diff options
Diffstat (limited to 'import-layers/meta-openembedded/meta-oe/recipes-connectivity')
37 files changed, 2344 insertions, 1714 deletions
diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000000000..5535a3c5a --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,177 @@ +From 044ae35c5694c39a4aca2a33502cc3897e88f79e Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/ap/ieee802_11.c | 16 +++++++++++++--- + src/ap/wpa_auth.c | 11 +++++++++++ + src/ap/wpa_auth.h | 3 ++- + src/ap/wpa_auth_ft.c | 10 ++++++++++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* + * Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, + * FT-over-the-DS, where a station re-associates back to the same AP but + * skips the authentication flow, or if working with a driver that + * does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. + */ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 0de8d97..97461b0 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, + u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED + }; + void wpa_remove_ptk(struct wpa_state_machine *sm); + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c +index 42242a5..e63b99a 100644 +--- a/src/ap/wpa_auth_ft.c ++++ b/src/ap/wpa_auth_ft.c +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, + + sm->pairwise = pairwise; + sm->PTK_valid = TRUE; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h +index 72b7eb3..7fd8f05 100644 +--- a/src/ap/wpa_auth_i.h ++++ b/src/ap/wpa_auth_i.h +@@ -65,6 +65,7 @@ struct wpa_state_machine { + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch new file mode 100644 index 000000000..4e57bcaa5 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch @@ -0,0 +1,253 @@ +From c623cc973de525f7411dffe438e957ba86ef4733 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Wed, 12 Jul 2017 16:03:24 +0200 +Subject: [PATCH 2/7] Prevent reinstallation of an already in-use group key + +Track the current GTK and IGTK that is in use and when receiving a +(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do +not install the given key if it is already in use. This prevents an +attacker from trying to trick the client into resetting or lowering the +sequence counter associated to the group key. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/common/wpa_common.h | 11 +++++ + src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ + src/rsn_supp/wpa_i.h | 4 ++ + 3 files changed, 87 insertions(+), 44 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index af1d0f0..d200285 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -217,6 +217,17 @@ struct wpa_ptk { + size_t tk_len; + }; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; ++ ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ + + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 3c47879..95bd7be 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ + return 0; + } + +@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk) ++{ ++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if (sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), ++ broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, len) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + if (ie->igtk) { + size_t len; + const struct wpa_igtk_kde *igtk; +- u16 keyidx; ++ + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, len); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); +- return -1; +- } +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, len) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } + } + + return 0; +@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. +@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); + os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); +@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + os_memset(&gd, 0, sizeof(gd)); + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- struct wpa_igtk_kde igd; +- u16 keyidx; +- +- os_memset(&igd, 0, sizeof(igd)); +- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); +- +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, keylen); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, keylen); +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, keylen) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); +- os_memset(&igd, 0, sizeof(igd)); ++ const struct wpa_igtk_kde *igtk; ++ ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } +- os_memset(&igd, 0, sizeof(igd)); + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index f653ba6..afc9e37 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -31,6 +31,10 @@ struct wpa_sm { + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch new file mode 100644 index 000000000..e39bbf63d --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch @@ -0,0 +1,187 @@ +From a6caab8060ab60876e233306f5c586451169eba1 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 1 Oct 2017 12:12:24 +0300 +Subject: [PATCH 3/7] Extend protection of GTK/IGTK reinstallation of WNM-Sleep + Mode cases + +This extends the protection to track last configured GTK/IGTK value +separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a +corner case where these two different mechanisms may get used when the +GTK/IGTK has changed and tracking a single value is not sufficient to +detect a possible key reconfiguration. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- + src/rsn_supp/wpa_i.h | 2 ++ + 2 files changed, 40 insertions(+), 15 deletions(-) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 95bd7be..7a2c68d 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -709,14 +709,17 @@ struct wpa_gtk_data { + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + + /* Detect possible key reinstallation */ +- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && +- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); +@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + +- sm->gtk.gtk_len = gd->gtk_len; +- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } + + return 0; + } +@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { ++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + os_memset(&gd, 0, sizeof(gd)); +@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + + #ifdef CONFIG_IEEE80211W + static int wpa_supplicant_install_igtk(struct wpa_sm *sm, +- const struct wpa_igtk_kde *igtk) ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) + { + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->keyid); + + /* Detect possible key reinstallation */ +- if (sm->igtk.igtk_len == len && +- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); +@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, + return -1; + } + +- sm->igtk.igtk_len = len; +- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } + + return 0; + } +@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + return -1; + + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; + } + +@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, + if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) + key_rsc = null_rsc; + +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) + goto failed; + os_memset(&gd, 0, sizeof(gd)); +@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + } + +@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); +@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + os_memset(&gd, 0, sizeof(gd)); + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); +@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + const struct wpa_igtk_kde *igtk; + + igtk = (const struct wpa_igtk_kde *) (buf + 2); +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; + #endif /* CONFIG_IEEE80211W */ + } else { +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index afc9e37..9a54631 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -32,8 +32,10 @@ struct wpa_sm { + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; + struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; + #ifdef CONFIG_IEEE80211W + struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; + #endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch new file mode 100644 index 000000000..510362510 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch @@ -0,0 +1,82 @@ +From abf941647f2dc33b0b59612f525e1b292331cc9f Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Fri, 29 Sep 2017 04:22:51 +0200 +Subject: [PATCH 4/7] Prevent installation of an all-zero TK + +Properly track whether a PTK has already been installed to the driver +and the TK part cleared from memory. This prevents an attacker from +trying to trick the client into installing an all-zero TK. + +This fixes the earlier fix in commit +ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the +driver in EAPOL-Key 3/4 retry case') which did not take into account +possibility of an extra message 1/4 showing up between retries of +message 3/4. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/common/wpa_common.h | 1 + + src/rsn_supp/wpa.c | 5 ++--- + src/rsn_supp/wpa_i.h | 1 - + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index d200285..1021ccb 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -215,6 +215,7 @@ struct wpa_ptk { + size_t kck_len; + size_t kek_len; + size_t tk_len; ++ int installed; /* 1 if key has already been installed to driver */ + }; + + struct wpa_gtk { +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 7a2c68d..0550a41 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, + os_memset(buf, 0, sizeof(buf)); + } + sm->tptk_set = 1; +- sm->tk_to_set = 1; + + kde = sm->assoc_wpa_ie; + kde_len = sm->assoc_wpa_ie_len; +@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + enum wpa_alg alg; + const u8 *key_rsc; + +- if (!sm->tk_to_set) { ++ if (sm->ptk.installed) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Do not re-install same PTK to the driver"); + return 0; +@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + + /* TK is not needed anymore in supplicant */ + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); +- sm->tk_to_set = 0; ++ sm->ptk.installed = 1; + + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 9a54631..41f371f 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -24,7 +24,6 @@ struct wpa_sm { + struct wpa_ptk ptk, tptk; + int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; +- unsigned int tk_to_set:1; + u8 snonce[WPA_NONCE_LEN]; + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ + int renew_snonce; +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch new file mode 100644 index 000000000..b0e1df314 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch @@ -0,0 +1,67 @@ +From 804b9d72808cddd822e7dcec4d60f40c1aceda82 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 1 Oct 2017 12:32:57 +0300 +Subject: [PATCH 5/7] Fix PTK rekeying to generate a new ANonce + +The Authenticator state machine path for PTK rekeying ended up bypassing +the AUTHENTICATION2 state where a new ANonce is generated when going +directly to the PTKSTART state since there is no need to try to +determine the PMK again in such a case. This is far from ideal since the +new PTK would depend on a new nonce only from the supplicant. + +Fix this by generating a new ANonce when moving to the PTKSTART state +for the purpose of starting new 4-way handshake to rekey PTK. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 707971d..bf10cc1 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch new file mode 100644 index 000000000..72c7d51e1 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch @@ -0,0 +1,135 @@ +From 7fd26db2d8147ed662db192c41d7bc15752a601d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 11:03:15 +0300 +Subject: [PATCH 6/7] TDLS: Reject TPK-TK reconfiguration + +Do not try to reconfigure the same TPK-TK to the driver after it has +been successfully configured. This is an explicit check to avoid issues +related to resetting the TX/RX packet number. There was already a check +for this for TPK M2 (retries of that message are ignored completely), so +that behavior does not get modified. + +For TPK M3, the TPK-TK could have been reconfigured, but that was +followed by immediate teardown of the link due to an issue in updating +the STA entry. Furthermore, for TDLS with any real security (i.e., +ignoring open/WEP), the TPK message exchange is protected on the AP path +and simple replay attacks are not feasible. + +As an additional corner case, make sure the local nonce gets updated if +the peer uses a very unlikely "random nonce" of all zeros. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c +index e424168..9eb9738 100644 +--- a/src/rsn_supp/tdls.c ++++ b/src/rsn_supp/tdls.c +@@ -112,6 +112,7 @@ struct wpa_tdls_peer { + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + int tpk_in_progress; + +@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + peer->cipher = 0; + peer->qos_info = 0; + peer->wmm_capable = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + peer->chan_switch_enabled = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); +@@ -1159,6 +1177,7 @@ skip_rsnie: + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, + } + + ++static int tdls_nonce_set(const u8 *nonce) ++{ ++ int i; ++ ++ for (i = 0; i < WPA_NONCE_LEN; i++) { ++ if (nonce[i]) ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, + const u8 *buf, size_t len) + { +@@ -2004,7 +2036,8 @@ skip_rsn: + peer->rsnie_i_len = kde.rsn_ie_len; + peer->cipher = cipher; + +- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { ++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || ++ !tdls_nonce_set(peer->inonce)) { + /* + * There is no point in updating the RNonce for every obtained + * TPK M1 frame (e.g., retransmission due to timeout) with the +@@ -2020,6 +2053,7 @@ skip_rsn: + "TDLS: Failed to get random data for responder nonce"); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + } + + #if 0 +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch new file mode 100644 index 000000000..d0978c797 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @@ -0,0 +1,85 @@ +From a42eb67c42f845faf266b0633d52e17f2a82f511 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 12:06:37 +0300 +Subject: [PATCH 7/7] FT: Do not allow multiple Reassociation Response frames + +The driver is expected to not report a second association event without +the station having explicitly request a new association. As such, this +case should not be reachable. However, since reconfiguring the same +pairwise or group keys to the driver could result in nonce reuse issues, +be extra careful here and do an additional state check to avoid this +even if the local driver ends up somehow accepting an unexpected +Reassociation Response frame. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + src/rsn_supp/wpa.c | 3 +++ + src/rsn_supp/wpa_ft.c | 8 ++++++++ + src/rsn_supp/wpa_i.h | 1 + + 3 files changed, 12 insertions(+) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 0550a41..2a53c6f 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c +index 205793e..d45bb45 100644 +--- a/src/rsn_supp/wpa_ft.c ++++ b/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 41f371f..56f88dc 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -128,6 +128,7 @@ struct wpa_sm { + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +-- +1.8.3.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/key-replay-cve-multiple.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/key-replay-cve-multiple.patch deleted file mode 100644 index 694da8fb6..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/key-replay-cve-multiple.patch +++ /dev/null @@ -1,984 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/ap/ieee802_11.c | 16 +++++++++++++--- - src/ap/wpa_auth.c | 11 +++++++++++ - src/ap/wpa_auth.h | 3 ++- - src/ap/wpa_auth_ft.c | 10 ++++++++++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* - * Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, - * FT-over-the-DS, where a station re-associates back to the same AP but - * skips the authentication flow, or if working with a driver that - * does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. - */ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+ set = 0; -+ } - - #ifdef CONFIG_IEEE80211N - if (sta->flags & WLAN_STA_HT) -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, - sta->vht_opmode, sta->p2p_ie ? 1 : 0, -- sta->added_unassoc)) { -+ set)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, - "Could not %s STA to kernel driver", -- sta->added_unassoc ? "set" : "add"); -+ set ? "set" : "add"); - - if (sta->added_unassoc) { - hostapd_drv_sta_remove(hapd, sta->addr); -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 3587086..707971d 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) - #else /* CONFIG_IEEE80211R */ - break; - #endif /* CONFIG_IEEE80211R */ -+ case WPA_DRV_STA_REMOVED: -+ sm->tk_already_set = FALSE; -+ return 0; - } - - #ifdef CONFIG_IEEE80211R -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) - } - - -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) -+{ -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) -+ return 0; -+ return sm->tk_already_set; -+} -+ -+ - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry) - { -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h -index 0de8d97..97461b0 100644 ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, - u8 *data, size_t data_len); - enum wpa_event { - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED - }; - void wpa_remove_ptk(struct wpa_state_machine *sm); - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry); - struct rsn_pmksa_cache_entry * -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c -index 42242a5..e63b99a 100644 ---- a/src/ap/wpa_auth_ft.c -+++ b/src/ap/wpa_auth_ft.c -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - return; - } - -+ if (sm->tk_already_set) { -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX -+ * PN in the driver */ -+ wpa_printf(MSG_DEBUG, -+ "FT: Do not re-install same PTK to the driver"); -+ return; -+ } -+ - /* FIX: add STA entry to kernel/driver here? The set_key will fail - * most likely without this.. At the moment, STA entry is added only - * after association has been completed. This function will be called -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ - sm->pairwise_set = TRUE; -+ sm->tk_already_set = TRUE; - } - - -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, - - sm->pairwise = pairwise; - sm->PTK_valid = TRUE; -+ sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); - - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h -index 72b7eb3..7fd8f05 100644 ---- a/src/ap/wpa_auth_i.h -+++ b/src/ap/wpa_auth_i.h -@@ -65,6 +65,7 @@ struct wpa_state_machine { - struct wpa_ptk PTK; - Boolean PTK_valid; - Boolean pairwise_set; -+ Boolean tk_already_set; - int keycount; - Boolean Pair; - struct wpa_key_replay_counter { --- -2.7.4 - -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Wed, 12 Jul 2017 16:03:24 +0200 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key - -Track the current GTK and IGTK that is in use and when receiving a -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do -not install the given key if it is already in use. This prevents an -attacker from trying to trick the client into resetting or lowering the -sequence counter associated to the group key. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 11 +++++ - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ - src/rsn_supp/wpa_i.h | 4 ++ - 3 files changed, 87 insertions(+), 44 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index af1d0f0..d200285 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -217,6 +217,17 @@ struct wpa_ptk { - size_t tk_len; - }; - -+struct wpa_gtk { -+ u8 gtk[WPA_GTK_MAX_LEN]; -+ size_t gtk_len; -+}; -+ -+#ifdef CONFIG_IEEE80211W -+struct wpa_igtk { -+ u8 igtk[WPA_IGTK_MAX_LEN]; -+ size_t igtk_len; -+}; -+#endif /* CONFIG_IEEE80211W */ - - /* WPA IE version 1 - * 00-50-f2:1 (OUI:OUI type) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 3c47879..95bd7be 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - -+ /* Detect possible key reinstallation */ -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", -+ gd->keyidx, gd->tx, gd->gtk_len); -+ return 0; -+ } -+ - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ - return 0; - } - -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - } - - -+#ifdef CONFIG_IEEE80211W -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -+ const struct wpa_igtk_kde *igtk) -+{ -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); -+ -+ /* Detect possible key reinstallation */ -+ if (sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", -+ keyidx); -+ return 0; -+ } -+ -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", -+ keyidx, MAC2STR(igtk->pn)); -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); -+ if (keyidx > 4095) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Invalid IGTK KeyID %d", keyidx); -+ return -1; -+ } -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -+ broadcast_ether_addr, -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), -+ igtk->igtk, len) < 0) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Failed to configure IGTK to the driver"); -+ return -1; -+ } -+ -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ -+ return 0; -+} -+#endif /* CONFIG_IEEE80211W */ -+ -+ - static int ieee80211w_set_keys(struct wpa_sm *sm, - struct wpa_eapol_ie_parse *ie) - { -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - if (ie->igtk) { - size_t len; - const struct wpa_igtk_kde *igtk; -- u16 keyidx; -+ - len = wpa_cipher_key_len(sm->mgmt_group_cipher); - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) - return -1; -+ - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- keyidx = WPA_GET_LE16(igtk->keyid); -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " -- "pn %02x%02x%02x%02x%02x%02x", -- keyidx, MAC2STR(igtk->pn)); -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", -- igtk->igtk, len); -- if (keyidx > 4095) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Invalid IGTK KeyID %d", keyidx); -- return -1; -- } -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igtk->pn, sizeof(igtk->pn), -- igtk->igtk, len) < 0) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Failed to configure IGTK to the driver"); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } - } - - return 0; -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) - */ - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - { -- int clear_ptk = 1; -+ int clear_keys = 1; - - if (sm == NULL) - return; -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - /* Prepare for the next transition */ - wpa_ft_prepare_auth_request(sm, NULL); - -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_IEEE80211R */ - -- if (clear_ptk) { -+ if (clear_keys) { - /* - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if - * this is not part of a Fast BSS Transition. -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - } - - #ifdef CONFIG_TDLS -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(sm->pmk, 0, sizeof(sm->pmk)); - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - os_memset(&gd, 0, sizeof(gd)); - #ifdef CONFIG_IEEE80211W - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { -- struct wpa_igtk_kde igd; -- u16 keyidx; -- -- os_memset(&igd, 0, sizeof(igd)); -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); -- os_memcpy(igd.keyid, buf + 2, 2); -- os_memcpy(igd.pn, buf + 4, 6); -- -- keyidx = WPA_GET_LE16(igd.keyid); -- os_memcpy(igd.igtk, buf + 10, keylen); -- -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", -- igd.igtk, keylen); -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igd.pn, sizeof(igd.pn), -- igd.igtk, keylen) < 0) { -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " -- "WNM mode"); -- os_memset(&igd, 0, sizeof(igd)); -+ const struct wpa_igtk_kde *igtk; -+ -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- os_memset(&igd, 0, sizeof(igd)); - #endif /* CONFIG_IEEE80211W */ - } else { - wpa_printf(MSG_DEBUG, "Unknown element id"); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index f653ba6..afc9e37 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -31,6 +31,10 @@ struct wpa_sm { - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; -+ struct wpa_gtk gtk; -+#ifdef CONFIG_IEEE80211W -+ struct wpa_igtk igtk; -+#endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ - --- -2.7.4 - -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:12:24 +0300 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep - Mode cases - -This extends the protection to track last configured GTK/IGTK value -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a -corner case where these two different mechanisms may get used when the -GTK/IGTK has changed and tracking a single value is not sufficient to -detect a possible key reconfiguration. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- - src/rsn_supp/wpa_i.h | 2 ++ - 2 files changed, 40 insertions(+), 15 deletions(-) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 95bd7be..7a2c68d 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -709,14 +709,17 @@ struct wpa_gtk_data { - - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const struct wpa_gtk_data *gd, -- const u8 *key_rsc) -+ const u8 *key_rsc, int wnm_sleep) - { - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - - /* Detect possible key reinstallation */ -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", - gd->keyidx, gd->tx, gd->gtk_len); -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -- sm->gtk.gtk_len = gd->gtk_len; -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ if (wnm_sleep) { -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len); -+ } else { -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ } - - return 0; - } -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, gtk_len, - &gd.key_rsc_len, &gd.alg) || -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "RSN: Failed to install GTK"); - os_memset(&gd, 0, sizeof(gd)); -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - - #ifdef CONFIG_IEEE80211W - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -- const struct wpa_igtk_kde *igtk) -+ const struct wpa_igtk_kde *igtk, -+ int wnm_sleep) - { - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); - u16 keyidx = WPA_GET_LE16(igtk->keyid); - - /* Detect possible key reinstallation */ -- if (sm->igtk.igtk_len == len && -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ if ((sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || -+ (sm->igtk_wnm_sleep.igtk_len == len && -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", - keyidx); -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, - return -1; - } - -- sm->igtk.igtk_len = len; -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ if (wnm_sleep) { -+ sm->igtk_wnm_sleep.igtk_len = len; -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len); -+ } else { -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ } - - return 0; - } -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - return -1; - - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) - return -1; - } - -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) - key_rsc = null_rsc; - -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) - goto failed; - os_memset(&gd, 0, sizeof(gd)); -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - } - -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", - gd.gtk, gd.gtk_len); -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { - os_memset(&gd, 0, sizeof(gd)); - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " - "WNM mode"); -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - const struct wpa_igtk_kde *igtk; - - igtk = (const struct wpa_igtk_kde *) (buf + 2); -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) - return -1; - #endif /* CONFIG_IEEE80211W */ - } else { -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index afc9e37..9a54631 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -32,8 +32,10 @@ struct wpa_sm { - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; - struct wpa_gtk gtk; -+ struct wpa_gtk gtk_wnm_sleep; - #ifdef CONFIG_IEEE80211W - struct wpa_igtk igtk; -+ struct wpa_igtk igtk_wnm_sleep; - #endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ --- -2.7.4 - -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 1 + - src/rsn_supp/wpa.c | 5 ++--- - src/rsn_supp/wpa_i.h | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index d200285..1021ccb 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -215,6 +215,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 7a2c68d..0550a41 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 9a54631..41f371f 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; --- -2.7.4 - -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:32:57 +0300 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce - -The Authenticator state machine path for PTK rekeying ended up bypassing -the AUTHENTICATION2 state where a new ANonce is generated when going -directly to the PTKSTART state since there is no need to try to -determine the PMK again in such a case. This is far from ideal since the -new PTK would depend on a new nonce only from the supplicant. - -Fix this by generating a new ANonce when moving to the PTKSTART state -for the purpose of starting new 4-way handshake to rekey PTK. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 707971d..bf10cc1 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) - } - - -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) -+{ -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { -+ wpa_printf(MSG_ERROR, -+ "WPA: Failed to get random data for ANonce"); -+ sm->Disconnect = TRUE; -+ return -1; -+ } -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, -+ WPA_NONCE_LEN); -+ sm->TimeoutCtr = 0; -+ return 0; -+} -+ -+ - SM_STATE(WPA_PTK, INITPMK) - { - u8 msk[2 * PMK_LEN]; -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) - SM_ENTER(WPA_PTK, AUTHENTICATION); - else if (sm->ReAuthenticationRequest) - SM_ENTER(WPA_PTK, AUTHENTICATION2); -- else if (sm->PTKRequest) -- SM_ENTER(WPA_PTK, PTKSTART); -- else switch (sm->wpa_ptk_state) { -+ else if (sm->PTKRequest) { -+ if (wpa_auth_sm_ptk_update(sm) < 0) -+ SM_ENTER(WPA_PTK, DISCONNECTED); -+ else -+ SM_ENTER(WPA_PTK, PTKSTART); -+ } else switch (sm->wpa_ptk_state) { - case WPA_PTK_INITIALIZE: - break; - case WPA_PTK_DISCONNECT: --- -2.7.4 - -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:03:15 +0300 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration - -Do not try to reconfigure the same TPK-TK to the driver after it has -been successfully configured. This is an explicit check to avoid issues -related to resetting the TX/RX packet number. There was already a check -for this for TPK M2 (retries of that message are ignored completely), so -that behavior does not get modified. - -For TPK M3, the TPK-TK could have been reconfigured, but that was -followed by immediate teardown of the link due to an issue in updating -the STA entry. Furthermore, for TDLS with any real security (i.e., -ignoring open/WEP), the TPK message exchange is protected on the AP path -and simple replay attacks are not feasible. - -As an additional corner case, make sure the local nonce gets updated if -the peer uses a very unlikely "random nonce" of all zeros. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- - 1 file changed, 36 insertions(+), 2 deletions(-) - -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c -index e424168..9eb9738 100644 ---- a/src/rsn_supp/tdls.c -+++ b/src/rsn_supp/tdls.c -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ - } tpk; - int tpk_set; -+ int tk_set; /* TPK-TK configured to the driver */ - int tpk_success; - int tpk_in_progress; - -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - u8 rsc[6]; - enum wpa_alg alg; - -+ if (peer->tk_set) { -+ /* -+ * This same TPK-TK has already been configured to the driver -+ * and this new configuration attempt (likely due to an -+ * unexpected retransmitted frame) would result in clearing -+ * the TX/RX sequence number which can break security, so must -+ * not allow that to happen. -+ */ -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR -+ " has already been configured to the driver - do not reconfigure", -+ MAC2STR(peer->addr)); -+ return -1; -+ } -+ - os_memset(rsc, 0, 6); - - switch (peer->cipher) { -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - return -1; - } - -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, -+ MAC2STR(peer->addr)); - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " - "driver"); - return -1; - } -+ peer->tk_set = 1; - return 0; - } - -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - peer->cipher = 0; - peer->qos_info = 0; - peer->wmm_capable = 0; -- peer->tpk_set = peer->tpk_success = 0; -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; - peer->chan_switch_enabled = 0; - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); - os_memset(peer->inonce, 0, WPA_NONCE_LEN); -@@ -1159,6 +1177,7 @@ skip_rsnie: - wpa_tdls_peer_free(sm, peer); - return -1; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", - peer->inonce, WPA_NONCE_LEN); - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, - } - - -+static int tdls_nonce_set(const u8 *nonce) -+{ -+ int i; -+ -+ for (i = 0; i < WPA_NONCE_LEN; i++) { -+ if (nonce[i]) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, - const u8 *buf, size_t len) - { -@@ -2004,7 +2036,8 @@ skip_rsn: - peer->rsnie_i_len = kde.rsn_ie_len; - peer->cipher = cipher; - -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || -+ !tdls_nonce_set(peer->inonce)) { - /* - * There is no point in updating the RNonce for every obtained - * TPK M1 frame (e.g., retransmission due to timeout) with the -@@ -2020,6 +2053,7 @@ skip_rsn: - "TDLS: Failed to get random data for responder nonce"); - goto error; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - } - - #if 0 --- -2.7.4 - -Note: [PATCH 7/8] only applies to wpa_supplicant - -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 12:06:37 +0300 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames - -The driver is expected to not report a second association event without -the station having explicitly request a new association. As such, this -case should not be reachable. However, since reconfiguring the same -pairwise or group keys to the driver could result in nonce reuse issues, -be extra careful here and do an additional state check to avoid this -even if the local driver ends up somehow accepting an unexpected -Reassociation Response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 3 +++ - src/rsn_supp/wpa_ft.c | 8 ++++++++ - src/rsn_supp/wpa_i.h | 1 + - 3 files changed, 12 insertions(+) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 0550a41..2a53c6f 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) - #ifdef CONFIG_TDLS - wpa_tdls_disassoc(sm); - #endif /* CONFIG_TDLS */ -+#ifdef CONFIG_IEEE80211R -+ sm->ft_reassoc_completed = 0; -+#endif /* CONFIG_IEEE80211R */ - - /* Keys are not needed in the WPA state machine anymore */ - wpa_sm_drop_sa(sm); -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c -index 205793e..d45bb45 100644 ---- a/src/rsn_supp/wpa_ft.c -+++ b/src/rsn_supp/wpa_ft.c -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, - u16 capab; - - sm->ft_completed = 0; -+ sm->ft_reassoc_completed = 0; - - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + - 2 + sm->r0kh_id_len + ric_ies_len + 100; -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ if (sm->ft_reassoc_completed) { -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); -+ return 0; -+ } -+ - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); - return -1; -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ sm->ft_reassoc_completed = 1; -+ - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) - return -1; - -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 41f371f..56f88dc 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -128,6 +128,7 @@ struct wpa_sm { - size_t r0kh_id_len; - u8 r1kh_id[FT_R1KH_ID_LEN]; - int ft_completed; -+ int ft_reassoc_completed; - int over_the_ds_in_progress; - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ - int set_ptk_after_assoc; --- -2.7.4 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb index c3a1eadfd..250add875 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb @@ -1,34 +1,48 @@ +SUMMARY = "User space daemon for extended IEEE 802.11 management" HOMEPAGE = "http://w1.fi/hostapd/" SECTION = "kernel/userland" -LICENSE = "GPLv2 | BSD" -LIC_FILES_CHKSUM = "file://${B}/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350" -DEPENDS = "libnl openssl" -SUMMARY = "User space daemon for extended IEEE 802.11 management" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://hostapd/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350" -inherit update-rc.d systemd -INITSCRIPT_NAME = "hostapd" - -SYSTEMD_SERVICE_${PN} = "hostapd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" +DEPENDS = "libnl openssl" SRC_URI = " \ http://w1.fi/releases/hostapd-${PV}.tar.gz \ file://defconfig \ file://init \ file://hostapd.service \ - file://key-replay-cve-multiple.patch \ + file://0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \ + file://0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \ + file://0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \ + file://0004-Prevent-installation-of-an-all-zero-TK.patch \ + file://0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \ + file://0006-TDLS-Reject-TPK-TK-reconfiguration.patch \ + file://0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \ " +SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7" +SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d" + S = "${WORKDIR}/hostapd-${PV}" B = "${WORKDIR}/hostapd-${PV}/hostapd" -do_configure() { +inherit update-rc.d systemd pkgconfig distro_features_check + +CONFLICT_DISTRO_FEATURES = "openssl-no-weak-ciphers" + +INITSCRIPT_NAME = "hostapd" + +SYSTEMD_SERVICE_${PN} = "hostapd.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +do_configure_append() { install -m 0644 ${WORKDIR}/defconfig ${B}/.config } do_compile() { - export CFLAGS="-MMD -O2 -Wall -g -I${STAGING_INCDIR}/libnl3" - make + export CFLAGS="-MMD -O2 -Wall -g" + export EXTRA_CFLAGS="${CFLAGS}" + make V=1 } do_install() { @@ -42,7 +56,3 @@ do_install() { } CONFFILES_${PN} += "${sysconfdir}/hostapd.conf" - -SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7" -SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d" - diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch index f0c310c5e..cbd5d71fd 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch @@ -1,18 +1,19 @@ -From ecb62f3467f493cc0d679323f05367eebbf0fb67 Mon Sep 17 00:00:00 2001 +From a9e4057bfda190ad365b503af058b460ab8c7616 Mon Sep 17 00:00:00 2001 From: Martin Jansa <Martin.Jansa@gmail.com> Date: Tue, 1 Oct 2013 22:22:57 +0200 Subject: [PATCH] aclocal: Add parameter to disable keyutils detection Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + --- aclocal.m4 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/aclocal.m4 b/aclocal.m4 -index 210c473..83b1f02 100644 +index d6d1279..80ce604 100644 --- a/aclocal.m4 +++ b/aclocal.m4 -@@ -1650,11 +1650,15 @@ fi +@@ -1679,12 +1679,16 @@ fi dnl dnl If libkeyutils exists (on Linux) include it and use keyring ccache AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ @@ -28,6 +29,4 @@ index 210c473..83b1f02 100644 +fi ])dnl dnl --- -1.8.3.2 - + dnl If libkeyutils supports persistent keyrings, use them diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch deleted file mode 100644 index 4b82f0297..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch +++ /dev/null @@ -1,419 +0,0 @@ -From 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 14 Jul 2017 13:02:46 -0400 -Subject: [PATCH] Preserve GSS context on init/accept failure - -After gss_init_sec_context() or gss_accept_sec_context() has created a -context, don't delete the mechglue context on failures from subsequent -calls, even if the mechanism deletes the mech-specific context (which -is allowed by RFC 2744 but not preferred). Check for union contexts -with no mechanism context in each GSS function which accepts a -gss_ctx_id_t. - -CVE-2017-11462: - -RFC 2744 permits a GSS-API implementation to delete an existing -security context on a second or subsequent call to -gss_init_sec_context() or gss_accept_sec_context() if the call results -in an error. This API behavior has been found to be dangerous, -leading to the possibility of memory errors in some callers. For -safety, GSS-API implementations should instead preserve existing -security contexts on error until the caller deletes them. - -All versions of MIT krb5 prior to this change may delete acceptor -contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through -1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on -error. - -ticket: 8598 (new) -target_version: 1.15-next -target_version: 1.14-next -tags: pullup - -Upstream-Status: Backport -CVE: CVE-2017-11462 - -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - src/lib/gssapi/mechglue/g_accept_sec_context.c | 22 +++++++++++++++------- - src/lib/gssapi/mechglue/g_complete_auth_token.c | 2 ++ - src/lib/gssapi/mechglue/g_context_time.c | 2 ++ - src/lib/gssapi/mechglue/g_delete_sec_context.c | 14 ++++++++------ - src/lib/gssapi/mechglue/g_exp_sec_context.c | 2 ++ - src/lib/gssapi/mechglue/g_init_sec_context.c | 19 +++++++++++-------- - src/lib/gssapi/mechglue/g_inq_context.c | 2 ++ - src/lib/gssapi/mechglue/g_prf.c | 2 ++ - src/lib/gssapi/mechglue/g_process_context.c | 2 ++ - src/lib/gssapi/mechglue/g_seal.c | 4 ++++ - src/lib/gssapi/mechglue/g_sign.c | 2 ++ - src/lib/gssapi/mechglue/g_unseal.c | 2 ++ - src/lib/gssapi/mechglue/g_unwrap_aead.c | 2 ++ - src/lib/gssapi/mechglue/g_unwrap_iov.c | 4 ++++ - src/lib/gssapi/mechglue/g_verify.c | 2 ++ - src/lib/gssapi/mechglue/g_wrap_aead.c | 2 ++ - src/lib/gssapi/mechglue/g_wrap_iov.c | 8 ++++++++ - 17 files changed, 72 insertions(+), 21 deletions(-) - -diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c -index ddaf874..f28e2b1 100644 ---- a/src/lib/gssapi/mechglue/g_accept_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c -@@ -216,6 +216,8 @@ gss_cred_id_t * d_cred; - } else { - union_ctx_id = (gss_union_ctx_id_t)*context_handle; - selected_mech = union_ctx_id->mech_type; -+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - } - - /* Now create a new context if we didn't get one. */ -@@ -234,9 +236,6 @@ gss_cred_id_t * d_cred; - free(union_ctx_id); - return (status); - } -- -- /* set the new context handle to caller's data */ -- *context_handle = (gss_ctx_id_t)union_ctx_id; - } - - /* -@@ -277,8 +276,10 @@ gss_cred_id_t * d_cred; - d_cred ? &tmp_d_cred : NULL); - - /* If there's more work to do, keep going... */ -- if (status == GSS_S_CONTINUE_NEEDED) -+ if (status == GSS_S_CONTINUE_NEEDED) { -+ *context_handle = (gss_ctx_id_t)union_ctx_id; - return GSS_S_CONTINUE_NEEDED; -+ } - - /* if the call failed, return with failure */ - if (status != GSS_S_COMPLETE) { -@@ -364,14 +365,22 @@ gss_cred_id_t * d_cred; - *mech_type = gssint_get_public_oid(actual_mech); - if (ret_flags != NULL) - *ret_flags = temp_ret_flags; -- return (status); -+ *context_handle = (gss_ctx_id_t)union_ctx_id; -+ return GSS_S_COMPLETE; - } else { - - status = GSS_S_BAD_MECH; - } - - error_out: -- if (union_ctx_id) { -+ /* -+ * RFC 2744 5.1 requires that we not create a context on a failed first -+ * call to accept, and recommends that on a failed subsequent call we -+ * make the caller responsible for calling gss_delete_sec_context. -+ * Even if the mech deleted its context, keep the union context around -+ * for the caller to delete. -+ */ -+ if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) { - if (union_ctx_id->mech_type) { - if (union_ctx_id->mech_type->elements) - free(union_ctx_id->mech_type->elements); -@@ -384,7 +393,6 @@ error_out: - GSS_C_NO_BUFFER); - } - free(union_ctx_id); -- *context_handle = GSS_C_NO_CONTEXT; - } - - if (src_name) -diff --git a/src/lib/gssapi/mechglue/g_complete_auth_token.c b/src/lib/gssapi/mechglue/g_complete_auth_token.c -index 9181551..4bcb47e 100644 ---- a/src/lib/gssapi/mechglue/g_complete_auth_token.c -+++ b/src/lib/gssapi/mechglue/g_complete_auth_token.c -@@ -52,6 +52,8 @@ gss_complete_auth_token (OM_uint32 *minor_status, - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return GSS_S_NO_CONTEXT; - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech != NULL) { -diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c -index 2ff8d09..c947e76 100644 ---- a/src/lib/gssapi/mechglue/g_context_time.c -+++ b/src/lib/gssapi/mechglue/g_context_time.c -@@ -58,6 +58,8 @@ OM_uint32 * time_rec; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c -index 4bf0dec..574ff02 100644 ---- a/src/lib/gssapi/mechglue/g_delete_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c -@@ -87,12 +87,14 @@ gss_buffer_t output_token; - if (GSSINT_CHK_LOOP(ctx)) - return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); - -- status = gssint_delete_internal_sec_context(minor_status, -- ctx->mech_type, -- &ctx->internal_ctx_id, -- output_token); -- if (status) -- return status; -+ if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) { -+ status = gssint_delete_internal_sec_context(minor_status, -+ ctx->mech_type, -+ &ctx->internal_ctx_id, -+ output_token); -+ if (status) -+ return status; -+ } - - /* now free up the space for the union context structure */ - free(ctx->mech_type->elements); -diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c -index b637452..1d7990b 100644 ---- a/src/lib/gssapi/mechglue/g_exp_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c -@@ -95,6 +95,8 @@ gss_buffer_t interprocess_token; - */ - - ctx = (gss_union_ctx_id_t) *context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - if (!mech) - return GSS_S_BAD_MECH; -diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c -index 9f154b8..e2df1ce 100644 ---- a/src/lib/gssapi/mechglue/g_init_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c -@@ -192,8 +192,13 @@ OM_uint32 * time_rec; - - /* copy the supplied context handle */ - union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT; -- } else -+ } else { - union_ctx_id = (gss_union_ctx_id_t)*context_handle; -+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) { -+ status = GSS_S_NO_CONTEXT; -+ goto end; -+ } -+ } - - /* - * get the appropriate cred handle from the union cred struct. -@@ -224,15 +229,13 @@ OM_uint32 * time_rec; - - if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { - /* -- * The spec says the preferred method is to delete all context info on -- * the first call to init, and on all subsequent calls make the caller -- * responsible for calling gss_delete_sec_context. However, if the -- * mechanism decided to delete the internal context, we should also -- * delete the union context. -+ * RFC 2744 5.19 requires that we not create a context on a failed -+ * first call to init, and recommends that on a failed subsequent call -+ * we make the caller responsible for calling gss_delete_sec_context. -+ * Even if the mech deleted its context, keep the union context around -+ * for the caller to delete. - */ - map_error(minor_status, mech); -- if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) -- *context_handle = GSS_C_NO_CONTEXT; - if (*context_handle == GSS_C_NO_CONTEXT) { - free(union_ctx_id->mech_type->elements); - free(union_ctx_id->mech_type); -diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c -index 6f1c71e..6c0d98d 100644 ---- a/src/lib/gssapi/mechglue/g_inq_context.c -+++ b/src/lib/gssapi/mechglue/g_inq_context.c -@@ -104,6 +104,8 @@ gss_inquire_context( - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (!mech || !mech->gss_inquire_context || !mech->gss_display_name || -diff --git a/src/lib/gssapi/mechglue/g_prf.c b/src/lib/gssapi/mechglue/g_prf.c -index fcca3e4..9e168ad 100644 ---- a/src/lib/gssapi/mechglue/g_prf.c -+++ b/src/lib/gssapi/mechglue/g_prf.c -@@ -59,6 +59,8 @@ gss_pseudo_random (OM_uint32 *minor_status, - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return GSS_S_NO_CONTEXT; - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech != NULL) { -diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c -index bc260ae..3968b5d 100644 ---- a/src/lib/gssapi/mechglue/g_process_context.c -+++ b/src/lib/gssapi/mechglue/g_process_context.c -@@ -61,6 +61,8 @@ gss_buffer_t token_buffer; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c -index f17241c..3db1ee0 100644 ---- a/src/lib/gssapi/mechglue/g_seal.c -+++ b/src/lib/gssapi/mechglue/g_seal.c -@@ -92,6 +92,8 @@ gss_wrap( OM_uint32 *minor_status, - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -@@ -226,6 +228,8 @@ gss_wrap_size_limit(OM_uint32 *minor_status, - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (!mech) -diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c -index 86d641a..03fbd8c 100644 ---- a/src/lib/gssapi/mechglue/g_sign.c -+++ b/src/lib/gssapi/mechglue/g_sign.c -@@ -94,6 +94,8 @@ gss_buffer_t msg_token; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c -index 3e8053c..c208635 100644 ---- a/src/lib/gssapi/mechglue/g_unseal.c -+++ b/src/lib/gssapi/mechglue/g_unseal.c -@@ -76,6 +76,8 @@ gss_qop_t * qop_state; - * call it. - */ - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c -index e78bff2..0682bd8 100644 ---- a/src/lib/gssapi/mechglue/g_unwrap_aead.c -+++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c -@@ -186,6 +186,8 @@ gss_qop_t *qop_state; - * call it. - */ - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (!mech) -diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c -index c0dd314..599be2c 100644 ---- a/src/lib/gssapi/mechglue/g_unwrap_iov.c -+++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c -@@ -89,6 +89,8 @@ int iov_count; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -@@ -128,6 +130,8 @@ gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, - - /* Select the approprate underlying mechanism routine and call it. */ - ctx = (gss_union_ctx_id_t)context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return GSS_S_NO_CONTEXT; - mech = gssint_get_mechanism(ctx->mech_type); - if (mech == NULL) - return GSS_S_BAD_MECH; -diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c -index 1578ae1..8996fce 100644 ---- a/src/lib/gssapi/mechglue/g_verify.c -+++ b/src/lib/gssapi/mechglue/g_verify.c -@@ -65,6 +65,8 @@ gss_qop_t * qop_state; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c -index 96cdf3c..7fe3b7b 100644 ---- a/src/lib/gssapi/mechglue/g_wrap_aead.c -+++ b/src/lib/gssapi/mechglue/g_wrap_aead.c -@@ -256,6 +256,8 @@ gss_buffer_t output_message_buffer; - * call it. - */ - ctx = (gss_union_ctx_id_t)context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - if (!mech) - return (GSS_S_BAD_MECH); -diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c -index 40cd98f..14447c4 100644 ---- a/src/lib/gssapi/mechglue/g_wrap_iov.c -+++ b/src/lib/gssapi/mechglue/g_wrap_iov.c -@@ -93,6 +93,8 @@ int iov_count; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -@@ -151,6 +153,8 @@ int iov_count; - */ - - ctx = (gss_union_ctx_id_t) context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return (GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { -@@ -190,6 +194,8 @@ gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, - - /* Select the approprate underlying mechanism routine and call it. */ - ctx = (gss_union_ctx_id_t)context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return GSS_S_NO_CONTEXT; - mech = gssint_get_mechanism(ctx->mech_type); - if (mech == NULL) - return GSS_S_BAD_MECH; -@@ -218,6 +224,8 @@ gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle, - - /* Select the approprate underlying mechanism routine and call it. */ - ctx = (gss_union_ctx_id_t)context_handle; -+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT) -+ return GSS_S_NO_CONTEXT; - mech = gssint_get_mechanism(ctx->mech_type); - if (mech == NULL) - return GSS_S_BAD_MECH; --- -2.10.2 - diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/etc/default/krb5-admin-server b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/etc/default/krb5-admin-server index 283592913..e097353c2 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/etc/default/krb5-admin-server +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/etc/default/krb5-admin-server @@ -1,6 +1,4 @@ # Automatically generated. If you change anything in this file other than the -# values of RUN_KADMIND or DAEMON_ARGS, first run dpkg-reconfigure +# values of DAEMON_ARGS, first run dpkg-reconfigure # krb5-admin-server and disable managing the kadmin configuration with # debconf. Otherwise, changes will be overwritten. - -RUN_KADMIND=true diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/fix-CVE-2017-11368.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/fix-CVE-2017-11368.patch deleted file mode 100644 index a2eb7bc02..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/fix-CVE-2017-11368.patch +++ /dev/null @@ -1,116 +0,0 @@ -Upstream-Status: Backport [https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970] - -Backport patch to fix CVE-2017-11368. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -From ffb35baac6981f9e8914f8f3bffd37f284b85970 Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Thu, 13 Jul 2017 12:14:20 -0400 -Subject: [PATCH] Prevent KDC unset status assertion failures - -Assign status values if S4U2Self padata fails to decode, if an -S4U2Proxy request uses invalid KDC options, or if an S4U2Proxy request -uses an evidence ticket which does not match the canonicalized request -server principal name. Reported by Samuel Cabrero. - -If a status value is not assigned during KDC processing, default to -"UNKNOWN_REASON" rather than failing an assertion. This change will -prevent future denial of service bugs due to similar mistakes, and -will allow us to omit assigning status values for unlikely errors such -as small memory allocation failures. - -CVE-2017-11368: - -In MIT krb5 1.7 and later, an authenticated attacker can cause an -assertion failure in krb5kdc by sending an invalid S4U2Self or -S4U2Proxy request. - - CVSSv3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C - -ticket: 8599 (new) -target_version: 1.15-next -target_version: 1.14-next -tags: pullup ---- - src/kdc/do_as_req.c | 4 ++-- - src/kdc/do_tgs_req.c | 3 ++- - src/kdc/kdc_util.c | 10 ++++++++-- - 3 files changed, 12 insertions(+), 5 deletions(-) - -diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c -index 2d3ad13..9b256c8 100644 ---- a/src/kdc/do_as_req.c -+++ b/src/kdc/do_as_req.c -@@ -366,8 +366,8 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) - did_log = 1; - - egress: -- if (errcode != 0) -- assert (state->status != 0); -+ if (errcode != 0 && state->status == NULL) -+ state->status = "UNKNOWN_REASON"; - - au_state->status = state->status; - au_state->reply = &state->reply; -diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c -index cdc79ad..d8d6719 100644 ---- a/src/kdc/do_tgs_req.c -+++ b/src/kdc/do_tgs_req.c -@@ -823,7 +823,8 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, - free(reply.enc_part.ciphertext.data); - - cleanup: -- assert(status != NULL); -+ if (status == NULL) -+ status = "UNKNOWN_REASON"; - if (reply_key) - krb5_free_keyblock(kdc_context, reply_key); - if (errcode) -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 778a629..b710aef 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1220,8 +1220,10 @@ kdc_process_for_user(kdc_realm_t *kdc_active_realm, - req_data.data = (char *)pa_data->contents; - - code = decode_krb5_pa_for_user(&req_data, &for_user); -- if (code) -+ if (code) { -+ *status = "DECODE_PA_FOR_USER"; - return code; -+ } - - code = verify_for_user_checksum(kdc_context, tgs_session, for_user); - if (code) { -@@ -1320,8 +1322,10 @@ kdc_process_s4u_x509_user(krb5_context context, - req_data.data = (char *)pa_data->contents; - - code = decode_krb5_pa_s4u_x509_user(&req_data, s4u_x509_user); -- if (code) -+ if (code) { -+ *status = "DECODE_PA_S4U_X509_USER"; - return code; -+ } - - code = verify_s4u_x509_user_checksum(context, - tgs_subkey ? tgs_subkey : -@@ -1624,6 +1628,7 @@ kdc_process_s4u2proxy_req(kdc_realm_t *kdc_active_realm, - * that is validated previously in validate_tgs_request(). - */ - if (request->kdc_options & (NON_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY)) { -+ *status = "INVALID_S4U2PROXY_OPTIONS"; - return KRB5KDC_ERR_BADOPTION; - } - -@@ -1631,6 +1636,7 @@ kdc_process_s4u2proxy_req(kdc_realm_t *kdc_active_realm, - if (!krb5_principal_compare(kdc_context, - server->princ, /* after canon */ - server_princ)) { -+ *status = "EVIDENCE_TICKET_MISMATCH"; - return KRB5KDC_ERR_SERVER_NOMATCH; - } - --- -2.10.1 - diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service index 1b4271643..21939a1f0 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service @@ -7,6 +7,7 @@ ConditionPathExists=/etc/krb5.conf Type=forking ExecStartPre=/bin/sh -c "test ! -f /var/log/kadmind.log || test ! -x /sbin/restorecon || /sbin/restorecon -F /var/log/kadmind.log" ExecStart=/usr/sbin/kadmind +EnvironmentFile=-/etc/default/krb5-admin-server SuccessExitStatus=1 2 SIGKILL TimeoutStopSec=30 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service index d5e5a9579..bf37c45ba 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service @@ -6,6 +6,7 @@ ConditionPathExists=/etc/krb5.conf [Service] Type=forking ExecStart=/usr/sbin/krb5kdc +EnvironmentFile=-/etc/default/krb5-kdc SuccessExitStatus=1 2 SIGKILL TimeoutStopSec=30 diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.16.bb index e75e86138..f95240f54 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.16.bb @@ -14,8 +14,8 @@ DESCRIPTION = "Kerberos is a system for authenticating users and services on a n HOMEPAGE = "http://web.mit.edu/Kerberos/" SECTION = "console/network" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=3e12b8a065cca25dfdcac734fb3ec0b9" -DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native" +LIC_FILES_CHKSUM = "file://${S}/../NOTICE;md5=59b8da652f07186b44782a8454574f30" +DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native openssl" inherit autotools-brokensep binconfig perlnative systemd update-rc.d @@ -30,19 +30,17 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://etc/default/krb5-admin-server \ file://krb5-kdc.service \ file://krb5-admin-server.service \ - file://fix-CVE-2017-11368.patch;striplevel=2 \ - file://CVE-2017-11462.patch;striplevel=2 \ " -SRC_URI[md5sum] = "8022f3a1cde8463e44fd35ef42731f85" -SRC_URI[sha256sum] = "437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45" +SRC_URI[md5sum] = "23c5e9f07642db4a67f7a5b6168b1319" +SRC_URI[sha256sum] = "faeb125f83b0fb4cdb2f99f088140631bb47d975982de0956d18c85842969e08" CVE_PRODUCT = "kerberos" S = "${WORKDIR}/${BP}/src" -PACKAGECONFIG ??= "openssl" +PACKAGECONFIG ??= "" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" -PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl" +PACKAGECONFIG[openssl] = "--with-crypto-impl=openssl,,openssl" PACKAGECONFIG[keyutils] = "--enable-keyutils,--disable-keyutils,keyutils" PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" @@ -53,6 +51,7 @@ CACHED_CONFIGUREVARS += "krb5_cv_attr_constructor_destructor=yes ac_cv_func_regc ac_cv_file__etc_TIMEZONE=no" CFLAGS_append = " -fPIC -DDESTRUCTOR_ATTR_WORKS=1 -I${STAGING_INCDIR}/et" +CFLAGS_append_riscv64 = " -D_REENTRANT -pthread" LDFLAGS_append = " -pthread" do_configure() { @@ -79,12 +78,17 @@ do_install_append() { mkdir -p ${D}/${sysconfdir}/default/volatiles echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \ > ${D}${sysconfdir}/default/volatiles/87_krb5 + + echo "RUN_KADMIND=true" >> ${D}/${sysconfdir}/default/krb5-admin-server fi if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/krb5kdc - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/krb5.conf + mkdir -p ${D}/${sysconfdir}/default + install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default + install -d ${D}${systemd_system_unitdir} install -m 0644 ${WORKDIR}/krb5-admin-server.service ${D}${systemd_system_unitdir} install -m 0644 ${WORKDIR}/krb5-kdc.service ${D}${systemd_system_unitdir} diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi/0001-Detect-clang.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi/0001-Detect-clang.patch index 4047ffbf2..7a3429b9d 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi/0001-Detect-clang.patch +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi/0001-Detect-clang.patch @@ -12,6 +12,7 @@ compiler are accepted. Signed-off-by: Khem Raj <raj.khem@gmail.com> Upstream-Status: Pending + --- m4/compiler-warnings.m4 | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) @@ -53,7 +54,7 @@ index de4a8b0..e4ba718 100644 -Wdeclaration-after-statement -Wstrict-prototypes \ @@ -17,22 +37,23 @@ if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then -Wmissing-include-dirs -Waggregate-return \ - -Wformat-security; do + -Wformat-security -Wtype-limits; do SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $option" + CFLAGS="$CFLAGS $option $WERROR" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.16.0.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.20.0.bb index 80c26c05c..9301cbd5e 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.16.0.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.20.0.bb @@ -14,5 +14,5 @@ inherit autotools pkgconfig bash-completion SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-Detect-clang.patch \ " -SRC_URI[md5sum] = "4970c110f160b33637a3515004c637b2" -SRC_URI[sha256sum] = "7ab6bb47fd23bf4d3fa17424e40ea5552d08b19e5ee4f125f21f316c8086ba2a" +SRC_URI[md5sum] = "797e365521df76b77b067e6317618b41" +SRC_URI[sha256sum] = "21428cd3749c56246565123f707fee51238651a22c60bdc85ebce97388626eb4" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.11.0.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.11.0.bb index 0a5846bb8..ca4685ab3 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.11.0.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libuv/libuv_1.11.0.bb @@ -4,10 +4,10 @@ BUGTRACKER = "https://github.com/libuv/libuv/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=bb5ea0d651f4c3519327171906045775" -SRC_URI = "https://github.com/libuv/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz" - -SRC_URI[md5sum] = "15550a9f5f45f7f32ae2d9bb0a21a2a7" -SRC_URI[sha256sum] = "6ec7eec6ecc24b1a8ffedebedb2fe9313fffb5410de89aaf784dd01080411c7a" +S = "${WORKDIR}/git" +SRCREV = "7452ef4e06a4f99ee26b694c65476401534f2725" +BRANCH = "v1.x" +SRC_URI = "git://github.com/libuv/libuv.git;protocol=https;branch=${BRANCH};" inherit autotools diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_2.1.0.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_2.1.0.bb index 935479987..100f3a354 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_2.1.0.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_2.1.0.bb @@ -5,10 +5,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e3393a657830d4a118c5a6ed35ba53d0" DEPENDS = "zlib" -SRC_URI = "https://github.com/warmcat/libwebsockets/archive/v${PV}.tar.gz" - -SRC_URI[md5sum] = "4df3be57dee43aeebd54a3ed56568f50" -SRC_URI[sha256sum] = "bcc96aaa609daae4d3f7ab1ee480126709ef4f6a8bf9c85de40aae48e38cce66" +S = "${WORKDIR}/git" +SRCREV = "73557509bd15f95a1ad081a6f4fab48ff7743215" +SRC_URI = "git://github.com/warmcat/libwebsockets.git;protocol=https;" inherit cmake pkgconfig diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0001-config.mk-allow-prefix-mandir-localedir-from-environ.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0001-config.mk-allow-prefix-mandir-localedir-from-environ.patch new file mode 100644 index 000000000..a5aa277a0 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0001-config.mk-allow-prefix-mandir-localedir-from-environ.patch @@ -0,0 +1,35 @@ +From 0be38301249d797ec1f59071cc868ceda6d4720a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> +Date: Tue, 12 Apr 2016 12:50:32 +0100 +Subject: [PATCH 1/2] config.mk: allow prefix / mandir / localedir from + environment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We want to control them using OE environment variables. + +Upstream-Status: Inappropriate [embedded-specific] +Signed-off-by: André Draszik <andre.draszik@jci.com> +--- + config.mk | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/config.mk b/config.mk +index 71f17e5..81d9702 100644 +--- a/config.mk ++++ b/config.mk +@@ -249,7 +249,7 @@ ifeq ($(WITH_DOCS),yes) + endif + + INSTALL?=install +-prefix=/usr/local +-mandir=${prefix}/share/man +-localedir=${prefix}/share/locale ++prefix?=/usr/local ++mandir?=${prefix}/share/man ++localedir?=${prefix}/share/locale + STRIP?=strip +-- +2.15.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0002-uthash-remove-in-tree-version.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0002-uthash-remove-in-tree-version.patch new file mode 100644 index 000000000..c89dfe6be --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/0002-uthash-remove-in-tree-version.patch @@ -0,0 +1,975 @@ +From d9aeef8d95a325942cc92f4d72415771d75d904c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> +Date: Tue, 12 Apr 2016 13:05:10 +0100 +Subject: [PATCH 2/2] uthash: remove in-tree version +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We don't need it as we want to use the version provided by +meta-oe instead. + +Upstream-Status: Inappropriate [embedded-specific] +Signed-off-by: André Draszik <andre.draszik@jci.com> +--- + src/uthash.h | 948 ----------------------------------------------------------- + 1 file changed, 948 deletions(-) + delete mode 100644 src/uthash.h + +diff --git a/src/uthash.h b/src/uthash.h +deleted file mode 100644 +index 915a825..0000000 +--- a/src/uthash.h ++++ /dev/null +@@ -1,948 +0,0 @@ +-/* +-Copyright (c) 2003-2013, Troy D. Hanson http://troydhanson.github.com/uthash/ +-All rights reserved. +- +-Redistribution and use in source and binary forms, with or without +-modification, are permitted provided that the following conditions are met: +- +- * Redistributions of source code must retain the above copyright +- notice, this list of conditions and the following disclaimer. +- +-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +-OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-*/ +- +-#ifndef UTHASH_H +-#define UTHASH_H +- +-#include <string.h> /* memcmp,strlen */ +-#include <stddef.h> /* ptrdiff_t */ +-#include <stdlib.h> /* exit() */ +- +-/* These macros use decltype or the earlier __typeof GNU extension. +- As decltype is only available in newer compilers (VS2010 or gcc 4.3+ +- when compiling c++ source) this code uses whatever method is needed +- or, for VS2008 where neither is available, uses casting workarounds. */ +-#ifdef _MSC_VER /* MS compiler */ +-#if _MSC_VER >= 1600 && defined(__cplusplus) /* VS2010 or newer in C++ mode */ +-#define DECLTYPE(x) (decltype(x)) +-#else /* VS2008 or older (or VS2010 in C mode) */ +-#define NO_DECLTYPE +-#define DECLTYPE(x) +-#endif +-#else /* GNU, Sun and other compilers */ +-#define DECLTYPE(x) (__typeof(x)) +-#endif +- +-#ifdef NO_DECLTYPE +-#define DECLTYPE_ASSIGN(dst,src) \ +-do { \ +- char **_da_dst = (char**)(&(dst)); \ +- *_da_dst = (char*)(src); \ +-} while(0) +-#else +-#define DECLTYPE_ASSIGN(dst,src) \ +-do { \ +- (dst) = DECLTYPE(dst)(src); \ +-} while(0) +-#endif +- +-/* a number of the hash function use uint32_t which isn't defined on win32 */ +-#ifdef _MSC_VER +-typedef unsigned int uint32_t; +-typedef unsigned char uint8_t; +-#else +-#include <inttypes.h> /* uint32_t */ +-#endif +- +-#define UTHASH_VERSION 1.9.8 +- +-#ifndef uthash_fatal +-#define uthash_fatal(msg) exit(-1) /* fatal error (out of memory,etc) */ +-#endif +-#ifndef uthash_malloc +-#define uthash_malloc(sz) malloc(sz) /* malloc fcn */ +-#endif +-#ifndef uthash_free +-#define uthash_free(ptr,sz) free(ptr) /* free fcn */ +-#endif +- +-#ifndef uthash_noexpand_fyi +-#define uthash_noexpand_fyi(tbl) /* can be defined to log noexpand */ +-#endif +-#ifndef uthash_expand_fyi +-#define uthash_expand_fyi(tbl) /* can be defined to log expands */ +-#endif +- +-/* initial number of buckets */ +-#define HASH_INITIAL_NUM_BUCKETS 32 /* initial number of buckets */ +-#define HASH_INITIAL_NUM_BUCKETS_LOG2 5 /* lg2 of initial number of buckets */ +-#define HASH_BKT_CAPACITY_THRESH 10 /* expand when bucket count reaches */ +- +-/* calculate the element whose hash handle address is hhe */ +-#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho))) +- +-#define HASH_FIND(hh,head,keyptr,keylen,out) \ +-do { \ +- unsigned _hf_bkt,_hf_hashv; \ +- out=NULL; \ +- if (head) { \ +- HASH_FCN(keyptr,keylen, (head)->hh.tbl->num_buckets, _hf_hashv, _hf_bkt); \ +- if (HASH_BLOOM_TEST((head)->hh.tbl, _hf_hashv)) { \ +- HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], \ +- keyptr,keylen,out); \ +- } \ +- } \ +-} while (0) +- +-#ifdef HASH_BLOOM +-#define HASH_BLOOM_BITLEN (1ULL << HASH_BLOOM) +-#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8) + ((HASH_BLOOM_BITLEN%8) ? 1:0) +-#define HASH_BLOOM_MAKE(tbl) \ +-do { \ +- (tbl)->bloom_nbits = HASH_BLOOM; \ +- (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN); \ +- if (!((tbl)->bloom_bv)) { uthash_fatal( "out of memory"); } \ +- memset((tbl)->bloom_bv, 0, HASH_BLOOM_BYTELEN); \ +- (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE; \ +-} while (0) +- +-#define HASH_BLOOM_FREE(tbl) \ +-do { \ +- uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN); \ +-} while (0) +- +-#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8] |= (1U << ((idx)%8))) +-#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8] & (1U << ((idx)%8))) +- +-#define HASH_BLOOM_ADD(tbl,hashv) \ +- HASH_BLOOM_BITSET((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1))) +- +-#define HASH_BLOOM_TEST(tbl,hashv) \ +- HASH_BLOOM_BITTEST((tbl)->bloom_bv, (hashv & (uint32_t)((1ULL << (tbl)->bloom_nbits) - 1))) +- +-#else +-#define HASH_BLOOM_MAKE(tbl) +-#define HASH_BLOOM_FREE(tbl) +-#define HASH_BLOOM_ADD(tbl,hashv) +-#define HASH_BLOOM_TEST(tbl,hashv) (1) +-#define HASH_BLOOM_BYTELEN 0 +-#endif +- +-#define HASH_MAKE_TABLE(hh,head) \ +-do { \ +- (head)->hh.tbl = (UT_hash_table*)uthash_malloc( \ +- sizeof(UT_hash_table)); \ +- if (!((head)->hh.tbl)) { uthash_fatal( "out of memory"); } \ +- memset((head)->hh.tbl, 0, sizeof(UT_hash_table)); \ +- (head)->hh.tbl->tail = &((head)->hh); \ +- (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS; \ +- (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2; \ +- (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head); \ +- (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc( \ +- HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ +- if (! (head)->hh.tbl->buckets) { uthash_fatal( "out of memory"); } \ +- memset((head)->hh.tbl->buckets, 0, \ +- HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ +- HASH_BLOOM_MAKE((head)->hh.tbl); \ +- (head)->hh.tbl->signature = HASH_SIGNATURE; \ +-} while(0) +- +-#define HASH_ADD(hh,head,fieldname,keylen_in,add) \ +- HASH_ADD_KEYPTR(hh,head,&((add)->fieldname),keylen_in,add) +- +-#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced) \ +-do { \ +- replaced=NULL; \ +- HASH_FIND(hh,head,&((add)->fieldname),keylen_in,replaced); \ +- if (replaced!=NULL) { \ +- HASH_DELETE(hh,head,replaced); \ +- }; \ +- HASH_ADD(hh,head,fieldname,keylen_in,add); \ +-} while(0) +- +-#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add) \ +-do { \ +- unsigned _ha_bkt; \ +- (add)->hh.next = NULL; \ +- (add)->hh.key = (char*)keyptr; \ +- (add)->hh.keylen = (unsigned)keylen_in; \ +- if (!(head)) { \ +- head = (add); \ +- (head)->hh.prev = NULL; \ +- HASH_MAKE_TABLE(hh,head); \ +- } else { \ +- (head)->hh.tbl->tail->next = (add); \ +- (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail); \ +- (head)->hh.tbl->tail = &((add)->hh); \ +- } \ +- (head)->hh.tbl->num_items++; \ +- (add)->hh.tbl = (head)->hh.tbl; \ +- HASH_FCN(keyptr,keylen_in, (head)->hh.tbl->num_buckets, \ +- (add)->hh.hashv, _ha_bkt); \ +- HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt],&(add)->hh); \ +- HASH_BLOOM_ADD((head)->hh.tbl,(add)->hh.hashv); \ +- HASH_EMIT_KEY(hh,head,keyptr,keylen_in); \ +- HASH_FSCK(hh,head); \ +-} while(0) +- +-#define HASH_TO_BKT( hashv, num_bkts, bkt ) \ +-do { \ +- bkt = ((hashv) & ((num_bkts) - 1)); \ +-} while(0) +- +-/* delete "delptr" from the hash table. +- * "the usual" patch-up process for the app-order doubly-linked-list. +- * The use of _hd_hh_del below deserves special explanation. +- * These used to be expressed using (delptr) but that led to a bug +- * if someone used the same symbol for the head and deletee, like +- * HASH_DELETE(hh,users,users); +- * We want that to work, but by changing the head (users) below +- * we were forfeiting our ability to further refer to the deletee (users) +- * in the patch-up process. Solution: use scratch space to +- * copy the deletee pointer, then the latter references are via that +- * scratch pointer rather than through the repointed (users) symbol. +- */ +-#define HASH_DELETE(hh,head,delptr) \ +-do { \ +- unsigned _hd_bkt; \ +- struct UT_hash_handle *_hd_hh_del; \ +- if ( ((delptr)->hh.prev == NULL) && ((delptr)->hh.next == NULL) ) { \ +- uthash_free((head)->hh.tbl->buckets, \ +- (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ +- HASH_BLOOM_FREE((head)->hh.tbl); \ +- uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ +- head = NULL; \ +- } else { \ +- _hd_hh_del = &((delptr)->hh); \ +- if ((delptr) == ELMT_FROM_HH((head)->hh.tbl,(head)->hh.tbl->tail)) { \ +- (head)->hh.tbl->tail = \ +- (UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ +- (head)->hh.tbl->hho); \ +- } \ +- if ((delptr)->hh.prev) { \ +- ((UT_hash_handle*)((ptrdiff_t)((delptr)->hh.prev) + \ +- (head)->hh.tbl->hho))->next = (delptr)->hh.next; \ +- } else { \ +- DECLTYPE_ASSIGN(head,(delptr)->hh.next); \ +- } \ +- if (_hd_hh_del->next) { \ +- ((UT_hash_handle*)((ptrdiff_t)_hd_hh_del->next + \ +- (head)->hh.tbl->hho))->prev = \ +- _hd_hh_del->prev; \ +- } \ +- HASH_TO_BKT( _hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt); \ +- HASH_DEL_IN_BKT(hh,(head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del); \ +- (head)->hh.tbl->num_items--; \ +- } \ +- HASH_FSCK(hh,head); \ +-} while (0) +- +- +-/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */ +-#define HASH_FIND_STR(head,findstr,out) \ +- HASH_FIND(hh,head,findstr,strlen(findstr),out) +-#define HASH_ADD_STR(head,strfield,add) \ +- HASH_ADD(hh,head,strfield,strlen(add->strfield),add) +-#define HASH_REPLACE_STR(head,strfield,add,replaced) \ +- HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced) +-#define HASH_FIND_INT(head,findint,out) \ +- HASH_FIND(hh,head,findint,sizeof(int),out) +-#define HASH_ADD_INT(head,intfield,add) \ +- HASH_ADD(hh,head,intfield,sizeof(int),add) +-#define HASH_REPLACE_INT(head,intfield,add,replaced) \ +- HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced) +-#define HASH_FIND_PTR(head,findptr,out) \ +- HASH_FIND(hh,head,findptr,sizeof(void *),out) +-#define HASH_ADD_PTR(head,ptrfield,add) \ +- HASH_ADD(hh,head,ptrfield,sizeof(void *),add) +-#define HASH_REPLACE_PTR(head,ptrfield,add) \ +- HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced) +-#define HASH_DEL(head,delptr) \ +- HASH_DELETE(hh,head,delptr) +- +-/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined. +- * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined. +- */ +-#ifdef HASH_DEBUG +-#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) +-#define HASH_FSCK(hh,head) \ +-do { \ +- unsigned _bkt_i; \ +- unsigned _count, _bkt_count; \ +- char *_prev; \ +- struct UT_hash_handle *_thh; \ +- if (head) { \ +- _count = 0; \ +- for( _bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; _bkt_i++) { \ +- _bkt_count = 0; \ +- _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head; \ +- _prev = NULL; \ +- while (_thh) { \ +- if (_prev != (char*)(_thh->hh_prev)) { \ +- HASH_OOPS("invalid hh_prev %p, actual %p\n", \ +- _thh->hh_prev, _prev ); \ +- } \ +- _bkt_count++; \ +- _prev = (char*)(_thh); \ +- _thh = _thh->hh_next; \ +- } \ +- _count += _bkt_count; \ +- if ((head)->hh.tbl->buckets[_bkt_i].count != _bkt_count) { \ +- HASH_OOPS("invalid bucket count %d, actual %d\n", \ +- (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count); \ +- } \ +- } \ +- if (_count != (head)->hh.tbl->num_items) { \ +- HASH_OOPS("invalid hh item count %d, actual %d\n", \ +- (head)->hh.tbl->num_items, _count ); \ +- } \ +- /* traverse hh in app order; check next/prev integrity, count */ \ +- _count = 0; \ +- _prev = NULL; \ +- _thh = &(head)->hh; \ +- while (_thh) { \ +- _count++; \ +- if (_prev !=(char*)(_thh->prev)) { \ +- HASH_OOPS("invalid prev %p, actual %p\n", \ +- _thh->prev, _prev ); \ +- } \ +- _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh); \ +- _thh = ( _thh->next ? (UT_hash_handle*)((char*)(_thh->next) + \ +- (head)->hh.tbl->hho) : NULL ); \ +- } \ +- if (_count != (head)->hh.tbl->num_items) { \ +- HASH_OOPS("invalid app item count %d, actual %d\n", \ +- (head)->hh.tbl->num_items, _count ); \ +- } \ +- } \ +-} while (0) +-#else +-#define HASH_FSCK(hh,head) +-#endif +- +-/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to +- * the descriptor to which this macro is defined for tuning the hash function. +- * The app can #include <unistd.h> to get the prototype for write(2). */ +-#ifdef HASH_EMIT_KEYS +-#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) \ +-do { \ +- unsigned _klen = fieldlen; \ +- write(HASH_EMIT_KEYS, &_klen, sizeof(_klen)); \ +- write(HASH_EMIT_KEYS, keyptr, fieldlen); \ +-} while (0) +-#else +-#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) +-#endif +- +-/* default to Jenkin's hash unless overridden e.g. DHASH_FUNCTION=HASH_SAX */ +-#ifdef HASH_FUNCTION +-#define HASH_FCN HASH_FUNCTION +-#else +-#define HASH_FCN HASH_JEN +-#endif +- +-/* The Bernstein hash function, used in Perl prior to v5.6 */ +-#define HASH_BER(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned _hb_keylen=keylen; \ +- char *_hb_key=(char*)(key); \ +- (hashv) = 0; \ +- while (_hb_keylen--) { (hashv) = ((hashv) * 33) + *_hb_key++; } \ +- bkt = (hashv) & (num_bkts-1); \ +-} while (0) +- +- +-/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at +- * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx */ +-#define HASH_SAX(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned _sx_i; \ +- char *_hs_key=(char*)(key); \ +- hashv = 0; \ +- for(_sx_i=0; _sx_i < keylen; _sx_i++) \ +- hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i]; \ +- bkt = hashv & (num_bkts-1); \ +-} while (0) +- +-#define HASH_FNV(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned _fn_i; \ +- char *_hf_key=(char*)(key); \ +- hashv = 2166136261UL; \ +- for(_fn_i=0; _fn_i < keylen; _fn_i++) \ +- hashv = (hashv * 16777619) ^ _hf_key[_fn_i]; \ +- bkt = hashv & (num_bkts-1); \ +-} while(0) +- +-#define HASH_OAT(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned _ho_i; \ +- char *_ho_key=(char*)(key); \ +- hashv = 0; \ +- for(_ho_i=0; _ho_i < keylen; _ho_i++) { \ +- hashv += _ho_key[_ho_i]; \ +- hashv += (hashv << 10); \ +- hashv ^= (hashv >> 6); \ +- } \ +- hashv += (hashv << 3); \ +- hashv ^= (hashv >> 11); \ +- hashv += (hashv << 15); \ +- bkt = hashv & (num_bkts-1); \ +-} while(0) +- +-#define HASH_JEN_MIX(a,b,c) \ +-do { \ +- a -= b; a -= c; a ^= ( c >> 13 ); \ +- b -= c; b -= a; b ^= ( a << 8 ); \ +- c -= a; c -= b; c ^= ( b >> 13 ); \ +- a -= b; a -= c; a ^= ( c >> 12 ); \ +- b -= c; b -= a; b ^= ( a << 16 ); \ +- c -= a; c -= b; c ^= ( b >> 5 ); \ +- a -= b; a -= c; a ^= ( c >> 3 ); \ +- b -= c; b -= a; b ^= ( a << 10 ); \ +- c -= a; c -= b; c ^= ( b >> 15 ); \ +-} while (0) +- +-#define HASH_JEN(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned _hj_i,_hj_j,_hj_k; \ +- unsigned char *_hj_key=(unsigned char*)(key); \ +- hashv = 0xfeedbeef; \ +- _hj_i = _hj_j = 0x9e3779b9; \ +- _hj_k = (unsigned)keylen; \ +- while (_hj_k >= 12) { \ +- _hj_i += (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 ) \ +- + ( (unsigned)_hj_key[2] << 16 ) \ +- + ( (unsigned)_hj_key[3] << 24 ) ); \ +- _hj_j += (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 ) \ +- + ( (unsigned)_hj_key[6] << 16 ) \ +- + ( (unsigned)_hj_key[7] << 24 ) ); \ +- hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 ) \ +- + ( (unsigned)_hj_key[10] << 16 ) \ +- + ( (unsigned)_hj_key[11] << 24 ) ); \ +- \ +- HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ +- \ +- _hj_key += 12; \ +- _hj_k -= 12; \ +- } \ +- hashv += keylen; \ +- switch ( _hj_k ) { \ +- case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); \ +- case 10: hashv += ( (unsigned)_hj_key[9] << 16 ); \ +- case 9: hashv += ( (unsigned)_hj_key[8] << 8 ); \ +- case 8: _hj_j += ( (unsigned)_hj_key[7] << 24 ); \ +- case 7: _hj_j += ( (unsigned)_hj_key[6] << 16 ); \ +- case 6: _hj_j += ( (unsigned)_hj_key[5] << 8 ); \ +- case 5: _hj_j += _hj_key[4]; \ +- case 4: _hj_i += ( (unsigned)_hj_key[3] << 24 ); \ +- case 3: _hj_i += ( (unsigned)_hj_key[2] << 16 ); \ +- case 2: _hj_i += ( (unsigned)_hj_key[1] << 8 ); \ +- case 1: _hj_i += _hj_key[0]; \ +- } \ +- HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ +- bkt = hashv & (num_bkts-1); \ +-} while(0) +- +-/* The Paul Hsieh hash function */ +-#undef get16bits +-#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \ +- || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__) +-#define get16bits(d) (*((const uint16_t *) (d))) +-#endif +- +-#if !defined (get16bits) +-#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \ +- +(uint32_t)(((const uint8_t *)(d))[0]) ) +-#endif +-#define HASH_SFH(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- unsigned char *_sfh_key=(unsigned char*)(key); \ +- uint32_t _sfh_tmp, _sfh_len = keylen; \ +- \ +- int _sfh_rem = _sfh_len & 3; \ +- _sfh_len >>= 2; \ +- hashv = 0xcafebabe; \ +- \ +- /* Main loop */ \ +- for (;_sfh_len > 0; _sfh_len--) { \ +- hashv += get16bits (_sfh_key); \ +- _sfh_tmp = (uint32_t)(get16bits (_sfh_key+2)) << 11 ^ hashv; \ +- hashv = (hashv << 16) ^ _sfh_tmp; \ +- _sfh_key += 2*sizeof (uint16_t); \ +- hashv += hashv >> 11; \ +- } \ +- \ +- /* Handle end cases */ \ +- switch (_sfh_rem) { \ +- case 3: hashv += get16bits (_sfh_key); \ +- hashv ^= hashv << 16; \ +- hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)] << 18); \ +- hashv += hashv >> 11; \ +- break; \ +- case 2: hashv += get16bits (_sfh_key); \ +- hashv ^= hashv << 11; \ +- hashv += hashv >> 17; \ +- break; \ +- case 1: hashv += *_sfh_key; \ +- hashv ^= hashv << 10; \ +- hashv += hashv >> 1; \ +- } \ +- \ +- /* Force "avalanching" of final 127 bits */ \ +- hashv ^= hashv << 3; \ +- hashv += hashv >> 5; \ +- hashv ^= hashv << 4; \ +- hashv += hashv >> 17; \ +- hashv ^= hashv << 25; \ +- hashv += hashv >> 6; \ +- bkt = hashv & (num_bkts-1); \ +-} while(0) +- +-#ifdef HASH_USING_NO_STRICT_ALIASING +-/* The MurmurHash exploits some CPU's (x86,x86_64) tolerance for unaligned reads. +- * For other types of CPU's (e.g. Sparc) an unaligned read causes a bus error. +- * MurmurHash uses the faster approach only on CPU's where we know it's safe. +- * +- * Note the preprocessor built-in defines can be emitted using: +- * +- * gcc -m64 -dM -E - < /dev/null (on gcc) +- * cc -## a.c (where a.c is a simple test file) (Sun Studio) +- */ +-#if (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86)) +-#define MUR_GETBLOCK(p,i) p[i] +-#else /* non intel */ +-#define MUR_PLUS0_ALIGNED(p) (((unsigned long)p & 0x3) == 0) +-#define MUR_PLUS1_ALIGNED(p) (((unsigned long)p & 0x3) == 1) +-#define MUR_PLUS2_ALIGNED(p) (((unsigned long)p & 0x3) == 2) +-#define MUR_PLUS3_ALIGNED(p) (((unsigned long)p & 0x3) == 3) +-#define WP(p) ((uint32_t*)((unsigned long)(p) & ~3UL)) +-#if (defined(__BIG_ENDIAN__) || defined(SPARC) || defined(__ppc__) || defined(__ppc64__)) +-#define MUR_THREE_ONE(p) ((((*WP(p))&0x00ffffff) << 8) | (((*(WP(p)+1))&0xff000000) >> 24)) +-#define MUR_TWO_TWO(p) ((((*WP(p))&0x0000ffff) <<16) | (((*(WP(p)+1))&0xffff0000) >> 16)) +-#define MUR_ONE_THREE(p) ((((*WP(p))&0x000000ff) <<24) | (((*(WP(p)+1))&0xffffff00) >> 8)) +-#else /* assume little endian non-intel */ +-#define MUR_THREE_ONE(p) ((((*WP(p))&0xffffff00) >> 8) | (((*(WP(p)+1))&0x000000ff) << 24)) +-#define MUR_TWO_TWO(p) ((((*WP(p))&0xffff0000) >>16) | (((*(WP(p)+1))&0x0000ffff) << 16)) +-#define MUR_ONE_THREE(p) ((((*WP(p))&0xff000000) >>24) | (((*(WP(p)+1))&0x00ffffff) << 8)) +-#endif +-#define MUR_GETBLOCK(p,i) (MUR_PLUS0_ALIGNED(p) ? ((p)[i]) : \ +- (MUR_PLUS1_ALIGNED(p) ? MUR_THREE_ONE(p) : \ +- (MUR_PLUS2_ALIGNED(p) ? MUR_TWO_TWO(p) : \ +- MUR_ONE_THREE(p)))) +-#endif +-#define MUR_ROTL32(x,r) (((x) << (r)) | ((x) >> (32 - (r)))) +-#define MUR_FMIX(_h) \ +-do { \ +- _h ^= _h >> 16; \ +- _h *= 0x85ebca6b; \ +- _h ^= _h >> 13; \ +- _h *= 0xc2b2ae35l; \ +- _h ^= _h >> 16; \ +-} while(0) +- +-#define HASH_MUR(key,keylen,num_bkts,hashv,bkt) \ +-do { \ +- const uint8_t *_mur_data = (const uint8_t*)(key); \ +- const int _mur_nblocks = (keylen) / 4; \ +- uint32_t _mur_h1 = 0xf88D5353; \ +- uint32_t _mur_c1 = 0xcc9e2d51; \ +- uint32_t _mur_c2 = 0x1b873593; \ +- uint32_t _mur_k1 = 0; \ +- const uint8_t *_mur_tail; \ +- const uint32_t *_mur_blocks = (const uint32_t*)(_mur_data+_mur_nblocks*4); \ +- int _mur_i; \ +- for(_mur_i = -_mur_nblocks; _mur_i; _mur_i++) { \ +- _mur_k1 = MUR_GETBLOCK(_mur_blocks,_mur_i); \ +- _mur_k1 *= _mur_c1; \ +- _mur_k1 = MUR_ROTL32(_mur_k1,15); \ +- _mur_k1 *= _mur_c2; \ +- \ +- _mur_h1 ^= _mur_k1; \ +- _mur_h1 = MUR_ROTL32(_mur_h1,13); \ +- _mur_h1 = _mur_h1*5+0xe6546b64; \ +- } \ +- _mur_tail = (const uint8_t*)(_mur_data + _mur_nblocks*4); \ +- _mur_k1=0; \ +- switch((keylen) & 3) { \ +- case 3: _mur_k1 ^= _mur_tail[2] << 16; \ +- case 2: _mur_k1 ^= _mur_tail[1] << 8; \ +- case 1: _mur_k1 ^= _mur_tail[0]; \ +- _mur_k1 *= _mur_c1; \ +- _mur_k1 = MUR_ROTL32(_mur_k1,15); \ +- _mur_k1 *= _mur_c2; \ +- _mur_h1 ^= _mur_k1; \ +- } \ +- _mur_h1 ^= (keylen); \ +- MUR_FMIX(_mur_h1); \ +- hashv = _mur_h1; \ +- bkt = hashv & (num_bkts-1); \ +-} while(0) +-#endif /* HASH_USING_NO_STRICT_ALIASING */ +- +-/* key comparison function; return 0 if keys equal */ +-#define HASH_KEYCMP(a,b,len) memcmp(a,b,len) +- +-/* iterate over items in a known bucket to find desired item */ +-#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,out) \ +-do { \ +- if (head.hh_head) DECLTYPE_ASSIGN(out,ELMT_FROM_HH(tbl,head.hh_head)); \ +- else out=NULL; \ +- while (out) { \ +- if ((out)->hh.keylen == keylen_in) { \ +- if ((HASH_KEYCMP((out)->hh.key,keyptr,keylen_in)) == 0) break; \ +- } \ +- if ((out)->hh.hh_next) DECLTYPE_ASSIGN(out,ELMT_FROM_HH(tbl,(out)->hh.hh_next)); \ +- else out = NULL; \ +- } \ +-} while(0) +- +-/* add an item to a bucket */ +-#define HASH_ADD_TO_BKT(head,addhh) \ +-do { \ +- head.count++; \ +- (addhh)->hh_next = head.hh_head; \ +- (addhh)->hh_prev = NULL; \ +- if (head.hh_head) { (head).hh_head->hh_prev = (addhh); } \ +- (head).hh_head=addhh; \ +- if (head.count >= ((head.expand_mult+1) * HASH_BKT_CAPACITY_THRESH) \ +- && (addhh)->tbl->noexpand != 1) { \ +- HASH_EXPAND_BUCKETS((addhh)->tbl); \ +- } \ +-} while(0) +- +-/* remove an item from a given bucket */ +-#define HASH_DEL_IN_BKT(hh,head,hh_del) \ +- (head).count--; \ +- if ((head).hh_head == hh_del) { \ +- (head).hh_head = hh_del->hh_next; \ +- } \ +- if (hh_del->hh_prev) { \ +- hh_del->hh_prev->hh_next = hh_del->hh_next; \ +- } \ +- if (hh_del->hh_next) { \ +- hh_del->hh_next->hh_prev = hh_del->hh_prev; \ +- } +- +-/* Bucket expansion has the effect of doubling the number of buckets +- * and redistributing the items into the new buckets. Ideally the +- * items will distribute more or less evenly into the new buckets +- * (the extent to which this is true is a measure of the quality of +- * the hash function as it applies to the key domain). +- * +- * With the items distributed into more buckets, the chain length +- * (item count) in each bucket is reduced. Thus by expanding buckets +- * the hash keeps a bound on the chain length. This bounded chain +- * length is the essence of how a hash provides constant time lookup. +- * +- * The calculation of tbl->ideal_chain_maxlen below deserves some +- * explanation. First, keep in mind that we're calculating the ideal +- * maximum chain length based on the *new* (doubled) bucket count. +- * In fractions this is just n/b (n=number of items,b=new num buckets). +- * Since the ideal chain length is an integer, we want to calculate +- * ceil(n/b). We don't depend on floating point arithmetic in this +- * hash, so to calculate ceil(n/b) with integers we could write +- * +- * ceil(n/b) = (n/b) + ((n%b)?1:0) +- * +- * and in fact a previous version of this hash did just that. +- * But now we have improved things a bit by recognizing that b is +- * always a power of two. We keep its base 2 log handy (call it lb), +- * so now we can write this with a bit shift and logical AND: +- * +- * ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0) +- * +- */ +-#define HASH_EXPAND_BUCKETS(tbl) \ +-do { \ +- unsigned _he_bkt; \ +- unsigned _he_bkt_i; \ +- struct UT_hash_handle *_he_thh, *_he_hh_nxt; \ +- UT_hash_bucket *_he_new_buckets, *_he_newbkt; \ +- _he_new_buckets = (UT_hash_bucket*)uthash_malloc( \ +- 2 * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ +- if (!_he_new_buckets) { uthash_fatal( "out of memory"); } \ +- memset(_he_new_buckets, 0, \ +- 2 * tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ +- tbl->ideal_chain_maxlen = \ +- (tbl->num_items >> (tbl->log2_num_buckets+1)) + \ +- ((tbl->num_items & ((tbl->num_buckets*2)-1)) ? 1 : 0); \ +- tbl->nonideal_items = 0; \ +- for(_he_bkt_i = 0; _he_bkt_i < tbl->num_buckets; _he_bkt_i++) \ +- { \ +- _he_thh = tbl->buckets[ _he_bkt_i ].hh_head; \ +- while (_he_thh) { \ +- _he_hh_nxt = _he_thh->hh_next; \ +- HASH_TO_BKT( _he_thh->hashv, tbl->num_buckets*2, _he_bkt); \ +- _he_newbkt = &(_he_new_buckets[ _he_bkt ]); \ +- if (++(_he_newbkt->count) > tbl->ideal_chain_maxlen) { \ +- tbl->nonideal_items++; \ +- _he_newbkt->expand_mult = _he_newbkt->count / \ +- tbl->ideal_chain_maxlen; \ +- } \ +- _he_thh->hh_prev = NULL; \ +- _he_thh->hh_next = _he_newbkt->hh_head; \ +- if (_he_newbkt->hh_head) _he_newbkt->hh_head->hh_prev = \ +- _he_thh; \ +- _he_newbkt->hh_head = _he_thh; \ +- _he_thh = _he_hh_nxt; \ +- } \ +- } \ +- uthash_free( tbl->buckets, tbl->num_buckets*sizeof(struct UT_hash_bucket) ); \ +- tbl->num_buckets *= 2; \ +- tbl->log2_num_buckets++; \ +- tbl->buckets = _he_new_buckets; \ +- tbl->ineff_expands = (tbl->nonideal_items > (tbl->num_items >> 1)) ? \ +- (tbl->ineff_expands+1) : 0; \ +- if (tbl->ineff_expands > 1) { \ +- tbl->noexpand=1; \ +- uthash_noexpand_fyi(tbl); \ +- } \ +- uthash_expand_fyi(tbl); \ +-} while(0) +- +- +-/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */ +-/* Note that HASH_SORT assumes the hash handle name to be hh. +- * HASH_SRT was added to allow the hash handle name to be passed in. */ +-#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn) +-#define HASH_SRT(hh,head,cmpfcn) \ +-do { \ +- unsigned _hs_i; \ +- unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize; \ +- struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail; \ +- if (head) { \ +- _hs_insize = 1; \ +- _hs_looping = 1; \ +- _hs_list = &((head)->hh); \ +- while (_hs_looping) { \ +- _hs_p = _hs_list; \ +- _hs_list = NULL; \ +- _hs_tail = NULL; \ +- _hs_nmerges = 0; \ +- while (_hs_p) { \ +- _hs_nmerges++; \ +- _hs_q = _hs_p; \ +- _hs_psize = 0; \ +- for ( _hs_i = 0; _hs_i < _hs_insize; _hs_i++ ) { \ +- _hs_psize++; \ +- _hs_q = (UT_hash_handle*)((_hs_q->next) ? \ +- ((void*)((char*)(_hs_q->next) + \ +- (head)->hh.tbl->hho)) : NULL); \ +- if (! (_hs_q) ) break; \ +- } \ +- _hs_qsize = _hs_insize; \ +- while ((_hs_psize > 0) || ((_hs_qsize > 0) && _hs_q )) { \ +- if (_hs_psize == 0) { \ +- _hs_e = _hs_q; \ +- _hs_q = (UT_hash_handle*)((_hs_q->next) ? \ +- ((void*)((char*)(_hs_q->next) + \ +- (head)->hh.tbl->hho)) : NULL); \ +- _hs_qsize--; \ +- } else if ( (_hs_qsize == 0) || !(_hs_q) ) { \ +- _hs_e = _hs_p; \ +- if (_hs_p){ \ +- _hs_p = (UT_hash_handle*)((_hs_p->next) ? \ +- ((void*)((char*)(_hs_p->next) + \ +- (head)->hh.tbl->hho)) : NULL); \ +- } \ +- _hs_psize--; \ +- } else if (( \ +- cmpfcn(DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_p)), \ +- DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl,_hs_q))) \ +- ) <= 0) { \ +- _hs_e = _hs_p; \ +- if (_hs_p){ \ +- _hs_p = (UT_hash_handle*)((_hs_p->next) ? \ +- ((void*)((char*)(_hs_p->next) + \ +- (head)->hh.tbl->hho)) : NULL); \ +- } \ +- _hs_psize--; \ +- } else { \ +- _hs_e = _hs_q; \ +- _hs_q = (UT_hash_handle*)((_hs_q->next) ? \ +- ((void*)((char*)(_hs_q->next) + \ +- (head)->hh.tbl->hho)) : NULL); \ +- _hs_qsize--; \ +- } \ +- if ( _hs_tail ) { \ +- _hs_tail->next = ((_hs_e) ? \ +- ELMT_FROM_HH((head)->hh.tbl,_hs_e) : NULL); \ +- } else { \ +- _hs_list = _hs_e; \ +- } \ +- if (_hs_e) { \ +- _hs_e->prev = ((_hs_tail) ? \ +- ELMT_FROM_HH((head)->hh.tbl,_hs_tail) : NULL); \ +- } \ +- _hs_tail = _hs_e; \ +- } \ +- _hs_p = _hs_q; \ +- } \ +- if (_hs_tail){ \ +- _hs_tail->next = NULL; \ +- } \ +- if ( _hs_nmerges <= 1 ) { \ +- _hs_looping=0; \ +- (head)->hh.tbl->tail = _hs_tail; \ +- DECLTYPE_ASSIGN(head,ELMT_FROM_HH((head)->hh.tbl, _hs_list)); \ +- } \ +- _hs_insize *= 2; \ +- } \ +- HASH_FSCK(hh,head); \ +- } \ +-} while (0) +- +-/* This function selects items from one hash into another hash. +- * The end result is that the selected items have dual presence +- * in both hashes. There is no copy of the items made; rather +- * they are added into the new hash through a secondary hash +- * hash handle that must be present in the structure. */ +-#define HASH_SELECT(hh_dst, dst, hh_src, src, cond) \ +-do { \ +- unsigned _src_bkt, _dst_bkt; \ +- void *_last_elt=NULL, *_elt; \ +- UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL; \ +- ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst)); \ +- if (src) { \ +- for(_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) { \ +- for(_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head; \ +- _src_hh; \ +- _src_hh = _src_hh->hh_next) { \ +- _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh); \ +- if (cond(_elt)) { \ +- _dst_hh = (UT_hash_handle*)(((char*)_elt) + _dst_hho); \ +- _dst_hh->key = _src_hh->key; \ +- _dst_hh->keylen = _src_hh->keylen; \ +- _dst_hh->hashv = _src_hh->hashv; \ +- _dst_hh->prev = _last_elt; \ +- _dst_hh->next = NULL; \ +- if (_last_elt_hh) { _last_elt_hh->next = _elt; } \ +- if (!dst) { \ +- DECLTYPE_ASSIGN(dst,_elt); \ +- HASH_MAKE_TABLE(hh_dst,dst); \ +- } else { \ +- _dst_hh->tbl = (dst)->hh_dst.tbl; \ +- } \ +- HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt); \ +- HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt],_dst_hh); \ +- (dst)->hh_dst.tbl->num_items++; \ +- _last_elt = _elt; \ +- _last_elt_hh = _dst_hh; \ +- } \ +- } \ +- } \ +- } \ +- HASH_FSCK(hh_dst,dst); \ +-} while (0) +- +-#define HASH_CLEAR(hh,head) \ +-do { \ +- if (head) { \ +- uthash_free((head)->hh.tbl->buckets, \ +- (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket)); \ +- HASH_BLOOM_FREE((head)->hh.tbl); \ +- uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ +- (head)=NULL; \ +- } \ +-} while(0) +- +-#define HASH_OVERHEAD(hh,head) \ +- (size_t)((((head)->hh.tbl->num_items * sizeof(UT_hash_handle)) + \ +- ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket)) + \ +- (sizeof(UT_hash_table)) + \ +- (HASH_BLOOM_BYTELEN))) +- +-#ifdef NO_DECLTYPE +-#define HASH_ITER(hh,head,el,tmp) \ +-for((el)=(head), (*(char**)(&(tmp)))=(char*)((head)?(head)->hh.next:NULL); \ +- el; (el)=(tmp),(*(char**)(&(tmp)))=(char*)((tmp)?(tmp)->hh.next:NULL)) +-#else +-#define HASH_ITER(hh,head,el,tmp) \ +-for((el)=(head),(tmp)=DECLTYPE(el)((head)?(head)->hh.next:NULL); \ +- el; (el)=(tmp),(tmp)=DECLTYPE(el)((tmp)?(tmp)->hh.next:NULL)) +-#endif +- +-/* obtain a count of items in the hash */ +-#define HASH_COUNT(head) HASH_CNT(hh,head) +-#define HASH_CNT(hh,head) ((head)?((head)->hh.tbl->num_items):0) +- +-typedef struct UT_hash_bucket { +- struct UT_hash_handle *hh_head; +- unsigned count; +- +- /* expand_mult is normally set to 0. In this situation, the max chain length +- * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If +- * the bucket's chain exceeds this length, bucket expansion is triggered). +- * However, setting expand_mult to a non-zero value delays bucket expansion +- * (that would be triggered by additions to this particular bucket) +- * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH. +- * (The multiplier is simply expand_mult+1). The whole idea of this +- * multiplier is to reduce bucket expansions, since they are expensive, in +- * situations where we know that a particular bucket tends to be overused. +- * It is better to let its chain length grow to a longer yet-still-bounded +- * value, than to do an O(n) bucket expansion too often. +- */ +- unsigned expand_mult; +- +-} UT_hash_bucket; +- +-/* random signature used only to find hash tables in external analysis */ +-#define HASH_SIGNATURE 0xa0111fe1 +-#define HASH_BLOOM_SIGNATURE 0xb12220f2 +- +-typedef struct UT_hash_table { +- UT_hash_bucket *buckets; +- unsigned num_buckets, log2_num_buckets; +- unsigned num_items; +- struct UT_hash_handle *tail; /* tail hh in app order, for fast append */ +- ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */ +- +- /* in an ideal situation (all buckets used equally), no bucket would have +- * more than ceil(#items/#buckets) items. that's the ideal chain length. */ +- unsigned ideal_chain_maxlen; +- +- /* nonideal_items is the number of items in the hash whose chain position +- * exceeds the ideal chain maxlen. these items pay the penalty for an uneven +- * hash distribution; reaching them in a chain traversal takes >ideal steps */ +- unsigned nonideal_items; +- +- /* ineffective expands occur when a bucket doubling was performed, but +- * afterward, more than half the items in the hash had nonideal chain +- * positions. If this happens on two consecutive expansions we inhibit any +- * further expansion, as it's not helping; this happens when the hash +- * function isn't a good fit for the key domain. When expansion is inhibited +- * the hash will still work, albeit no longer in constant time. */ +- unsigned ineff_expands, noexpand; +- +- uint32_t signature; /* used only to find hash tables in external analysis */ +-#ifdef HASH_BLOOM +- uint32_t bloom_sig; /* used only to test bloom exists in external analysis */ +- uint8_t *bloom_bv; +- char bloom_nbits; +-#endif +- +-} UT_hash_table; +- +-typedef struct UT_hash_handle { +- struct UT_hash_table *tbl; +- void *prev; /* prev element in app order */ +- void *next; /* next element in app order */ +- struct UT_hash_handle *hh_prev; /* previous hh in bucket order */ +- struct UT_hash_handle *hh_next; /* next hh in bucket order */ +- void *key; /* ptr to enclosing struct's key */ +- unsigned keylen; /* enclosing struct's key len */ +- unsigned hashv; /* result of hash-fcn(key) */ +-} UT_hash_handle; +- +-#endif /* UTHASH_H */ +-- +2.15.1 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/build.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/build.patch deleted file mode 100644 index 0d0912b7a..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/files/build.patch +++ /dev/null @@ -1,94 +0,0 @@ -From ebd7c8e548e9b8e096ee4c390173db9a701f2604 Mon Sep 17 00:00:00 2001 -From: Bruno Bottazzini <bruno.bottazzini@intel.com> -Date: Wed, 23 Mar 2016 11:18:26 -0300 -Subject: [PATCH] build - -Disable stripping and allow easily overriding prefix - -Upstream-Status: Pending - -Signed-off-by: Bruno Bottazzini <bruno.bottazzini@intel.com> ---- - client/Makefile | 4 ++-- - config.mk | 2 +- - lib/Makefile | 2 +- - lib/cpp/Makefile | 2 +- - src/Makefile | 4 ++-- - 5 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/client/Makefile b/client/Makefile -index bd65355..4e5a640 100644 ---- a/client/Makefile -+++ b/client/Makefile -@@ -24,8 +24,8 @@ client_shared.o : client_shared.c client - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/bin -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_pub ${DESTDIR}${prefix}/bin/mosquitto_pub -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_sub ${DESTDIR}${prefix}/bin/mosquitto_sub -+ $(INSTALL) mosquitto_pub ${DESTDIR}${prefix}/bin/mosquitto_pub -+ $(INSTALL) mosquitto_sub ${DESTDIR}${prefix}/bin/mosquitto_sub - - uninstall : - -rm -f ${DESTDIR}${prefix}/bin/mosquitto_pub -diff --git a/config.mk b/config.mk -index c0f175f..3427b83 100644 ---- a/config.mk -+++ b/config.mk -@@ -241,7 +241,7 @@ ifeq ($(WITH_DOCS),yes) - endif - - INSTALL?=install --prefix=/usr/local -+prefix?=/usr - mandir=${prefix}/share/man - localedir=${prefix}/share/locale - STRIP?=strip -diff --git a/lib/Makefile b/lib/Makefile -index 825fcea..9b7c05c 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -25,7 +25,7 @@ all : libmosquitto.so.${SOVERSION} libmo - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/ -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION} -+ $(INSTALL) libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so.${SOVERSION} - ln -sf libmosquitto.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquitto.so - $(INSTALL) -d ${DESTDIR}${prefix}/include/ - $(INSTALL) mosquitto.h ${DESTDIR}${prefix}/include/mosquitto.h -diff --git a/lib/cpp/Makefile b/lib/cpp/Makefile -index 8b627d3..cdb2923 100644 ---- a/lib/cpp/Makefile -+++ b/lib/cpp/Makefile -@@ -10,7 +10,7 @@ all : libmosquittopp.so.${SOVERSION} - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/lib${LIB_SUFFIX}/ -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION} -+ $(INSTALL) libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so.${SOVERSION} - ln -sf libmosquittopp.so.${SOVERSION} ${DESTDIR}${prefix}/lib${LIB_SUFFIX}/libmosquittopp.so - $(INSTALL) -d ${DESTDIR}${prefix}/include/ - $(INSTALL) mosquittopp.h ${DESTDIR}${prefix}/include/mosquittopp.h -diff --git a/src/Makefile b/src/Makefile -index 2cfb7d4..9a97644 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -103,12 +103,12 @@ mosquitto_passwd.o : mosquitto_passwd.c - - install : all - $(INSTALL) -d ${DESTDIR}$(prefix)/sbin -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto ${DESTDIR}${prefix}/sbin/mosquitto -+ $(INSTALL) mosquitto ${DESTDIR}${prefix}/sbin/mosquitto - $(INSTALL) -d ${DESTDIR}$(prefix)/include - $(INSTALL) mosquitto_plugin.h ${DESTDIR}${prefix}/include/mosquitto_plugin.h - ifeq ($(WITH_TLS),yes) - $(INSTALL) -d ${DESTDIR}$(prefix)/bin -- $(INSTALL) -s --strip-program=${CROSS_COMPILE}${STRIP} mosquitto_passwd ${DESTDIR}${prefix}/bin/mosquitto_passwd -+ $(INSTALL) mosquitto_passwd ${DESTDIR}${prefix}/bin/mosquitto_passwd - endif - - uninstall : --- -2.7.1 - diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb index 7554248e4..13ce3811d 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb @@ -8,9 +8,11 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=62ddc846179e908dc0c8efec4a42ef20 \ file://epl-v10;md5=8d383c379e91d20ba18a52c3e7d3a979 \ file://notice.html;md5=a00d6f9ab542be7babc2d8b80d5d2a4c \ " +DEPENDS = "uthash" SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \ - file://build.patch \ + file://0001-config.mk-allow-prefix-mandir-localedir-from-environ.patch \ + file://0002-uthash-remove-in-tree-version.patch \ file://mosquitto.service \ file://mosquitto.init \ " @@ -26,6 +28,7 @@ PACKAGECONFIG[dns-srv] = ",,c-ares" PACKAGECONFIG[ssl] = ",,openssl" PACKAGECONFIG[uuid] = ",,util-linux" EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'dns-srv', 'WITH_SRV=yes', 'WITH_SRV=no', d)} \ + STRIP=/bin/true \ WITH_DOCS=no \ ${@bb.utils.contains('PACKAGECONFIG', 'ssl', 'WITH_TLS=yes WITH_TLS_PSK=yes', 'WITH_TLS=no WITH_TLS_PSK=no', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'uuid', 'WITH_UUID=yes', 'WITH_UUID=no', d)}" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/obex-data-server_0.4.6.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/obex-data-server_0.4.6.bb index e10b89c36..715b02352 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/obex-data-server_0.4.6.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/obex-data-server_0.4.6.bb @@ -11,6 +11,8 @@ SRC_URI = "http://tadas.dailyda.com/software/obex-data-server-${PV}.tar.gz \ SRC_URI[md5sum] = "961ca5db6fe9c97024e133cc6203cc4d" SRC_URI[sha256sum] = "b399465ddbd6d0217abedd9411d9d74a820effa0a6a142adc448268d3920094f" -inherit autotools-brokensep pkgconfig +inherit distro_features_check autotools-brokensep pkgconfig + +REQUIRED_DISTRO_FEATURES = "x11" FILES_${PN} += "${datadir}/dbus-1/" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/openobex_1.7.2.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/openobex_1.7.2.bb index 2db48f341..1b56685c5 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/openobex_1.7.2.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obex/openobex_1.7.2.bb @@ -25,6 +25,8 @@ EXTRA_OECMAKE += "-DBUILD_DOCUMENTATION=OFF" #--enable-apps --enable-syslog +ASNEEDED = "" + do_install_append () { rmdir ${D}${bindir} } diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obexftp/obexftp_0.24.2.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obexftp/obexftp_0.24.2.bb index 489861cb7..b4a914d92 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obexftp/obexftp_0.24.2.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/obexftp/obexftp_0.24.2.bb @@ -16,6 +16,8 @@ SRC_URI[sha256sum] = "d40fb48e0a0eea997b3e582774b29f793919a625d54b87182e31a3f3d1 inherit cmake pkgconfig +OECMAKE_GENERATOR = "Unix Makefiles" + PACKAGECONFIG ?= "" # fuse support will need meta-filesystems layer PACKAGECONFIG[fuse] = "-DENABLE_FUSE=ON,-DENABLE_FUSE=OFF,fuse" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/fix-makefile-override.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/fix-makefile-override.patch deleted file mode 100644 index f0a1d33c9..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/fix-makefile-override.patch +++ /dev/null @@ -1,24 +0,0 @@ -Upstream-Status: Backport [debian] - ---- a/src/Makefile -+++ b/src/Makefile -@@ -37,16 +37,15 @@ - # Use the following only on GNU/Linux and only if you need ps listing like "smsd: MAINPROCESS" and "smsd: GSM1" - # CFLAGS += -D USE_LINUX_PS_TRICK - --all: smsd -- --smsd: smsd.c extras.o locking.o cfgfile.o logging.o alarm.o smsd_cfg.o charset.o stats.o blacklist.o whitelist.o modeminit.o pdu.o -- - ifneq (,$(findstring SOLARIS,$(CFLAGS))) - ifeq (,$(findstring DISABLE_INET_SOCKET,$(CFLAGS))) - override LFLAGS += -lsocket -lnsl - endif - endif - -+all: smsd -+ -+smsd: smsd.c extras.o locking.o cfgfile.o logging.o alarm.o smsd_cfg.o charset.o stats.o blacklist.o whitelist.o modeminit.o pdu.o - ifneq (,$(findstring NOSTATS,$(CFLAGS))) - $(CC) $(CFLAGS) -o $@ $^ $(LFLAGS) - else diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/scripts_no_bash.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/scripts_no_bash.patch new file mode 100644 index 000000000..49b4d1dda --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/scripts_no_bash.patch @@ -0,0 +1,51 @@ +From 85602c3e531d39e89dc8cee0c4a592f85006a064 Mon Sep 17 00:00:00 2001 +From: Bill Randle <bill.randle@gmail.com> +Date: Sun, 31 Dec 2017 09:08:23 -0800 + +--- + scripts/sendsms | 2 +- + scripts/sms2html | 2 +- + scripts/sms2unicode | 2 +- + scripts/unicode2sms | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/scripts/sendsms b/scripts/sendsms +index 512026d..bb56856 100755 +--- a/scripts/sendsms ++++ b/scripts/sendsms +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # This script send a text sms at the command line by creating + # a sms file in the outgoing queue. + +diff --git a/scripts/sms2html b/scripts/sms2html +index ff253e3..946185e 100755 +--- a/scripts/sms2html ++++ b/scripts/sms2html +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # This script converts a received sms file into a html file. + +diff --git a/scripts/sms2unicode b/scripts/sms2unicode +index 46e2756..2826dc1 100755 +--- a/scripts/sms2unicode ++++ b/scripts/sms2unicode +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # This script converts a received sms file into a pure unicode text file. + +diff --git a/scripts/unicode2sms b/scripts/unicode2sms +index 2ae86dc..3fccf0d 100755 +--- a/scripts/unicode2sms ++++ b/scripts/unicode2sms +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # This script converts a pure unicode text file into an sms file for sending. + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath.patch new file mode 100644 index 000000000..e1d79d332 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath.patch @@ -0,0 +1,24 @@ +From 9a4a872dca78ca9cb6bdc228be61f5a4c2d68b1f Mon Sep 17 00:00:00 2001 +From: Kai Ulrich <kaiu@gmx.de> +Date: Wed, 18 Mar 2015 11:20:53 +0100 + +--- + scripts/sms3 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/sms3 b/scripts/sms3 +index 6b990bf..09c063b 100755 +--- a/scripts/sms3 ++++ b/scripts/sms3 +@@ -24,9 +24,9 @@ INFOFILE="/var/run/smsd.working" + # Logfile can also be defined in here: + LOGFILE="/var/log/smsd.log" + +-DAEMON=/usr/local/bin/smsd ++DAEMON=/usr/bin/smsd + # A program which turns power off for couple of seconds: +-RESETMODEMS=/usr/local/bin/smsd_resetmodems ++RESETMODEMS=/usr/bin/smsd_resetmodems + NAME=smsd + PSOPT="-e" + ECHO=echo diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath_and_psops.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath_and_psops.patch deleted file mode 100644 index ffcaa0971..000000000 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3/sms_binpath_and_psops.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: smstools3/scripts/sms3 -=================================================================== ---- smstools3.orig/scripts/sms3 2010-05-04 11:21:44.000000000 +0200 -+++ smstools3/scripts/sms3 2015-02-22 20:05:51.615074469 +0100 -@@ -24,11 +24,11 @@ - # Logfile can also be defined in here: - LOGFILE="/var/log/smsd.log" - --DAEMON=/usr/local/bin/smsd -+DAEMON=/usr/bin/smsd - # A program which turns power off for couple of seconds: --RESETMODEMS=/usr/local/bin/smsd_resetmodems -+RESETMODEMS=/usr/bin/smsd_resetmodems - NAME=smsd --PSOPT="-e" -+PSOPT="" - ECHO=echo - case `uname` in - *BSD|Darwin) diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3_3.1.15.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3_3.1.21.bb index 310a13c22..6e6413b4b 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3_3.1.15.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/smstools3/smstools3_3.1.21.bb @@ -6,18 +6,17 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=4d21efa1bb2a186360dde4035f860682" HOMEPAGE = "http://smstools3.kekekasvi.com" SRC_URI = "http://smstools3.kekekasvi.com/packages/${BP}.tar.gz \ - file://sms_binpath_and_psops.patch \ - file://fix-makefile-override.patch" + file://sms_binpath.patch \ + file://scripts_no_bash.patch" -SRC_URI[md5sum] = "0241ef60e646fac1a06254a848e61ed7" -SRC_URI[sha256sum] = "ed00ffaeaa312a5b4f969f4e97a64603a866bbe16e393ea02f5bf05234814d59" +SRC_URI[md5sum] = "6a9f038fb38a49cc3a4f8f14a88fb8af" +SRC_URI[sha256sum] = "a26ba4c02b16f6cf13177bffca6c9230dc5fefaeba8e3030cd4e4905f6a92084" S = "${WORKDIR}/${BPN}" EXTRA_OEMAKE += "LFLAGS='${LDFLAGS}'" -RDEPENDS_${PN} = "bash" INITSCRIPT_NAME = "sms3" INITSCRIPT_PARAMS = "defaults" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0001-replace-SIGCLD-with-SIGCHLD-and-include-sys-types.h.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0001-replace-SIGCLD-with-SIGCHLD-and-include-sys-types.h.patch new file mode 100644 index 000000000..8192056d1 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0001-replace-SIGCLD-with-SIGCHLD-and-include-sys-types.h.patch @@ -0,0 +1,49 @@ +From f567740cf64978ac9db014c786b6d0267b244f33 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 4 Mar 2018 22:30:30 -0800 +Subject: [PATCH 1/2] replace SIGCLD with SIGCHLD and include sys/types.h + +Fixes +main.c:129:10: error: 'SIGCLD' undeclared (first use in this function); did you mean 'SIGCHLD'? + signal(SIGCLD, sig_child); + ^~~~~~ + SIGCHLD + +main.c:125:2: warning: implicit declaration of function 'umask' [-Wimplicit-function-declaration] + umask(0); + ^~~~~ + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + src/main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/main.c b/src/main.c +index 3cf4072..cd34196 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -31,6 +31,7 @@ + #include <sys/ioctl.h> + #include <sys/wait.h> + #include <sys/param.h> ++#include <sys/types.h> + #include <pthread.h> + #include <fcntl.h> + #include <unistd.h> +@@ -126,9 +127,9 @@ static void daemon_start(int ignsigcld) + + if (ignsigcld) { + #ifdef SIGTSTP +- signal(SIGCLD, sig_child); ++ signal(SIGCHLD, sig_child); + #else +- signal(SIGCLD, SIG_IGN); ++ signal(SIGCHLD, SIG_IGN); + #endif + } + } +-- +2.16.2 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0002-replace-PTHREAD_MUTEX_FAST_NP-with-PTHREAD_MUTEX_NOR.patch b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0002-replace-PTHREAD_MUTEX_FAST_NP-with-PTHREAD_MUTEX_NOR.patch new file mode 100644 index 000000000..90d12da14 --- /dev/null +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/files/0002-replace-PTHREAD_MUTEX_FAST_NP-with-PTHREAD_MUTEX_NOR.patch @@ -0,0 +1,143 @@ +From 19b6cf8099e1974b5fc39086fc54103b0cbc2658 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 4 Mar 2018 23:01:25 -0800 +Subject: [PATCH 2/2] replace PTHREAD_MUTEX_FAST_NP with PTHREAD_MUTEX_NORMAL + +PTHREAD_MUTEX_FAST_NP is not available on non-posix systems +e.g. musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + src/ha.c | 2 +- + src/icmp6.c | 2 +- + src/mh.c | 2 +- + src/mn.c | 2 +- + src/movement.c | 2 +- + src/mpdisc_ha.c | 2 +- + src/mpdisc_mn.c | 2 +- + src/tqueue.c | 2 +- + src/tunnelctl.c | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/ha.c b/src/ha.c +index fbdcff0..b2f811e 100644 +--- a/src/ha.c ++++ b/src/ha.c +@@ -1246,7 +1246,7 @@ int ha_init(void) + { + pthread_mutexattr_t mattrs; + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&bu_worker_mutex, &mattrs) || + pthread_cond_init(&cond, NULL)) + return -1; +diff --git a/src/icmp6.c b/src/icmp6.c +index 3695135..6460634 100644 +--- a/src/icmp6.c ++++ b/src/icmp6.c +@@ -243,7 +243,7 @@ int icmp6_init(void) + return -1; + /* create ICMP listener thread */ + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&icmp6_sock.send_mutex, &mattrs) || + pthread_rwlock_init(&handler_lock, NULL) || + pthread_create(&icmp6_listener, NULL, icmp6_listen, NULL)) +diff --git a/src/mh.c b/src/mh.c +index 60e345e..7928f4c 100644 +--- a/src/mh.c ++++ b/src/mh.c +@@ -204,7 +204,7 @@ int mh_init(void) + return -1; + + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&mh_sock.send_mutex, &mattrs) || + pthread_rwlock_init(&handler_lock, NULL) || + pthread_create(&mh_listener, NULL, mh_listen, NULL)) +diff --git a/src/mn.c b/src/mn.c +index 092cfcb..8f7f448 100644 +--- a/src/mn.c ++++ b/src/mn.c +@@ -1478,7 +1478,7 @@ static struct home_addr_info *hai_copy(struct home_addr_info *conf_hai) + if (hai != NULL) { + pthread_mutexattr_t mattrs; + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + + memcpy(hai, conf_hai, sizeof(struct home_addr_info)); + +diff --git a/src/movement.c b/src/movement.c +index d985937..6400448 100644 +--- a/src/movement.c ++++ b/src/movement.c +@@ -2013,7 +2013,7 @@ int md_init(void) + int val; + + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&iface_lock, &mattrs)) + return -1; + +diff --git a/src/mpdisc_ha.c b/src/mpdisc_ha.c +index 40ba05f..fd7a90d 100644 +--- a/src/mpdisc_ha.c ++++ b/src/mpdisc_ha.c +@@ -559,7 +559,7 @@ int mpd_ha_init(void) + { + pthread_mutexattr_t mattrs; + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&mpa_lock, &mattrs) || + pthread_rwlock_init(&prefix_lock, NULL) || + hash_init(&mpa_hash, DOUBLE_ADDR, MPA_BUCKETS) < 0) +diff --git a/src/mpdisc_mn.c b/src/mpdisc_mn.c +index 4873bd6..ada02bd 100644 +--- a/src/mpdisc_mn.c ++++ b/src/mpdisc_mn.c +@@ -267,7 +267,7 @@ int mpd_mn_init(void) + { + pthread_mutexattr_t mattrs; + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&mps_lock, &mattrs)) + return -1; + if (hash_init(&mps_hash, DOUBLE_ADDR, MPS_BUCKETS) < 0) +diff --git a/src/tqueue.c b/src/tqueue.c +index 2f7aa0b..9c185b8 100644 +--- a/src/tqueue.c ++++ b/src/tqueue.c +@@ -65,7 +65,7 @@ int taskqueue_init(void) + { + pthread_mutexattr_t mattrs; + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&mutex, &mattrs) || + pthread_cond_init(&cond, NULL) || + pthread_create(&tq_runner, NULL, runner, NULL)) +diff --git a/src/tunnelctl.c b/src/tunnelctl.c +index 23fc20b..813b8ec 100644 +--- a/src/tunnelctl.c ++++ b/src/tunnelctl.c +@@ -433,7 +433,7 @@ int tunnelctl_init(void) + return -1; + + pthread_mutexattr_init(&mattrs); +- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP); ++ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL); + if (pthread_mutex_init(&tnl_lock, &mattrs)) + return -1; + +-- +2.16.2 + diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/umip_1.0.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/umip_1.0.bb index 2129e379c..0c120bfd8 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/umip_1.0.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/umip/umip_1.0.bb @@ -14,6 +14,8 @@ SRC_URI = "git://github.com/jlanza/umip \ file://mip6d \ file://mip6d.service \ file://0001-Add-format-string-to-fprintf-call.patch \ + file://0001-replace-SIGCLD-with-SIGCHLD-and-include-sys-types.h.patch \ + file://0002-replace-PTHREAD_MUTEX_FAST_NP-with-PTHREAD_MUTEX_NOR.patch \ " SRCREV = "7d67209cd1bba2dd0e183a0fa07eeef07964dd14" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb index a64745c94..4920bce8c 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb @@ -4,8 +4,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=db174eaf7b55a34a7c89551197f66e94" DEPENDS = "zeromq" -SRCREV = "68a7b09cfce01c4c279fba2cf91686fcfc566848" -PV = "4.1.5+git${SRCPV}" +SRCREV = "6aa3ab686e916cb0e62df7fa7d12e0b13ae9fae6" +PV = "4.2.3+git${SRCPV}" SRC_URI = "git://github.com/zeromq/cppzmq.git" diff --git a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/zeromq_4.1.6.bb b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/zeromq_4.2.5.bb index e126f3239..356348b43 100644 --- a/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/zeromq_4.1.6.bb +++ b/import-layers/meta-openembedded/meta-oe/recipes-connectivity/zeromq/zeromq_4.2.5.bb @@ -6,11 +6,11 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=d5311495d952062e0e4fbba39cbf3de1" PACKAGECONFIG ??= "libsodium" PACKAGECONFIG[libsodium] = "--with-libsodium, --without-libsodium, libsodium" -SRC_URI = "http://github.com/zeromq/zeromq4-1/releases/download/v${PV}/zeromq-${PV}.tar.gz \ +SRC_URI = "http://github.com/zeromq/libzmq/releases/download/v${PV}/zeromq-${PV}.tar.gz \ file://run-ptest \ " -SRC_URI[md5sum] = "c89db4dbc0b90c34c9f4983cbff6d321" -SRC_URI[sha256sum] = "02ebf60a43011e770799336365bcbce2eb85569e9b5f52aa0d8cc04672438a0a" +SRC_URI[md5sum] = "a1c95b34384257e986842f4d006957b8" +SRC_URI[sha256sum] = "cc9090ba35713d59bb2f7d7965f877036c49c5558ea0c290b0dcc6f2a17e489f" S = "${WORKDIR}/zeromq-${PV}" @@ -28,5 +28,5 @@ do_compile_ptest () { do_install_ptest () { install -d ${D}${PTEST_PATH}/tests - install -m 0755 ${B}/.libs/test_* ${D}${PTEST_PATH}/tests + install -m 0755 ${B}/tests/.libs/test_* ${D}${PTEST_PATH}/tests } |
