diff options
Diffstat (limited to 'import-layers/meta-openembedded/meta-networking/recipes-daemons')
30 files changed, 448 insertions, 413 deletions
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0001-argz.h-fix-musl-compile-add-missing-defines.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0001-argz.h-fix-musl-compile-add-missing-defines.patch new file mode 100644 index 000000000..cfa8a7325 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0001-argz.h-fix-musl-compile-add-missing-defines.patch @@ -0,0 +1,45 @@ +From 543e67919f5cacf309ac88ab091331e41af4224b Mon Sep 17 00:00:00 2001 +From: Peter Seiderer <ps.report@gmx.net> +Date: Thu, 16 Apr 2015 22:41:57 +0200 +Subject: [PATCH] argz.h: fix musl compile (add missing defines) + +Upstream-Status: Pending + +Add __THROW, __BEGIN_DECLS, __END_DECLS and __attribute_pure__ defines. + +Signed-off-by: Peter Seiderer <ps.report@gmx.net> +Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> +--- + argz.h | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/argz.h b/argz.h +index 582be55..bdf9f62 100644 +--- a/argz.h ++++ b/argz.h +@@ -48,6 +48,22 @@ + # define __const const + #endif + ++#ifndef __THROW ++# define __THROW ++#endif ++ ++#ifndef __BEGIN_DECLS ++# define __BEGIN_DECLS ++#endif ++ ++#ifndef __END_DECLS ++# define __END_DECLS ++#endif ++ ++#ifndef __attribute_pure__ ++# define __attribute_pure__ ++#endif ++ + #ifndef __error_t_defined + typedef int error_t; + #endif +-- +2.1.4 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0002-tftp.h-tftpd.h-fix-musl-compile-missing-include.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0002-tftp.h-tftpd.h-fix-musl-compile-missing-include.patch new file mode 100644 index 000000000..093054ce8 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp/0002-tftp.h-tftpd.h-fix-musl-compile-missing-include.patch @@ -0,0 +1,43 @@ +From 77e399899d9d7297d23c321811b628febdf0fd92 Mon Sep 17 00:00:00 2001 +From: Peter Seiderer <ps.report@gmx.net> +Date: Thu, 16 Apr 2015 22:43:49 +0200 +Subject: [PATCH] tftp.h/tftpd.h: fix musl compile (missing include) + +Upstream-Status: Pending + +Add sys/types.h include for u_char typedef. + +Signed-off-by: Peter Seiderer <ps.report@gmx.net> +Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> +--- + tftp.h | 1 + + tftpd.h | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/tftp.h b/tftp.h +index 12bd6aa..32a3f63 100644 +--- a/tftp.h ++++ b/tftp.h +@@ -19,6 +19,7 @@ + + #include <sys/time.h> + #include <sys/times.h> ++#include <sys/types.h> + #include "tftp_def.h" + #include "config.h" + +diff --git a/tftpd.h b/tftpd.h +index 945065e..60d3a49 100644 +--- a/tftpd.h ++++ b/tftpd.h +@@ -20,6 +20,7 @@ + #include <pthread.h> + #include <arpa/tftp.h> + #include <arpa/inet.h> ++#include <sys/types.h> + #include "tftp_io.h" + + /* +-- +2.1.4 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp_git.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp_git.bb index 0ece58f7d..a9949d59a 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp_git.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/atftp/atftp_git.bb @@ -12,12 +12,16 @@ SRC_URI = "git://git.code.sf.net/p/atftp/code \ file://atftpd-0.7_circumvent_tftp_size_restrictions.patch \ file://atftpd-0.7_unprotected_assignments_crash.patch \ file://atftpd.init \ - file://atftpd.service \ + file://atftpd.service \ file://atftp-0.7-sorcerers_apprentice.patch \ " +SRC_URI_append_libc-musl = " file://0001-argz.h-fix-musl-compile-add-missing-defines.patch \ + file://0002-tftp.h-tftpd.h-fix-musl-compile-missing-include.patch \ + " + S = "${WORKDIR}/git" -inherit autotools update-rc.d useradd systemd +inherit autotools update-rc.d systemd PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[pcre] = "--enable-libpcre,--disable-libpcre,libpcre" @@ -28,9 +32,6 @@ INITSCRIPT_PACKAGES = "${PN}d" INITSCRIPT_NAME_${PN}d = "atftpd" INITSCRIPT_PARAMS_${PN}d = "defaults 80" -USERADD_PACKAGES = "${PN}d" -USERADD_PARAM_${PN}d = "--system --no-create-home --shell /bin/false \ - --user-group nobody" EXTRA_OEMAKE = "CFLAGS='${CFLAGS} -std=gnu89'" @@ -41,7 +42,7 @@ do_install_append() { install -d ${D}/srv/tftp rm ${D}${sbindir}/in.tftpd - + install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/atftpd.service ${D}${systemd_unitdir}/system } diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/autofs/autofs_5.1.1.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/autofs/autofs_5.1.1.bb index 0f4c2478e..4a888c84f 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/autofs/autofs_5.1.1.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/autofs/autofs_5.1.1.bb @@ -36,7 +36,7 @@ CFLAGS += "${LDFLAGS}" PACKAGECONFIG[systemd] = "--with-systemd=${systemd_unitdir}/system,--without-systemd,systemd" -PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" +PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" EXTRA_OEMAKE = "DONTSTRIP=1" EXTRA_OECONF += "--disable-mount-locking \ @@ -57,10 +57,10 @@ do_configure_prepend () { do_install_append () { if [ -d ${D}/run ]; then - rmdir ${D}/run + rmdir ${D}/run fi if [ -d ${D}${localstatedir}/run ]; then - rmdir ${D}${localstatedir}/run + rmdir ${D}${localstatedir}/run fi } diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.26.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.26.bb index 5da3d965b..69df274fe 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.26.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.26.bb @@ -5,14 +5,14 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=3f55e0974e3d6db00ca6f57f2d206396" SRC_URI = "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-${PV}.tar.gz \ - file://avoid-to-call-AC_TRY_RUN.patch \ - file://Fix-hardcoded-libdir.patch \ - file://debian_patches_0009_sasldb_al.diff \ - file://debian_patches_0014_avoid_pic_overwrite.diff \ - file://sasl.h-include-stddef.h-for-size_t-on-NetBSD.patch \ - file://saslauthd.service \ - file://saslauthd.conf \ - " + file://avoid-to-call-AC_TRY_RUN.patch \ + file://Fix-hardcoded-libdir.patch \ + file://debian_patches_0009_sasldb_al.diff \ + file://debian_patches_0014_avoid_pic_overwrite.diff \ + file://sasl.h-include-stddef.h-for-size_t-on-NetBSD.patch \ + file://saslauthd.service \ + file://saslauthd.conf \ +" inherit autotools-brokensep pkgconfig useradd systemd @@ -24,8 +24,9 @@ EXTRA_OECONF += "--with-dblib=berkeley \ andrew_cv_runpath_switch=none" PACKAGECONFIG ??= "ntlm \ - ${@base_contains('DISTRO_FEATURES', 'ldap', 'ldap', '', d)} \ - ${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', 'ldap', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ " PACKAGECONFIG[gssapi] = "--enable-gssapi=yes,--enable-gssapi=no,krb5," PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam," @@ -33,6 +34,7 @@ PACKAGECONFIG[opie] = "--with-opie,--without-opie,opie," PACKAGECONFIG[des] = "--with-des,--without-des,," PACKAGECONFIG[ldap] = "--with-ldap=${STAGING_LIBDIR} --enable-ldapdb,--without-ldap --disable-ldapdb,openldap," PACKAGECONFIG[ntlm] = "--with-ntlm,--without-ntlm,," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," CFLAGS += "-fPIC" @@ -54,7 +56,7 @@ do_compile_prepend () { } do_install_append() { - if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/saslauthd.service ${D}${systemd_unitdir}/system diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/dnrd/dnrd_2.20.3.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/dnrd/dnrd_2.20.3.bb index 8769e5294..b5851a959 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/dnrd/dnrd_2.20.3.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/dnrd/dnrd_2.20.3.bb @@ -22,7 +22,7 @@ SYSTEMD_SERVICE_${PN} = "dnrd.service" SYSTEMD_AUTO_ENABLE = "disable" inherit autotools -inherit ${@base_contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} +inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} do_install() { oe_runmake install DESTDIR=${D} INSTALL="install -p" @@ -34,7 +34,7 @@ do_install() { install -p -m 0644 ${WORKDIR}/dnrd.conf.sample ${D}${sysconfdir}/dnrd/dnrd.conf install -p -m 0755 ${WORKDIR}/dnrd.init ${D}${sysconfdir}/init.d/dnrd - if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then install -d -m 0755 ${D}${systemd_unitdir}/system install -m 644 ${WORKDIR}/dnrd.service ${D}${systemd_unitdir}/system fi diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/iscsi-initiator.service b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/iscsi-initiator.service index b1397513b..3790daebd 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/iscsi-initiator.service +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/iscsi-initiator.service @@ -5,6 +5,7 @@ After=syslog.target [Service] EnvironmentFile=/etc/default/iscsi-initiator ExecStartPre=/sbin/modprobe iscsi_tcp +ExecStartPre=/usr/lib/iscsi/set_initiatorname ExecStart=/usr/sbin/iscsid -f $OPTS_ISCSID [Install] diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/set_initiatorname b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/set_initiatorname new file mode 100644 index 000000000..a196c6b79 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/files/set_initiatorname @@ -0,0 +1,12 @@ +#!/bin/sh +if [ ! -f /etc/iscsi/initiatorname.iscsi ]; then + INITIATORNAME=$(iscsi-iname) + cat >/etc/iscsi/initiatorname.iscsi <<EOF +## DO NOT EDIT OR REMOVE THIS FILE! +## If you remove this file, the iSCSI daemon will not start. +## If you change the InitiatorName, existing access control lists +## may reject this initiator. The InitiatorName must be unique +## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames. +InitiatorName=$INITIATORNAME +EOF +fi diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0-873.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0-873.bb index 03f64594c..4b13155cd 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0-873.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_2.0-873.bb @@ -21,6 +21,7 @@ SRC_URI = "http://www.open-iscsi.org/bits/open-iscsi-${PV}.tar.gz \ file://iscsi-initiator \ file://iscsi-initiator.service \ file://iscsi-initiator-targets.service \ + file://set_initiatorname \ " SRC_URI[md5sum] = "8b8316d7c9469149a6cc6234478347f7" SRC_URI[sha256sum] = "7dd9f2f97da417560349a8da44ea4fcfe98bfd5ef284240a2cc4ff8e88ac7cd9" @@ -82,6 +83,8 @@ do_install () { install -m 0644 ${WORKDIR}/iscsi-initiator.service \ ${WORKDIR}/iscsi-initiator-targets.service \ ${D}${systemd_unitdir}/system/ + install -d ${D}${nonarch_libdir}/iscsi + install -m 0755 ${WORKDIR}/set_initiatorname ${D}${nonarch_libdir}/iscsi else install -d ${D}/etc/default/volatiles install -m 0644 ${WORKDIR}/99_iscsi-initiator-utils ${D}/etc/default/volatiles @@ -89,25 +92,17 @@ do_install () { } pkg_postinst_${PN}() { - #default there is no initiatorname.iscsi installed - #but it is needed or iscsid will fail - - #will run only when postinst on target - if [ "x$D" != "x" ]; then - exit 1 - fi - if [ ! -f ${sysconfdir}/iscsi/initiatorname.iscsi ]; then - echo "InitiatorName=$(${sbindir}/iscsi-iname)" > \ - ${sysconfdir}/iscsi/initiatorname.iscsi - fi - - if [ -e /etc/init.d/populate-volatile.sh ]; then - /etc/init.d/populate-volatile.sh update - elif command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/iscsi.conf + if [ "x$D" = "x" ]; then + if [ -e /etc/init.d/populate-volatile.sh ]; then + /etc/init.d/populate-volatile.sh update + elif command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/iscsi.conf + fi fi } SYSTEMD_SERVICE = " iscsi-initiator.service iscsi-initiator-targets.service " INITSCRIPT_NAME = "iscsid" INITSCRIPT_PARAMS = "start 30 1 2 3 4 5 . stop 70 0 1 2 3 4 5 6 ." + +FILES_${PN} += "${nonarch_libdir}/iscsi" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/opensaf/opensaf_4.7.0.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/opensaf/opensaf_5.0.0.bb index 42e883a31..da9c10520 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/opensaf/opensaf_4.7.0.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/opensaf/opensaf_5.0.0.bb @@ -10,22 +10,21 @@ an informal group of supporters of the OpenSAF initiative. The OpenSAF \ Foundation was founded on January 22nd 2008 with Emerson Network Power, \ Ericsson, Nokia Siemens Networks, HP and Sun Microsystems as founding members." HOMEPAGE = "http://www.opensaf.org" +SECTION = "admin" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=a916467b91076e631dd8edb7424769c7" -inherit autotools useradd systemd pkgconfig +DEPENDS = "libxml2 python" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/releases/${BPN}-${PV}.tar.gz \ file://install-samples-from-srcdir.patch \ file://0001-plmcd-error-fix.patch \ " -SRC_URI[md5sum] = "82dd2777a672140e22b8205f10aa55d3" -SRC_URI[sha256sum] = "da9e138650b835728ad51d99268d3a31419b254c4cb4e87c6ec90bc45266d7d2" - -SECTION = "admin" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=a916467b91076e631dd8edb7424769c7" +SRC_URI[md5sum] = "94cd1a4c0406e6a45bb04c003f8690e7" +SRC_URI[sha256sum] = "4b4188a0f3d0ed1ed0e3d77de27c45e2c96b437401de08e7df2ed9ecd54bb999" -DEPENDS = "libxml2 python" +inherit autotools useradd systemd pkgconfig USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "-f -r opensaf" @@ -37,22 +36,14 @@ SYSTEMD_AUTO_ENABLE = "disable" PACKAGECONFIG[systemd] = "--enable-systemd-daemon" PACKAGECONFIG[openhpi] = "--with-hpi-interface=B03 --enable-ais-plm,,openhpi" -do_configure_prepend () { - ( cd ${S}; autoreconf -f -i -s ) -} - EXTRA_OECONF += " --libdir=${libdir}/opensaf " EXTRA_OEMAKE += " -Wl,-rpath,${libdir}/opensaf " PKGLIBDIR="${libdir}/opensaf/opensaf" -FILES_${PN} += "${localstatedir}/run" - -FILES_${PN}-staticdev += "${PKGLIBDIR}/*.a" - -RDEPENDS_${PN} += "bash python" - -INSANE_SKIP_${PN} = "dev-so" +do_configure_prepend () { + ( cd ${S}; autoreconf -f -i -s ) +} do_install_append() { rm -fr "${D}${localstatedir}/lock" @@ -62,5 +53,21 @@ do_install_append() { install -m 0644 ${B}/osaf/services/infrastructure/nid/config/opensafd.service \ ${D}${systemd_unitdir}/system install -m 0644 ${B}/contrib/plmc/config/*.service ${D}/${systemd_unitdir}/system +} +FILES_${PN} += "${localstatedir}/run ${systemd_unitdir}/system/*.service" +FILES_${PN}-staticdev += "${PKGLIBDIR}/*.a" + +INSANE_SKIP_${PN} = "dev-so" + +RDEPENDS_${PN} += "bash python" + +do_sysvinit_install() { + if [ ! -d "${D}${sysconfdir}/init.d" ]; then + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${B}/osaf/services/infrastructure/nid/scripts/opensafd ${D}${sysconfdir}/init.d/ + fi } + +addtask sysvinit_install after do_install before do_package + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc b/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc index 17dbf76ce..c00c77fc7 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix.inc @@ -7,8 +7,8 @@ has a definite Sendmail-ish flavor, but the inside is completely different." HOMEPAGE= "http://www.postfix.org" SECTION = "mail" DEPENDS = "virtual/db libpcre openssl postfix-native \ - ${@base_contains('DISTRO_FEATURES', 'ldap', 'openldap', '', d)} \ - ${@base_contains('DISTRO_FEATURES', 'sasl', 'cyrus-sasl', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', 'openldap', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'sasl', 'cyrus-sasl', '', d)} \ " DEPENDS_class-native = "virtual/db-native openssl-native libpcre-native" @@ -52,9 +52,9 @@ export SYSLIBS = "${LDFLAGS}" # ldap support export CCARGS-ldap = "\ - ${@base_contains('DISTRO_FEATURES', 'ldap', '-DHAS_LDAP', '', d)}" + ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', '-DHAS_LDAP', '', d)}" export AUXLIBS-ldap = "\ - ${@base_contains('DISTRO_FEATURES', 'ldap', '-lldap -llber', '', d)}" + ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', '-lldap -llber', '', d)}" # no native openldap export CCARGS-ldap_class-native = "" @@ -63,9 +63,9 @@ export AUXLIBS-ldap_class-native = "" # SASL support -DUSE_LDAP_SASL -DUSE_SASL_AUTH # current openldap didn't enable SASL export CCARGS-sasl = "\ - ${@base_contains('DISTRO_FEATURES', 'sasl', '-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I=/usr/include/sasl', '', d)}" + ${@bb.utils.contains('DISTRO_FEATURES', 'sasl', '-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I=/usr/include/sasl', '', d)}" export AUXLIBS-sasl = "\ - ${@base_contains('DISTRO_FEATURES', 'sasl', '-lsasl2', '', d)}" + ${@bb.utils.contains('DISTRO_FEATURES', 'sasl', '-lsasl2', '', d)}" export CCARGS-sasl_class-native = "" export AUXLIBS-sasl_class-native = "" @@ -224,6 +224,11 @@ ALTERNATIVE_TARGET[sendmail] = "${sbindir}/sendmail.postfix" ALTERNATIVE_LINK_NAME[sendmail] = "${sbindir}/sendmail" ALTERNATIVE_PRIORITY = "120" +ALTERNATIVE_${PN}-doc += "mailq.1 newaliases.1 sendmail.1" +ALTERNATIVE_LINK_NAME[mailq.1] = "${mandir}/man1/mailq.1" +ALTERNATIVE_LINK_NAME[newaliases.1] = "${mandir}/man1/newaliases.1" +ALTERNATIVE_LINK_NAME[sendmail.1] = "${mandir}/man1/sendmail.1" + pkg_postinst_${PN} () { if [ "x$D" = "x" ]; then touch /etc/aliases diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.0.3.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.0.3.bb deleted file mode 100644 index 7104a9d1c..000000000 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.0.3.bb +++ /dev/null @@ -1,4 +0,0 @@ -require postfix.inc - -SRC_URI[md5sum] = "61caffae689c11d09b4c972a394ae3b1" -SRC_URI[sha256sum] = "401e46ec3450569dcce60d1d8ca22a19ab1f7f817b0cc730cdf4875ba608ac02" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.1.1.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.1.1.bb new file mode 100644 index 000000000..dbbe24ca3 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/postfix/postfix_3.1.1.bb @@ -0,0 +1,4 @@ +require postfix.inc + +SRC_URI[md5sum] = "40d72ea143af7ab0038c2cee1f483707" +SRC_URI[sha256sum] = "3deda4c34631970490b1b5fbb559905f93531bf1c7eb00e38b0d0deb1dba9982" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch deleted file mode 100644 index 69c9be031..000000000 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch +++ /dev/null @@ -1,247 +0,0 @@ -From 7a8f683cedf9b0d1024a80362693c9f8b93a0f2b Mon Sep 17 00:00:00 2001 -From: TJ Saunders <tj@castaglia.org> -Date: Thu, 10 Mar 2016 15:07:58 -0800 -Subject: [PATCH] Backport of fix for Bug#4230 to 1.3.5 branch. - -Upstream-Status: Backport -CVE: CVE-2016-3125 - -Author: TJ Saunders <tj@castaglia.org> -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - contrib/mod_tls.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 147 insertions(+), 20 deletions(-) - -diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c -index df92658..5883cc7 100644 ---- a/contrib/mod_tls.c -+++ b/contrib/mod_tls.c -@@ -411,6 +411,13 @@ static int tls_required_on_ctrl = 0; - static int tls_required_on_data = 0; - static unsigned char *tls_authenticated = NULL; - -+/* Define the minimum DH group length we allow (unless the AllowWeakDH -+ * TLSOption is used). Ideally this would be 2048, per https://weakdh.org, -+ * but for compatibility with older Java versions, which only support up to -+ * 1024, we'll use 1024. For now. -+ */ -+#define TLS_DH_MIN_LEN 1024 -+ - /* mod_tls session flags */ - #define TLS_SESS_ON_CTRL 0x0001 - #define TLS_SESS_ON_DATA 0x0002 -@@ -438,6 +445,7 @@ static unsigned char *tls_authenticated = NULL; - #define TLS_OPT_USE_IMPLICIT_SSL 0x0200 - #define TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS 0x0400 - #define TLS_OPT_VERIFY_CERT_CN 0x0800 -+#define TLS_OPT_ALLOW_WEAK_DH 0x1000 - - /* mod_tls SSCN modes */ - #define TLS_SSCN_MODE_SERVER 0 -@@ -2417,24 +2425,139 @@ static int tls_ctrl_renegotiate_cb(CALLBACK_FRAME) { - - static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) { - DH *dh = NULL; -+ EVP_PKEY *pkey; -+ int pkeylen = 0, use_pkeylen = FALSE; -+ -+ /* OpenSSL will only ever call us (currently) with a keylen of 512 or 1024; -+ * see the SSL_EXPORT_PKEYLENGTH macro in ssl_locl.h. Sigh. -+ * -+ * Thus we adjust the DH parameter length according to the size of the -+ * RSA/DSA private key used for the current connection. -+ * -+ * NOTE: This MAY cause interoperability issues with some clients, notably -+ * Java 7 (and earlier) clients, since Java 7 and earlier supports -+ * Diffie-Hellman only up to 1024 bits. More sighs. To deal with these -+ * clients, then, you need to configure a certificate/key of 1024 bits. -+ */ -+ pkey = SSL_get_privatekey(ssl); -+ if (pkey != NULL) { -+ if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA || -+ EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { -+ pkeylen = EVP_PKEY_bits(pkey); -+ -+ if (pkeylen < TLS_DH_MIN_LEN) { -+ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) { -+ pr_trace_msg(trace_channel, 11, -+ "certificate private key length %d less than %d bits, using %d " -+ "(see AllowWeakDH TLSOption)", pkeylen, TLS_DH_MIN_LEN, -+ TLS_DH_MIN_LEN); -+ pkeylen = TLS_DH_MIN_LEN; -+ } -+ } -+ -+ if (pkeylen != keylen) { -+ pr_trace_msg(trace_channel, 13, -+ "adjusted DH parameter length from %d to %d bits", keylen, pkeylen); -+ use_pkeylen = TRUE; -+ } -+ } -+ } - - if (tls_tmp_dhs != NULL && - tls_tmp_dhs->nelts > 0) { - register unsigned int i; -- DH **dhs; -+ DH *best_dh = NULL, **dhs; -+ int best_dhlen = 0; - - dhs = tls_tmp_dhs->elts; -+ -+ /* Search the configured list of DH parameters twice: once for any sizes -+ * matching the actual requested size (usually 1024), and once for any -+ * matching the certificate private key size (pkeylen). -+ * -+ * This behavior allows site admins to configure a TLSDHParamFile that -+ * contains 1024-bit parameters, for e.g. Java 7 (and earlier) clients. -+ */ -+ -+ /* Note: the keylen argument is in BITS, but DH_size() returns the number -+ * of BYTES. -+ */ - for (i = 0; i < tls_tmp_dhs->nelts; i++) { -- /* Note: the keylength argument is in BITS, but DH_size() returns -- * the number of BYTES. -+ int dhlen; -+ -+ dhlen = DH_size(dhs[i]) * 8; -+ if (dhlen == keylen) { -+ pr_trace_msg(trace_channel, 11, -+ "found matching DH parameter for key length %d", keylen); -+ return dhs[i]; -+ } -+ -+ /* Try to find the next "best" DH to use, where "best" means -+ * the smallest DH that is larger than the necessary keylen. - */ -- if (DH_size(dhs[i]) == (keylength / 8)) { -+ if (dhlen > keylen) { -+ if (best_dh != NULL) { -+ if (dhlen < best_dhlen) { -+ best_dh = dhs[i]; -+ best_dhlen = dhlen; -+ } -+ -+ } else { -+ best_dh = dhs[i]; -+ best_dhlen = dhlen; -+ } -+ } -+ } -+ -+ for (i = 0; i < tls_tmp_dhs->nelts; i++) { -+ int dhlen; -+ -+ dhlen = DH_size(dhs[i]) * 8; -+ if (dhlen == pkeylen) { -+ pr_trace_msg(trace_channel, 11, -+ "found matching DH parameter for certificate private key length %d", -+ pkeylen); - return dhs[i]; - } -+ -+ if (dhlen > pkeylen) { -+ if (best_dh != NULL) { -+ if (dhlen < best_dhlen) { -+ best_dh = dhs[i]; -+ best_dhlen = dhlen; -+ } -+ -+ } else { -+ best_dh = dhs[i]; -+ best_dhlen = dhlen; -+ } -+ } -+ } -+ -+ if (best_dh != NULL) { -+ pr_trace_msg(trace_channel, 11, -+ "using best DH parameter for key length %d (length %d)", keylen, -+ best_dhlen); -+ return best_dh; - } - } - -- switch (keylength) { -+ /* Still no DH parameters found? Use the built-in ones. */ -+ -+ if (keylen < TLS_DH_MIN_LEN) { -+ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) { -+ pr_trace_msg(trace_channel, 11, -+ "requested key length %d less than %d bits, using %d " -+ "(see AllowWeakDH TLSOption)", keylen, TLS_DH_MIN_LEN, TLS_DH_MIN_LEN); -+ keylen = TLS_DH_MIN_LEN; -+ } -+ } -+ -+ if (use_pkeylen) { -+ keylen = pkeylen; -+ } -+ -+ switch (keylen) { - case 512: - dh = get_dh512(); - break; -@@ -2443,32 +2566,33 @@ static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) { - dh = get_dh768(); - break; - -- case 1024: -- dh = get_dh1024(); -- break; -+ case 1024: -+ dh = get_dh1024(); -+ break; - -- case 1536: -- dh = get_dh1536(); -- break; -+ case 1536: -+ dh = get_dh1536(); -+ break; - -- case 2048: -- dh = get_dh2048(); -- break; -+ case 2048: -+ dh = get_dh2048(); -+ break; - -- default: -- tls_log("unsupported DH key length %d requested, returning 1024 bits", -- keylength); -- dh = get_dh1024(); -- break; -+ default: -+ tls_log("unsupported DH key length %d requested, returning 1024 bits", -+ keylen); -+ dh = get_dh1024(); -+ break; - } - -+ pr_trace_msg(trace_channel, 11, "using builtin DH for %d bits", keylen); -+ - /* Add this DH to the list, so that it can be freed properly later. */ - if (tls_tmp_dhs == NULL) { - tls_tmp_dhs = make_array(session.pool, 1, sizeof(DH *)); - } - - *((DH **) push_array(tls_tmp_dhs)) = dh; -- - return dh; - } - -@@ -8445,6 +8569,9 @@ MODRET set_tlsoptions(cmd_rec *cmd) { - strcmp(cmd->argv[i], "AllowClientRenegotiations") == 0) { - opts |= TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS; - -+ } else if (strcmp(cmd->argv[i], "AllowWeakDH") == 0) { -+ opts |= TLS_OPT_ALLOW_WEAK_DH; -+ - } else if (strcmp(cmd->argv[i], "EnableDiags") == 0) { - opts |= TLS_OPT_ENABLE_DIAGS; - --- -2.7.4 - diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service index ba97f8e1c..18764385e 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service @@ -1,7 +1,12 @@ [Unit] Description=proftpd Daemon +After=network.target [Service] Type=forking -ExecStart=-@SBINDIR@/proftpd -c @SYSCONFDIR@/proftpd.conf +ExecStart=@SBINDIR@/proftpd -c @SYSCONFDIR@/proftpd.conf StandardError=syslog + +[Install] +WantedBy=default.target + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5a.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5b.bb index 57d4984bd..c27a1cc9b 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5a.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/proftpd_1.3.5b.bb @@ -12,17 +12,17 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \ file://contrib.patch \ file://build_fixup.patch \ file://proftpd.service \ - file://CVE-2016-3125.patch \ " -SRC_URI[md5sum] = "b9d3092411478415b31d435f8e26d173" -SRC_URI[sha256sum] = "a1f48df8539c414ec56e0cea63dcf4b8e16e606c05f10156f030a4a67fae5696" +SRC_URI[md5sum] = "f7b8e3a383b34a894c2502db74ccccde" +SRC_URI[sha256sum] = "afc1789f2478acf88dfdc7d70da90a4fa2786d628218e9574273295d044b4fc8" inherit autotools-brokensep useradd update-rc.d systemd -PACKAGECONFIG ??= "sia shadow" -PACKAGECONFIG += " ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" -PACKAGECONFIG += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" +PACKAGECONFIG ??= "shadow \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ + " PACKAGECONFIG[curses] = "--enable-curses --enable-ncurses, --disable-curses --disable-ncurses, ncurses" PACKAGECONFIG[openssl] = "--enable-openssl, --disable-openssl, openssl, openssl" @@ -90,6 +90,15 @@ do_install () { # create the pub directory mkdir -p ${D}/home/${FTPUSER}/pub/ chown -R ${FTPUSER}:${FTPGROUP} ${D}/home/${FTPUSER}/pub + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + # install proftpd pam configuration + install -d ${D}${sysconfdir}/pam.d + install -m 644 ${S}/contrib/dist/rpm/ftp.pamd ${D}${sysconfdir}/pam.d/proftpd + sed -i '/ftpusers/d' ${D}${sysconfdir}/pam.d/proftpd + # specify the user Authentication config + sed -i '/^MaxInstances/a\AuthPAM on\nAuthPAMConfig proftpd' \ + ${D}${sysconfdir}/proftpd.conf + fi install -d ${D}/${systemd_unitdir}/system install -m 644 ${WORKDIR}/proftpd.service ${D}/${systemd_unitdir}/system @@ -97,6 +106,20 @@ do_install () { -e 's,@SYSCONFDIR@,${sysconfdir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -i ${D}${systemd_unitdir}/system/*.service + + sed -e 's|--sysroot=${STAGING_DIR_HOST}||g' \ + -e 's|${STAGING_DIR_NATIVE}||g' \ + -e 's|-fdebug-prefix-map=[^ ]*||g' \ + -i ${D}/${bindir}/prxs + + # ftpmail perl script, which reads the proftpd log file and sends + # automatic email notifications once an upload finishs, + # depends on an old perl Mail::Sendmail + # The Mail::Sendmail has not been maintained for almost 10 years + # Other distribution not ship with ftpmail, so do the same to + # avoid confusion about having it fails to run + rm -rf ${D}${bindir}/ftpmail + rm -rf ${D}${mandir}/man1/ftpmail.1 } INITSCRIPT_NAME = "proftpd" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc b/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc index 47e4736b7..bff693ca9 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc @@ -62,6 +62,6 @@ USERADD_PARAM_${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup pkg_postinst_${PN} () { if [ -z "$D" -a -x /etc/init.d/populate-volatile.sh ]; then - /etc/init.d/populate-volatile.sh update + /etc/init.d/populate-volatile.sh update fi } diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.11.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.11.bb deleted file mode 100644 index c0b7532ba..000000000 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.11.bb +++ /dev/null @@ -1,5 +0,0 @@ - -require radvd.inc - -SRC_URI[md5sum] = "57fc6021f6a5e5472e455937685472a3" -SRC_URI[sha256sum] = "80ad60b15689e9591a5af393a57a1d93304deeff2e46482f0fd98046c00622f8" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.14.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.14.bb new file mode 100644 index 000000000..2525249cb --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd_2.14.bb @@ -0,0 +1,5 @@ + +require radvd.inc + +SRC_URI[md5sum] = "acd3883dece2c7888d15596b05c9fae4" +SRC_URI[sha256sum] = "46d31c05daea11c3d1e3dc092997d3631b3bc72b20a4f279b05304b83dbd7aa8" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch deleted file mode 100644 index c83e6ab51..000000000 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001 -From: Catalin Enache <catalin.enache@windriver.com> -Date: Wed, 20 Apr 2016 15:17:18 +0300 -Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv - -Upstream-Status: Backport -CVE: CVE-2016-3947 - -Author: Yuriy M. Kaminskiy <yumkam@gmail.com> -Committer: Amos Jeffries <squid3@treenet.co.nz -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - src/icmp/Icmp6.cc | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc -index 794a51a..ee84b80 100644 ---- a/src/icmp/Icmp6.cc -+++ b/src/icmp/Icmp6.cc -@@ -256,7 +256,7 @@ Icmp6::Recv(void) - #define ip6_hops // HOPS!!! (can it be true??) - - ip = (struct ip6_hdr *) pkt; -- pkt += sizeof(ip6_hdr); -+ NP: echo size needs to +sizeof(ip6_hdr); - - debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt << - ", ip6_plen=" << ip->ip6_plen << -@@ -267,7 +267,6 @@ Icmp6::Recv(void) - */ - - icmp6header = (struct icmp6_hdr *) pkt; -- pkt += sizeof(icmp6_hdr); - - if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) { - -@@ -292,7 +291,7 @@ Icmp6::Recv(void) - return; - } - -- echo = (icmpEchoData *) pkt; -+ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr)); - - preply.opcode = echo->opcode; - --- -2.7.4 - diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch new file mode 100644 index 000000000..fdcd174d3 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/set_sysroot_patch.patch @@ -0,0 +1,33 @@ +Set the SYSROOT for libxml2 header file to avoid host contamination. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yue Tao <yue.tao@windriver.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> + +diff --git a/configure.ac.old b/configure.ac +index 54eda73..874f48e 100644 +--- a/configure.ac.old ++++ b/configure.ac +@@ -964,15 +964,15 @@ if test "x$squid_opt_use_esi" = "xyes" -a "x$with_libxml2" != "xno" ; then + dnl Find the main header and include path... + AC_CACHE_CHECK([location of libxml2 include files], [ac_cv_libxml2_include], [ + AC_CHECK_HEADERS([libxml/parser.h], [], [ +- AC_MSG_NOTICE([Testing in /usr/include/libxml2]) ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/include/libxml2]) + SAVED_CPPFLAGS="$CPPFLAGS" +- CPPFLAGS="-I/usr/include/libxml2 $CPPFLAGS" ++ CPPFLAGS="-I$SYSROOT/usr/include/libxml2 $CPPFLAGS" + unset ac_cv_header_libxml_parser_h +- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/include/libxml2"], [ +- AC_MSG_NOTICE([Testing in /usr/local/include/libxml2]) +- CPPFLAGS="-I/usr/local/include/libxml2 $SAVED_CPPFLAGS" ++ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/include/libxml2"], [ ++ AC_MSG_NOTICE([Testing in $SYSROOT/usr/local/include/libxml2]) ++ CPPFLAGS="-I$SYSROOT/usr/local/include/libxml2 $SAVED_CPPFLAGS" + unset ac_cv_header_libxml_parser_h +- AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I/usr/local/include/libxml2"], [ ++ AC_CHECK_HEADERS([libxml/parser.h], [ac_cv_libxml2_include="-I$SYSROOT/usr/local/include/libxml2"], [ + AC_MSG_NOTICE([Failed to find libxml2 header file libxml/parser.h]) + ]) + ]) diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch new file mode 100644 index 000000000..312f44f8e --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-don-t-do-squid-conf-tests-at-build-time.patch @@ -0,0 +1,63 @@ +From 54a9c2ba60adc7ec2724786662fd398e7c03999f Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Thu, 25 Aug 2016 15:22:57 +0800 +Subject: [PATCH] squid: don't do squid-conf-tests at build time + +* squid-conf-tests is a test to run "squid -k parse -f" + to perse the config files, which should not be run + at build time since we are cross compiling, so remove + it but it will be added back for the runtime ptest. + +* Fix the directories of the conf files for squid-conf-tests + so that it can run on the target board. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +--- + test-suite/Makefile.am | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am +index d5468be..77fc480 100644 +--- a/test-suite/Makefile.am ++++ b/test-suite/Makefile.am +@@ -41,8 +41,7 @@ TESTS += debug \ + MemPoolTest\ + mem_node_test\ + mem_hdr_test\ +- $(ESI_TESTS) \ +- squid-conf-tests ++ $(ESI_TESTS) + + ## Sort by alpha - any build failures are significant. + check_PROGRAMS += debug \ +@@ -125,19 +124,19 @@ VirtualDeleteOperator_SOURCES = VirtualDeleteOperator.cc $(DEBUG_SOURCE) + ##$(TARGLIB): $(LIBOBJS) + ## $(AR_R) $(TARGLIB) $(LIBOBJS) + +-squid-conf-tests: $(top_builddir)/src/squid.conf.default $(srcdir)/squidconf/* ++squid-conf-tests: $(sysconfdir)/squid.conf.default squidconf/* + @failed=0; cfglist="$?"; rm -f $@ || $(TRUE); \ + for cfg in $$cfglist ; do \ +- $(top_builddir)/src/squid -k parse -f $$cfg || \ ++ squid -k parse -f $$cfg || \ + { echo "FAIL: squid.conf test: $$cfg" | \ +- sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%$(sysconfdir)/%% | \ ++ sed s%squidconf/%% ; \ + failed=1; break; \ + }; \ + if test "$$failed" -eq 0; then \ + echo "PASS: squid.conf test: $$cfg" | \ +- sed s%$(top_builddir)/src/%% | \ +- sed s%$(srcdir)/squidconf/%% ; \ ++ sed s%$(sysconfdir)/%% | \ ++ sed s%squidconf/%% ; \ + else break; fi; \ + done; \ + if test "$$failed" -eq 0; then cp $(TRUE) $@ ; fi +-- +2.8.3 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch index 9e2ceab88..01ec59622 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/squid-use-serial-tests-config-needed-by-ptest.patch @@ -1,6 +1,6 @@ -From 2192fdbc90b0ff2d5408e8763df200620870deea Mon Sep 17 00:00:00 2001 +From bd58d3672bc267824000f34a37561c7ab2bd571f Mon Sep 17 00:00:00 2001 From: Jackie Huang <jackie.huang@windriver.com> -Date: Mon, 13 Oct 2014 01:32:37 -0700 +Date: Tue, 19 Jul 2016 01:56:23 -0400 Subject: [PATCH] squid: use serial-tests config needed by ptest ptest needs buildtest-TESTS and runtest-TESTS targets. @@ -10,22 +10,22 @@ Upstream-Status: Inappropriate [default automake behavior incompatible with ptes Signed-off-by: Jackie Huang <jackie.huang@windriver.com> --- - configure.ac | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 6f7171f..ab9b93e 100644 +index 05ad027..e324b93 100644 --- a/configure.ac +++ b/configure.ac -@@ -3,7 +3,7 @@ AC_PREREQ(2.61) +@@ -10,7 +10,7 @@ AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) --AM_INIT_AUTOMAKE([tar-ustar nostdinc]) -+AM_INIT_AUTOMAKE([tar-ustar nostdinc serial-tests]) +-AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects]) ++AM_INIT_AUTOMAKE([tar-ustar nostdinc subdir-objects serial-tests]) AC_REVISION($Revision$)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE -- -1.7.1 +2.8.1 diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid index b96865d73..83e1f8b7a 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/files/volatiles.03_squid @@ -1,2 +1,3 @@ # <type> <owner> <group> <mode> <path> <linksource> d squid squid 0755 /var/run/squid none +d squid squid 0750 /var/log/squid none diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/squid_3.5.20.bb index e35aad7cf..364d00e12 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/squid_3.5.7.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/squid/squid_3.5.20.bb @@ -19,14 +19,15 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P file://squid-use-serial-tests-config-needed-by-ptest.patch \ file://run-ptest \ file://volatiles.03_squid \ - file://CVE-2016-3947.patch \ + file://set_sysroot_patch.patch \ + file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ - file://errors/COPYRIGHT;md5=0fed8f1462f6fdbc62bb431bcb618f46 \ + file://errors/COPYRIGHT;md5=0d98c4448c368d146f31a970bb0ced21 \ " -SRC_URI[md5sum] = "06e43abc67aedcc3903a2780de20a3ed" -SRC_URI[sha256sum] = "b7dcec8c5cb7f5687aff4256a7522f670c310a350cc9e9c0f29f3fd9cf88d017" +SRC_URI[md5sum] = "6a29d7dfc544205001f7a75c6996dc60" +SRC_URI[sha256sum] = "5a114f8f7f44b5ae3c9b77d7b81aef13fe69e7f530855213d551f48b157cb5f1" DEPENDS = "libtool krb5 openldap db cyrus-sasl" @@ -35,20 +36,28 @@ inherit autotools useradd ptest USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "--system --no-create-home --home-dir /var/run/squid --shell /bin/false --user-group squid" -PACKAGECONFIG ??= "${@base_contains('TARGET_ARCH', 'powerpc', 'noatomics', '', d)} \ - ${@base_contains('TARGET_ARCH', 'mips', 'noatomics', '', d)} \ +PACKAGECONFIG ??= "${@bb.utils.contains('TARGET_ARCH', 'powerpc', 'noatomics', '', d)} \ + ${@bb.utils.contains('TARGET_ARCH', 'mips', 'noatomics', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ " PACKAGECONFIG[libnetfilter-conntrack] = "--with-netfilter-conntrack=${includedir}, --without-netfilter-conntrack, libnetfilter-conntrack" PACKAGECONFIG[noatomics] = "squid_cv_gnu_atomics=no,squid_cv_gnu_atomics=yes,," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," BASIC_AUTH = "DB SASL LDAP NIS" -DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -BASIC_AUTH += "${@base_contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +BASIC_AUTH += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'PAM', '', d)}" + +EXTRA_OECONF += "--with-default-user=squid --enable-auth-basic='${BASIC_AUTH}' --sysconfdir=${sysconfdir}/${BPN} --with-logdir=${localstatedir}/log/${BPN}" -EXTRA_OECONF += "--with-default-user=squid --enable-auth-basic='${BASIC_AUTH}'" export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" TESTDIR = "test-suite" + +do_configure_prepend() { + export SYSROOT=$PKG_CONFIG_SYSROOT_DIR +} + do_compile_ptest() { oe_runmake -C ${TESTDIR} buildtest-TESTS } @@ -59,13 +68,31 @@ do_install_ptest() { # do NOT need to rebuild Makefile itself sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # Add squid-conf-tests for runtime tests + sed -e 's/^\(runtest-TESTS:\)/\1 squid-conf-tests/' \ + -e "s/\(list=' \$(TESTS)\)/\1 squid-conf-tests/" \ + -i ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # Ensure the path for command true is correct + sed -i 's:^TRUE = .*$:TRUE = /bin/true:' ${D}${PTEST_PATH}/${TESTDIR}/Makefile } do_install_append() { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.03_squid ${D}${sysconfdir}/default/volatiles/volatiles.03_squid - rmdir "${D}${localstatedir}/run/${BPN}" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/run" + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d ${localstatedir}/run/${BPN} 0755 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + echo "d ${localstatedir}/log/${BPN} 0750 squid squid -" >> ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf + fi + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.03_squid ${D}${sysconfdir}/default/volatiles/03_squid + + rmdir "${D}${localstatedir}/run/${BPN}" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/run" + + rmdir "${D}${localstatedir}/log/${BPN}" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}/log" } FILES_${PN} += "${libdir} ${datadir}/errors ${datadir}/icons" @@ -74,6 +101,3 @@ FILES_${PN}-doc += "${datadir}/*.txt" RDEPENDS_${PN} += "perl" RDEPENDS_${PN}-ptest += "make" - -# http://errors.yoctoproject.org/Errors/Details/35128/ -PNBLACKLIST[squid] ?= "BROKEN: sysroots/qemuarm/usr/include/linux/in.h:28:16: error: redeclaration of 'IPPROTO_IP'" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/tftp-hpa/tftp-hpa_5.2.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/tftp-hpa/tftp-hpa_5.2.bb index 98842e4e9..115fa2ece 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/tftp-hpa/tftp-hpa_5.2.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/tftp-hpa/tftp-hpa_5.2.bb @@ -37,6 +37,9 @@ export AR = "${HOST_PREFIX}ar cq" EXTRA_OECONF += "--disable-option-checking" +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + # configure.in has errors do_configure() { oe_runconf diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/files/makefile-add-ldflags.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/files/makefile-add-ldflags.patch new file mode 100644 index 000000000..a74452db6 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/files/makefile-add-ldflags.patch @@ -0,0 +1,19 @@ +Add LDFLAGS variable to Makefile, make sure the extra linker flags can be passed. + +Upstream-Status: Pending + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> + +diff --git a/makefile b/makefile +index 98008da..c328ba7 100644 +--- a/makefile ++++ b/makefile +@@ -11,7 +11,7 @@ mandir = ${sharedir}/man + O=aoe.o bpf.o ${PLATFORM}.o ata.o + + vblade: $O +- ${CC} -o vblade $O ++ ${CC} ${LDFLAGS} -o vblade $O + + aoe.o : aoe.c config.h dat.h fns.h makefile + ${CC} ${CFLAGS} -c $< diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/vblade_20.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/vblade_20.bb index a357e4037..344c7462c 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/vblade_20.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vblade/vblade_20.bb @@ -5,7 +5,9 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "${SOURCEFORGE_MIRROR}/aoetools/${BPN}-${PV}.tgz \ - file://cross.patch" + file://cross.patch \ + file://makefile-add-ldflags.patch \ + " SRC_URI[md5sum] = "3c80e4a6bc7d66ae0c235b88cb44bd59" SRC_URI[sha256sum] = "c8fe2fc4f2fba8e07e5cfdf17335982584eef2cd5c78bf8b1db93f2b56e7121d" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch new file mode 100644 index 000000000..7accbbc24 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch @@ -0,0 +1,45 @@ +From 37cc924363515c8c309944c455bcbba7ddcc8eda Mon Sep 17 00:00:00 2001 +From: Mingli Yu <Mingli.Yu@windriver.com> +Date: Tue, 6 Sep 2016 17:17:44 +0800 +Subject: [PATCH] vsftpd: allow sysinfo() in the seccomp sandbox + +Upstream-Status: Pending + +* Allow sysinfo() in the seccomp sandbox otherwise + comes below OOPS: priv_sock_get_cmd as the syscall + sysinfo() not allowed + +tnftp 192.168.1.1 +Connected to 192.168.1.1. +220 (vsFTPd 3.0.3) +Name (192.168.1.1:root): anonymous +331 Please specify the password. +Password: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> prompt +Interactive mode off. +ftp> mget small* +OOPS: priv_sock_get_cmd + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> +--- + seccompsandbox.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/seccompsandbox.c b/seccompsandbox.c +index 2c350a9..67d9ca5 100644 +--- a/seccompsandbox.c ++++ b/seccompsandbox.c +@@ -409,6 +409,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) + allow_nr(__NR_getcwd); + allow_nr(__NR_chdir); + allow_nr(__NR_getdents); ++ allow_nr(__NR_sysinfo); + /* Misc */ + allow_nr(__NR_umask); + +-- +2.8.1 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb index 4ee881ddd..3eaaa30b6 100644 --- a/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb @@ -18,6 +18,7 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ file://volatiles.99_vsftpd \ file://vsftpd.service \ file://vsftpd-2.1.0-filter.patch \ + file://0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \ @@ -29,13 +30,13 @@ SRC_URI[sha256sum] = "9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c PACKAGECONFIG ??= "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers" -SRC_URI +="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)}" +SRC_URI +="${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)}" -DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} += "${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}" -PAMLIB = "${@base_contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}" -NOPAM_SRC ="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}" -SRC_URI += "${@base_contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)}" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}" +PAMLIB = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}" +NOPAM_SRC ="${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}" +SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)}" inherit update-rc.d useradd systemd @@ -75,7 +76,7 @@ do_install() { sed -i "s:/lib/security:${base_libdir}/security:" ${D}${sysconfdir}/pam.d/vsftpd sed -i "s:ftpusers:vsftpd.ftpusers:" ${D}${sysconfdir}/pam.d/vsftpd fi - if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d echo "d /var/run/vsftpd/empty 0755 root root -" \ > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf @@ -100,10 +101,10 @@ SYSTEMD_SERVICE_${PN} = "vsftpd.service" pkg_postinst_${PN}() { if [ -z "$D" ]; then - if type systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi + if type systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi fi } |
