compat.h-add-musl-workaround.patch \ + file://0001-include-stdint.h-explicitly-for-UINT16_MAX.patch \ + file://0001-ip-Remove-unneed-header.patch \ " -SRC_URI[md5sum] = "b94a2b0edefaeac124dc8f5d006931b9" -SRC_URI[sha256sum] = "22b1e1c1fc704ad35837e5a66103739727b8b48ac90b48c13f79b7367ff0a9a8" +SRC_URI[md5sum] = "7a9498de88bcca95c305df6108ae197e" +SRC_URI[sha256sum] = "72671028bda696d0cb8f48ec8e702581c3a501caeed33eec3a81d7041cbc8026" # CFLAGS are computed in Makefile and reference CCOPTS # diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc index 663577924..e57ea87b3 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc @@ -38,3 +38,5 @@ CXXFLAGS_prepend = "-I${S} " do_configure_prepend () { sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in } + +BBCLASSEXTEND = "native" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index bd488eb08..dbc578e2d 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -1,9 +1,10 @@ SUMMARY = "Mobile Broadband Service Provider Database" +HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "519465766fabc85b9fdea5f2b5ee3d08c2b1f70d" -PV = "20151214" +SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" +PV = "20170310" PE = "1" SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch new file mode 100644 index 000000000..235a2c76f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch @@ -0,0 +1,27 @@ +From 36b48057bce76dced335d67a2894a420967811c9 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 20 May 2017 14:07:53 -0700 +Subject: [PATCH] include stdint.h for UINT16_MAX definition + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + support/nsm/rpc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/support/nsm/rpc.c b/support/nsm/rpc.c +index 4e5f40e..d91c6ea 100644 +--- a/support/nsm/rpc.c ++++ b/support/nsm/rpc.c +@@ -40,6 +40,7 @@ + + #include <time.h> + #include <stdbool.h> ++#include <stdint.h> + #include <string.h> + #include <unistd.h> + #include <fcntl.h> +-- +2.13.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.4.bb b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb index 4ca9ab2a3..d917c4d71 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.4.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb @@ -31,10 +31,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ file://nfs-utils-debianize-start-statd.patch \ file://bugfix-adjust-statd-service-name.patch \ + file://0001-include-stdint.h-for-UINT16_MAX-definition.patch \ " -SRC_URI[md5sum] = "54e4119043ec8507a2a0e054cf2889a4" -SRC_URI[sha256sum] = "b42a5bc0a8d80d04650030ceb9a11f08f4acfbcb1ee297f657fb94e339c45975" +SRC_URI[md5sum] = "59dfcb2e6254b129f901f40c86086b13" +SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb deleted file mode 100644 index adebd71c3..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb +++ /dev/null @@ -1,10 +0,0 @@ -require ofono.inc - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://ofono \ -" -SRC_URI[md5sum] = "a5f8803ace110511b6ff5a2b39782e8b" -SRC_URI[sha256sum] = "a0e09bdd8b53b8d2e4b54f1863ecd9aebe4786477a6cbf8f655496e8edb31c81" - -CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb new file mode 100644 index 000000000..18f983e85 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb @@ -0,0 +1,8 @@ +require ofono.inc + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://ofono \ +" +SRC_URI[md5sum] = "fad0630fce6a9aecdb7db37bc1f1db7d" +SRC_URI[sha256sum] = "5d7ba8f481a7715d013a79f8d6477eb89d8aaae399395d5d008a1317c34a31d5" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb deleted file mode 100644 index beafb775c..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb +++ /dev/null @@ -1,14 +0,0 @@ -require ofono.inc - -S = "${WORKDIR}/git" -SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514" -PV = "0.12-git${SRCPV}" -PR = "r5" - -SRC_URI = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \ - file://ofono" - -do_configure_prepend () { - ${S}/bootstrap -} - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch new file mode 100644 index 000000000..ce9e200d7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch @@ -0,0 +1,33 @@ +From a7e359d4ba345aa2a13c07f1057184e9b4e598a2 Mon Sep 17 00:00:00 2001 +From: sweeaun <swee.aun.khor@intel.com> +Date: Tue, 22 Aug 2017 11:19:48 -0700 +Subject: [PATCH] openssh: Fix syntax error on x32 + +Upstream-Status: Backport +This bug has been fixed in v_7.5 branch https://github.com/openssh/ +openssh-portable/tree/V_7_5 and master branch https://github.com/ +openssh/openssh-portable/tree/master. + +Fix compilation error during openssh x32 build due to syntax error. + +Signed-off-by: sweeaun <swee.aun.khor@intel.com> +--- + sandbox-seccomp-filter.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 3a1aedc..a8d472a 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = { + * x86-64 syscall under some circumstances, e.g. + * https://bugs.debian.org/849923 + */ +- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); ++ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT), + #endif + + /* Default deny */ +-- +2.7.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch index df64a140d..7e043a2db 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch @@ -8,7 +8,7 @@ type, so that 's - src' in strlcpy and others may trigger signed overflow. In case of compilation by gcc or clang with -ftrapv option, the overflow would lead to program abort. -Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] +Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> --- diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index f5bba53ca..5463b1a4c 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -1,5 +1,35 @@ #! /bin/sh +generate_key() { + local FILE=$1 + local TYPE=$2 + local DIR="$(dirname "$FILE")" + + mkdir -p "$DIR" + ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE + + # Atomically rename file public key + mv -f "${FILE}.tmp.pub" "${FILE}.pub" + + # This sync does double duty: Ensuring that the data in the temporary + # private key file is on disk before the rename, and ensuring that the + # public key rename is completed before the private key rename, since we + # switch on the existence of the private key to trigger key generation. + # This does mean it is possible for the public key to exist, but be garbage + # but this is OK because in that case the private key won't exist and the + # keys will be regenerated. + # + # In the event that sync understands arguments that limit what it tries to + # fsync(), we provided them. If it does not, it will simply call sync() + # which is just as well + sync "${FILE}.pub" "$DIR" "${FILE}.tmp" + + mv "${FILE}.tmp" "$FILE" + + # sync to ensure the atomic rename is committed + sync "$DIR" +} + # /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS if test -f /etc/default/ssh; then . /etc/default/ssh @@ -43,22 +73,18 @@ HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | a # create keys if necessary if [ ! -f $HOST_KEY_RSA ]; then echo " generating ssh RSA key..." - mkdir -p $(dirname $HOST_KEY_RSA) - ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa + generate_key $HOST_KEY_RSA rsa fi if [ ! -f $HOST_KEY_ECDSA ]; then echo " generating ssh ECDSA key..." - mkdir -p $(dirname $HOST_KEY_ECDSA) - ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa + generate_key $HOST_KEY_ECDSA ecdsa fi if [ ! -f $HOST_KEY_DSA ]; then echo " generating ssh DSA key..." - mkdir -p $(dirname $HOST_KEY_DSA) - ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa + generate_key $HOST_KEY_DSA dsa fi if [ ! -f $HOST_KEY_ED25519 ]; then echo " generating ssh ED25519 key..." - mkdir -p $(dirname $HOST_KEY_ED25519) - ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519 + generate_key $HOST_KEY_ED25519 ed25519 fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config index d48bd2b98..31fe5d924 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -107,7 +107,6 @@ ChallengeResponseAuthentication no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no Compression no ClientAliveInterval 15 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.4p1.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.5p1.bb index e501eadd6..86ca6ff37 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.4p1.bb +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.5p1.bb @@ -8,7 +8,8 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" -DEPENDS = "zlib openssl" +# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 +DEPENDS = "zlib openssl10" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ @@ -25,13 +26,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \ file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://0001-openssh-Fix-syntax-error-on-x32.patch \ file://sshd_check_keys \ " PAM_SRC_URI = "file://sshd" -SRC_URI[md5sum] = "b2db2a83caf66a208bb78d6d287cdaa3" -SRC_URI[sha256sum] = "1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1" +SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23" +SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0" inherit useradd update-rc.d update-alternatives systemd @@ -70,12 +72,6 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" # We don't want to depend on libblockfile CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" -# This is a workaround for uclibc because including stdio.h -# pulls in pthreads.h and causes conflicts in function prototypes. -# This results in compilation failure, so unless this is fixed, -# disable pam for uclibc. -EXTRA_OECONF_append_libc-uclibc=" --without-pam" - do_configure_prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch index a24918000..557434fcb 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch @@ -1,3 +1,6 @@ + +Upstream-Status: Inappropriate + Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure =================================================================== --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch index 2270962a6..2270962a6 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch new file mode 100644 index 000000000..dd1a9b1dd --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch @@ -0,0 +1,46 @@ +From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001 +From: Randy MacLeod <Randy.MacLeod@windriver.com> +Date: Tue, 20 Jun 2017 15:32:08 -0400 +Subject: [PATCH] openssl: Force soft link to avoid rare race + +This patch works around a rare parallel build race condition. +The error seen is: + +ln: failed to create symbolic link 'libssl.so': File exists +make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 +make[4]: Leaving directory +'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' + +The openssl team is rewriting their build files so it's not +appropriate for openssl upstream and fixing the root cause of +the Makefile race condition was also not pursued. + +Upstream-Status: Inappropriate [build rules rewrite in progress] +Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> +--- + Makefile.shared | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.shared b/Makefile.shared +index e8d222a..1bff92f 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -118,14 +118,14 @@ + if [ -n "$$SHLIB_COMPAT" ]; then \ + for x in $$SHLIB_COMPAT; do \ + ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ +- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ ++ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ + prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ +- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ ++ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ + fi + +-- +2.9.3 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch index 249446a5b..2122fa1fb 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch @@ -1,15 +1,28 @@ +From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001 +From: Anders Roxell <anders.roxell@enea.com> +Date: Thu, 24 Apr 2014 19:28:25 +0200 +Subject: [PATCH 19/28] openssl: enable ptest support + Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests cross-compiled. Signed-off-by: Anders Roxell <anders.roxell@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Upstream-Status: Pending + --- -Index: openssl-1.0.2/Makefile.org -=================================================================== ---- openssl-1.0.2.orig/Makefile.org -+++ openssl-1.0.2/Makefile.org -@@ -451,8 +451,16 @@ rehash.time: certs apps + Makefile.org | 10 +- + Makefile.org.orig | 7 +- + test/Makefile | 13 +- + test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 1009 insertions(+), 8 deletions(-) + create mode 100644 test/Makefile.orig + +diff --git a/Makefile.org b/Makefile.org +index 111fbba..8e7936c 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -468,8 +468,16 @@ rehash.time: certs apps test: tests tests: rehash @@ -27,11 +40,11 @@ Index: openssl-1.0.2/Makefile.org OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a report: -Index: openssl-1.0.2/test/Makefile -=================================================================== ---- openssl-1.0.2.orig/test/Makefile -+++ openssl-1.0.2/test/Makefile -@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) +diff --git a/test/Makefile b/test/Makefile +index a1f7eeb..b2984c4 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -150,7 +150,7 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) @@ -40,9 +53,9 @@ Index: openssl-1.0.2/test/Makefile test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 test_wp \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ -@@ -148,6 +148,11 @@ alltests: \ - test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time +@@ -162,6 +162,11 @@ alltests: \ + test_constant_time test_verify_extra test_clienthello test_sslv2conftest \ + test_dtls test_bad_dtls test_fatalerr +alltests: + @(for i in $(all-tests); do \ @@ -52,7 +65,7 @@ Index: openssl-1.0.2/test/Makefile test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt -@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 +@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe echo test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null @@ -61,7 +74,7 @@ Index: openssl-1.0.2/test/Makefile @sh ./trsa 2>/dev/null ../util/shlib_wrap.sh ./$(RSATEST) -@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test +@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh sh ./testtsa; \ fi @@ -75,3 +88,6 @@ Index: openssl-1.0.2/test/Makefile @echo "Test JPAKE" ../util/shlib_wrap.sh ./$(JPAKETEST) +-- +2.15.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch index 58c9ee784..58c9ee784 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch index 613dc7b71..f357b3f59 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch @@ -16,10 +16,8 @@ Index: openssl-1.0.2a/Configure "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below -@@ -504,6 +504,8 @@ my %table=( +@@ -504,4 +504,6 @@ my %table=( "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch index 691e74afb..1e0158972 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch @@ -11,7 +11,7 @@ Index: openssl-1.0.2a/Configure =================================================================== --- openssl-1.0.2a.orig/Configure +++ openssl-1.0.2a/Configure -@@ -443,6 +443,23 @@ my %table=( +@@ -443,6 +443,21 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", @@ -21,8 +21,6 @@ Index: openssl-1.0.2a/Configure +"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch index 68e54d561..68e54d561 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch index fb745e439..fb745e439 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch index 39d432818..39d432818 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch index 4085e3b1d..4085e3b1d 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch index 21c1d1a4e..21c1d1a4e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch index 1ccb3b86e..1ccb3b86e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch index cc4408ab7..cc4408ab7 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch index bfda3888b..bfda3888b 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch index c43bcd1c7..c43bcd1c7 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch index d81e22cd8..d81e22cd8 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch index f9cdfec87..09dd9eaf8 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch @@ -1,3 +1,5 @@ +Upstream-Status: Inappropriate + Index: openssl-1.0.2d/crypto/opensslv.h =================================================================== --- openssl-1.0.2d.orig/crypto/opensslv.h diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch index 29f11a288..e404ee331 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch @@ -1,3 +1,5 @@ +Upstream-Status: Inappropriate + Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure =================================================================== --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch index a5746483e..a5746483e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl index 8e1b42c88..8e1b42c88 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch index 292e13dc5..292e13dc5 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch index 1e5bfa17d..1e5bfa17d 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh new file mode 100644 index 000000000..6620fdcb5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh @@ -0,0 +1,222 @@ +#!/bin/sh +# +# Ben Secrest <blsecres@gmail.com> +# +# sh c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. +# +# based on the c_rehash perl script distributed with openssl +# +# LICENSE: See OpenSSL license +# ^^acceptable?^^ +# + +# default certificate location +DIR=/etc/openssl + +# for filetype bitfield +IS_CERT=$(( 1 << 0 )) +IS_CRL=$(( 1 << 1 )) + + +# check to see if a file is a certificate file or a CRL file +# arguments: +# 1. the filename to be scanned +# returns: +# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} +# +check_file() +{ + local IS_TYPE=0 + + # make IFS a newline so we can process grep output line by line + local OLDIFS=${IFS} + IFS=$( printf "\n" ) + + # XXX: could be more efficient to have two 'grep -m' but is -m portable? + for LINE in $( grep '^-----BEGIN .*-----' ${1} ) + do + if echo ${LINE} \ + | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) + + if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] + then + break + fi + elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) + + if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] + then + break + fi + fi + done + + # restore IFS + IFS=${OLDIFS} + + return ${IS_TYPE} +} + + +# +# use openssl to fingerprint a file +# arguments: +# 1. the filename to fingerprint +# 2. the method to use (x509, crl) +# returns: +# none +# assumptions: +# user will capture output from last stage of pipeline +# +fingerprint() +{ + ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' +} + + +# +# link_hash - create links to certificate files +# arguments: +# 1. the filename to create a link for +# 2. the type of certificate being linked (x509, crl) +# returns: +# 0 on success, 1 otherwise +# +link_hash() +{ + local FINGERPRINT=$( fingerprint ${1} ${2} ) + local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) + local SUFFIX=0 + local LINKFILE='' + local TAG='' + + if [ ${2} = "crl" ] + then + TAG='r' + fi + + LINKFILE=${HASH}.${TAG}${SUFFIX} + + while [ -f ${LINKFILE} ] + do + if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] + then + echo "NOTE: Skipping duplicate file ${1}" >&2 + return 1 + fi + + SUFFIX=$(( ${SUFFIX} + 1 )) + LINKFILE=${HASH}.${TAG}${SUFFIX} + done + + echo "${3} => ${LINKFILE}" + + # assume any system with a POSIX shell will either support symlinks or + # do something to handle this gracefully + ln -s ${3} ${LINKFILE} + + return 0 +} + + +# hash_dir create hash links in a given directory +hash_dir() +{ + echo "Doing ${1}" + + cd ${1} + + ls -1 * 2>/dev/null | while read FILE + do + if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ + && [ -h "${FILE}" ] + then + rm ${FILE} + fi + done + + ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE + do + REAL_FILE=${FILE} + # if we run on build host then get to the real files in rootfs + if [ -n "${SYSROOT}" -a -h ${FILE} ] + then + FILE=$( readlink ${FILE} ) + # check the symlink is absolute (or dangling in other word) + if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] + then + REAL_FILE=${SYSROOT}/${FILE} + fi + fi + + check_file ${REAL_FILE} + local FILE_TYPE=${?} + local TYPE_STR='' + + if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] + then + TYPE_STR='x509' + elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] + then + TYPE_STR='crl' + else + echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 + continue + fi + + link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} + done +} + + +# choose the name of an ssl application +if [ -n "${OPENSSL}" ] +then + SSL_CMD=$(which ${OPENSSL} 2>/dev/null) +else + SSL_CMD=/usr/bin/openssl + OPENSSL=${SSL_CMD} + export OPENSSL +fi + +# fix paths +PATH=${PATH}:${DIR}/bin +export PATH + +# confirm existance/executability of ssl command +if ! [ -x ${SSL_CMD} ] +then + echo "${0}: rehashing skipped ('openssl' program not available)" >&2 + exit 0 +fi + +# determine which directories to process +old_IFS=$IFS +if [ ${#} -gt 0 ] +then + IFS=':' + DIRLIST=${*} +elif [ -n "${SSL_CERT_DIR}" ] +then + DIRLIST=$SSL_CERT_DIR +else + DIRLIST=${DIR}/certs +fi + +IFS=':' + +# process directories +for CERT_DIR in ${DIRLIST} +do + if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] + then + IFS=$old_IFS + hash_dir ${CERT_DIR} + IFS=':' + fi +done diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch index de49729e5..de49729e5 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch index 065b9b122..065b9b122 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch index 0f08a642f..0f08a642f 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch index f3f4c9988..e5413bf38 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch @@ -1,4 +1,7 @@ -Fix the parallel races in the Makefiles. +From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Sat, 5 Mar 2016 00:12:02 +0000 +Subject: [PATCH 24/28] Fix the parallel races in the Makefiles. This patch was taken from the Gentoo packaging: https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch @@ -9,9 +12,82 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> Refreshed for 1.0.2i Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- openssl-1.0.2g/crypto/Makefile -+++ openssl-1.0.2g/crypto/Makefile -@@ -85,11 +85,11 @@ +--- + Makefile.org | 14 +- + Makefile.org.orig | 10 +- + Makefile.shared | 2 + + Makefile.shared.orig | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++ + crypto/Makefile | 10 +- + engines/Makefile | 6 +- + engines/Makefile.orig | 338 ++++++++++++++++++++++++++ + test/Makefile | 92 +++---- + test/Makefile.orig | 88 ++++--- + 9 files changed, 1108 insertions(+), 107 deletions(-) + create mode 100644 Makefile.shared.orig + create mode 100644 engines/Makefile.orig + +diff --git a/Makefile.org b/Makefile.org +index 8e7936c..ed98d2a 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -565,7 +565,7 @@ install_sw: + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +diff --git a/Makefile.shared b/Makefile.shared +index f6f92e7..8164186 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ + SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ SYMLINK_SO= \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +diff --git a/crypto/Makefile b/crypto/Makefile +index 17a87f8..29c2dcf 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ testapps: @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: @@ -25,7 +101,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ +@@ -100,7 +100,7 @@ links: # lib: $(LIB): are splitted to avoid end-less loop lib: $(LIB) @touch lib @@ -34,7 +110,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> $(AR) $(LIB) $(LIBOBJ) test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ +@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs fi libs: @@ -43,7 +119,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ +@@ -120,7 +120,7 @@ install: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; @@ -52,9 +128,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> lint: @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.2g/engines/Makefile -+++ openssl-1.0.2g/engines/Makefile -@@ -72,7 +72,7 @@ +diff --git a/engines/Makefile b/engines/Makefile +index fe8e9ca..a43d21b 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ top: all: lib subdirs @@ -63,7 +141,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ +@@ -89,7 +89,7 @@ lib: $(LIBOBJ) subdirs: echo $(EDIRS) @@ -72,8 +150,8 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ +@@ -128,7 +128,7 @@ install: + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ done; \ fi - @target=install; $(RECURSIVE_MAKE) @@ -81,62 +159,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> tags: ctags $(SRC) ---- openssl-1.0.2g/Makefile.org -+++ openssl-1.0.2g/Makefile.org -@@ -279,17 +279,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -544,7 +544,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ ---- openssl-1.0.2g/Makefile.shared -+++ openssl-1.0.2g/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.2g/test/Makefile -+++ openssl-1.0.2g/test/Makefile -@@ -144,7 +144,7 @@ +diff --git a/test/Makefile b/test/Makefile +index 40abd60..78d3788 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -145,7 +145,7 @@ install: tags: ctags $(SRC) @@ -145,7 +172,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -438,136 +438,136 @@ +@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -316,6 +343,9 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - @target=$(BADDTLSTEST) $(BUILD_CMD) + +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) + @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -326,7 +356,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -580,6 +580,6 @@ +@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) @@ -334,4 +364,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> + +@target=dummytest; $(BUILD_CMD) # DO NOT DELETE THIS LINE -- make depend depends on it. -
\ No newline at end of file + +-- +2.15.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch index ef6d17934..ef6d17934 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch index 4202e61d1..4202e61d1 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest new file mode 100755 index 000000000..3b20fce1e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +make -k runtest diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch index a7ca0a307..a7ca0a307 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch new file mode 100644 index 000000000..736bb39ac --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch @@ -0,0 +1,49 @@ +From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 7 Apr 2017 18:01:52 +0300 +Subject: [PATCH] Remove test that requires running as non-root + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + test/recipes/40-test_rehash.t | 17 +---------------- + 1 file changed, 1 insertion(+), 16 deletions(-) + +diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t +index f902c23..c7567c1 100644 +--- a/test/recipes/40-test_rehash.t ++++ b/test/recipes/40-test_rehash.t +@@ -23,7 +23,7 @@ setup("test_rehash"); + plan skip_all => "test_rehash is not available on this platform" + unless run(app(["openssl", "rehash", "-help"])); + +-plan tests => 5; ++plan tests => 3; + + indir "rehash.$$" => sub { + prepare(); +@@ -42,21 +42,6 @@ indir "rehash.$$" => sub { + 'Testing rehash operations on empty directory'); + }, create => 1, cleanup => 1; + +-indir "rehash.$$" => sub { +- prepare(); +- chmod 0500, curdir(); +- SKIP: { +- if (!ok(!open(FOO, ">unwritable.txt"), +- "Testing that we aren't running as a privileged user, such as root")) { +- close FOO; +- skip "It's pointless to run the next test as root", 1; +- } +- isnt(run(app(["openssl", "rehash", curdir()])), 1, +- 'Testing rehash operations on readonly directory'); +- } +- chmod 0700, curdir(); # make it writable again, so cleanup works +-}, create => 1, cleanup => 1; +- + sub prepare { + my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); + my @destfiles = (); +-- +2.11.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch new file mode 100644 index 000000000..6ce4e47d7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch @@ -0,0 +1,43 @@ +From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 28 Mar 2017 16:40:12 +0300 +Subject: [PATCH] Take linking flags from LDFLAGS env var + +This fixes "No GNU_HASH in the elf binary" issues. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + Configurations/unix-Makefile.tmpl | 2 +- + Configure | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index c029817..43b769b 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -} + CC= $(CROSS_COMPILE){- $target{cc} -} + CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} + CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} +-LDFLAGS= {- $target{lflags} -} ++LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} + PLIB_LDFLAGS= {- $target{plib_lflags} -} + EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} + LIB_CFLAGS={- $target{shared_cflag} || "" -} +diff --git a/Configure b/Configure +index aee7cc3..274d236 100755 +--- a/Configure ++++ b/Configure +@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file}; + $config{defines} = []; + $config{cflags} = ""; + $config{ex_libs} = ""; +-$config{shared_ldflag} = ""; ++$config{shared_ldflag} = $ENV{'LDFLAGS'}; + + # Make sure build_scheme is consistent. + $target{build_scheme} = [ $target{build_scheme} ] +-- +2.11.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch new file mode 100644 index 000000000..bb0a1689e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch @@ -0,0 +1,88 @@ +From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Fri, 3 Nov 2017 23:30:01 +0100 +Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with + binutils-2.29. + +It's not clear if it's a feature or bug, but binutils-2.29[.1] +interprets 'adr' instruction with Thumb2 code reference differently, +in a way that affects calculation of addresses of constants' tables. + +Upstream-Status: Backport + +Reviewed-by: Tim Hudson <tjh@openssl.org> +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +Signed-off-by: Stefan Agner <stefan.agner@toradex.com> +(Merged from https://github.com/openssl/openssl/pull/4669) + +(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda) +--- + crypto/aes/asm/aes-armv4.pl | 6 +++--- + crypto/aes/asm/bsaes-armv7.pl | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl +index 16d79aae53..c6474b8aad 100644 +--- a/crypto/aes/asm/aes-armv4.pl ++++ b/crypto/aes/asm/aes-armv4.pl +@@ -200,7 +200,7 @@ AES_encrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_encrypt + #else +- adr r3,AES_encrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_set_encrypt_key + #else +- adr r3,AES_set_encrypt_key ++ adr r3,. + #endif + teq r0,#0 + #ifdef __thumb2__ +@@ -976,7 +976,7 @@ AES_decrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_decrypt + #else +- adr r3,AES_decrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl +index 9f288660ef..a27bb4a179 100644 +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -744,7 +744,7 @@ $code.=<<___; + .type _bsaes_decrypt8,%function + .align 4 + _bsaes_decrypt8: +- adr $const,_bsaes_decrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0ISR +@@ -843,7 +843,7 @@ _bsaes_const: + .type _bsaes_encrypt8,%function + .align 4 + _bsaes_encrypt8: +- adr $const,_bsaes_encrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0SR +@@ -951,7 +951,7 @@ $code.=<<___; + .type _bsaes_key_convert,%function + .align 4 + _bsaes_key_convert: +- adr $const,_bsaes_key_convert ++ adr $const,. + vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key + #ifdef __APPLE__ + adr $const,.LM0 +-- +2.15.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch deleted file mode 100644 index 2a318a458..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch +++ /dev/null @@ -1,21 +0,0 @@ -Upstream-Status: Submitted - -This patch adds the fix for one of the ciphers used in openssl, namely -the cipher des-ede3-cfb1. Complete bug log and patch is present here: -http://rt.openssl.org/Ticket/Display.html?id=2867 - -Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> - -Index: openssl-1.0.2/crypto/evp/e_des3.c -=================================================================== ---- openssl-1.0.2.orig/crypto/evp/e_des3.c -+++ openssl-1.0.2/crypto/evp/e_des3.c -@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH - size_t n; - unsigned char c[1], d[1]; - -- for (n = 0; n < inl; ++n) { -+ for (n = 0; n * 8 < inl; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch deleted file mode 100644 index f736e5c09..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ /dev/null @@ -1,23 +0,0 @@ -openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() - -We should avoid accessing the type pointer if it's NULL, -this could happen if ctx->digest is not NULL. - -Upstream-Status: Submitted -http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html - -Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> ---- -Index: openssl-1.0.2h/crypto/evp/digest.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/digest.c -+++ openssl-1.0.2h/crypto/evp/digest.c -@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - type = ctx->digest; - } - #endif -- if (ctx->digest != type) { -+ if (type && (ctx->digest != type)) { - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_free(ctx->md_data); - ctx->md_data = NULL; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest index 3b20fce1e..65c6cc7b8 100755..100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -1,2 +1,4 @@ #!/bin/sh -make -k runtest +cd test +OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl +cd .. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc index 8f2a797b8..23f97d76b 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc @@ -11,11 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" DEPENDS = "makedepend-native hostperl-runtime-native" DEPENDS_append_class-target = " openssl-native" +PROVIDES += "openssl10" + SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ " S = "${WORKDIR}/openssl-${PV}" +PACKAGECONFIG ?= "cryptodev-linux" PACKAGECONFIG[perl] = ",,," +PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" TERMIO_libc-musl = "-DTERMIOS" TERMIO ?= "-DTERMIO" @@ -37,8 +41,6 @@ FILES_${PN} =+ " ${libdir}/ssl/*" FILES_${PN}-misc = "${libdir}/ssl/misc" RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" -PROVIDES += "openssl10" - # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto # package RRECOMMENDS on this package. This will enable the configuration # file to be installed for both the base openssl package and the libcrypto @@ -64,12 +66,11 @@ do_configure () { os=${HOST_OS} case $os in - linux-uclibc |\ - linux-uclibceabi |\ linux-gnueabi |\ - linux-uclibcspe |\ linux-gnuspe |\ - linux-musl*) + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) os=linux ;; *) @@ -101,7 +102,7 @@ do_configure () { linux-i686) target=debian-i386-i686/cmov ;; - linux-gnux32-x86_64) + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) target=linux-x32 ;; linux-gnu64-x86_64) @@ -125,7 +126,7 @@ do_configure () { linux-mips*) target=debian-mips ;; - linux-microblaze*|linux-nios2*) + linux-microblaze*|linux-nios2*|linux-gnu*ilp32**) target=linux-generic32 ;; linux-powerpc) @@ -202,6 +203,16 @@ do_install () { ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf + + # Rename man pages to prefix openssl10-* + for f in `find ${D}${mandir} -type f`; do + mv $f $(dirname $f)/openssl10-$(basename $f) + done + for f in `find ${D}${mandir} -type l`; do + ln_f=`readlink $f` + rm -f $f + ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) + done } do_install_ptest () { @@ -239,6 +250,17 @@ do_install_ptest () { # modified again later when stripping them, but that's okay. touch ${D}${PTEST_PATH} find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} + + # exclude binary files or the package won't install + for d in ssltest_old v3ext x509aux; do + rm -rf ${D}${libdir}/${BPN}/ptest/test/$d + done + + # Remove build host references + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure } do_install_append_class-native() { @@ -250,3 +272,4 @@ do_install_append_class-native() { } BBCLASSEXTEND = "native nativesdk" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb deleted file mode 100644 index 83d1a500c..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb +++ /dev/null @@ -1,62 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -CFLAG_append_class-native = " -fPIC" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=${BP}/util/ \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://debian1.0.2/soname.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://openssl-util-perlpath.pl-cwd.patch \ - file://Use-SHA256-not-MD5-as-default-digest.patch \ - file://0001-Fix-build-with-clang-using-external-assembler.patch \ - " -SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65" -SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb new file mode 100644 index 000000000..32444c609 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb @@ -0,0 +1,60 @@ +require openssl10.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" +CFLAG_append_class-native = " -fPIC" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://debian1.0.2/soname.patch \ + file://openssl_fix_for_x32.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + file://openssl-util-perlpath.pl-cwd.patch \ + file://Use-SHA256-not-MD5-as-default-digest.patch \ + file://0001-Fix-build-with-clang-using-external-assembler.patch \ + file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ + " +SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" +SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb new file mode 100644 index 000000000..1649bffaa --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb @@ -0,0 +1,156 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6" +SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ + file://0001-Remove-test-that-requires-running-as-non-root.patch \ + file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \ + " + +S = "${WORKDIR}/openssl-${PV}" + +inherit lib_package multilib_header ptest + +do_configure () { + os=${HOST_OS} + case $os in + linux-uclibc |\ + linux-uclibceabi |\ + linux-gnueabi |\ + linux-uclibcspe |\ + linux-gnuspe |\ + linux-musl*) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-sh3) + target=linux-generic32 + ;; + linux-sh4) + target=linux-generic32 + ;; + linux-i486) + target=linux-elf + ;; + linux-i586 | linux-viac3) + target=linux-elf + ;; + linux-i686) + target=linux-elf + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-mipsel) + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64) + target=linux64-mips64 + ;; + linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze*|linux-nios2*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv9 + ;; + linux-sparc) + target=linux-sparcv9 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target +} + +#| engines/afalg/e_afalg.c: In function 'eventfd': +#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) +#| return syscall(__NR_eventfd, n); +#| ^~~~~~~~~~~~ +EXTRA_OECONF_aarch64 += "no-afalgeng" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC" + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + oe_multilib_header openssl/opensslconf.h +} + +do_install_append_class-native () { + # Install a custom version of c_rehash that can handle sysroots properly. + # This version is used for example when installing ca-certificates during + # image creation. + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash +} + +do_install_ptest() { + cp -r * ${D}${PTEST_PATH} + + # Putting .so files in ptest package will mess up the dependencies of the main openssl package + # so we rename them to .so.ptest and patch the test accordingly + mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest + mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest + sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t +} + +RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" + +FILES_${PN} =+ " ${libdir}/ssl-1.1/*" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/engines-1.1" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc deleted file mode 100644 index 338af33a3..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "RPC program number mapper" -HOMEPAGE = "http://neil.brown.name/portmap/" -SECTION = "console/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \ - file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1" - -INITSCRIPT_NAME = "portmap" -INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ." - -inherit update-rc.d systemd - -SYSTEMD_SERVICE_${PN} = "portmap.service" - -PACKAGES =+ "portmap-utils" -FILES_portmap-utils = "${base_sbindir}/pmap_set ${base_sbindir}/pmap_dump" -FILES_${PN}-doc += "${docdir}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch deleted file mode 100644 index 2fbf784b7..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Backport - -From: Mike Frysinger <vapier@gentoo.org> -Date: Sun, 13 May 2007 21:15:12 +0000 (-0400) -Subject: respect DESTDIR and dont use -s with install -X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d - -respect DESTDIR and dont use -s with install - -$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ... -so I've converted the Makefile to use that. I've also left in $(BASEDIR) as a -default to support old installs; not sure if you'd just cut it. - -Stripping should be left to the person to handle, not automatically done by -the install step. Also, `install -s` always calls `strip` which is -wrong/undesired in cross-compiling scenarios. - -Signed-off-by: Mike Frysinger <vapier@gentoo.org> -Signed-off-by: Neil Brown <neilb@suse.de> ---- - -diff --git a/Makefile b/Makefile -index 9e9a4b4..5343428 100644 ---- a/Makefile -+++ b/Makefile -@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST - portmap.man : portmap.8 - sed $(MAN_SED) < portmap.8 > portmap.man - -+DESTDIR = $(BASEDIR) - install: all -- install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin -- install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin -- install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin -- install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8 -- install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8 -- install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8 -+ install -o root -g root -m 0755 portmap $(DESTDIR)/sbin -+ install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin -+ install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin -+ install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8 -+ install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8 -+ install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8 - - clean: - rm -f *.o portmap pmap_dump pmap_set from_local \ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init deleted file mode 100755 index 621aa171a..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# -### BEGIN INIT INFO -# Provides: portmap -# Required-Start: $network -# Required-Stop: $network -# Default-Start: S 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: The RPC portmapper -# Description: Portmap is a server that converts RPC (Remote -# Procedure Call) program numbers into DARPA -# protocol port numbers. It must be running in -# order to make RPC calls. Services that use -# RPC include NFS and NIS. -### END INIT INFO - -test -f /sbin/portmap || exit 0 - -case "$1" in - start) - echo "Starting portmap daemon..." - start-stop-daemon --start --quiet --exec /sbin/portmap - - if [ -f /var/run/portmap.upgrade-state ]; then - echo "Restoring old RPC service information..." - sleep 1 # needs a short pause or pmap_set won't work. :( - pmap_set </var/run/portmap.upgrade-state - rm -f /var/run/portmap.upgrade-state - echo "done." - fi - - ;; - stop) - echo "Stopping portmap daemon..." - start-stop-daemon --stop --quiet --exec /sbin/portmap - ;; - reload) - ;; - force-reload) - $0 restart - ;; - restart) - # pmap_dump and pmap_set may be in a different package and not installed... - if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then - do_state=1 - else - do_state=0 - fi - [ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state - $0 stop - $0 start - if [ $do_state -eq 1 ]; then - if [ ! -f /var/run/portmap.upgrade-state ]; then - sleep 1 - pmap_set </var/run/portmap.state - fi - rm -f /var/run/portmap.state - fi - ;; - *) - echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}" - exit 1 - ;; -esac - -exit 0 - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service deleted file mode 100644 index 7ef9d7b02..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=The RPC portmapper -After=network.target - -[Service] -Type=forking -ExecStart=@BASE_SBINDIR@/portmap - -[Install] -WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch deleted file mode 100644 index 2f2505809..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Backport - -From: Mike Frysinger <vapier@gentoo.org> -Date: Sun, 13 May 2007 21:17:32 +0000 (-0400) -Subject: fix building with tcpd support disabled -X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5 - -fix building with tcpd support disabled - -Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined. - -Signed-off-by: Timothy Redaelli <drizzt@gentoo.org> -Signed-off-by: Mike Frysinger <vapier@gentoo.org> -Signed-off-by: Neil Brown <neilb@suse.de> ---- - -diff --git a/pmap_check.c b/pmap_check.c -index 84f2c12..443a822 100644 ---- a/pmap_check.c -+++ b/pmap_check.c -@@ -44,7 +44,9 @@ - #include <netinet/in.h> - #include <rpc/rpcent.h> - #endif -+#ifdef HOSTS_ACCESS - #include <tcpd.h> -+#endif - #include <arpa/inet.h> - #include <grp.h> - diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb deleted file mode 100644 index d9700950e..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb +++ /dev/null @@ -1,35 +0,0 @@ -require portmap.inc - -DEPENDS_append_libc-musl = " libtirpc " - -PR = "r9" - -SRC_URI = "https://fossies.org/linux/misc/old/portmap-6.0.tgz \ - file://destdir-no-strip.patch \ - file://tcpd-config.patch \ - file://portmap.init \ - file://portmap.service" - -SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff" -SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de" - -S = "${WORKDIR}/${BPN}_${PV}/" - -PACKAGECONFIG ??= "tcp-wrappers" -PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers" - -CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS" -CFLAGS += "-Wall -Wstrict-prototypes -fPIC" -EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'" -CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc " -LDFLAGS_append_libc-musl = " -ltirpc " - -do_install() { - install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap - oe_runmake install DESTDIR=${D} - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service -} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh index 5c9e5d33a..35a1aa639 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh @@ -4,6 +4,7 @@ WPA_SUP_BIN="/usr/sbin/wpa_supplicant" WPA_SUP_PNAME="wpa_supplicant" WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid" +WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant" WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE" VERBOSITY=0 |