diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-16 17:11:34 -0800 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-08 18:21:44 -0500 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-connectivity | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.gz talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.zip |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-connectivity')
111 files changed, 1614 insertions, 1622 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb index 5648e386b..a77653bf5 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb @@ -1,31 +1,18 @@ -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - require avahi.inc inherit distro_features_check ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" -SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804" - DEPENDS += "avahi" AVAHI_GTK = "gtk3" S = "${WORKDIR}/avahi-${PV}" -PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc avahi-discover" +PACKAGES += "${PN}-utils avahi-discover" FILES_${PN} = "${libdir}/libavahi-ui*.so.*" -FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}" -FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a" - FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" - FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ ${datadir}/avahi/interfaces/avahi-discover.ui \ ${bindir}/avahi-discover-standalone \ @@ -59,4 +46,3 @@ do_install_append () { rm ${D}${libdir}/girepository-1.0/ -rf rm ${D}${datadir}/gir-1.0/ -rf } - diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc index ec368de4f..11846849f 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi.inc +++ b/poky/meta/recipes-connectivity/avahi/avahi.inc @@ -13,15 +13,19 @@ SECTION = "network" # major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and # python scripts are under GPLv2+ LICENSE = "GPLv2+ & LGPLv2.1+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz" -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ - file://00avahi-autoipd \ - file://99avahi-autoipd \ - file://initscript.patch \ - " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" +SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" +SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804" + +DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" # For gtk related PACKAGECONFIGs: gtk, gtk3 AVAHI_GTK ?= "" @@ -31,18 +35,7 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" -USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ - --no-create-home --shell /bin/false \ - --user-group avahi" - -USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ - --no-create-home --shell /bin/false \ - --user-group \ - -c \"Avahi autoip daemon\" \ - avahi-autoipd" - -inherit autotools pkgconfig update-rc.d gettext useradd gobject-introspection +inherit autotools pkgconfig gettext gobject-introspection EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ --disable-stack-protector \ @@ -73,67 +66,12 @@ do_compile_prepend() { export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" } -PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils" - -# As avahi doesn't put any files into PN, clear the files list to avoid problems -# if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ - ${sysconfdir}/avahi/avahi-autoipd.action \ - ${sysconfdir}/dhcp/*/avahi-autoipd \ - ${sysconfdir}/udhcpc.d/00avahi-autoipd \ - ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ - ${sysconfdir}/avahi/avahi-daemon.conf \ - ${sysconfdir}/avahi/hosts \ - ${sysconfdir}/avahi/services \ - ${sysconfdir}/dbus-1 \ - ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ - ${datadir}/avahi/avahi-service.dtd \ - ${datadir}/avahi/service-types \ - ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ - ${sysconfdir}/avahi/avahi-dnsconfd.action \ - ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-*" - -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" - -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" - -INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" - do_install() { autotools_do_install rm -rf ${D}/run rm -rf ${D}${datadir}/dbus-1/interfaces test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 rm -rf ${D}${libdir}/avahi - - install -d ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d -} - -# At the time the postinst runs, dbus might not be setup so only restart if running -# Don't exit early, because update-rc.d needs to run subsequently. - -pkg_postinst_avahi-daemon () { -if [ -z "$D" ]; then - killall -q -HUP dbus-daemon || true -fi } diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb index 7c91f10f1..3d5f334a8 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb @@ -1,20 +1,80 @@ require avahi.inc -inherit systemd +SRC_URI += "file://00avahi-autoipd \ + file://99avahi-autoipd \ + file://initscript.patch \ + file://0001-Fix-opening-etc-resolv.conf-error.patch \ + " + +inherit update-rc.d systemd useradd + +PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils" + +# As avahi doesn't put any files into PN, clear the files list to avoid problems +# if extra libraries appear. +FILES_${PN} = "" +FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ + ${sysconfdir}/avahi/avahi-autoipd.action \ + ${sysconfdir}/dhcp/*/avahi-autoipd \ + ${sysconfdir}/udhcpc.d/00avahi-autoipd \ + ${sysconfdir}/udhcpc.d/99avahi-autoipd" +FILES_libavahi-common = "${libdir}/libavahi-common.so.*" +FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES_avahi-daemon = "${sbindir}/avahi-daemon \ + ${sysconfdir}/avahi/avahi-daemon.conf \ + ${sysconfdir}/avahi/hosts \ + ${sysconfdir}/avahi/services \ + ${sysconfdir}/dbus-1 \ + ${sysconfdir}/init.d/avahi-daemon \ + ${datadir}/avahi/introspection/*.introspect \ + ${datadir}/avahi/avahi-service.dtd \ + ${datadir}/avahi/service-types \ + ${datadir}/dbus-1/system-services" +FILES_libavahi-client = "${libdir}/libavahi-client.so.*" +FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ + ${sysconfdir}/avahi/avahi-dnsconfd.action \ + ${sysconfdir}/init.d/avahi-dnsconfd" +FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES_avahi-utils = "${bindir}/avahi-*" + +RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" + +RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" + +CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" + +USERADD_PACKAGES = "avahi-daemon avahi-autoipd" +USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ + --no-create-home --shell /bin/false \ + --user-group avahi" + +USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ + --no-create-home --shell /bin/false \ + --user-group \ + -c \"Avahi autoip daemon\" \ + avahi-autoipd" + +INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" +INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" -SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804" - -DEPENDS += "intltool-native" +do_install_append() { + install -d ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d +} -PACKAGES =+ "libavahi-gobject" +# At the time the postinst runs, dbus might not be setup so only restart if running +# Don't exit early, because update-rc.d needs to run subsequently. +pkg_postinst_avahi-daemon () { +if [ -z "$D" ]; then + killall -q -HUP dbus-daemon || true +fi +} diff --git a/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch new file mode 100644 index 000000000..11e7e8a9b --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch @@ -0,0 +1,40 @@ +From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 20 Jun 2018 13:57:35 +0800 +Subject: [PATCH] Fix opening /etc/resolv.conf error + +Fix to start avahi-daemon after systemd-resolved.service. This is because +/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is +a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf +is created by systemd-resolved.service by default in current OE's systemd +based systems. + +This fixes errro like below. + + Failed to open /etc/resolv.conf: Invalid argument + +In fact, handling of /etc/resolv.conf is quite distro specific. So this patch +is marked as OE specific. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + avahi-daemon/avahi-daemon.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in +index 548c834..63e28e4 100644 +--- a/avahi-daemon/avahi-daemon.service.in ++++ b/avahi-daemon/avahi-daemon.service.in +@@ -18,6 +18,7 @@ + [Unit] + Description=Avahi mDNS/DNS-SD Stack + Requires=avahi-daemon.socket ++After=systemd-resolved.service + + [Service] + Type=dbus +-- +2.11.0 + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch new file mode 100644 index 000000000..8db96ec04 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch @@ -0,0 +1,27 @@ +From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Mon, 15 Oct 2018 16:55:09 +0800 +Subject: [PATCH] avoid start failure with bind user + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + init.d | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/init.d b/init.d +index b2eec60..6e03936 100644 +--- a/init.d ++++ b/init.d +@@ -57,6 +57,7 @@ case "$1" in + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch new file mode 100644 index 000000000..871bb2a5f --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch @@ -0,0 +1,32 @@ +From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 15:00:51 +0800 +Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' + +Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe, +the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless +and helpful for clean up host build path in isc-config.sh + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + configure.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index 54efc55..76ac0eb 100644 +--- a/configure.in ++++ b/configure.in +@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) + fi + ;; + *) +- DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" ++ DST_OPENSSL_LIBS="-lcrypto" + ;; + esac + fi +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch index 121509371..a8d601dca 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch @@ -7,11 +7,11 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> lib/dns/gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 7a7dafb..51a0435 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,7 @@ static const char copyright[] = +Index: bind-9.11.3/lib/dns/gen.c +=================================================================== +--- bind-9.11.3.orig/lib/dns/gen.c ++++ bind-9.11.3/lib/dns/gen.c +@@ -130,7 +130,7 @@ static const char copyright[] = #define TYPECLASSBUF (TYPECLASSLEN + 1) #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" #define ATTRIBUTESIZE 256 @@ -20,6 +20,3 @@ index 7a7dafb..51a0435 100644 static struct cc { struct cc *next; --- -1.9.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch index 1ed858cd3..01874a440 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch @@ -13,11 +13,11 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> lib/dns/gen.c | 4 ++++ 1 file changed, 4 insertions(+) -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 51a0435..3d7214f 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,11 @@ static const char copyright[] = +Index: bind-9.11.3/lib/dns/gen.c +=================================================================== +--- bind-9.11.3.orig/lib/dns/gen.c ++++ bind-9.11.3/lib/dns/gen.c +@@ -130,7 +130,11 @@ static const char copyright[] = #define TYPECLASSBUF (TYPECLASSLEN + 1) #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" #define ATTRIBUTESIZE 256 @@ -29,6 +29,3 @@ index 51a0435..3d7214f 100644 static struct cc { struct cc *next; --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 000000000..75908aa63 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,34 @@ +From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + bin/named/include/named/globals.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h +index ba3457e..7741da7 100644 +--- a/bin/named/include/named/globals.h ++++ b/bin/named/include/named/globals.h +@@ -68,7 +68,7 @@ EXTERN const char * ns_g_version INIT(VERSION); + EXTERN const char * ns_g_product INIT(PRODUCT); + EXTERN const char * ns_g_description INIT(DESCRIPTION); + EXTERN const char * ns_g_srcid INIT(SRCID); +-EXTERN const char * ns_g_configargs INIT(CONFIGARGS); ++EXTERN const char * ns_g_configargs INIT("*** (options are hidden)"); + EXTERN const char * ns_g_builder INIT(BUILDER); + EXTERN in_port_t ns_g_port INIT(0); + EXTERN isc_dscp_t ns_g_dscp INIT(-1); +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch new file mode 100644 index 000000000..7a2ba7eab --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch @@ -0,0 +1,72 @@ +Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740] + +CVE: CVE-2018-5740 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +diff --git a/CHANGES b/CHANGES +index 750b600..3d8d655 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,3 +1,9 @@ ++ --- 9.11.4-P1 released --- ++ ++4997. [security] named could crash during recursive processing ++ of DNAME records when "deny-answer-aliases" was ++ in use. (CVE-2018-5740) [GL #387] ++ + --- 9.11.4 released --- + + --- 9.11.4rc2 released --- +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 8f674a2..41d1385 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + unsigned int nlabels; + dns_fixedname_t fixed; + dns_name_t prefix; ++ int order; + + REQUIRE(rdataset != NULL); + REQUIRE(rdataset->type == dns_rdatatype_cname || +@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, + tname = &cname.cname; + break; + case dns_rdatatype_dname: ++ if (dns_name_fullcompare(qname, rname, &order, &nlabels) != ++ dns_namereln_subdomain) ++ { ++ return (ISC_TRUE); ++ } + result = dns_rdata_tostruct(&rdata, &dname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_name_init(&prefix, NULL); + tname = dns_fixedname_initname(&fixed); +- nlabels = dns_name_countlabels(qname) - +- dns_name_countlabels(rname); ++ nlabels = dns_name_countlabels(rname); + dns_name_split(qname, nlabels, &prefix, NULL); + result = dns_name_concatenate(&prefix, &dname.dname, tname, + NULL); +- if (result == DNS_R_NAMETOOLONG) ++ if (result == DNS_R_NAMETOOLONG) { ++ if (chainingp != NULL) { ++ *chainingp = ISC_TRUE; ++ } + return (ISC_TRUE); ++ } + RUNTIME_CHECK(result == ISC_R_SUCCESS); + break; + default: +@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) { + } + if ((ardataset->type == dns_rdatatype_cname || + ardataset->type == dns_rdatatype_dname) && +- !is_answertarget_allowed(fctx, qname, aname, ardataset, ++ type != ardataset->type && ++ type != dns_rdatatype_any && ++ !is_answertarget_allowed(fctx, qname, aname, ardataset, + NULL)) + { + return (DNS_R_SERVFAIL); diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch deleted file mode 100644 index 8bc4ea30f..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Mon, 16 Feb 2015 00:50:01 -0800 -Subject: [PATCH] confgen: don't build unix.o twice - -Fixed: -unix/os.o: file not recognized: File truncated -collect2: error: ld returned 1 exit status - -This is because os.o was built twice: -* The implicity rule (depends on unix/os.o) -* The "make all" in unix subdir (depends on unix/os.o) - -Depend on subdirs which is unix only rather than unix/os.o will fix the -problem. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Update context(trailing whitespace) for version 9.10.5-P3. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- - bin/confgen/Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index dca272f..02becce 100644 ---- a/bin/confgen/Makefile.in -+++ b/bin/confgen/Makefile.in -@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c - ddns-confgen.@O@: ddns-confgen.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c - --rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 13df3bb0e..37e210e6d 100644 --- a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -31,11 +31,11 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index c9ef3a601343..17a1f613e9ac 100644 ---- a/configure.in -+++ b/configure.in -@@ -2139,7 +2139,7 @@ case "$use_libjson" in +Index: bind-9.11.3/configure.in +=================================================================== +--- bind-9.11.3.orig/configure.in ++++ bind-9.11.3/configure.in +@@ -2574,7 +2574,7 @@ case "$use_libjson" in libjson_libs="" ;; auto|yes) @@ -44,6 +44,3 @@ index c9ef3a601343..17a1f613e9ac 100644 do if test -f "${d}/include/json/json.h" then --- -2.4.2 - diff --git a/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch deleted file mode 100644 index b02ecb106..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: bind-9.9.5/bin/Makefile.in -=================================================================== ---- bind-9.9.5.orig/bin/Makefile.in -+++ bind-9.9.5/bin/Makefile.in -@@ -19,7 +19,7 @@ srcdir = @srcdir@ - VPATH = @srcdir@ - top_srcdir = @top_srcdir@ - --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named rndc dig delv dnssec tools nsupdate \ - check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - diff --git a/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch deleted file mode 100644 index 9829f1588..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch +++ /dev/null @@ -1,36 +0,0 @@ -Use python3 rather default python which maybe links to python2 for oe. And add -option for setup.py to install files to right directory. - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in -index a43a3c1..2e727f2 100644 ---- a/bin/python/Makefile.in -+++ b/bin/python/Makefile.in -@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs - ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8 - if test -n "${PYTHON}" ; then \ - if test -n "${DESTDIR}" ; then \ -- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - else \ -- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - fi \ - fi - -diff --git a/configure.in b/configure.in -index 314bb90..867923e 100644 ---- a/configure.in -+++ b/configure.in -@@ -227,7 +227,7 @@ AC_ARG_WITH(python, - [ --with-python=PATH specify path to python interpreter], - use_python="$withval", use_python="unspec") - --python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" -+python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" - - testargparse='try: import argparse - except: exit(1)' diff --git a/poky/meta/recipes-connectivity/bind/bind_9.10.6.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb index 8b8835ba8..cb4a21a9a 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.10.6.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb @@ -3,51 +3,57 @@ HOMEPAGE = "http://www.isc.org/sw/bind/" SECTION = "console/network" LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb" -DEPENDS = "openssl libcap" +DEPENDS = "openssl libcap zlib" SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://conf.patch \ - file://make-etc-initd-bind-stop-work.patch \ - file://dont-test-on-host.patch \ - file://generate-rndc-key.sh \ file://named.service \ file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-confgen-build-unix.o-once.patch \ - file://0001-build-use-pkg-config-to-find-libxml2.patch \ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://use-python3-and-fix-install-lib-path.patch \ - " + file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + file://CVE-2018-5740.patch \ +" -SRC_URI[md5sum] = "84e663284b17aee0df1ce6f248b137d7" -SRC_URI[sha256sum] = "17bbcd2bd7b1d32f5ba4b30d5dbe8a39bce200079048073d1e0d050fdf47e69d" +SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36" +SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/" +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script + +MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +PACKAGECONFIG[python3] = "--with-python=${PYTHON} --with-python-install-dir=${D}/${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes \ + --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ + --with-lmdb=no \ --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_LIBDIR}/.. \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ " -inherit autotools update-rc.d systemd useradd pkgconfig python3-dir +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} -export PYTHON_SITEPACKAGES_DIR - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ @@ -58,19 +64,6 @@ INITSCRIPT_PARAMS = "defaults" SYSTEMD_SERVICE_${PN} = "named.service" -PARALLEL_MAKE = "" - -RDEPENDS_${PN} = "python3-core" -RDEPENDS_${PN}-dev = "" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" - do_install_prepend() { # clean host path in isc-config.sh before the hardlink created # by "make install": @@ -79,6 +72,7 @@ do_install_prepend() { } do_install_append() { + rm "${D}${bindir}/nslookup" rm "${D}${mandir}/man1/nslookup.1" rmdir "${D}${localstatedir}/run" @@ -88,7 +82,12 @@ do_install_append() { install -d "${D}${sysconfdir}/init.d" install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ + ${D}${sbindir}/dnssec-coverage \ + ${D}${sbindir}/dnssec-checkds \ + ${D}${sbindir}/dnssec-keymgr + fi # Install systemd related files install -d ${D}${sbindir} @@ -106,8 +105,6 @@ do_install_append() { install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf fi - - rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc } CONFFILES_${PN} = " \ @@ -121,3 +118,20 @@ CONFFILES_${PN} = " \ ${sysconfdir}/bind/db.root \ " +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +FILES_${PN}-libs = "${libdir}/*.so*" +FILES_${PN}-staticdev += "${libdir}/*.la" + +PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" +FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ + ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} = "bash" +RDEPENDS_${PN}-utils = "bash" +RDEPENDS_${PN}-dev = "" +RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index ae2a833c0..9d9739e95 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -42,6 +42,7 @@ PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c" +PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" SRC_URI = "\ ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ @@ -50,6 +51,7 @@ SRC_URI = "\ file://run-ptest \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-test-gatt-Fix-hung-issue.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch index 2fde7bc06..da7140922 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -1,3 +1,4 @@ +From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> Date: Sat, 12 Oct 2013 17:45:25 +0200 Subject: [PATCH] Allow using obexd without systemd in the user session @@ -14,19 +15,18 @@ configuration. See thread: http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 Signed-off-by: Javier Viguera <javier.viguera@digi.com> + --- - Makefile.obexd | 4 ++-- - obexd/src/org.bluez.obex.service | 4 ---- - obexd/src/org.bluez.obex.service.in | 4 ++++ - 3 files changed, 6 insertions(+), 6 deletions(-) - delete mode 100644 obexd/src/org.bluez.obex.service - create mode 100644 obexd/src/org.bluez.obex.service.in + Makefile.obexd | 4 ++-- + obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%) diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc72f2b..d5d858c857b4 100644 +index c462692..0325f66 100644 --- a/Makefile.obexd +++ b/Makefile.obexd -@@ -2,12 +2,12 @@ +@@ -1,12 +1,12 @@ if SYSTEMD systemduserunitdir = @SYSTEMD_USERUNITDIR@ systemduserunit_DATA = obexd/src/obex.service @@ -39,25 +39,18 @@ index 2e33cbc72f2b..d5d858c857b4 100644 -EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service +EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in - obex_plugindir = $(libdir)/obex/plugins + if OBEX -diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service -deleted file mode 100644 -index a53808884554..000000000000 +diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service.in +similarity index 76% +rename from obexd/src/org.bluez.obex.service +rename to obexd/src/org.bluez.obex.service.in +index a538088..9c815f2 100644 --- a/obexd/src/org.bluez.obex.service -+++ /dev/null -@@ -1,4 +0,0 @@ --[D-BUS Service] --Name=org.bluez.obex --Exec=/bin/false --SystemdService=dbus-org.bluez.obex.service -diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in -new file mode 100644 -index 000000000000..9c815f246b77 ---- /dev/null +++ b/obexd/src/org.bluez.obex.service.in -@@ -0,0 +1,4 @@ -+[D-BUS Service] -+Name=org.bluez.obex +@@ -1,4 +1,4 @@ + [D-BUS Service] + Name=org.bluez.obex +-Exec=/bin/false +Exec=@libexecdir@/obexd -+SystemdService=dbus-org.bluez.obex.service + SystemdService=dbus-org.bluez.obex.service diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch new file mode 100644 index 000000000..e90b6a546 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch @@ -0,0 +1,43 @@ +From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <Mingli.Yu@windriver.com> +Date: Fri, 24 Aug 2018 12:04:03 +0800 +Subject: [PATCH] test-gatt: Fix hung issue + +The below test hangs infinitely +$ unit/test-gatt -p /robustness/unkown-request -d +/robustness/unkown-request - init +/robustness/unkown-request - setup +/robustness/unkown-request - setup complete +/robustness/unkown-request - run + GATT: < 02 17 00 ... + bt_gatt_server:MTU exchange complete, with MTU: 23 + GATT: > 03 00 02 ... + PDU: = 03 00 02 ... + GATT: < bf 00 + +Actually, the /robustness/unkown-request test does +no action. + +Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> +--- + unit/test-gatt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unit/test-gatt.c b/unit/test-gatt.c +index c7e28f8..b57373b 100644 +--- a/unit/test-gatt.c ++++ b/unit/test-gatt.c +@@ -4463,7 +4463,7 @@ int main(int argc, char *argv[]) + test_server, service_db_1, NULL, + raw_pdu(0x03, 0x00, 0x02), + raw_pdu(0xbf, 0x00), +- raw_pdu(0x01, 0xbf, 0x00, 0x00, 0x06)); ++ raw_pdu()); + + define_test_server("/robustness/unkown-command", + test_server, service_db_1, NULL, +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb index 84a6cd22d..66271432f 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb @@ -2,8 +2,8 @@ require bluez5.inc REQUIRED_DISTRO_FEATURES = "bluez5" -SRC_URI[md5sum] = "c9c853f3c90564cabec75ab35106c355" -SRC_URI[sha256sum] = "b9a8723072ef66bae7ec301c774902ebcb444c9c5b149b5a199e60a1ba970e90" +SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178" +SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911" # noinst programs in Makefile.tools that are conditional on READLINE # support @@ -66,4 +66,5 @@ NOINST_TOOLS_BT ?= " \ tools/check-selftest \ tools/gatt-service \ profiles/iap/iapd \ + ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ " diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 059342771..639ccfa2a 100644 --- a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -17,6 +17,14 @@ diff --git a/gweb/gresolv.c b/gweb/gresolv.c index 5cf7a9a..3ad8e70 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c +@@ -36,6 +36,7 @@ + #include <arpa/inet.h> + #include <arpa/nameser.h> + #include <net/if.h> ++#include <ctype.h> + + #include "gresolv.h" + @@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; diff --git a/poky/meta/recipes-connectivity/connman/connman/includes.patch b/poky/meta/recipes-connectivity/connman/connman/includes.patch index 55cb18793..9f7395cbb 100644 --- a/poky/meta/recipes-connectivity/connman/connman/includes.patch +++ b/poky/meta/recipes-connectivity/connman/connman/includes.patch @@ -1,6 +1,6 @@ Fix various issues which cause problems under musl. -Upstream-Status: Submitted +Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b] Signed-off-by: Ross Burton <ross.burton@intel.com> From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001 @@ -300,20 +300,14 @@ diff --git a/gweb/gresolv.c b/gweb/gresolv.c index 8a51a9f..d55027c 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c -@@ -23,11 +23,13 @@ - #include <config.h> - #endif - -+#include <ctype.h> - #include <errno.h> - #include <unistd.h> - #include <stdarg.h> +@@ -29,6 +29,7 @@ #include <string.h> #include <stdlib.h> -+#include <stdio.h> #include <resolv.h> ++#include <stdio.h> #include <sys/types.h> #include <sys/socket.h> + #include <netdb.h> diff --git a/plugins/wifi.c b/plugins/wifi.c index 9d56671..148131d 100644 --- a/plugins/wifi.c diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc index 44e946cb2..3e65e5cf2 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc +++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -8,9 +8,9 @@ easier to administer devices." HOMEPAGE = "http://www.isc.org/" LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753" +LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01" -DEPENDS = "openssl" +DEPENDS = "openssl bind" SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://init-relay file://default-relay \ @@ -24,7 +24,7 @@ SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/" -inherit autotools systemd useradd update-rc.d +inherit autotools-brokensep systemd useradd update-rc.d USERADD_PACKAGES = "${PN}-server" USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}" @@ -50,8 +50,15 @@ EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ --enable-paranoia --disable-static \ --with-randomdev=/dev/random \ + --with-libbind=${STAGING_DIR_HOST} \ + --enable-libtool \ " +#Enable shared libs per dhcp README +do_configure_prepend () { + cp configure.ac+lt configure.ac +} + do_install_append () { install -d ${D}${sysconfdir}/init.d install -d ${D}${sysconfdir}/default @@ -95,8 +102,7 @@ PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhc PACKAGES_remove = "${PN}" RDEPENDS_${PN}-dev = "" RDEPENDS_${PN}-staticdev = "" - -FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0*" +FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*" FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server" RRECOMMENDS_${PN}-server = "dhcp-server-config" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch index e5b3cf9bc..d1b57f0bb 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch @@ -11,11 +11,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> includes/site.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/includes/site.h b/includes/site.h -index b2f7fd7..280fbb9 100644 ---- a/includes/site.h -+++ b/includes/site.h -@@ -149,7 +149,8 @@ +Index: dhcp-4.4.1/includes/site.h +=================================================================== +--- dhcp-4.4.1.orig/includes/site.h ++++ dhcp-4.4.1/includes/site.h +@@ -148,7 +148,8 @@ /* Define this if you want the dhcpd.conf file to go somewhere other than the default location. By default, it goes in /etc/dhcpd.conf. */ @@ -25,6 +25,3 @@ index b2f7fd7..280fbb9 100644 /* Network API definitions. You do not need to choose one of these - if you don't choose, one will be chosen for you in your system's config --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch index 810c7b6da..5b35933a5 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch @@ -18,11 +18,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> configure.ac | 4 ++++ 1 file changed, 4 insertions(+) -diff --git a/configure.ac b/configure.ac -index cdfa352..44fb57e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -591,6 +591,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); +Index: dhcp-4.4.1/configure.ac +=================================================================== +--- dhcp-4.4.1.orig/configure.ac ++++ dhcp-4.4.1/configure.ac +@@ -612,6 +612,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], # Look for optional headers. AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) @@ -33,6 +33,3 @@ index cdfa352..44fb57e 100644 # Solaris needs some libraries for functions AC_SEARCH_LIBS(socket, [socket]) AC_SEARCH_LIBS(inet_ntoa, [nsl]) --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch index 7d1d86798..b71c93dd6 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch @@ -19,82 +19,75 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> server/Makefile.am | 2 +- 6 files changed, 9 insertions(+), 5 deletions(-) -diff --git a/client/Makefile.am b/client/Makefile.am -index 2cb83d8..4730bb3 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -7,11 +7,11 @@ SUBDIRS = . tests - BINDLIBDIR = @BINDDIR@/lib - - AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -- -DLOCALSTATEDIR='"$(localstatedir)"' -+ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhclient.conf.example - sbin_PROGRAMS = dhclient --dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ -+dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \ - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt -diff --git a/common/Makefile.am b/common/Makefile.am -index 113aee8..0f24fbb 100644 ---- a/common/Makefile.am -+++ b/common/Makefile.am +Index: dhcp-4.4.1/common/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/common/Makefile.am ++++ dhcp-4.4.1/common/Makefile.am @@ -1,4 +1,5 @@ -AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' +AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' + AM_CFLAGS = $(LDAP_CFLAGS) - noinst_LIBRARIES = libdhcp.a -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index ceb0de1..ba8dd8b 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -1,5 +1,7 @@ - BINDLIBDIR = @BINDDIR@/lib + lib_LIBRARIES = libdhcp.a +Index: dhcp-4.4.1/dhcpctl/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/dhcpctl/Makefile.am ++++ dhcp-4.4.1/dhcpctl/Makefile.am +@@ -3,6 +3,8 @@ BINDLIBDNSDIR=@BINDLIBDNSDIR@ + BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@ + BINDLIBISCDIR=@BINDLIBISCDIR@ +AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) + bin_PROGRAMS = omshell lib_LIBRARIES = libdhcpctl.a noinst_PROGRAMS = cltest -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index 446a594..dd1afa0 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -1,4 +1,5 @@ - BINDLIBDIR = @BINDDIR@/lib +Index: dhcp-4.4.1/server/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/server/Makefile.am ++++ dhcp-4.4.1/server/Makefile.am +@@ -4,7 +4,7 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + +-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' ++AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes + + dist_sysconf_DATA = dhcpd.conf.example + sbin_PROGRAMS = dhcpd +Index: dhcp-4.4.1/client/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/client/Makefile.am ++++ dhcp-4.4.1/client/Makefile.am +@@ -5,7 +5,7 @@ + SUBDIRS = . tests + + AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' +-AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' ++AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes + + dist_sysconf_DATA = dhclient.conf.example + sbin_PROGRAMS = dhclient +Index: dhcp-4.4.1/omapip/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/omapip/Makefile.am ++++ dhcp-4.4.1/omapip/Makefile.am +@@ -2,6 +2,7 @@ BINDLIBIRSDIR=@BINDLIBIRSDIR@ + BINDLIBDNSDIR=@BINDLIBDNSDIR@ + BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@ + BINDLIBISCDIR=@BINDLIBISCDIR@ +AM_CPPFLAGS = -I$(top_srcdir)/includes lib_LIBRARIES = libomapi.a noinst_PROGRAMS = svtest -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 3060eca..6d652f6 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -1,6 +1,6 @@ - BINDLIBDIR = @BINDDIR@/lib - +Index: dhcp-4.4.1/relay/Makefile.am +=================================================================== +--- dhcp-4.4.1.orig/relay/Makefile.am ++++ dhcp-4.4.1/relay/Makefile.am +@@ -1,4 +1,4 @@ -AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' +AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c -diff --git a/server/Makefile.am b/server/Makefile.am -index 54feedf..3990b9c 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -6,7 +6,7 @@ SUBDIRS = . tests - - BINDLIBDIR = @BINDDIR@/lib - --AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhcpd.conf.example - sbin_PROGRAMS = dhcpd --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch index c62b283d5..6ef70ccac 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch @@ -12,11 +12,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> includes/site.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/includes/site.h b/includes/site.h -index 280fbb9..e6c2972 100644 ---- a/includes/site.h -+++ b/includes/site.h -@@ -296,7 +296,7 @@ +Index: dhcp-4.4.1/includes/site.h +=================================================================== +--- dhcp-4.4.1.orig/includes/site.h ++++ dhcp-4.4.1/includes/site.h +@@ -295,7 +295,7 @@ situations. We plan to revisit this feature and may make non-backwards compatible changes including the removal of this define. Use at your own risk. */ @@ -25,6 +25,3 @@ index 280fbb9..e6c2972 100644 /* Include old error codes. This is provided in case you are building an external program similar to omshell for --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch index 43c26ea21..feb0754ff 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch @@ -15,13 +15,13 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> configure.ac | 11 +++++++++++ 1 file changed, 11 insertions(+) -diff --git a/configure.ac b/configure.ac -index 44fb57e..8e9f509 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -611,6 +611,17 @@ AC_CHECK_FUNCS(strlcat) - # For HP/UX we need -lipv6 for if_nametoindex, perhaps others. - AC_SEARCH_LIBS(if_nametoindex, [ipv6]) +Index: dhcp-4.4.1/configure.ac +=================================================================== +--- dhcp-4.4.1.orig/configure.ac ++++ dhcp-4.4.1/configure.ac +@@ -642,6 +642,17 @@ if test "$have_nanosleep" = "rt"; then + LIBS="-lrt $LIBS" + fi +AC_ARG_WITH(libxml2, + AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), @@ -37,6 +37,26 @@ index 44fb57e..8e9f509 100644 # check for /dev/random (declares HAVE_DEV_RANDOM) AC_MSG_CHECKING(for random device) AC_ARG_WITH(randomdev, --- -1.8.3.1 - +Index: dhcp-4.4.1/configure.ac+lt +=================================================================== +--- dhcp-4.4.1.orig/configure.ac+lt ++++ dhcp-4.4.1/configure.ac+lt +@@ -909,6 +909,18 @@ elif test "$want_libtool" = "yes" -a "$u + fi + AM_CONDITIONAL(INSTALL_BIND, test "$want_install_bind" = "yes") + ++AC_ARG_WITH(libxml2, ++ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), ++ with_libxml2="$withval", with_libxml2="no") ++ ++if test x$with_libxml2 != xno; then ++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],, ++ [if test x$with_libxml2 != xauto; then ++ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) ++ fi]) ++fi ++ ++ + # OpenLDAP support. + AC_ARG_WITH(ldap, + AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]), diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch index a20b5f96f..006d18ae7 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch @@ -20,10 +20,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> server/tests/Makefile.am | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) -Index: dhcp-4.3.6/client/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/client/Makefile.am -+++ dhcp-4.3.6/client/Makefile.am +diff --git a/client/Makefile.am b/client/Makefile.am +index 4730bb3..84d8131 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am @@ -4,7 +4,7 @@ # production code. Sadly, we are not there yet. SUBDIRS = . tests @@ -33,10 +33,10 @@ Index: dhcp-4.3.6/client/Makefile.am AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes -Index: dhcp-4.3.6/client/tests/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/client/tests/Makefile.am -+++ dhcp-4.3.6/client/tests/Makefile.am +diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am +index 5031d0c..a8dfd26 100644 +--- a/client/tests/Makefile.am ++++ b/client/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -45,10 +45,10 @@ Index: dhcp-4.3.6/client/tests/Makefile.am AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) -Index: dhcp-4.3.6/common/tests/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/common/tests/Makefile.am -+++ dhcp-4.3.6/common/tests/Makefile.am +diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am +index f6a43e4..2f98d22 100644 +--- a/common/tests/Makefile.am ++++ b/common/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -57,40 +57,40 @@ Index: dhcp-4.3.6/common/tests/Makefile.am AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes -Index: dhcp-4.3.6/dhcpctl/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/dhcpctl/Makefile.am -+++ dhcp-4.3.6/dhcpctl/Makefile.am +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index ba8dd8b..9b2486e 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -Index: dhcp-4.3.6/omapip/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/omapip/Makefile.am -+++ dhcp-4.3.6/omapip/Makefile.am +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index dd1afa0..e4a8599 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -I$(top_srcdir)/includes - lib_LTLIBRARIES = libomapi.la -Index: dhcp-4.3.6/relay/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/relay/Makefile.am -+++ dhcp-4.3.6/relay/Makefile.am + lib_LIBRARIES = libomapi.a +diff --git a/relay/Makefile.am b/relay/Makefile.am +index 6d652f6..b3bf578 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am @@ -1,4 +1,4 @@ -BINDLIBDIR = @BINDDIR@/lib +BINDLIBDIR = @BINDDIR@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes -Index: dhcp-4.3.6/server/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/server/Makefile.am -+++ dhcp-4.3.6/server/Makefile.am +diff --git a/server/Makefile.am b/server/Makefile.am +index 3990b9c..b5d8c2d 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am @@ -4,7 +4,7 @@ # production code. Sadly, we are not there yet. SUBDIRS = . tests @@ -100,10 +100,10 @@ Index: dhcp-4.3.6/server/Makefile.am AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes -Index: dhcp-4.3.6/server/tests/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/server/tests/Makefile.am -+++ dhcp-4.3.6/server/tests/Makefile.am +diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am +index a87c5e7..9821081 100644 +--- a/server/tests/Makefile.am ++++ b/server/tests/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = . @@ -112,3 +112,6 @@ Index: dhcp-4.3.6/server/tests/Makefile.am AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) +-- +1.8.3.1 + diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch deleted file mode 100644 index 898b1fc7e..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 76c370a929e5ab5dbc81c2fbcf4e50f4fbc08ce9 Mon Sep 17 00:00:00 2001 -From: Kai Kang <kai.kang@windriver.com> -Date: Tue, 15 Aug 2017 15:53:37 +0800 -Subject: [PATCH 10/11] build shared libs - -Upstream-Status: Pending - -Port patches from Fedora to build shared libs rather than static libs. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/Makefile.am | 4 ++-- - common/tests/Makefile.am | 13 +++++-------- - configure.ac | 12 ++---------- - dhcpctl/Makefile.am | 14 ++++++-------- - omapip/Makefile.am | 7 +++---- - relay/Makefile.am | 5 ++--- - server/Makefile.am | 7 +++---- - server/tests/Makefile.am | 7 +++---- - 8 files changed, 26 insertions(+), 43 deletions(-) - -Index: dhcp-4.3.6/client/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/client/Makefile.am -+++ dhcp-4.3.6/client/Makefile.am -@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $ - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt --dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -Index: dhcp-4.3.6/common/tests/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/common/tests/Makefile.am -+++ dhcp-4.3.6/common/tests/Makefile.am -@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest - alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c - alloc_unittest_LDADD = $(ATF_LDFLAGS) - alloc_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c - dns_unittest_LDADD = $(ATF_LDFLAGS) - dns_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c - misc_unittest_LDADD = $(ATF_LDFLAGS) - misc_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c - ns_name_unittest_LDADD = $(ATF_LDFLAGS) - ns_name_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.a -L$(BINDLIBDIR) \ -+ -ldns -lisccfg -lisc - - check: $(ATF_TESTS) - @if test $(top_srcdir) != ${top_builddir}; then \ -Index: dhcp-4.3.6/configure.ac -=================================================================== ---- dhcp-4.3.6.orig/configure.ac -+++ dhcp-4.3.6/configure.ac -@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$c - # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. - AC_USE_SYSTEM_EXTENSIONS - --AC_PROG_RANLIB -- --AC_PATH_PROG(AR, ar) --AC_SUBST(AR) -- --if test "X$AR" = "X"; then -- AC_MSG_ERROR([ --ar program not found. Please fix your PATH to include the directory in --which ar resides, or set AR in the environment with the full path to ar.]) --fi -+# Use libtool to simplify building of shared libraries -+AC_PROG_LIBTOOL - - AC_CONFIG_HEADERS([includes/config.h]) - -Index: dhcp-4.3.6/dhcpctl/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/dhcpctl/Makefile.am -+++ dhcp-4.3.6/dhcpctl/Makefile.am -@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@/lib - AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) - - bin_PROGRAMS = omshell --lib_LIBRARIES = libdhcpctl.a -+lib_LTLIBRARIES = libdhcpctl.la - noinst_PROGRAMS = cltest - man_MANS = omshell.1 dhcpctl.3 - EXTRA_DIST = $(man_MANS) - - omshell_SOURCES = omshell.c --omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - --libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c -+libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c - - cltest_SOURCES = cltest.c --cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc -Index: dhcp-4.3.6/omapip/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/omapip/Makefile.am -+++ dhcp-4.3.6/omapip/Makefile.am -@@ -1,10 +1,10 @@ - BINDLIBDIR = @BINDDIR@/lib - AM_CPPFLAGS = -I$(top_srcdir)/includes - --lib_LIBRARIES = libomapi.a -+lib_LTLIBRARIES = libomapi.la - noinst_PROGRAMS = svtest - --libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ -+libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ - errwarn.c listener.c dispatch.c generic.c support.c \ - handle.c message.c convert.c hash.c auth.c inet_addr.c \ - array.c trace.c toisc.c iscprint.c isclib.c -@@ -13,6 +13,5 @@ man_MANS = omapi.3 - EXTRA_DIST = $(man_MANS) - - svtest_SOURCES = test.c --svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - -Index: dhcp-4.3.6/relay/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/relay/Makefile.am -+++ dhcp-4.3.6/relay/Makefile.am -@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c --dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -Index: dhcp-4.3.6/server/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/server/Makefile.am -+++ dhcp-4.3.6/server/Makefile.am -@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c - dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c - - dhcpd_CFLAGS = $(LDAP_CFLAGS) --dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ -- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS) -+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ ../dhcpctl/libdhcpctl.la -L$(BINDLIBDIR) \ -+ -lirs -ldns -lisccfg -lisc $(LDAP_LIBS) - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) -Index: dhcp-4.3.6/server/tests/Makefile.am -=================================================================== ---- dhcp-4.3.6.orig/server/tests/Makefile.am -+++ dhcp-4.3.6/server/tests/Makefile.am -@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpa - ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ - ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c - --DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ -- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ -- $(BINDLIBDIR)/libisc.a -+DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ -+ $(top_builddir)/dhcpctl/libdhcpctl.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - - ATF_TESTS = - if HAVE_ATF diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch deleted file mode 100644 index 67bb4631a..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 37725f3e22edb50e0ca2d1fff971321a5a4d5112 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Wed, 12 Jul 2017 03:05:13 -0400 -Subject: [PATCH 11/11] Moved the call to isc_app_ctxstart() to not get signal - block by all threads - -Signed-off-by: Francis Dupont <fdupont@isc.org> - -In https://source.isc.org/git/bind9.git, since the following -commit applied: -... -commit b99bfa184bc9375421b5df915eea7dfac6a68a99 -Author: Evan Hunt <each@isc.org> -Date: Wed Apr 10 13:49:57 2013 -0700 - - [master] unify internal and export libraries - - 3550. [func] Unified the internal and export versions of the - BIND libraries, allowing external clients to use - the same libraries as BIND. [RT #33131] -... -(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c) - -In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS), -it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart. -Which caused dhclient/dhcpd could not be stopped by SIGTERM. - -It caused systemd's reboot hung which send SIGTERM by default. - -Upstream-Status: Backport [https://source.isc.org/git/dhcp.git] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - omapip/isclib.c | 25 +++++++++++++++---------- - 1 file changed, 15 insertions(+), 10 deletions(-) - -diff --git a/omapip/isclib.c b/omapip/isclib.c -index ce86490..6a04345 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -185,16 +185,6 @@ dhcp_context_create(int flags, - if (result != ISC_R_SUCCESS) - goto cleanup; - -- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); -- if (result != ISC_R_SUCCESS) -- return (result); -- dhcp_gbl_ctx.actx_started = ISC_TRUE; -- -- /* Not all OSs support suppressing SIGPIPE through socket -- * options, so set the sigal action to be ignore. This allows -- * broken connections to fail gracefully with EPIPE on writes */ -- handle_signal(SIGPIPE, SIG_IGN); -- - result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, - dhcp_gbl_ctx.actx, - 1, 0, -@@ -217,6 +207,21 @@ dhcp_context_create(int flags, - result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); - if (result != ISC_R_SUCCESS) - goto cleanup; -+ -+ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); -+ if (result != ISC_R_SUCCESS) -+ return (result); -+ dhcp_gbl_ctx.actx_started = ISC_TRUE; -+ -+ /* Not all OSs support suppressing SIGPIPE through socket -+ * options, so set the sigal action to be ignore. This allows -+ * broken connections to fail gracefully with EPIPE on writes */ -+ handle_signal(SIGPIPE, SIG_IGN); -+ -+ /* Reset handlers installed by isc_app_ctxstart() -+ * to default for control-c and kill */ -+ handle_signal(SIGINT, SIG_DFL); -+ handle_signal(SIGTERM, SIG_DFL); - } - - #if defined (NSUPDATE) --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch index 2d3af9db0..39ba65fbc 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch @@ -19,11 +19,11 @@ Signed-off-by: Awais Belal <awais_belal@mentor.com> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index bfe988a..f0459e6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -608,7 +608,7 @@ AC_ARG_WITH(libxml2, +Index: dhcp-4.4.1/configure.ac +=================================================================== +--- dhcp-4.4.1.orig/configure.ac ++++ dhcp-4.4.1/configure.ac +@@ -647,7 +647,7 @@ AC_ARG_WITH(libxml2, with_libxml2="$withval", with_libxml2="no") if test x$with_libxml2 != xno; then @@ -32,6 +32,3 @@ index bfe988a..f0459e6 100644 [if test x$with_libxml2 != xauto; then AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) fi]) --- -2.11.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch new file mode 100644 index 000000000..fcec010bd --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch @@ -0,0 +1,64 @@ +lib and include path is hardcoded for use_libbind + +use libdir and includedir vars + +Upstream-Status: Pending +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: dhcp-4.4.1/configure.ac+lt +=================================================================== +--- dhcp-4.4.1.orig/configure.ac+lt ++++ dhcp-4.4.1/configure.ac+lt +@@ -801,22 +801,22 @@ no) + if test ! -d "$use_libbind"; then + AC_MSG_ERROR([Cannot find bind directory at $use_libbind]) + fi +- if test ! -d "$use_libbind/include" -o \ +- ! -f "$use_libbind/include/isc/buffer.h" ++ if test ! -d "$use_libbind/$includedir" -o \ ++ ! -f "$use_libbind/$includedir/isc/buffer.h" + then +- AC_MSG_ERROR([Cannot find bind includes at $use_libbind/include]) ++ AC_MSG_ERROR([Cannot find bind includes at $use_libbind/$includedir]) + fi +- if test ! -d "$use_libbind/lib" -o \ +- \( ! -f "$use_libbind/lib/libisc.a" -a \ +- ! -f "$use_libbind/lib/libisc.la" \) ++ if test ! -d "$use_libbind/$libdir" -o \ ++ \( ! -f "$use_libbind/$libdir/libisc.a" -a \ ++ ! -f "$use_libbind/$libdir/libisc.la" \) + then +- AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/lib]) ++ AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/$libdir]) + fi + BINDDIR="$use_libbind" +- BINDLIBIRSDIR="$BINDDIR/lib" +- BINDLIBDNSDIR="$BINDDIR/lib" +- BINDLIBISCCFGDIR="$BINDDIR/lib" +- BINDLIBISCDIR="$BINDDIR/lib" ++ BINDLIBIRSDIR="$BINDDIR/$libdir" ++ BINDLIBDNSDIR="$BINDDIR/$libdir" ++ BINDLIBISCCFGDIR="$BINDDIR/$libdir" ++ BINDLIBISCDIR="$BINDDIR/$libdir" + DISTCHECK_LIBBIND_CONFIGURE_FLAG="--with-libbind=$use_libbind" + ;; + esac +@@ -856,14 +856,14 @@ AC_ARG_ENABLE(libtool, + + if test "$use_libbind" != "no"; then + if test "$want_libtool" = "yes" -a \ +- ! -f "$use_libbind/lib/libisc.la" ++ ! -f "$use_libbind/$libdir/libisc.la" + then +- AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/lib]) ++ AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/$libdir]) + fi + if test "$want_libtool" = "no" -a \ +- ! -f "$use_libbind/lib/libisc.a" ++ ! -f "$use_libbind/$libdir/libisc.a" + then +- AC_MSG_ERROR([Cannot find static libraries at $use_libbind/lib]) ++ AC_MSG_ERROR([Cannot find static libraries at $use_libbind/$libdir]) + fi + fi + diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch deleted file mode 100644 index 2b2688cb2..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder <tmark@isc.org> -Date: Thu, 7 Dec 2017 11:39:30 -0500 -Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI - - Merges in rt46767. - -Upstream-Status: Backport -[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4] - -CVE: CVE-2017-3144 - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - RELNOTES | 7 +++++++ - omapip/buffer.c | 9 +++++++++ - omapip/message.c | 2 +- - 3 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/RELNOTES b/RELNOTES -index dd40aaf..3741b80 100644 ---- a/RELNOTES -+++ b/RELNOTES -@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do. - Email Vicky Risk, Product Manager at vicky@isc.org or discuss on - dhcp-users@lists.isc.org. - -+- Plugged a socket descriptor leak in OMAPI, that can occur when there is -+ data pending to be written to an OMAPI connection, when the connection -+ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing -+ this issue to our attention and whose patch helped guide us in the right -+ direction. -+ [ISc-Bugs #46767] -+ - Changes since 4.3.6b1 - - - None -diff --git a/omapip/buffer.c b/omapip/buffer.c -index f7fdc32..809034d 100644 ---- a/omapip/buffer.c -+++ b/omapip/buffer.c -@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h) - omapi_buffer_dereference (&buffer, MDL); - } - } -+ -+ /* If we had data left to write when we're told to disconnect, -+ * we need recall disconnect, now that we're done writing. -+ * See rt46767. */ -+ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) { -+ omapi_disconnect (h, 1); -+ return ISC_R_SHUTTINGDOWN; -+ } -+ - return ISC_R_SUCCESS; - } - -diff --git a/omapip/message.c b/omapip/message.c -index 59ccdc2..21bcfc3 100644 ---- a/omapip/message.c -+++ b/omapip/message.c -@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo) - } - - #ifdef DEBUG_PROTOCOL --static const char *omapi_message_op_name(int op) { -+const char *omapi_message_op_name(int op) { - switch (op) { - case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN"; - case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH"; --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb deleted file mode 100644 index 8b30579e2..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb +++ /dev/null @@ -1,35 +0,0 @@ -require dhcp.inc - -SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ - file://0002-dhclient-dbus.patch \ - file://0003-link-with-lcrypto.patch \ - file://0004-Fix-out-of-tree-builds.patch \ - file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ - file://0006-site.h-enable-gentle-shutdown.patch \ - file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ - file://0009-remove-dhclient-script-bash-dependency.patch \ - file://0010-build-shared-libs.patch \ - file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \ - file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ - file://CVE-2017-3144.patch \ - " - -# use internal libisc libraries which are based on bind 9.9.11 - there -# is a bug in bind 9.10.x (normally supplied by OE) that prevents -# dhcpd/dhclient from shutting down cleanly on sigterm and from running -# in the background -# -# [https://bugzilla.yoctoproject.org/show_bug.cgi?id=12744] -# -# remove "ext-bind" and -# also set PARALLEL_MAKE = "" -# [ Yocto 12744 ] -# -SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'ext-bind', 'file://0008-tweak-to-support-external-bind.patch', '', d)}" - -SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc" -SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b" - -PACKAGECONFIG ?= "ext-bind" -PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" -PACKAGECONFIG[ext-bind] = "--with-libbind=${STAGING_LIBDIR}, --without-libbind, bind" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb new file mode 100644 index 000000000..159abbc40 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb @@ -0,0 +1,21 @@ +require dhcp.inc + +SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ + file://0002-dhclient-dbus.patch \ + file://0003-link-with-lcrypto.patch \ + file://0004-Fix-out-of-tree-builds.patch \ + file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ + file://0006-site.h-enable-gentle-shutdown.patch \ + file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ + file://0009-remove-dhclient-script-bash-dependency.patch \ + file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ + file://0013-fixup_use_libbind.patch \ +" + +SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" +SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608" + +LDFLAGS_append = " -pthread" + +PACKAGECONFIG ?= "" +PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service index ca96abb83..52a6224dc 100644 --- a/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service +++ b/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service @@ -9,7 +9,7 @@ PIDFile=@localstatedir@/run/dhcpd6.pid EnvironmentFile=@SYSCONFDIR@/default/dhcp-server EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6 ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases -ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES +ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd6.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES [Install] WantedBy=multi-user.target diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc index 4fbfec6f0..b28358906 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -9,7 +9,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" -DEPENDS = "flex-native bison-native iptables elfutils" +DEPENDS = "flex-native bison-native iptables elfutils libcap" inherit update-alternatives bash-completion pkgconfig diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch deleted file mode 100644 index c3d3fea9c..000000000 --- a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch +++ /dev/null @@ -1,63 +0,0 @@ -Subject: [PATCH] iproute2: de-bash scripts - -de-bash these two scripts to make iproute2 not depend on bash. - -Upstream-Status: Pending - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - ip/ifcfg | 15 ++++++++------- - ip/rtpr | 2 +- - 2 files changed, 9 insertions(+), 8 deletions(-) - -diff --git a/ip/ifcfg b/ip/ifcfg -index 30a2dc4..8677b2e 100644 ---- a/ip/ifcfg -+++ b/ip/ifcfg -@@ -1,12 +1,13 @@ --#! /bin/bash -+#! /bin/sh - - CheckForwarding () { -- local sbase fwd -+ local sbase fwd forwarding - sbase=/proc/sys/net/ipv4/conf - fwd=0 - if [ -d $sbase ]; then - for dir in $sbase/*/forwarding; do -- fwd=$[$fwd + `cat $dir`] -+ forwarding=`cat $dir` -+ fwd=$(($fwd+$forwarding)) - done - else - fwd=2 -@@ -127,12 +128,12 @@ fi - arping -q -A -c 1 -I $dev $ipaddr - noarp=$? - ( sleep 2 ; -- arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null & -+ arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null & - --ip route add unreachable 224.0.0.0/24 >& /dev/null --ip route add unreachable 255.255.255.255 >& /dev/null -+ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1 -+ip route add unreachable 255.255.255.255 > /dev/null 2>&1 - if [ "`ip link ls $dev | grep -c MULTICAST`" -ge 1 ]; then -- ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null -+ ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1 - fi - - if [ $fwd -eq 0 ]; then -diff --git a/ip/rtpr b/ip/rtpr -index c3629fd..674198d 100644 ---- a/ip/rtpr -+++ b/ip/rtpr -@@ -1,4 +1,4 @@ --#! /bin/bash -+#! /bin/sh - - exec tr "[\\\\]" "[ - ]" --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_4.18.0.bb index 81e2e4a16..8eed37761 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_4.18.0.bb @@ -2,13 +2,12 @@ require iproute2.inc SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://configure-cross.patch \ - file://0001-iproute2-de-bash-scripts.patch \ file://0001-libc-compat.h-add-musl-workaround.patch \ file://0001-ip-Remove-unneed-header.patch \ " -SRC_URI[md5sum] = "1075423d7029e02a8f23ed4f42b7e372" -SRC_URI[sha256sum] = "d43ac068afcc350a448f4581b6e292331ef7e4e7aa746e34981582d5fdb10067" +SRC_URI[md5sum] = "8b8680e91390c57cab788fbf8e929479" +SRC_URI[sha256sum] = "a9e6c70c95f513871c5e1f4e452c04fcb3c4d8a05be651bd794cd994a52daa45" # CFLAGS are computed in Makefile and reference CCOPTS # diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb index 8d2feec76..d0eb2768d 100644 --- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb +++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb @@ -17,6 +17,8 @@ SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d81 S = "${WORKDIR}/nss-mdns-${PV}" +localstatedir = "/" + inherit autotools EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" @@ -28,13 +30,16 @@ DEBIANNAME_${PN} = "libnss-mdns" RDEPENDS_${PN} = "avahi-daemon" pkg_postinst_${PN} () { - sed -e '/^hosts:/s/\s*\<mdns\>//' \ - -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \ - -i $D${sysconfdir}/nsswitch.conf + sed ' + /^hosts:/ !b + /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b + s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g + ' -i $D${sysconfdir}/nsswitch.conf } pkg_prerm_${PN} () { - sed -e '/^hosts:/s/\s*\<mdns\>//' \ - -e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \ - -i $D${sysconfdir}/nsswitch.conf + sed ' + /^hosts:/ !b + s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g + ' -i $D${sysconfdir}/nsswitch.conf } diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch new file mode 100644 index 000000000..7e97e8ec3 --- /dev/null +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch @@ -0,0 +1,18 @@ +The mobile-broadband-provider-info.pc file is installed into a non-arch directory +yet contains libdir which can vary depending on which multilib is configured. +The .pc file does not require libdir so remove this to fix multilib builds. + +Upstream-Status: Backport [8109fcd3c7299fae859fb891ff416927581a9955] +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> + +Index: git/mobile-broadband-provider-info.pc.in +=================================================================== +--- git.orig/mobile-broadband-provider-info.pc.in 2018-08-07 13:09:31.811364063 +0800 ++++ git/mobile-broadband-provider-info.pc.in 2018-08-10 17:49:25.645288320 +0800 +@@ -1,6 +1,5 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ +-libdir=@libdir@ + datarootdir = @datarootdir@ + pkgdatadir=${datarootdir}/@PACKAGE@ + includedir=@includedir@ diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 57f521a6c..7f1dd78c1 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -7,8 +7,9 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" PV = "20170310" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https" - +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https \ + file://multilibfix.patch \ +" S = "${WORKDIR}/git" inherit autotools diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch deleted file mode 100644 index 4ac529044..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 14 Apr 2015 07:22:47 -0700 -Subject: [PATCH] include sys/types.h for getting u_* typedefs - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - cfg.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/cfg.h b/cfg.h -index d4d4cab..fe49e8f 100644 ---- a/cfg.h -+++ b/cfg.h -@@ -33,6 +33,7 @@ - #ifndef _CONF_H_ - #define _CONF_H_ - -+#include <sys/types.h> - #include "queue.h" - - struct conf_list_node { --- -2.1.4 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch deleted file mode 100644 index 4633da919..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch +++ /dev/null @@ -1,18 +0,0 @@ -Set nobody user and group - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Roy.Li <rongqing.li@windriver.com> ---- a/idmapd.conf -+++ b/idmapd.conf -@@ -17,8 +17,8 @@ - - [Mapping] - --#Nobody-User = nobody --#Nobody-Group = nobody -+Nobody-User = nobody -+Nobody-Group = nogroup - - [Translation] - diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch deleted file mode 100644 index d81c7c5f3..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch +++ /dev/null @@ -1,13 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - ---- a/configure.in -+++ b/configure.in -@@ -1,7 +1,7 @@ - # -*- Autoconf -*- - # Process this file with autoconf to produce a configure script. - --AC_PREREQ([2.68]) -+AC_PREREQ([2.65]) - AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org]) - AC_CONFIG_SRCDIR([nfsidmap.h]) - AC_CONFIG_MACRO_DIR([m4]) diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb deleted file mode 100644 index 256577100..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "NFS id mapping library" -HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/" -SECTION = "libs" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37" - -SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \ - file://fix-ac-prereq.patch \ - file://Set_nobody_user_group.patch \ - file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \ - " - -SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab" -SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf" - -UPSTREAM_CHECK_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/" - -inherit autotools - -EXTRA_OECONF = "--disable-ldap" - -do_install_append () { - install -d ${D}${sysconfdir}/ - install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf -} - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch deleted file mode 100644 index 26b558c81..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001 -From: Martin Jansa <Martin.Jansa@gmail.com> -Date: Fri, 15 Nov 2013 23:21:35 +0100 -Subject: [PATCH] configure: Allow to explicitly disable nfsidmap - -* keyutils availability is autodetected and builds aren't reproducible - -Upstream-Status: Pending - -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> ---- - configure.ac | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -Index: nfs-utils-2.1.1/configure.ac -=================================================================== ---- nfs-utils-2.1.1.orig/configure.ac -+++ nfs-utils-2.1.1/configure.ac -@@ -92,6 +92,12 @@ AC_ARG_ENABLE(nfsv4, - AC_SUBST(enable_nfsv4) - AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"]) - -+AC_ARG_ENABLE(nfsidmap, -+ [AC_HELP_STRING([--enable-nfsidmap], -+ [enable support for NFSv4 idmapper @<:@default=yes@:>@])], -+ enable_nfsidmap=$enableval, -+ enable_nfsidmap=yes) -+ - AC_ARG_ENABLE(nfsv41, - [AC_HELP_STRING([--disable-nfsv41], - [disable support for NFSv41 @<:@default=no@:>@])], -@@ -339,7 +345,7 @@ fi - - dnl enable nfsidmap when its support by libnfsidmap - AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ]) --AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) -+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"]) - - - if test "$knfsd_cv_glibc2" = no; then diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch deleted file mode 100644 index 235a2c76f..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 36b48057bce76dced335d67a2894a420967811c9 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 20 May 2017 14:07:53 -0700 -Subject: [PATCH] include stdint.h for UINT16_MAX definition - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - support/nsm/rpc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/support/nsm/rpc.c b/support/nsm/rpc.c -index 4e5f40e..d91c6ea 100644 ---- a/support/nsm/rpc.c -+++ b/support/nsm/rpc.c -@@ -40,6 +40,7 @@ - - #include <time.h> - #include <stdbool.h> -+#include <stdint.h> - #include <string.h> - #include <unistd.h> - #include <fcntl.h> --- -2.13.0 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch index 822939f0d..822939f0d 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch deleted file mode 100644 index 89a8a5726..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fixes errors like -sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later -This error will occur anytime sm-notify is run before the network if fully up, -which is happening more and more with parallel startup systems. -The res_init() call is simple, safe, quick, and a patch to use it should be -able to go upstream. Presumably the whole reason sm-notify tries several -times is to wait for possible changes to the network configuration, but without -calling res_init() it will never be aware of those changes - -Backported drom Fedora - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - - -Index: nfs-utils-2.1.1/utils/statd/sm-notify.c -=================================================================== ---- nfs-utils-2.1.1.orig/utils/statd/sm-notify.c -+++ nfs-utils-2.1.1/utils/statd/sm-notify.c -@@ -28,6 +28,9 @@ - #include <netdb.h> - #include <errno.h> - #include <grp.h> -+#include <netinet/in.h> -+#include <arpa/nameser.h> -+#include <resolv.h> - - #include "conffile.h" - #include "sockaddr.h" -@@ -89,6 +92,7 @@ smn_lookup(const char *name) - }; - int error; - -+ res_init(); - error = getaddrinfo(name, NULL, &hint, &ai); - if (error != 0) { - xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error)); diff --git a/poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch index ede0dcefc..ede0dcefc 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch new file mode 100644 index 000000000..25ca41515 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch @@ -0,0 +1,133 @@ +Fixed: +| file.c: In function 'generic_make_pathname': +| file.c:48:13: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'RAND_MAX'? +| if (size > PATH_MAX) +| ^~~~~~~~ +[snip] + +Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/limits.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + support/export/export.c | 1 + + support/export/xtab.c | 1 + + support/misc/file.c | 1 + + support/nfs/xcommon.c | 1 + + support/nsm/file.c | 1 + + utils/blkmapd/device-discovery.c | 1 + + utils/gssd/krb5_util.c | 1 + + utils/mountd/cache.c | 1 + + utils/mountd/mountd.c | 1 + + utils/mountd/rmtab.c | 1 + + 10 files changed, 10 insertions(+) + +diff --git a/support/export/export.c b/support/export/export.c +--- a/support/export/export.c ++++ b/support/export/export.c +@@ -17,6 +17,7 @@ + #include <stdlib.h> + #include <dirent.h> + #include <errno.h> ++#include <limits.h> + #include "xmalloc.h" + #include "nfslib.h" + #include "exportfs.h" +diff --git a/support/export/xtab.c b/support/export/xtab.c +--- a/support/export/xtab.c ++++ b/support/export/xtab.c +@@ -18,6 +18,7 @@ + #include <sys/stat.h> + #include <errno.h> + #include <libgen.h> ++#include <limits.h> + + #include "nfslib.h" + #include "exportfs.h" +diff --git a/support/misc/file.c b/support/misc/file.c +--- a/support/misc/file.c ++++ b/support/misc/file.c +@@ -27,6 +27,7 @@ + #include <dirent.h> + #include <stdlib.h> + #include <stdbool.h> ++#include <limits.h> + + #include "xlog.h" + #include "misc.h" +diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c +--- a/support/nfs/xcommon.c ++++ b/support/nfs/xcommon.c +@@ -16,6 +16,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <limits.h> + + #include "xcommon.h" + #include "nls.h" /* _() */ +diff --git a/support/nsm/file.c b/support/nsm/file.c +--- a/support/nsm/file.c ++++ b/support/nsm/file.c +@@ -85,6 +85,7 @@ + #include <fcntl.h> + #include <dirent.h> + #include <grp.h> ++#include <limits.h> + + #include "xlog.h" + #include "nsm.h" +diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c +--- a/utils/blkmapd/device-discovery.c ++++ b/utils/blkmapd/device-discovery.c +@@ -49,6 +49,7 @@ + #include <unistd.h> + #include <libgen.h> + #include <errno.h> ++#include <limits.h> + #include <libdevmapper.h> + + #ifdef HAVE_CONFIG_H +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -120,6 +120,7 @@ + #endif + #include <krb5.h> + #include <rpc/auth_gss.h> ++#include <limits.h> + + #include "gssd.h" + #include "err_util.h" +diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c +--- a/utils/mountd/cache.c ++++ b/utils/mountd/cache.c +@@ -26,6 +26,7 @@ + #include <pwd.h> + #include <grp.h> + #include <mntent.h> ++#include <limits.h> + #include "misc.h" + #include "nfslib.h" + #include "exportfs.h" +diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c +--- a/utils/mountd/mountd.c ++++ b/utils/mountd/mountd.c +@@ -22,6 +22,7 @@ + #include <fcntl.h> + #include <sys/resource.h> + #include <sys/wait.h> ++#include <limits.h> + + #include "conffile.h" + #include "xmalloc.h" +diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c +--- a/utils/mountd/rmtab.c ++++ b/utils/mountd/rmtab.c +@@ -16,6 +16,7 @@ + #include <netinet/in.h> + #include <arpa/inet.h> + #include <netdb.h> ++#include <limits.h> + + #include "misc.h" + #include "exportfs.h" diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch new file mode 100644 index 000000000..a169e6a22 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch @@ -0,0 +1,22 @@ +Fixed: +configure: error: res_querydomain needed + +Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/musl-res_querydomain.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +--- a/configure.ac ++++ b/configure.ac +@@ -401,7 +401,7 @@ if test "$enable_gss" = yes; then + fi + + dnl libdnsidmap specific checks +-AC_CHECK_LIB([resolv], [__res_querydomain], , AC_MSG_ERROR(res_querydomain needed)) ++AC_CHECK_LIB([resolv], [res_querydomain], , AC_MSG_ERROR(res_querydomain needed)) + + AC_ARG_ENABLE([ldap], + [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])]) diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb index 79453ad20..6d450c751 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb @@ -8,7 +8,7 @@ LICENSE = "MIT & GPLv2+ & BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" # util-linux for libblkid -DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3 libtirpc" +DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" RDEPENDS_${PN} = "${PN}-client bash" RRECOMMENDS_${PN} = "kernel-module-nfsd" @@ -19,8 +19,6 @@ USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ --shell /bin/false --user-group rpcuser" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ - file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \ - file://nfs-utils-1.2.3-sm-notify-res_init.patch \ file://nfsserver \ file://nfscommon \ file://nfs-utils.conf \ @@ -31,11 +29,13 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ file://nfs-utils-debianize-start-statd.patch \ file://bugfix-adjust-statd-service-name.patch \ - file://0001-include-stdint.h-for-UINT16_MAX-definition.patch \ + file://nfs-utils-musl-limits.patch \ " -SRC_URI[md5sum] = "59dfcb2e6254b129f901f40c86086b13" -SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef" +SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" + +SRC_URI[md5sum] = "d77b182a9ee396aa6221ac2401ad7046" +SRC_URI[sha256sum] = "96d06b5a86b185815760d8f04c34fdface8fa8b9949ff256ac05c3ebc08335a5" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -67,10 +67,11 @@ PACKAGECONFIG ??= "tcp-wrappers \ " PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" -PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" +# keyutils is available in meta-security +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb deleted file mode 100644 index e57eaa77e..000000000 --- a/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb +++ /dev/null @@ -1,9 +0,0 @@ -require ofono.inc - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://ofono \ - file://use-python3.patch \ -" -SRC_URI[md5sum] = "2a683ab8e98448ad8bc5dc9868d2893e" -SRC_URI[sha256sum] = "8e34a6696c300c9841b55e8dff640bd3096e49f5dbe55bbebaa69a71676f687e" diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb new file mode 100644 index 000000000..be7d9ea85 --- /dev/null +++ b/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb @@ -0,0 +1,9 @@ +require ofono.inc + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://ofono \ + file://use-python3.patch \ +" +SRC_URI[md5sum] = "be24e80f6551f46fea0c5b5879964d6c" +SRC_URI[sha256sum] = "9c8e351b7658f4b43f9a4380b731c47d2d7544a89987c48c3f227e73636c87ae" diff --git a/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch b/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch deleted file mode 100644 index 8a2d1a0a7..000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 265eaab8b39d8d8721224a48eefed5bf1696d353 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Wed, 18 Apr 2018 21:58:32 +0800 -Subject: [PATCH] disable ciphers not supported by OpenSSL DES - -While compiling openssl with option `no-des', it caused the openssh -build failure -... -cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); -... - -OpenSSL configured that way defines OPENSSL_NO_DES to disable des - -Suggested by dtucker@ - -Upstream-Status: Submitted [openssh-unix-dev@mindrot.org] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - cipher.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/cipher.c b/cipher.c -index c3cd5dc..86558e1 100644 ---- a/cipher.c -+++ b/cipher.c -@@ -82,7 +82,9 @@ struct sshcipher { - - static const struct sshcipher ciphers[] = { - #ifdef WITH_OPENSSL -+#ifndef OPENSSL_NO_DES - { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -+#endif - { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, - { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, - { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/openssh/openssh/init b/poky/meta/recipes-connectivity/openssh/openssh/init index 34ba0f846..8887e3af1 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/init +++ b/poky/meta/recipes-connectivity/openssh/openssh/init @@ -36,7 +36,7 @@ check_privsep_dir() { } check_config() { - /usr/sbin/sshd -t $SSHD_OPTS || exit 1 + /usr/sbin/sshd $SSHD_OPTS -t || exit 1 } export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" @@ -48,19 +48,19 @@ case "$1" in @LIBEXECDIR@/sshd_check_keys check_privsep_dir start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS - echo "done." + echo "done." ;; stop) - echo -n "Stopping OpenBSD Secure Shell server: sshd" + echo -n "Stopping OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd - echo "." + echo "." ;; reload|force-reload) check_for_no_start @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Reloading OpenBSD Secure Shell server's configuration" + echo -n "Reloading OpenBSD Secure Shell server's configuration" start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd echo "." ;; @@ -68,7 +68,7 @@ case "$1" in restart) @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Restarting OpenBSD Secure Shell server: sshd" + echo -n "Restarting OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd check_for_no_start check_privsep_dir diff --git a/poky/meta/recipes-connectivity/openssh/openssh/ssh_config b/poky/meta/recipes-connectivity/openssh/openssh/ssh_config index 9e919156d..e0d023803 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/poky/meta/recipes-connectivity/openssh/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ +# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -31,14 +31,14 @@ Host * # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# Protocol 2 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 5463b1a4c..1931dc715 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -56,35 +56,23 @@ while true ; do esac done -# parse location of keys -HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key -HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key -HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key -HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key - -# create keys if necessary -if [ ! -f $HOST_KEY_RSA ]; then - echo " generating ssh RSA key..." - generate_key $HOST_KEY_RSA rsa -fi -if [ ! -f $HOST_KEY_ECDSA ]; then - echo " generating ssh ECDSA key..." - generate_key $HOST_KEY_ECDSA ecdsa -fi -if [ ! -f $HOST_KEY_DSA ]; then - echo " generating ssh DSA key..." - generate_key $HOST_KEY_DSA dsa -fi -if [ ! -f $HOST_KEY_ED25519 ]; then - echo " generating ssh ED25519 key..." - generate_key $HOST_KEY_ED25519 ed25519 -fi +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_config b/poky/meta/recipes-connectivity/openssh/openssh/sshd_config index 31fe5d924..15f061b57 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -15,43 +15,30 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +#PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -59,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -72,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options @@ -111,7 +97,7 @@ ChallengeResponseAuthentication no Compression no ClientAliveInterval 15 ClientAliveCountMax 4 -#UseDNS yes +#UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb index e11e8d774..f54dfb5de 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb @@ -8,11 +8,10 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" -# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 -DEPENDS = "zlib openssl10" +DEPENDS = "zlib openssl" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ +SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \ file://sshd_config \ file://ssh_config \ file://init \ @@ -25,13 +24,13 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ - file://disable-ciphers-not-supported-by-OpenSSL-DES.patch \ " PAM_SRC_URI = "file://sshd" -SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63" -SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723" +SRCREV = "cce8cbe0ed7d1ba3a575310e0b63c193326ae616" + +S = "${WORKDIR}/git" inherit useradd update-rc.d update-alternatives systemd @@ -46,18 +45,15 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -# LFS support: -CFLAGS += "-D__FILE_OFFSET_BITS=64" - EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ --without-zlib-version-check \ - --with-privsep-path=/var/run/sshd \ + --with-privsep-path=${localstatedir}/run/sshd \ --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=/usr/bin/xauth \ + --with-xauth=${bindir}/xauth \ --disable-strip \ " @@ -84,7 +80,8 @@ do_configure_prepend () { do_compile_ptest() { # skip regress/unittests/ binaries: this will silently skip # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat + oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ + regress/check-perm regress/mkdtemp } do_install_append () { @@ -110,7 +107,6 @@ do_install_append () { install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly @@ -157,7 +153,6 @@ RPROVIDES_${PN}-sshd = "sshd" RCONFLICTS_${PN} = "dropbear" RCONFLICTS_${PN}-sshd = "dropbear" -RCONFLICTS_${PN}-keygen = "ssh-keygen" CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" @@ -165,3 +160,5 @@ CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" ALTERNATIVE_PRIORITY = "90" ALTERNATIVE_${PN}-scp = "scp" ALTERNATIVE_${PN}-ssh = "ssh" + +BBCLASSEXTEND += "nativesdk" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh b/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index b9cc24a7a..b9cc24a7a 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh +++ b/poky/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch deleted file mode 100644 index 6ce4e47d7..000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 28 Mar 2017 16:40:12 +0300 -Subject: [PATCH] Take linking flags from LDFLAGS env var - -This fixes "No GNU_HASH in the elf binary" issues. - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - Configurations/unix-Makefile.tmpl | 2 +- - Configure | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index c029817..43b769b 100644 ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl -@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -} - CC= $(CROSS_COMPILE){- $target{cc} -} - CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} - CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} --LDFLAGS= {- $target{lflags} -} -+LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} - PLIB_LDFLAGS= {- $target{plib_lflags} -} - EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} - LIB_CFLAGS={- $target{shared_cflag} || "" -} -diff --git a/Configure b/Configure -index aee7cc3..274d236 100755 ---- a/Configure -+++ b/Configure -@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file}; - $config{defines} = []; - $config{cflags} = ""; - $config{ex_libs} = ""; --$config{shared_ldflag} = ""; -+$config{shared_ldflag} = $ENV{'LDFLAGS'}; - - # Make sure build_scheme is consistent. - $target{build_scheme} = [ $target{build_scheme} ] --- -2.11.0 - diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch new file mode 100644 index 000000000..80b62ab18 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -0,0 +1,70 @@ +From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> +Date: Tue, 6 Nov 2018 14:50:47 +0100 +Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler + info +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The openssl build system generates buildinf.h containing the full +compiler command line used to compile objects. This breaks +reproducibility, as the compile command is baked into libcrypto, where +it is used when running `openssl version -f`. + +Add stripped build variables for the compiler and cflags lines, and use +those when generating buildinfo.h. + +This is based on a similar patch for older openssl versions: +https://patchwork.openembedded.org/patch/147229/ + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Martin Hundebøll <martin@geanix.com> +--- + Configurations/unix-Makefile.tmpl | 10 +++++++++- + crypto/build.info | 2 +- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 16af4d2087..54c162784c 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} + BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) + +-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h ++# *_Q variables are used for one thing only: to build up buildinf.h + CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; + $cppflags2 =~ s|([\\"])|\\$1|g; + $lib_cppflags =~ s|([\\"])|\\$1|g; + join(' ', $lib_cppflags || (), $cppflags2 || (), + $cppflags1 || ()) -} + ++CFLAGS_Q={- for (@{$config{CFLAGS}}) { ++ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; ++ } ++ join(' ', @{$config{CFLAGS}}) -} ++ ++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g; ++ join(' ', $config{CC}) -} ++ + PERLASM_SCHEME= {- $target{perlasm_scheme} -} + + # For x86 assembler: Set PROCESSOR to 386 if you want to support +diff --git a/crypto/build.info b/crypto/build.info +index b515b7318e..8c9cee2a09 100644 +--- a/crypto/build.info ++++ b/crypto/build.info +@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ + ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl + + DEPEND[cversion.o]=buildinf.h +-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" ++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" + DEPEND[buildinf.h]=../configdata.pm + + GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) +-- +2.19.1 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch new file mode 100644 index 000000000..d8d9651b6 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch @@ -0,0 +1,46 @@ +From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Tue, 2 Oct 2018 23:58:24 +0800 +Subject: [PATCH] skip test_symbol_presence + +We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' +as INSTALL told us the shared libraries will not be built. + +[INSTALL snip] + Notes on shared libraries + ------------------------- + + For most systems the OpenSSL Configure script knows what is needed to + build shared libraries for libcrypto and libssl. On these systems + the shared libraries will be created by default. This can be suppressed and + only static libraries created by using the "no-shared" option. On systems + where OpenSSL does not know how to build shared libraries the "no-shared" + option will be forced and only static libraries will be created. +[INSTALL snip] + +Hence directly modification the case to skip it. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + test/recipes/01-test_symbol_presence.t | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t +index 7f2a2d7..0b93745 100644 +--- a/test/recipes/01-test_symbol_presence.t ++++ b/test/recipes/01-test_symbol_presence.t +@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; + + setup("test_symbol_presence"); + +-plan skip_all => "Only useful when building shared libraries" +- if disabled("shared"); ++plan skip_all => "The case needs debug symbols then we just disable it"; + + my @libnames = ("crypto", "ssl"); + my $testcount = scalar @libnames; +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0002-fix-CVE-2018-0734.patch b/poky/meta/recipes-connectivity/openssl/openssl/0002-fix-CVE-2018-0734.patch new file mode 100644 index 000000000..2a3e03fe2 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0002-fix-CVE-2018-0734.patch @@ -0,0 +1,108 @@ +Backport patch to fix CVE-2018-0734. Remove a section which only remove a +space. It can't be applied because the context is different. + +CVE: CVE-2018-0734 +Upstream-Status: Backport + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 8abfe72e8c1de1b95f50aa0d9134803b4d00070f Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Wed, 24 Oct 2018 07:42:46 +1000 +Subject: [PATCH] Timing vulnerability in DSA signature generation + (CVE-2018-0734). + +Avoid a timing attack that leaks information via a side channel that +triggers when a BN is resized. Increasing the size of the BNs +prior to doing anything with them suppresses the attack. + +Thanks due to Samuel Weiser for finding and locating this. + +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +(Merged from https://github.com/openssl/openssl/pull/7486) + +(cherry picked from commit a9cfb8c2aa7254a4aa6a1716909e3f8cb78049b6) +--- + crypto/dsa/dsa_ossl.c | 28 +++++++++++++++------------- + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c +index ca20811200..2dd2d7489a 100644 +--- a/crypto/dsa/dsa_ossl.c ++++ b/crypto/dsa/dsa_ossl.c +@@ -9,6 +9,7 @@ + + #include <stdio.h> + #include "internal/cryptlib.h" ++#include "internal/bn_int.h" + #include <openssl/bn.h> + #include <openssl/sha.h> + #include "dsa_locl.h" +@@ -180,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + { + BN_CTX *ctx = NULL; + BIGNUM *k, *kinv = NULL, *r = *rp; +- BIGNUM *l, *m; ++ BIGNUM *l; + int ret = 0; +- int q_bits; ++ int q_bits, q_words; + + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); +@@ -191,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + + k = BN_new(); + l = BN_new(); +- m = BN_new(); +- if (k == NULL || l == NULL || m == NULL) ++ if (k == NULL || l == NULL) + goto err; + + if (ctx_in == NULL) { +@@ -203,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); +- if (!BN_set_bit(k, q_bits) +- || !BN_set_bit(l, q_bits) +- || !BN_set_bit(m, q_bits)) ++ q_words = bn_get_top(dsa->q); ++ if (!bn_wexpand(k, q_words + 2) ++ || !bn_wexpand(l, q_words + 2)) + goto err; + + /* Get random k */ +@@ -240,14 +240,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * +- * TODO: revisit the BN_copy aiming for a memory access agnostic +- * conditional copy. ++ * There are some concerns about the efficacy of doing this. More ++ * specificly refer to the discussion starting with: ++ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 ++ * The fix is to rework BN so these gymnastics aren't required. + */ + if (!BN_add(l, k, dsa->q) +- || !BN_add(m, l, dsa->q) +- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m)) ++ || !BN_add(k, l, dsa->q)) + goto err; + ++ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); ++ + if ((dsa)->meth->bn_mod_exp != NULL) { + if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, + dsa->method_mont_p)) +@@ -275,7 +278,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, + BN_CTX_free(ctx); + BN_clear_free(k); + BN_clear_free(l); +- BN_clear_free(m); + return ret; + } + +-- +2.17.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0003-fix-CVE-2018-0735.patch b/poky/meta/recipes-connectivity/openssl/openssl/0003-fix-CVE-2018-0735.patch new file mode 100644 index 000000000..736323f0c --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0003-fix-CVE-2018-0735.patch @@ -0,0 +1,50 @@ +CVE: CVE-2018-0735 + +Upstream-Status: Backport + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Fri, 26 Oct 2018 10:54:58 +1000 +Subject: [PATCH] Timing vulnerability in ECDSA signature generation + (CVE-2018-0735) + +Preallocate an extra limb for some of the big numbers to avoid a reallocation +that can potentially provide a side channel. + +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +(Merged from https://github.com/openssl/openssl/pull/7486) + +(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52) +--- + crypto/ec/ec_mult.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c +index 7e1b3650e7..0e0a5e1394 100644 +--- a/crypto/ec/ec_mult.c ++++ b/crypto/ec/ec_mult.c +@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = bn_get_top(cardinality); +- if ((bn_wexpand(k, group_top + 1) == NULL) +- || (bn_wexpand(lambda, group_top + 1) == NULL)) { ++ if ((bn_wexpand(k, group_top + 2) == NULL) ++ || (bn_wexpand(lambda, group_top + 2) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); + goto err; + } +@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); +- BN_consttime_swap(kbit, k, lambda, group_top + 1); ++ BN_consttime_swap(kbit, k, lambda, group_top + 2); + + group_top = bn_get_top(group->field); + if ((bn_wexpand(s->X, group_top) == NULL) +-- +2.17.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest index 65c6cc7b8..0a620dea7 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -1,4 +1,12 @@ #!/bin/sh -cd test -OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl -cd .. + +set -e + +# Optional arguments are 'list' to lists all tests, or the test name (base name +# ie test_evp, not 03_test_evp.t). + +export TOP=. +# OPENSSL_ENGINES is relative from the test binaries +export OPENSSL_ENGINES=../engines + +perl ./test/run_tests.pl $* diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch index 2270962a6..2270962a6 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch index 3f7d64995..3f7d64995 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch new file mode 100644 index 000000000..b9865a69b --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch @@ -0,0 +1,33 @@ +CVE: CVE-2018-0734 + +Upstream-Status: Backport + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 43e6a58d4991a451daf4891ff05a48735df871ac Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Mon, 29 Oct 2018 08:24:22 +1000 +Subject: [PATCH] Merge DSA reallocation timing fix CVE-2018-0734. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/7513) +--- + crypto/dsa/dsa_ossl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c +index 2dcfedeeee..100e269268 100644 +--- a/crypto/dsa/dsa_ossl.c ++++ b/crypto/dsa/dsa_ossl.c +@@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + goto err; + + /* Preallocate space */ +- q_bits = BN_num_bits(dsa->q); ++ q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; + if (!BN_set_bit(&k, q_bits) + || !BN_set_bit(&l, q_bits) + || !BN_set_bit(&m, q_bits)) +-- +2.17.0 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch index dd1a9b1dd..dd1a9b1dd 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch b/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch index 1b8402af9..1b8402af9 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch b/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch index 58c9ee784..58c9ee784 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch b/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch index f357b3f59..f357b3f59 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch index 1e0158972..1e0158972 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch index 3820e3e30..3820e3e30 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch index 35d92bedb..24709f4f0 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch @@ -42,8 +42,8 @@ Index: openssl-1.0.2n/Configure +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch index 4085e3b1d..4085e3b1d 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch index 21c1d1a4e..21c1d1a4e 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch index 1ccb3b86e..1ccb3b86e 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch index cc4408ab7..cc4408ab7 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch index bfda3888b..bfda3888b 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch index c43bcd1c7..c43bcd1c7 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch index d81e22cd8..d81e22cd8 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch index 09dd9eaf8..09dd9eaf8 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch index e404ee331..e404ee331 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch b/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch index a5746483e..a5746483e 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch b/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch index 292e13dc5..292e13dc5 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh index 6620fdcb5..6620fdcb5 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh +++ b/poky/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch b/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch index de49729e5..de49729e5 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch b/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch index 0f08a642f..0f08a642f 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch b/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch index 41abf3d6b..41abf3d6b 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/parallel.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch b/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch index ef6d17934..ef6d17934 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch b/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch index 4202e61d1..4202e61d1 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch index 2803cb039..2803cb039 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch b/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch index b55673121..b55673121 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest index 3b20fce1e..3b20fce1e 100755 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest +++ b/poky/meta/recipes-connectivity/openssl/openssl10/run-ptest diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch b/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch index a7ca0a307..a7ca0a307 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb index 5d419772f..432594070 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb @@ -11,8 +11,6 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77" DEPENDS = "hostperl-runtime-native" DEPENDS_append_class-target = " openssl-native" -PROVIDES += "openssl10" - SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://openssl-c_rehash.sh \ @@ -42,6 +40,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-Fix-build-with-clang-using-external-assembler.patch \ file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ file://0001-allow-manpages-to-be-disabled.patch \ + file://0001-fix-CVE-2018-0734.patch \ " SRC_URI_append_class-target = " \ @@ -56,9 +55,11 @@ SRC_URI_append_class-nativesdk = " \ SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df" SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00" +S = "${WORKDIR}/openssl-${PV}" + UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar" -inherit pkgconfig siteinfo multilib_header ptest relative_symlinks manpages +inherit pkgconfig siteinfo multilib_header ptest manpages PACKAGECONFIG ?= "cryptodev-linux" PACKAGECONFIG_class-native = "" @@ -164,7 +165,7 @@ do_configure () { linux-mips*) target=debian-mips ;; - linux-microblaze*|linux-nios2*|linux-gnu*ilp32**) + linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*) target=linux-generic32 ;; linux-powerpc) @@ -179,10 +180,7 @@ do_configure () { linux-riscv64) target=linux-generic64 ;; - linux-supersparc) - target=linux-sparcv8 - ;; - linux-sparc) + linux-sparc | linux-supersparc) target=linux-sparcv8 ;; esac @@ -194,7 +192,7 @@ do_configure () { if [ "x$useprefix" = "x" ]; then useprefix=/ fi - libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" + libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )" perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target } @@ -226,10 +224,11 @@ do_install () { install -d ${D}${includedir} cp --dereference -R include/openssl ${D}${includedir} + oe_multilib_header openssl/opensslconf.h + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash - oe_multilib_header openssl/opensslconf.h if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget @@ -237,16 +236,19 @@ do_install () { rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget fi - # Create SSL structure - install -d ${D}${sysconfdir}/ssl/ - mv ${D}${libdir}/ssl/openssl.cnf \ - ${D}${libdir}/ssl/certs \ + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl/certs \ ${D}${libdir}/ssl/private \ - \ + ${D}${libdir}/ssl/openssl.cnf \ ${D}${sysconfdir}/ssl/ - ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs - ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private - ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf # Rename man pages to prefix openssl10-* for f in `find ${D}${mandir} -type f`; do @@ -259,6 +261,19 @@ do_install () { done } +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl/certs \ + SSL_CERT_FILE=${libdir}/ssl/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl/engines +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + do_install_ptest () { cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} @@ -307,38 +322,40 @@ do_install_ptest () { ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure } -do_install_append_class-native() { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl/certs \ - SSL_CERT_FILE=${libdir}/ssl/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl/engines -} - -do_install_append_class-nativesdk() { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration # file to be installed for both the base openssl package and the libcrypto # package since the base openssl package depends on the libcrypto package. -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" +PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc" -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl10 = "${libdir}/libssl${SOLIBS}" +FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" FILES_${PN}-misc = "${libdir}/ssl/misc" FILES_${PN} =+ "${libdir}/ssl/*" FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" +RRECOMMENDS_libcrypto10 += "openssl10-conf" RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" BBCLASSEXTEND = "native nativesdk" +PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess" + +# openssl 1.0 development files and executable binaries clash with openssl 1.1 +# files when installed into target rootfs. So we don't put them into +# packages, but they continue to be provided via target sysroot for +# cross-compilation on the host, if some software still depends on openssl 1.0. +openssl_package_preprocess () { + for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do + rm $file + done + rm ${PKGD}/usr/bin/openssl + rm ${PKGD}/usr/bin/c_rehash + rmdir ${PKGD}/usr/bin + +} diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb deleted file mode 100644 index e7006268f..000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb +++ /dev/null @@ -1,170 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "9495126aafd2659d357ea66a969c3fe1" -SRC_URI[sha256sum] = "ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99" - -inherit lib_package multilib_header ptest - -#| engines/afalg/e_afalg.c: In function 'eventfd': -#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) -#| return syscall(__NR_eventfd, n); -#| ^~~~~~~~~~~~ -EXTRA_OECONF_append_aarch64 = " no-afalgeng" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-sh3) - target=linux-generic32 - ;; - linux-sh4) - target=linux-generic32 - ;; - linux-i486) - target=linux-elf - ;; - linux-i586 | linux-viac3) - target=linux-elf - ;; - linux-i686) - target=linux-elf - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-mipsel) - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64) - target=linux64-mips64 - ;; - linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze*|linux-nios2*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-supersparc) - target=linux-sparcv9 - ;; - linux-sparc) - target=linux-sparcv9 - ;; - darwin-i386) - target=darwin-i386-cc - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" - perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=$libdirleaf $target -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - oe_multilib_header openssl/opensslconf.h -} - -do_install_append_class-native () { - # Install a custom version of c_rehash that can handle sysroots properly. - # This version is used for example when installing ca-certificates during - # image creation. - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -do_install_ptest() { - cp -r * ${D}${PTEST_PATH} - - # Putting .so files in ptest package will mess up the dependencies of the main openssl package - # so we rename them to .so.ptest and patch the test accordingly - mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest - mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest - sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t -} - -PACKAGES =+ "${PN}-engines" - -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" -FILES_${PN}-engines = "${libdir}/engines-1.1" - -RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1.bb new file mode 100644 index 000000000..1234b64b8 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1.bb @@ -0,0 +1,205 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://0001-skip-test_symbol_presence.patch \ + file://0002-fix-CVE-2018-0734.patch \ + file://0003-fix-CVE-2018-0735.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[md5sum] = "7079eb017429e0ffb9efb42bf80ccb21" +SRC_URI[sha256sum] = "2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d" + +inherit lib_package multilib_header ptest + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" + +# This prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl-1.1/engines + + # Install a custom version of c_rehash that can handle sysroots properly. + # This version is used for example when installing ca-certificates during + # image creation. + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-bin = "perl" +RDEPENDS_${PN}-misc = "perl" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python" + +RPROVIDES_openssl-conf = "openssl10-conf" +RREPLACES_openssl-conf = "openssl10-conf" +RCONFLICTS_openssl-conf = "openssl10-conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/poky/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch new file mode 100644 index 000000000..e53f24054 --- /dev/null +++ b/poky/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch @@ -0,0 +1,84 @@ +Used openssl for the DES instead of the libcrypt / glibc + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Index: ppp-2.4.7/pppd/Makefile.linux +=================================================================== +--- ppp-2.4.7.orig/pppd/Makefile.linux ++++ ppp-2.4.7/pppd/Makefile.linux +@@ -38,7 +38,7 @@ LIBS = + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. + CHAPMS=y +-USE_CRYPT=y ++#USE_CRYPT=y + # Don't use MSLANMAN unless you really know what you're doing. + #MSLANMAN=y + # Uncomment the next line to include support for MPPE. CHAPMS (above) must +@@ -132,7 +132,7 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-LIBS += -ldes $(LIBS) ++LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 + endif +Index: ppp-2.4.7/pppd/pppcrypt.c +=================================================================== +--- ppp-2.4.7.orig/pppd/pppcrypt.c ++++ ppp-2.4.7/pppd/pppcrypt.c +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w + des_key[7] = Get7Bits(key, 49); + + #ifndef USE_CRYPT +- des_set_odd_parity((des_cblock *)des_key); ++ DES_set_odd_parity((DES_cblock *)des_key); + #endif + } + +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ + } + + #else /* USE_CRYPT */ +-static des_key_schedule key_schedule; ++static DES_key_schedule key_schedule; + + bool + DesSetkey(key) + u_char *key; + { +- des_cblock des_key; ++ DES_cblock des_key; + MakeKey(key, des_key); +- des_set_key(&des_key, key_schedule); ++ DES_set_key(&des_key, &key_schedule); + return (1); + } + + bool +-DesEncrypt(clear, key, cipher) ++DesEncrypt(clear, cipher) + u_char *clear; /* IN 8 octets */ + u_char *cipher; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, +- key_schedule, 1); ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, ++ &key_schedule, 1); + return (1); + } + +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) + u_char *cipher; /* IN 8 octets */ + u_char *clear; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, +- key_schedule, 0); ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, ++ &key_schedule, 0); + return (1); + } + diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index a5f764f6e..644cde456 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems." SECTION = "console/network" HOMEPAGE = "http://samba.org/ppp/" BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" -DEPENDS = "libpcap" +DEPENDS = "libpcap openssl virtual/crypt" LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ @@ -32,6 +32,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://fix-CVE-2015-3310.patch \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ + file://ppp-2.4.7-DES-openssl.patch \ " SRC_URI_append_libc-musl = "\ @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" # Package Makefile computes CFLAGS, referencing COPTS. # Typically hard-coded to '-O2 -g' in the Makefile's. # -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' do_configure () { oe_runconf @@ -80,6 +81,10 @@ do_install_append () { chmod u+s ${D}${sbindir}/pppd } +do_install_append_libc-musl () { + install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h +} + CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb index 6373dd40a..927df7463 100644 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb +++ b/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb @@ -7,11 +7,10 @@ SECTION = "console/network" DEPENDS = "openssl readline" -LICENSE = "GPL-2.0-with-OpenSSL-exception" +LICENSE = "GPL-2.0+-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" - SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ file://Makefile.in-fix-for-parallel-build.patch \ file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \ @@ -26,9 +25,23 @@ inherit autotools EXTRA_AUTORECONF += "--exclude=autoheader" EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ - ac_cv_header_bsd_libutil_h=no \ + ac_cv_header_bsd_libutil_h=no \ + sc_cv_termios_ispeed=no \ + ${TERMBITS_SHIFTS} \ " +TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ + sc_cv_sys_tabdly_shift=11 \ + sc_cv_sys_csize_shift=4" + +TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + +TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + PACKAGECONFIG_class-target ??= "tcp-wrappers" PACKAGECONFIG ??= "" PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch deleted file mode 100644 index f34e243de..000000000 --- a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch +++ /dev/null @@ -1,21 +0,0 @@ -wireless_tools: Avoid stripping iwmulticall - -Upstream-Status: Inappropriate [other] - The removed code was from upstream. - -Signed-off-by: Mark Hatle <mark.hatle@windriver.com> - -diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile ---- wireless_tools.29.orig/Makefile 2011-06-18 11:35:12.183907453 -0500 -+++ wireless_tools.29/Makefile 2011-06-18 11:38:09.995907985 -0500 -@@ -135,9 +135,8 @@ - - macaddr: macaddr.o $(IWLIB) - --# Always do symbol stripping here - iwmulticall: iwmulticall.o -- $(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS) -+ $(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS) - - # It's a kind of magic... - wireless.h: diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch deleted file mode 100644 index 6c0d8cbd2..000000000 --- a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch +++ /dev/null @@ -1,22 +0,0 @@ -wireless-tools: Remove QA warning: No GNU_HASH in the elf binary - -Upstream-Status: Inappropriate [other] - Useful within bitbake environment only. - -Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- wireless_tools.29.orig/Makefile -+++ wireless_tools.29/Makefile -@@ -144,7 +144,7 @@ wireless.h: - - # Compilation of the dynamic library - $(DYNAMIC): $(OBJS:.o=.so) -- $(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^ -+ $(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^ - - # Compilation of the static library - $(STATIC): $(OBJS:.o=.so) diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch deleted file mode 100644 index 6a757dae7..000000000 --- a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -Index: wireless_tools.30/Makefile -=================================================================== ---- wireless_tools.30.orig/Makefile 2014-02-01 00:21:04.148463382 -0800 -+++ wireless_tools.30/Makefile 2014-02-01 00:23:35.448072279 -0800 -@@ -76,7 +76,7 @@ - INSTALL_DIR= $(PREFIX)/sbin - INSTALL_LIB= $(PREFIX)/lib - INSTALL_INC= $(PREFIX)/include --INSTALL_MAN= $(PREFIX)/man -+INSTALL_MAN= $(PREFIX)/share/man - - # Various commands - RM = rm -f diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch deleted file mode 100644 index 3a22c3f1e..000000000 --- a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch +++ /dev/null @@ -1,19 +0,0 @@ -When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache -(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call -touch */libstdc++.so && /sbin/ldconfig to fix it. - -So remove ldconfig call from make install-libs - -Upstream-Status: Inappropriate [disable feature] - -diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile ---- wireless_tools.29.orig/Makefile 2007-09-18 01:56:46.000000000 +0200 -+++ wireless_tools.29/Makefile 2012-02-15 20:46:41.780763514 +0100 -@@ -163,7 +163,6 @@ - install -m 755 $(DYNAMIC) $(INSTALL_LIB) - ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK) - @echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***" -- @$(LDCONFIG) || echo "*** Could not run ldconfig ! ***" - - # Install the static library - install-static:: $(STATIC) diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb deleted file mode 100644 index 0a342071e..000000000 --- a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb +++ /dev/null @@ -1,50 +0,0 @@ -SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem" -HOMEPAGE = "https://hewlettpackard.github.io/wireless-tools/Tools.html" -LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \ - file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \ - file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6" -SECTION = "base" -PE = "1" - -SRC_URI = "https://hewlettpackard.github.io/wireless-tools/wireless_tools.${PV}.tar.gz \ - file://remove.ldconfig.call.patch \ - file://man.patch \ - file://avoid_strip.patch \ - file://ldflags.patch \ - " -SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d" -SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63" - -UPSTREAM_CHECK_URI = "https://hewlettpackard.github.io/wireless-tools/Tools.html" -UPSTREAM_CHECK_REGEX = "wireless_tools\.(?P<pver>(\d+)(\..*|))\.tar\.gz" - -S = "${WORKDIR}/wireless_tools.30" - -CFLAGS =+ "-I${S}" -EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \ - 'INSTALL_DIR=${D}${base_sbindir}' \ - 'INSTALL_LIB=${D}${libdir}' \ - 'INSTALL_INC=${D}${includedir}' \ - 'INSTALL_MAN=${D}${mandir}'" - -do_compile() { - oe_runmake all libiw.a -} - -do_install() { - oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr - install -d ${D}${sbindir} - install -m 0755 ifrename ${D}${sbindir}/ifrename -} - -PACKAGES = "libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc ${PN}-dbg" - -FILES_libiw = "${libdir}/*.so.*" -FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}" -FILES_libiw-doc = "${mandir}/man7" -FILES_ifrename = "${sbindir}/ifrename" -FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5" -FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network" -FILES_${PN}-doc = "${mandir}" |