diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity')
212 files changed, 23484 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb new file mode 100644 index 000000000..3966b4c6e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb @@ -0,0 +1,70 @@ +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" + +require avahi.inc + +inherit python-dir pythonnative distro_features_check +ANY_OF_DISTRO_FEATURES = "${GTK2DISTROFEATURES}" + +PACKAGECONFIG ??= "dbus python" +PACKAGECONFIG[python] = "--enable-python,--disable-python,python-native python" + +SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013" +SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454" + +DEPENDS += "avahi gtk+ libglade" + +AVAHI_GTK = "--enable-gtk --disable-gtk3 --disable-pygtk" + +S = "${WORKDIR}/avahi-${PV}" + +PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc python-avahi avahi-discover" + +FILES_${PN} = "${libdir}/libavahi-ui*.so.*" +FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}" +FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a" + +FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" + +FILES_python-avahi = "${PYTHON_SITEPACKAGES_DIR}/avahi ${PYTHON_SITEPACKAGES_DIR}/avahi_discover" +FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ + ${datadir}/avahi/interfaces/avahi-discover* \ + ${bindir}/avahi-discover-standalone \ + ${datadir}/avahi/interfaces/avahi-discover.glade" + +RDEPENDS_python-avahi = "python-core python-dbus" + + +do_install_append () { + rm ${D}${sysconfdir} -rf + rm ${D}${base_libdir} -rf + rm ${D}${systemd_unitdir} -rf + # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib, + # but not ${base_libdir} here. And the /lib may not exist + # whithout systemd. + [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty + rm ${D}${bindir}/avahi-b* + rm ${D}${bindir}/avahi-p* + rm ${D}${bindir}/avahi-r* + rm ${D}${bindir}/avahi-s* + rm ${D}${includedir}/avahi-c* -rf + rm ${D}${includedir}/avahi-g* -rf + rm ${D}${libdir}/libavahi-c* + rm ${D}${libdir}/libavahi-g* + rm ${D}${libdir}/pkgconfig/avahi-c* + rm ${D}${libdir}/pkgconfig/avahi-g* + rm ${D}${sbindir} -rf + rm ${D}${datadir}/avahi/a* + rm ${D}${datadir}/avahi/s* + rm ${D}${datadir}/locale/ -rf + rm ${D}${datadir}/dbus* -rf + rm ${D}${mandir}/man1/a* + rm ${D}${mandir}/man5 -rf + rm ${D}${mandir}/man8 -rf + rm ${D}${libdir}/girepository-1.0/ -rf + rm ${D}${datadir}/gir-1.0/ -rf +} + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc new file mode 100644 index 000000000..81aad7935 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc @@ -0,0 +1,161 @@ +SUMMARY = "Avahi IPv4LL network address configuration daemon" +DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ +allows programs to publish and discover services and hosts running on a local network \ +with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ +IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ +configuration from the link-local 169.254.0.0/16 range without the need for a central \ +server.' +AUTHOR = "Lennart Poettering <lennart@poettering.net>" +HOMEPAGE = "http://avahi.org" +BUGTRACKER = "https://github.com/lathiat/avahi/issues" +SECTION = "network" + +# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and +# python scripts are under GPLv2+ +LICENSE = "GPLv2+ & LGPLv2.1+" + +DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" + +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ + file://00avahi-autoipd \ + file://99avahi-autoipd \ + file://initscript.patch \ + " +UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" + +PACKAGECONFIG ??= "dbus" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" + +USERADD_PACKAGES = "avahi-daemon avahi-autoipd" +USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \ + --no-create-home --shell /bin/false \ + --user-group avahi" + +USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \ + --no-create-home --shell /bin/false \ + --user-group \ + -c \"Avahi autoip daemon\" \ + avahi-autoipd" + +inherit autotools pkgconfig update-rc.d gettext useradd gobject-introspection + +EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ + --disable-stack-protector \ + --disable-gdbm \ + --disable-mono \ + --disable-monodoc \ + --disable-qt3 \ + --disable-qt4 \ + --disable-python \ + --disable-doxygen-doc \ + --disable-manpages \ + ${EXTRA_OECONF_SYSVINIT} \ + ${EXTRA_OECONF_SYSTEMD} \ + ${AVAHI_GTK} \ + " + +# The distro choice determines what init scripts are installed +EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" + +AVAHI_GTK ?= "--disable-gtk --disable-gtk3" + +LDFLAGS_append_libc-uclibc = " -lintl" +LDFLAGS_append_uclinux-uclibc = " -lintl" + +do_configure_prepend() { + sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac + + # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes + rm "${S}/common/introspection.m4" || true +} + +do_compile_prepend() { + export GIR_EXTRA_LIBS_PATH="${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" +} + +PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils" + +# As avahi doesn't put any files into PN, clear the files list to avoid problems +# if extra libraries appear. +FILES_${PN} = "" +FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ + ${sysconfdir}/avahi/avahi-autoipd.action \ + ${sysconfdir}/dhcp/*/avahi-autoipd \ + ${sysconfdir}/udhcpc.d/00avahi-autoipd \ + ${sysconfdir}/udhcpc.d/99avahi-autoipd" +FILES_libavahi-common = "${libdir}/libavahi-common.so.*" +FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES_avahi-daemon = "${sbindir}/avahi-daemon \ + ${sysconfdir}/avahi/avahi-daemon.conf \ + ${sysconfdir}/avahi/hosts \ + ${sysconfdir}/avahi/services \ + ${sysconfdir}/dbus-1 \ + ${sysconfdir}/init.d/avahi-daemon \ + ${datadir}/avahi/introspection/*.introspect \ + ${datadir}/avahi/avahi-service.dtd \ + ${datadir}/avahi/service-types \ + ${datadir}/dbus-1/system-services" +FILES_libavahi-client = "${libdir}/libavahi-client.so.*" +FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*" +FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ + ${sysconfdir}/avahi/avahi-dnsconfd.action \ + ${sysconfdir}/init.d/avahi-dnsconfd" +FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES_avahi-utils = "${bindir}/avahi-*" + +RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" + +# uclibc has no nss +RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" +RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" + +RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev" +RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev" + +RRECOMMENDS_avahi-dev[nodeprrecs] = "1" + +CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" + +INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" +INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" + +do_install() { + autotools_do_install + + # don't install /var/run when populating rootfs. Do it through volatile + # /var/run of current version is empty, so just remove it. + # if /var/run become non-empty in the future, need to install it via volatile + rm -rf ${D}${localstatedir}/run + rmdir --ignore-fail-on-non-empty ${D}${localstatedir} + rm -rf ${D}${datadir}/dbus-1/interfaces + test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 + rm -rf ${D}${libdir}/avahi + + install -d ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d +} + +# At the time the postinst runs, dbus might not be setup so only restart if running +# Don't exit early, because update-rc.d needs to run subsequently. + +pkg_postinst_avahi-daemon () { +if [ -z "$D" ]; then + killall -q -HUP dbus-daemon || true +fi +} + +pkg_postrm_avahi-daemon () { + deluser avahi || true + delgroup avahi || true +} + +pkg_postrm_avahi-autoipd () { + deluser avahi-autoipd || true + delgroup avahi-autoipd || true +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb new file mode 100644 index 000000000..6670106b1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb @@ -0,0 +1,20 @@ +require avahi.inc + +inherit systemd + +SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" +SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" + +SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013" +SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454" + +DEPENDS += "intltool-native" + +PACKAGES =+ "libavahi-gobject" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd new file mode 100644 index 000000000..a0ab81460 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd @@ -0,0 +1,10 @@ +#!/bin/sh + +[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 + +case "$1" in + + deconfig|renew|bound) + /usr/sbin/avahi-autoipd -k $interface 2> /dev/null + ;; +esac diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd new file mode 100644 index 000000000..234cdaa3e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd @@ -0,0 +1,10 @@ +#!/bin/sh + +[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 + +case "$1" in + + leasefail) + /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null + ;; +esac diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/initscript.patch b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/initscript.patch new file mode 100644 index 000000000..193889eb5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/initscript.patch @@ -0,0 +1,41 @@ +Upstream-Status: Pending + +diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in +index 30a2c2f..b5848a8 100755 +--- a/initscript/debian/avahi-daemon.in ++++ b/initscript/debian/avahi-daemon.in +@@ -1,2 +1,14 @@ + #!/bin/sh +- ++### BEGIN INIT INFO ++# Provides: avahi ++# Required-Start: $remote_fs dbus ++# Required-Stop: $remote_fs dbus ++# Should-Start: $syslog ++# Should-Stop: $syslog ++# Default-Start: 2 3 4 5 ++# Default-Stop: 0 1 6 ++# Short-Description: Avahi mDNS/DNS-SD Daemon ++# Description: Zeroconf daemon for configuring your network ++# automatically ++### END INIT INFO ++# +diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in +index ac34804..f95c340 100755 +--- a/initscript/debian/avahi-dnsconfd.in ++++ b/initscript/debian/avahi-dnsconfd.in +@@ -1,1 +1,14 @@ + #!/bin/sh ++### BEGIN INIT INFO ++# Provides: avahi-dnsconfd ++# Required-Start: $remote_fs avahi ++# Required-Stop: $remote_fs avahi ++# Should-Start: $syslog ++# Should-Stop: $syslog ++# Default-Start: 2 3 4 5 ++# Default-Stop: 0 1 6 ++# Short-Description: Avahi mDNS/DNS-SD DNS configuration ++# Description: Zeroconf daemon for configuring your network ++# automatically ++### END INIT INFO ++# diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch new file mode 100644 index 000000000..805cbb331 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch @@ -0,0 +1,50 @@ +xml2-config is disabled, so change the configure script to use pkgconfig to find +libxml2. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Update context for version 9.10.3-P2. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + configure.in | 23 +++-------------------- + 1 file changed, 3 insertions(+), 20 deletions(-) + +diff --git a/configure.in b/configure.in +index 0db826d..75819eb 100644 +--- a/configure.in ++++ b/configure.in +@@ -2107,26 +2107,9 @@ case "$use_libxml2" in + DST_LIBXML2_INC="" + ;; + auto|yes) +- case X`(xml2-config --version) 2>/dev/null` in +- X2.[[6789]].*) +- libxml2_libs=`xml2-config --libs` +- libxml2_cflags=`xml2-config --cflags` +- ;; +- *) +- if test "$use_libxml2" = "yes" ; then +- AC_MSG_RESULT(no) +- AC_MSG_ERROR(required libxml2 version not available) +- else +- libxml2_libs= +- libxml2_cflags= +- fi +- ;; +- esac +- ;; +- *) +- if test -f "$use_libxml2/bin/xml2-config" ; then +- libxml2_libs=`$use_libxml2/bin/xml2-config --libs` +- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags` ++ if pkg-config --exists libxml-2.0 ; then ++ libxml2_libs=`pkg-config libxml-2.0 --libs` ++ libxml2_cflags=`pkg-config libxml-2.0 --cflags` + fi + ;; + esac +-- +2.1.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch new file mode 100644 index 000000000..121509371 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch @@ -0,0 +1,25 @@ +Upstream-Status: Pending + +Subject: gen.c: extend DIRNAMESIZE from 256 to 512 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + lib/dns/gen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/gen.c b/lib/dns/gen.c +index 7a7dafb..51a0435 100644 +--- a/lib/dns/gen.c ++++ b/lib/dns/gen.c +@@ -148,7 +148,7 @@ static const char copyright[] = + #define TYPECLASSBUF (TYPECLASSLEN + 1) + #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" + #define ATTRIBUTESIZE 256 +-#define DIRNAMESIZE 256 ++#define DIRNAMESIZE 512 + + static struct cc { + struct cc *next; +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch new file mode 100644 index 000000000..1ed858cd3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch @@ -0,0 +1,34 @@ +From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Wed, 16 Sep 2015 20:23:47 -0700 +Subject: [PATCH] lib/dns/gen.c: fix too long error + +The 512 is a little short when build in deep dir, and cause "too long" +error, use PATH_MAX if defined. + +Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + lib/dns/gen.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/dns/gen.c b/lib/dns/gen.c +index 51a0435..3d7214f 100644 +--- a/lib/dns/gen.c ++++ b/lib/dns/gen.c +@@ -148,7 +148,11 @@ static const char copyright[] = + #define TYPECLASSBUF (TYPECLASSLEN + 1) + #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" + #define ATTRIBUTESIZE 256 ++#ifdef PATH_MAX ++#define DIRNAMESIZE PATH_MAX ++#else + #define DIRNAMESIZE 512 ++#endif + + static struct cc { + struct cc *next; +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch new file mode 100644 index 000000000..2149bd180 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch @@ -0,0 +1,154 @@ +From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Thu, 18 Feb 2016 12:11:27 +1100 +Subject: [PATCH] 4318. [security] Malformed control messages can + trigger assertions in named and rndc. (CVE-2016-1285) + [RT #41666] + +(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e) + +CVE: CVE-2016-1285 +Upstream-Status: Backport +[Removed doc/arm/notes.xml changes from upstream patch] + +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + CHANGES | 3 +++ + bin/named/control.c | 2 +- + bin/named/controlconf.c | 2 +- + bin/rndc/rndc.c | 8 ++++---- + doc/arm/notes.xml | 11 +++++++++++ + lib/isccc/cc.c | 14 +++++++------- + 6 files changed, 27 insertions(+), 13 deletions(-) + +diff --git a/CHANGES b/CHANGES +index b9bd9ef..2c727d5 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,3 +1,6 @@ ++4318. [security] Malformed control messages can trigger assertions ++ in named and rndc. (CVE-2016-1285) [RT #41666] ++ + --- 9.10.3-P3 released --- + + 4288. [bug] Fixed a regression in resolver.c:possibly_mark() +diff --git a/bin/named/control.c b/bin/named/control.c +index 8554335..81340ca 100644 +--- a/bin/named/control.c ++++ b/bin/named/control.c +@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { + #endif + + data = isccc_alist_lookup(message, "_data"); +- if (data == NULL) { ++ if (!isccc_alist_alistp(data)) { + /* + * No data section. + */ +diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c +index 765afdd..a39ab8b 100644 +--- a/bin/named/controlconf.c ++++ b/bin/named/controlconf.c +@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { + * Limit exposure to replay attacks. + */ + _ctrl = isccc_alist_lookup(request, "_ctrl"); +- if (_ctrl == NULL) { ++ if (!isccc_alist_alistp(_ctrl)) { + log_invalid(&conn->ccmsg, ISC_R_FAILURE); + goto cleanup_request; + } +diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c +index cb17050..b6e05c8 100644 +--- a/bin/rndc/rndc.c ++++ b/bin/rndc/rndc.c +@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { + isccc_cc_fromwire(&source, &response, algorithm, &secret)); + + data = isccc_alist_lookup(response, "_data"); +- if (data == NULL) +- fatal("no data section in response"); ++ if (!isccc_alist_alistp(data)) ++ fatal("bad or missing data section in response"); + result = isccc_cc_lookupstring(data, "err", &errormsg); + if (result == ISC_R_SUCCESS) { + failed = ISC_TRUE; +@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { + isccc_cc_fromwire(&source, &response, algorithm, &secret)); + + _ctrl = isccc_alist_lookup(response, "_ctrl"); +- if (_ctrl == NULL) +- fatal("_ctrl section missing"); ++ if (!isccc_alist_alistp(_ctrl)) ++ fatal("bad or missing ctrl section in response"); + nonce = 0; + if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) + nonce = 0; +diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c +index 47a3b74..2bb961e 100644 +--- a/lib/isccc/cc.c ++++ b/lib/isccc/cc.c +@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length, + * Extract digest. + */ + _auth = isccc_alist_lookup(alist, "_auth"); +- if (_auth == NULL) ++ if (!isccc_alist_alistp(_auth)) + return (ISC_R_FAILURE); + if (algorithm == ISCCC_ALG_HMACMD5) + hmac = isccc_alist_lookup(_auth, "hmd5"); + else + hmac = isccc_alist_lookup(_auth, "hsha"); +- if (hmac == NULL) ++ if (!isccc_sexpr_binaryp(hmac)) + return (ISC_R_FAILURE); + /* + * Compute digest. +@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok, + REQUIRE(ackp != NULL && *ackp == NULL); + + _ctrl = isccc_alist_lookup(message, "_ctrl"); +- if (_ctrl == NULL || ++ if (!isccc_alist_alistp(_ctrl) || + isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || + isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS) + return (ISC_R_FAILURE); +@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message) + isccc_sexpr_t *_ctrl; + + _ctrl = isccc_alist_lookup(message, "_ctrl"); +- if (_ctrl == NULL) ++ if (!isccc_alist_alistp(_ctrl)) + return (ISC_FALSE); + if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS) + return (ISC_TRUE); +@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message) + isccc_sexpr_t *_ctrl; + + _ctrl = isccc_alist_lookup(message, "_ctrl"); +- if (_ctrl == NULL) ++ if (!isccc_alist_alistp(_ctrl)) + return (ISC_FALSE); + if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS) + return (ISC_TRUE); +@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, + + _ctrl = isccc_alist_lookup(message, "_ctrl"); + _data = isccc_alist_lookup(message, "_data"); +- if (_ctrl == NULL || _data == NULL || ++ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) || + isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || + isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS) + return (ISC_R_FAILURE); +@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message, + isccc_sexpr_t *_ctrl; + + _ctrl = isccc_alist_lookup(message, "_ctrl"); +- if (_ctrl == NULL || ++ if (!isccc_alist_alistp(_ctrl) || + isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS || + isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS) + return (ISC_R_FAILURE); +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch new file mode 100644 index 000000000..ae5cc48d9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch @@ -0,0 +1,79 @@ +From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001 +From: Mukund Sivaraman <muks@isc.org> +Date: Mon, 22 Feb 2016 12:22:43 +0530 +Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling + (CVE-2016-1286) (#41753) + +(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673) + +CVE: CVE-2016-1286 +Upstream-Status: Backport + +[Removed doc/arm/notes.xml changes from upstream patch.] + +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- +diff -ruN a/CHANGES b/CHANGES +--- a/CHANGES 2016-04-13 07:28:44.940873629 +0200 ++++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200 +@@ -1,3 +1,7 @@ ++4319. [security] Fix resolver assertion failure due to improper ++ DNAME handling when parsing fetch reply messages. ++ (CVE-2016-1286) [RT #41753] ++ + 4318. [security] Malformed control messages can trigger assertions + in named and rndc. (CVE-2016-1285) [RT #41666] + +diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c +--- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200 ++++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200 +@@ -6967,21 +6967,26 @@ + isc_boolean_t found_dname = ISC_FALSE; + dns_name_t *dname_name; + ++ /* ++ * Only pass DNAME or RRSIG(DNAME). ++ */ ++ if (rdataset->type != dns_rdatatype_dname && ++ (rdataset->type != dns_rdatatype_rrsig || ++ rdataset->covers != dns_rdatatype_dname)) ++ continue; ++ ++ /* ++ * If we're not chaining, then the DNAME and ++ * its signature should not be external. ++ */ ++ if (!chaining && external) { ++ log_formerr(fctx, "external DNAME"); ++ return (DNS_R_FORMERR); ++ } ++ + found = ISC_FALSE; + aflag = 0; + if (rdataset->type == dns_rdatatype_dname) { +- /* +- * We're looking for something else, +- * but we found a DNAME. +- * +- * If we're not chaining, then the +- * DNAME should not be external. +- */ +- if (!chaining && external) { +- log_formerr(fctx, +- "external DNAME"); +- return (DNS_R_FORMERR); +- } + found = ISC_TRUE; + want_chaining = ISC_TRUE; + POST(want_chaining); +@@ -7010,9 +7015,7 @@ + &fctx->domain)) { + return (DNS_R_SERVFAIL); + } +- } else if (rdataset->type == dns_rdatatype_rrsig +- && rdataset->covers == +- dns_rdatatype_dname) { ++ } else { + /* + * We've found a signature that + * covers the DNAME. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch new file mode 100644 index 000000000..a31ea81f8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch @@ -0,0 +1,314 @@ +From 7602be276a73a6eb5431c5acd9718e68a55e8b61 Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Mon, 29 Feb 2016 07:16:48 +1100 +Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion + failure due to improper DNAME handling when parsing + fetch reply messages. (CVE-2016-1286) [RT #41753] + +(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374) +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + lib/dns/resolver.c | 192 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 93 insertions(+), 99 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 70aba87..41e9df4 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -6074,14 +6074,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) { + } + + static inline isc_result_t +-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname, +- dns_name_t *oname, dns_fixedname_t *fixeddname) ++dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, ++ unsigned int nlabels, dns_fixedname_t *fixeddname) + { + isc_result_t result; + dns_rdata_t rdata = DNS_RDATA_INIT; +- unsigned int nlabels; +- int order; +- dns_namereln_t namereln; + dns_rdata_dname_t dname; + dns_fixedname_t prefix; + +@@ -6096,21 +6093,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname, + if (result != ISC_R_SUCCESS) + return (result); + +- /* +- * Get the prefix of qname. +- */ +- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels); +- if (namereln != dns_namereln_subdomain) { +- char qbuf[DNS_NAME_FORMATSIZE]; +- char obuf[DNS_NAME_FORMATSIZE]; +- +- dns_rdata_freestruct(&dname); +- dns_name_format(qname, qbuf, sizeof(qbuf)); +- dns_name_format(oname, obuf, sizeof(obuf)); +- log_formerr(fctx, "unrelated DNAME in answer: " +- "%s is not in %s", qbuf, obuf); +- return (DNS_R_FORMERR); +- } + dns_fixedname_init(&prefix); + dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL); + dns_fixedname_init(fixeddname); +@@ -6736,13 +6718,13 @@ static isc_result_t + answer_response(fetchctx_t *fctx) { + isc_result_t result; + dns_message_t *message; +- dns_name_t *name, *qname, tname, *ns_name; ++ dns_name_t *name, *dname, *qname, tname, *ns_name; + dns_rdataset_t *rdataset, *ns_rdataset; + isc_boolean_t done, external, chaining, aa, found, want_chaining; + isc_boolean_t have_answer, found_cname, found_type, wanted_chaining; + unsigned int aflag; + dns_rdatatype_t type; +- dns_fixedname_t dname, fqname; ++ dns_fixedname_t fdname, fqname; + dns_view_t *view; + + FCTXTRACE("answer_response"); +@@ -6770,10 +6752,15 @@ answer_response(fetchctx_t *fctx) { + view = fctx->res->view; + result = dns_message_firstname(message, DNS_SECTION_ANSWER); + while (!done && result == ISC_R_SUCCESS) { ++ dns_namereln_t namereln; ++ int order; ++ unsigned int nlabels; ++ + name = NULL; + dns_message_currentname(message, DNS_SECTION_ANSWER, &name); + external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); +- if (dns_name_equal(name, qname)) { ++ namereln = dns_name_fullcompare(qname, name, &order, &nlabels); ++ if (namereln == dns_namereln_equal) { + wanted_chaining = ISC_FALSE; + for (rdataset = ISC_LIST_HEAD(name->list); + rdataset != NULL; +@@ -6898,10 +6885,11 @@ answer_response(fetchctx_t *fctx) { + */ + INSIST(!external); + if (aflag == +- DNS_RDATASETATTR_ANSWER) ++ DNS_RDATASETATTR_ANSWER) { + have_answer = ISC_TRUE; +- name->attributes |= +- DNS_NAMEATTR_ANSWER; ++ name->attributes |= ++ DNS_NAMEATTR_ANSWER; ++ } + rdataset->attributes |= aflag; + if (aa) + rdataset->trust = +@@ -6956,6 +6944,8 @@ answer_response(fetchctx_t *fctx) { + if (wanted_chaining) + chaining = ISC_TRUE; + } else { ++ dns_rdataset_t *dnameset = NULL; ++ + /* + * Look for a DNAME (or its SIG). Anything else is + * ignored. +@@ -6963,10 +6953,8 @@ answer_response(fetchctx_t *fctx) { + wanted_chaining = ISC_FALSE; + for (rdataset = ISC_LIST_HEAD(name->list); + rdataset != NULL; +- rdataset = ISC_LIST_NEXT(rdataset, link)) { +- isc_boolean_t found_dname = ISC_FALSE; +- dns_name_t *dname_name; +- ++ rdataset = ISC_LIST_NEXT(rdataset, link)) ++ { + /* + * Only pass DNAME or RRSIG(DNAME). + */ +@@ -6980,20 +6968,41 @@ answer_response(fetchctx_t *fctx) { + * its signature should not be external. + */ + if (!chaining && external) { +- log_formerr(fctx, "external DNAME"); ++ char qbuf[DNS_NAME_FORMATSIZE]; ++ char obuf[DNS_NAME_FORMATSIZE]; ++ ++ dns_name_format(name, qbuf, ++ sizeof(qbuf)); ++ dns_name_format(&fctx->domain, obuf, ++ sizeof(obuf)); ++ log_formerr(fctx, "external DNAME or " ++ "RRSIG covering DNAME " ++ "in answer: %s is " ++ "not in %s", qbuf, obuf); ++ return (DNS_R_FORMERR); ++ } ++ ++ if (namereln != dns_namereln_subdomain) { ++ char qbuf[DNS_NAME_FORMATSIZE]; ++ char obuf[DNS_NAME_FORMATSIZE]; ++ ++ dns_name_format(qname, qbuf, ++ sizeof(qbuf)); ++ dns_name_format(name, obuf, ++ sizeof(obuf)); ++ log_formerr(fctx, "unrelated DNAME " ++ "in answer: %s is " ++ "not in %s", qbuf, obuf); + return (DNS_R_FORMERR); + } + +- found = ISC_FALSE; + aflag = 0; + if (rdataset->type == dns_rdatatype_dname) { +- found = ISC_TRUE; + want_chaining = ISC_TRUE; + POST(want_chaining); + aflag = DNS_RDATASETATTR_ANSWER; +- result = dname_target(fctx, rdataset, +- qname, name, +- &dname); ++ result = dname_target(rdataset, qname, ++ nlabels, &fdname); + if (result == ISC_R_NOSPACE) { + /* + * We can't construct the +@@ -7005,14 +7014,12 @@ answer_response(fetchctx_t *fctx) { + } else if (result != ISC_R_SUCCESS) + return (result); + else +- found_dname = ISC_TRUE; ++ dnameset = rdataset; + +- dname_name = dns_fixedname_name(&dname); ++ dname = dns_fixedname_name(&fdname); + if (!is_answertarget_allowed(view, +- qname, +- rdataset->type, +- dname_name, +- &fctx->domain)) { ++ qname, rdataset->type, ++ dname, &fctx->domain)) { + return (DNS_R_SERVFAIL); + } + } else { +@@ -7020,73 +7027,60 @@ answer_response(fetchctx_t *fctx) { + * We've found a signature that + * covers the DNAME. + */ +- found = ISC_TRUE; + aflag = DNS_RDATASETATTR_ANSWERSIG; + } + +- if (found) { ++ /* ++ * We've found an answer to our ++ * question. ++ */ ++ name->attributes |= DNS_NAMEATTR_CACHE; ++ rdataset->attributes |= DNS_RDATASETATTR_CACHE; ++ rdataset->trust = dns_trust_answer; ++ if (!chaining) { + /* +- * We've found an answer to our +- * question. ++ * This data is "the" answer to ++ * our question only if we're ++ * not chaining. + */ +- name->attributes |= +- DNS_NAMEATTR_CACHE; +- rdataset->attributes |= +- DNS_RDATASETATTR_CACHE; +- rdataset->trust = dns_trust_answer; +- if (!chaining) { +- /* +- * This data is "the" answer +- * to our question only if +- * we're not chaining. +- */ +- INSIST(!external); +- if (aflag == +- DNS_RDATASETATTR_ANSWER) +- have_answer = ISC_TRUE; ++ INSIST(!external); ++ if (aflag == DNS_RDATASETATTR_ANSWER) { ++ have_answer = ISC_TRUE; + name->attributes |= + DNS_NAMEATTR_ANSWER; +- rdataset->attributes |= aflag; +- if (aa) +- rdataset->trust = +- dns_trust_authanswer; +- } else if (external) { +- rdataset->attributes |= +- DNS_RDATASETATTR_EXTERNAL; +- } +- +- /* +- * DNAME chaining. +- */ +- if (found_dname) { +- /* +- * Copy the dname into the +- * qname fixed name. +- * +- * Although we check for +- * failure of the copy +- * operation, in practice it +- * should never fail since +- * we already know that the +- * result fits in a fixedname. +- */ +- dns_fixedname_init(&fqname); +- result = dns_name_copy( +- dns_fixedname_name(&dname), +- dns_fixedname_name(&fqname), +- NULL); +- if (result != ISC_R_SUCCESS) +- return (result); +- wanted_chaining = ISC_TRUE; +- name->attributes |= +- DNS_NAMEATTR_CHAINING; +- rdataset->attributes |= +- DNS_RDATASETATTR_CHAINING; +- qname = dns_fixedname_name( +- &fqname); + } ++ rdataset->attributes |= aflag; ++ if (aa) ++ rdataset->trust = ++ dns_trust_authanswer; ++ } else if (external) { ++ rdataset->attributes |= ++ DNS_RDATASETATTR_EXTERNAL; + } + } ++ ++ /* ++ * DNAME chaining. ++ */ ++ if (dnameset != NULL) { ++ /* ++ * Copy the dname into the qname fixed name. ++ * ++ * Although we check for failure of the copy ++ * operation, in practice it should never fail ++ * since we already know that the result fits ++ * in a fixedname. ++ */ ++ dns_fixedname_init(&fqname); ++ qname = dns_fixedname_name(&fqname); ++ result = dns_name_copy(dname, qname, NULL); ++ if (result != ISC_R_SUCCESS) ++ return (result); ++ wanted_chaining = ISC_TRUE; ++ name->attributes |= DNS_NAMEATTR_CHAINING; ++ dnameset->attributes |= ++ DNS_RDATASETATTR_CHAINING; ++ } + if (wanted_chaining) + chaining = ISC_TRUE; + } +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch new file mode 100644 index 000000000..1b84d46b7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch @@ -0,0 +1,247 @@ +CVE-2016-2088 + +Backport commit d7ff9a1c41bf0ba9773cb3adb08b48b9fd57c956 from the +v9_10_3_patch branch. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088 +https://kb.isc.org/article/AA-01351 + +CVE: CVE-2016-2088 +Upstream-Status: Backport +Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> + + +Original commit message from Mark Andrews <marka@isc.org> below: + +4322. [security] Duplicate EDNS COOKIE options in a response could + trigger an assertion failure. (CVE-2016-2088) + [RT #41809] + +(cherry picked from commit 455c0848f80a8acda27aad1466c72987cafaa029) +(cherry picked from commit 7cd300abd6ee8b8ee8730593daf742ba53f90bc3) +--- + CHANGES | 4 ++++ + bin/dig/dighost.c | 9 +++++++++ + bin/named/client.c | 33 +++++++++++++++++++++++---------- + doc/arm/notes.xml | 7 +++++++ + lib/dns/resolver.c | 14 +++++++++++++- + 5 files changed, 56 insertions(+), 11 deletions(-) + +diff --git a/CHANGES b/CHANGES +index c5b5d2b..d2e3360 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,3 +1,7 @@ ++4322. [security] Duplicate EDNS COOKIE options in a response could ++ trigger an assertion failure. (CVE-2016-2088) ++ [RT #41809] ++ + 4319. [security] Fix resolver assertion failure due to improper + DNAME handling when parsing fetch reply messages. + (CVE-2016-1286) [RT #41753] +diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c +index ca82f8e..340904f 100644 +--- a/bin/dig/dighost.c ++++ b/bin/dig/dighost.c +@@ -3458,6 +3458,7 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) { + isc_buffer_t optbuf; + isc_uint16_t optcode, optlen; + dns_rdataset_t *opt = msg->opt; ++ isc_boolean_t seen_cookie = ISC_FALSE; + + result = dns_rdataset_first(opt); + if (result == ISC_R_SUCCESS) { +@@ -3470,7 +3471,15 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) { + optlen = isc_buffer_getuint16(&optbuf); + switch (optcode) { + case DNS_OPT_COOKIE: ++ /* ++ * Only process the first cookie option. ++ */ ++ if (seen_cookie) { ++ isc_buffer_forward(&optbuf, optlen); ++ break; ++ } + process_sit(l, msg, &optbuf, optlen); ++ seen_cookie = ISC_TRUE; + break; + default: + isc_buffer_forward(&optbuf, optlen); +diff --git a/bin/named/client.c b/bin/named/client.c +index 683305c..0d7331a 100644 +--- a/bin/named/client.c ++++ b/bin/named/client.c +@@ -120,7 +120,10 @@ + */ + #endif + +-#define SIT_SIZE 24U /* 8 + 4 + 4 + 8 */ ++#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */ ++ ++#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0) ++#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0) + + /*% nameserver client manager structure */ + struct ns_clientmgr { +@@ -1395,7 +1398,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, + { + char nsid[BUFSIZ], *nsidp; + #ifdef ISC_PLATFORM_USESIT +- unsigned char sit[SIT_SIZE]; ++ unsigned char sit[COOKIE_SIZE]; + #endif + isc_result_t result; + dns_view_t *view; +@@ -1420,7 +1423,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, + flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE; + + /* Set EDNS options if applicable */ +- if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 && ++ if (WANTNSID(client) && + (ns_g_server->server_id != NULL || + ns_g_server->server_usehostname)) { + if (ns_g_server->server_usehostname) { +@@ -1453,7 +1456,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, + + INSIST(count < DNS_EDNSOPTIONS); + ednsopts[count].code = DNS_OPT_COOKIE; +- ednsopts[count].length = SIT_SIZE; ++ ednsopts[count].length = COOKIE_SIZE; + ednsopts[count].value = sit; + count++; + } +@@ -1661,19 +1664,26 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce, + + static void + process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { +- unsigned char dbuf[SIT_SIZE]; ++ unsigned char dbuf[COOKIE_SIZE]; + unsigned char *old; + isc_stdtime_t now; + isc_uint32_t when; + isc_uint32_t nonce; + isc_buffer_t db; + ++ /* ++ * If we have already seen a ECS option skip this ECS option. ++ */ ++ if ((client->attributes & NS_CLIENTATTR_WANTSIT) != 0) { ++ isc_buffer_forward(buf, optlen); ++ return; ++ } + client->attributes |= NS_CLIENTATTR_WANTSIT; + + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_sitopt); + +- if (optlen != SIT_SIZE) { ++ if (optlen != COOKIE_SIZE) { + /* + * Not our token. + */ +@@ -1717,14 +1727,13 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) { + isc_buffer_init(&db, dbuf, sizeof(dbuf)); + compute_sit(client, when, nonce, &db); + +- if (!isc_safe_memequal(old, dbuf, SIT_SIZE)) { ++ if (!isc_safe_memequal(old, dbuf, COOKIE_SIZE)) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_sitnomatch); + return; + } + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_sitmatch); +- + client->attributes |= NS_CLIENTATTR_HAVESIT; + } + #endif +@@ -1783,7 +1792,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { + optlen = isc_buffer_getuint16(&optbuf); + switch (optcode) { + case DNS_OPT_NSID: +- isc_stats_increment(ns_g_server->nsstats, ++ if (!WANTNSID(client)) ++ isc_stats_increment( ++ ns_g_server->nsstats, + dns_nsstatscounter_nsidopt); + client->attributes |= NS_CLIENTATTR_WANTNSID; + isc_buffer_forward(&optbuf, optlen); +@@ -1794,7 +1805,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) { + break; + #endif + case DNS_OPT_EXPIRE: +- isc_stats_increment(ns_g_server->nsstats, ++ if (!WANTEXPIRE(client)) ++ isc_stats_increment( ++ ns_g_server->nsstats, + dns_nsstatscounter_expireopt); + client->attributes |= NS_CLIENTATTR_WANTEXPIRE; + isc_buffer_forward(&optbuf, optlen); +diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml +index ebf4f55..095eb5b 100644 +--- a/doc/arm/notes.xml ++++ b/doc/arm/notes.xml +@@ -51,6 +51,13 @@ + <title>Security Fixes</title> + <itemizedlist> + <listitem> ++ <para> ++ Duplicate EDNS COOKIE options in a response could trigger ++ an assertion failure. This flaw is disclosed in CVE-2016-2088. ++ [RT #41809] ++ </para> ++ </listitem> ++ <listitem> + <para> + Specific APL data could trigger an INSIST. This flaw + was discovered by Brian Mitchell and is disclosed in +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index a797e3f..ba1ae23 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -7502,7 +7502,9 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { + unsigned char *sit; + dns_adbaddrinfo_t *addrinfo; + unsigned char cookie[8]; ++ isc_boolean_t seen_cookie = ISC_FALSE; + #endif ++ isc_boolean_t seen_nsid = ISC_FALSE; + + result = dns_rdataset_first(opt); + if (result == ISC_R_SUCCESS) { +@@ -7516,14 +7518,23 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { + INSIST(optlen <= isc_buffer_remaininglength(&optbuf)); + switch (optcode) { + case DNS_OPT_NSID: +- if (query->options & DNS_FETCHOPT_WANTNSID) ++ if (!seen_nsid && ++ query->options & DNS_FETCHOPT_WANTNSID) + log_nsid(&optbuf, optlen, query, + ISC_LOG_DEBUG(3), + query->fctx->res->mctx); + isc_buffer_forward(&optbuf, optlen); ++ seen_nsid = ISC_TRUE; + break; + #ifdef ISC_PLATFORM_USESIT + case DNS_OPT_COOKIE: ++ /* ++ * Only process the first cookie option. ++ */ ++ if (seen_cookie) { ++ isc_buffer_forward(&optbuf, optlen); ++ break; ++ } + sit = isc_buffer_current(&optbuf); + compute_cc(query, cookie, sizeof(cookie)); + INSIST(query->fctx->rmessage->sitbad == 0 && +@@ -7541,6 +7552,7 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) { + isc_buffer_forward(&optbuf, optlen); + inc_stats(query->fctx->res, + dns_resstatscounter_sitin); ++ seen_cookie = ISC_TRUE; + break; + #endif + default: +-- +2.1.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch new file mode 100644 index 000000000..096d5d84f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch @@ -0,0 +1,44 @@ +From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Mon, 16 Feb 2015 00:50:01 -0800 +Subject: [PATCH] confgen: don't build unix.o twice + +Fixed: +unix/os.o: file not recognized: File truncated +collect2: error: ld returned 1 exit status + +This is because os.o was built twice: +* The implicity rule (depends on unix/os.o) +* The "make all" in unix subdir (depends on unix/os.o) + +Depend on subdirs which is unix only rather than unix/os.o will fix the +problem. + +Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + bin/confgen/Makefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in +index 8b3e5aa..4868a24 100644 +--- a/bin/confgen/Makefile.in ++++ b/bin/confgen/Makefile.in +@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c + ddns-confgen.@O@: ddns-confgen.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c + +-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} ++rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) + export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ + ${FINALBUILDCMD} + +-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} ++ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) + export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ + ${FINALBUILDCMD} + +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch new file mode 100644 index 000000000..13df3bb0e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -0,0 +1,49 @@ +From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 +From: Paul Gortmaker <paul.gortmaker@windriver.com> +Date: Tue, 9 Jun 2015 11:22:00 -0400 +Subject: [PATCH] bind: ensure searching for json headers searches sysroot + +Bind can fail configure by detecting headers w/o libs[1], or +it can fail the host contamination check as per below: + +ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. +Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build' +ERROR: Function failed: do_qa_configure +ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242 +ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1' +NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed. +No currently running tasks (773 of 781) + +Summary: 1 task failed: + /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure + +One way to fix it would be to unconditionally disable json in bind +configure[2] but here we fix it by using the path to where we would +put the header if we had json in the sysroot, in case someone wants +to make use of the combination some day. + +[1] https://trac.macports.org/ticket/45305 +[2] https://trac.macports.org/changeset/126406 + +Upstream-Status: Inappropriate [OE Specific] +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + configure.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.in b/configure.in +index c9ef3a601343..17a1f613e9ac 100644 +--- a/configure.in ++++ b/configure.in +@@ -2139,7 +2139,7 @@ case "$use_libjson" in + libjson_libs="" + ;; + auto|yes) +- for d in /usr /usr/local /opt/local ++ for d in "${STAGING_INCDIR}" + do + if test -f "${d}/include/json/json.h" + then +-- +2.4.2 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind9 b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind9 new file mode 100644 index 000000000..968679ff7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind9 @@ -0,0 +1,2 @@ +# startup options for the server +OPTIONS="-u bind" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/conf.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/conf.patch new file mode 100644 index 000000000..aad345f9f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/conf.patch @@ -0,0 +1,330 @@ +Upstream-Status: Inappropriate [configuration] + +the patch is imported from openembedded project + +11/30/2010 - Qing He <qing.he@intel.com> + +diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 +--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reverse data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 +--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND reverse data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++1.0.0 IN PTR localhost. +diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty +--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,14 @@ ++; BIND reverse data file for empty rfc1918 zone ++; ++; DO NOT EDIT THIS FILE - it is used for multiple zones. ++; Instead, copy it, edit named.conf, and use that copy. ++; ++$TTL 86400 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 86400 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.255 bind-9.3.1/conf/db.255 +--- bind-9.3.1.orig/conf/db.255 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.255 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,12 @@ ++; ++; BIND reserve data file for broadcast zone ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. +diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local +--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,13 @@ ++; ++; BIND data file for local loopback interface ++; ++$TTL 604800 ++@ IN SOA localhost. root.localhost. ( ++ 1 ; Serial ++ 604800 ; Refresh ++ 86400 ; Retry ++ 2419200 ; Expire ++ 604800 ) ; Negative Cache TTL ++; ++@ IN NS localhost. ++@ IN A 127.0.0.1 +diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root +--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 +@@ -0,0 +1,45 @@ ++ ++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. ++;; global options: printcmd ++;; Got answer: ++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 ++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ++ ++;; QUESTION SECTION: ++;. IN NS ++ ++;; ANSWER SECTION: ++. 518400 IN NS A.ROOT-SERVERS.NET. ++. 518400 IN NS B.ROOT-SERVERS.NET. ++. 518400 IN NS C.ROOT-SERVERS.NET. ++. 518400 IN NS D.ROOT-SERVERS.NET. ++. 518400 IN NS E.ROOT-SERVERS.NET. ++. 518400 IN NS F.ROOT-SERVERS.NET. ++. 518400 IN NS G.ROOT-SERVERS.NET. ++. 518400 IN NS H.ROOT-SERVERS.NET. ++. 518400 IN NS I.ROOT-SERVERS.NET. ++. 518400 IN NS J.ROOT-SERVERS.NET. ++. 518400 IN NS K.ROOT-SERVERS.NET. ++. 518400 IN NS L.ROOT-SERVERS.NET. ++. 518400 IN NS M.ROOT-SERVERS.NET. ++ ++;; ADDITIONAL SECTION: ++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 ++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 ++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 ++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 ++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 ++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 ++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 ++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 ++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 ++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 ++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 ++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 ++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 ++ ++;; Query time: 81 msec ++;; SERVER: 198.41.0.4#53(a.root-servers.net.) ++;; WHEN: Sun Feb 1 11:27:14 2004 ++;; MSG SIZE rcvd: 436 ++ +diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf +--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 +@@ -0,0 +1,49 @@ ++// This is the primary configuration file for the BIND DNS server named. ++// ++// If you are just adding zones, please do that in /etc/bind/named.conf.local ++ ++include "/etc/bind/named.conf.options"; ++ ++// prime the server with knowledge of the root servers ++zone "." { ++ type hint; ++ file "/etc/bind/db.root"; ++}; ++ ++// be authoritative for the localhost forward and reverse zones, and for ++// broadcast zones as per RFC 1912 ++ ++zone "localhost" { ++ type master; ++ file "/etc/bind/db.local"; ++}; ++ ++zone "127.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.127"; ++}; ++ ++zone "0.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.0"; ++}; ++ ++zone "255.in-addr.arpa" { ++ type master; ++ file "/etc/bind/db.255"; ++}; ++ ++// zone "com" { type delegation-only; }; ++// zone "net" { type delegation-only; }; ++ ++// From the release notes: ++// Because many of our users are uncomfortable receiving undelegated answers ++// from root or top level domains, other than a few for whom that behaviour ++// has been trusted and expected for quite some length of time, we have now ++// introduced the "root-delegations-only" feature which applies delegation-only ++// logic to all top level domains, and to the root domain. An exception list ++// should be specified, including "MUSEUM" and "DE", and any other top level ++// domains from whom undelegated responses are expected and trusted. ++// root-delegation-only exclude { "DE"; "MUSEUM"; }; ++ ++include "/etc/bind/named.conf.local"; +diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local +--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,8 @@ ++// ++// Do any local configuration here ++// ++ ++// Consider adding the 1918 zones here, if they are not used in your ++// organization ++//include "/etc/bind/zones.rfc1918"; ++ +diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options +--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 +@@ -0,0 +1,24 @@ ++options { ++ directory "/var/cache/bind"; ++ ++ // If there is a firewall between you and nameservers you want ++ // to talk to, you might need to uncomment the query-source ++ // directive below. Previous versions of BIND always asked ++ // questions using port 53, but BIND 8.1 and later use an unprivileged ++ // port by default. ++ ++ // query-source address * port 53; ++ ++ // If your ISP provided one or more IP addresses for stable ++ // nameservers, you probably want to use them as forwarders. ++ // Uncomment the following block, and insert the addresses replacing ++ // the all-0's placeholder. ++ ++ // forwarders { ++ // 0.0.0.0; ++ // }; ++ ++ auth-nxdomain no; # conform to RFC1035 ++ ++}; ++ +diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 +--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 +@@ -0,0 +1,20 @@ ++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; ++ ++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d +--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 +@@ -0,0 +1,70 @@ ++#!/bin/sh ++ ++PATH=/sbin:/bin:/usr/sbin:/usr/bin ++ ++# for a chrooted server: "-u bind -t /var/lib/named" ++# Don't modify this line, change or create /etc/default/bind9. ++OPTIONS="" ++ ++test -f /etc/default/bind9 && . /etc/default/bind9 ++ ++test -x /usr/sbin/rndc || exit 0 ++ ++case "$1" in ++ start) ++ echo -n "Starting domain name service: named" ++ ++ modprobe capability >/dev/null 2>&1 || true ++ if [ ! -f /etc/bind/rndc.key ]; then ++ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ chmod 0640 /etc/bind/rndc.key ++ fi ++ if [ -f /var/run/named/named.pid ]; then ++ ps `cat /var/run/named/named.pid` > /dev/null && exit 1 ++ fi ++ ++ # dirs under /var/run can go away on reboots. ++ mkdir -p /var/run/named ++ mkdir -p /var/cache/bind ++ chmod 775 /var/run/named ++ chown root:bind /var/run/named >/dev/null 2>&1 || true ++ ++ if [ ! -x /usr/sbin/named ]; then ++ echo "named binary missing - not starting" ++ exit 1 ++ fi ++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \ ++ --pidfile /var/run/named/named.pid -- $OPTIONS; then ++ if [ -x /sbin/resolvconf ] ; then ++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo ++ fi ++ fi ++ echo "." ++ ;; ++ ++ stop) ++ echo -n "Stopping domain name service: named" ++ if [ -x /sbin/resolvconf ]; then ++ /sbin/resolvconf -d lo ++ fi ++ /usr/sbin/rndc stop >/dev/null 2>&1 ++ echo "." ++ ;; ++ ++ reload) ++ /usr/sbin/rndc reload ++ ;; ++ ++ restart|force-reload) ++ $0 stop ++ sleep 2 ++ $0 start ++ ;; ++ ++ *) ++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 ++ exit 1 ++ ;; ++esac ++ ++exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch new file mode 100644 index 000000000..6989d6d4b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch @@ -0,0 +1,17 @@ +Upstream-Status: Pending + +Signed-off-by Saul Wold <sgw@linux.intel.com> + +Index: bind-9.9.5/bin/Makefile.in +=================================================================== +--- bind-9.9.5.orig/bin/Makefile.in ++++ bind-9.9.5/bin/Makefile.in +@@ -19,7 +19,7 @@ srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ ++SUBDIRS = named rndc dig delv dnssec tools nsupdate \ + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ + TARGETS = + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh new file mode 100644 index 000000000..db201270f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ ! -s /etc/bind/rndc.key ]; then + echo -n "Generating /etc/bind/rndc.key:" + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + chmod 0640 /etc/bind/rndc.key +fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch new file mode 100644 index 000000000..11db95ede --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch @@ -0,0 +1,65 @@ +Subject: init.d: add support for read-only rootfs + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + init.d | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/init.d b/init.d +index 0111ed4..24677c8 100644 +--- a/init.d ++++ b/init.d +@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin + # Don't modify this line, change or create /etc/default/bind9. + OPTIONS="" + ++test -f /etc/default/rcS && . /etc/default/rcS + test -f /etc/default/bind9 && . /etc/default/bind9 + ++# This function is here because it's possible that /var and / are on different partitions. ++is_on_read_only_partition () { ++ DIRECTORY=$1 ++ dir=`readlink -f $DIRECTORY` ++ while true; do ++ if [ ! -d "$dir" ]; then ++ echo "ERROR: $dir is not a directory" ++ exit 1 ++ else ++ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ ++ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do ++ [ "$flag" = "FOUND" ] && partition="read-write" ++ [ "$flag" = "ro" ] && { partition="read-only"; break; } ++ done ++ if [ "$dir" = "/" -o -n "$partition" ]; then ++ break ++ else ++ dir=`dirname $dir` ++ fi ++ fi ++ done ++ [ "$partition" = "read-only" ] && echo "yes" || echo "no" ++} ++ ++bind_mount () { ++ olddir=$1 ++ newdir=$2 ++ mkdir -p $olddir ++ cp -a $newdir/* $olddir ++ mount --bind $olddir $newdir ++} ++ ++# Deal with read-only rootfs ++if [ "$ROOTFS_READ_ONLY" = "yes" ]; then ++ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" ++ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind ++ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named ++fi ++ + test -x /usr/sbin/rndc || exit 0 + + case "$1" in +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch new file mode 100644 index 000000000..146f3e35d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch @@ -0,0 +1,42 @@ +bind: make "/etc/init.d/bind stop" work + +Upstream-Status: Inappropriate [configuration] + +Add some configurations, make rndc command be able to controls +the named daemon. + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + conf/named.conf | 5 +++++ + conf/rndc.conf | 5 +++++ + 2 files changed, 10 insertions(+), 0 deletions(-) + create mode 100644 conf/rndc.conf + +diff --git a/conf/named.conf b/conf/named.conf +index 95829cf..c8899e7 100644 +--- a/conf/named.conf ++++ b/conf/named.conf +@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { + // root-delegation-only exclude { "DE"; "MUSEUM"; }; + + include "/etc/bind/named.conf.local"; ++include "/etc/bind/rndc.key" ; ++controls { ++ inet 127.0.0.1 allow { localhost; } ++ keys { rndc-key; }; ++}; +diff --git a/conf/rndc.conf b/conf/rndc.conf +new file mode 100644 +index 0000000..a0b481d +--- /dev/null ++++ b/conf/rndc.conf +@@ -0,0 +1,5 @@ ++include "/etc/bind/rndc.key"; ++options { ++ default-server localhost; ++ default-key rndc-key; ++}; + +-- +1.7.5.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff new file mode 100644 index 000000000..2930796b6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff @@ -0,0 +1,104 @@ +bind: port a patch to fix a build failure + +mips1 does not support ll and sc instructions, and lead to below error, now +we port a patch from debian to fix it +[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz] + +| {standard input}: Assembler messages: +| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)' +| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)' + +Upstream-Status: Pending + +Signed-off-by: Roy Li <rongqing.li@windriver.com> + +--- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h ++++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h +@@ -31,18 +31,20 @@ + isc_atomic_xadd(isc_int32_t *p, int val) { + isc_int32_t orig; + +- /* add is a cheat, since MIPS has no mov instruction */ +- __asm__ volatile ( +- "1:" +- "ll $3, %1\n" +- "add %0, $0, $3\n" +- "add $3, $3, %2\n" +- "sc $3, %1\n" +- "beq $3, 0, 1b" +- : "=&r"(orig) +- : "m"(*p), "r"(val) +- : "memory", "$3" +- ); ++ __asm__ __volatile__ ( ++ " .set push \n" ++ " .set mips2 \n" ++ " .set noreorder \n" ++ " .set noat \n" ++ "1: ll $1, %1 \n" ++ " addu %0, $1, %2 \n" ++ " sc %0, %1 \n" ++ " beqz %0, 1b \n" ++ " move %0, $1 \n" ++ " .set pop \n" ++ : "=&r" (orig), "+R" (*p) ++ : "r" (val) ++ : "memory"); + + return (orig); + } +@@ -52,16 +54,7 @@ + */ + static inline void + isc_atomic_store(isc_int32_t *p, isc_int32_t val) { +- __asm__ volatile ( +- "1:" +- "ll $3, %0\n" +- "add $3, $0, %1\n" +- "sc $3, %0\n" +- "beq $3, 0, 1b" +- : +- : "m"(*p), "r"(val) +- : "memory", "$3" +- ); ++ *p = val; + } + + /* +@@ -72,20 +65,23 @@ + static inline isc_int32_t + isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { + isc_int32_t orig; ++ isc_int32_t tmp; + +- __asm__ volatile( +- "1:" +- "ll $3, %1\n" +- "add %0, $0, $3\n" +- "bne $3, %2, 2f\n" +- "add $3, $0, %3\n" +- "sc $3, %1\n" +- "beq $3, 0, 1b\n" +- "2:" +- : "=&r"(orig) +- : "m"(*p), "r"(cmpval), "r"(val) +- : "memory", "$3" +- ); ++ __asm__ __volatile__ ( ++ " .set push \n" ++ " .set mips2 \n" ++ " .set noreorder \n" ++ " .set noat \n" ++ "1: ll $1, %1 \n" ++ " bne $1, %3, 2f \n" ++ " move %2, %4 \n" ++ " sc %2, %1 \n" ++ " beqz %2, 1b \n" ++ "2: move %0, $1 \n" ++ " .set pop \n" ++ : "=&r"(orig), "+R" (*p), "=r" (tmp) ++ : "r"(cmpval), "r"(val) ++ : "memory"); + + return (orig); + } diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/named.service b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/named.service new file mode 100644 index 000000000..cda56ef01 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/named.service @@ -0,0 +1,22 @@ +[Unit] +Description=Berkeley Internet Name Domain (DNS) +Wants=nss-lookup.target +Before=nss-lookup.target +After=network.target + +[Service] +Type=forking +EnvironmentFile=-/etc/default/bind9 +PIDFile=/run/named/named.pid + +ExecStartPre=@SBINDIR@/generate-rndc-key.sh +ExecStart=@SBINDIR@/named $OPTIONS + +ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' + +ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' + +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb new file mode 100644 index 000000000..1e3a20f9a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb @@ -0,0 +1,109 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "http://www.isc.org/sw/bind/" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0a95f52a0ab6c5f52dedc9a45e7abb3f" + +DEPENDS = "openssl libcap" + +SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://make-etc-initd-bind-stop-work.patch \ + file://mips1-not-support-opcode.diff \ + file://dont-test-on-host.patch \ + file://generate-rndc-key.sh \ + file://named.service \ + file://bind9 \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-confgen-build-unix.o-once.patch \ + file://0001-build-use-pkg-config-to-find-libxml2.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ + file://0001-lib-dns-gen.c-fix-too-long-error.patch \ + file://CVE-2016-1285.patch \ + file://CVE-2016-1286_1.patch \ + file://CVE-2016-1286_2.patch \ + file://CVE-2016-2088.patch \ + " + +SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a" +SRC_URI[sha256sum] = "690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83" + +ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ + --disable-devpoll --disable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_LIBDIR}/.. \ + " +inherit autotools update-rc.d systemd useradd pkgconfig + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "named.service" + +PARALLEL_MAKE = "" + +RDEPENDS_${PN} = "python-core" +RDEPENDS_${PN}-dev = "" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +do_install_prepend() { + # clean host path in isc-config.sh before the hardlink created + # by "make install": + # bind9-config -> isc-config.sh + sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh +} + +do_install_append() { + rm "${D}${bindir}/nslookup" + rm "${D}${mandir}/man1/nslookup.1" + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc new file mode 100644 index 000000000..a508229a3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -0,0 +1,112 @@ +SUMMARY = "Linux Bluetooth Stack Userland V5" +DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." +HOMEPAGE = "http://www.bluez.org" +SECTION = "libs" +LICENSE = "GPLv2+ & LGPLv2.1+" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ + file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ + file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" +DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline" +PROVIDES += "bluez-hcidump" +RPROVIDES_${PN} += "bluez-hcidump" + +RCONFLICTS_${PN} = "bluez4" + +PACKAGECONFIG ??= "obex-profiles" +PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical" +PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental," + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ + file://init \ + file://run-ptest \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ + file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ +" +S = "${WORKDIR}/bluez-${PV}" + +inherit autotools-brokensep pkgconfig systemd update-rc.d distro_features_check ptest + +EXTRA_OECONF = "\ + --enable-tools \ + --disable-cups \ + --enable-test \ + --enable-datafiles \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd', '--disable-systemd', d)} \ + --enable-library \ +" + +# bluez5 builds a large number of useful utilities but does not +# install them. Specify which ones we want put into ${PN}-noinst-tools. +NOINST_TOOLS_READLINE ??= "" +NOINST_TOOLS_EXPERIMENTAL ??= "" +NOINST_TOOLS = " \ + ${NOINST_TOOLS_READLINE} \ + ${@bb.utils.contains('PACKAGECONFIG', 'experimental', '${NOINST_TOOLS_EXPERIMENTAL}', '', d)} \ +" + +do_install_append() { + install -d ${D}${INIT_D_DIR} + install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth + + install -d ${D}${sysconfdir}/bluetooth/ + if [ -f ${S}/profiles/audio/audio.conf ]; then + install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/ + fi + if [ -f ${S}/profiles/network/network.conf ]; then + install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ + fi + if [ -f ${S}/profiles/input/input.conf ]; then + install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ + fi + + # Install desired tools that upstream leaves in build area + for f in ${NOINST_TOOLS} ; do + install -m 755 ${B}/$f ${D}/${bindir} + done +} + +ALLOW_EMPTY_libasound-module-bluez = "1" +PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools" + +FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa" +FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${base_libdir}/udev/ ${nonarch_base_libdir}/udev/ ${systemd_unitdir}/ ${datadir}/dbus-1" +FILES_${PN}-dev += "\ + ${libdir}/bluetooth/plugins/*.la \ + ${libdir}/alsa-lib/*.la \ +" + +FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ + ${exec_prefix}/lib/systemd/user/obex.service \ + ${datadir}/dbus-1/services/org.bluez.obex.service \ + " +SYSTEMD_SERVICE_${PN}-obex = "obex.service" + +FILES_${PN}-testtools = "${libdir}/bluez/test/*" + +def get_noinst_tools_paths (d, bb, tools): + s = list() + bindir = d.getVar("bindir", True) + for bdp in tools.split(): + f = os.path.basename(bdp) + s.append("%s/%s" % (bindir, f)) + return "\n".join(s) + +FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS', True))}" + +RDEPENDS_${PN}-testtools += "python python-dbus python-pygobject" + +SYSTEMD_SERVICE_${PN} = "bluetooth.service" +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME_${PN} = "bluetooth" + +EXCLUDE_FROM_WORLD = "1" + +do_compile_ptest() { + oe_runmake buildtests +} + +do_install_ptest() { + cp -r ${B}/unit/ ${D}${PTEST_PATH} + rm ${D}${PTEST_PATH}/unit/*.c ${D}${PTEST_PATH}/unit/*.o +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch new file mode 100644 index 000000000..2fde7bc06 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -0,0 +1,63 @@ +From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> +Date: Sat, 12 Oct 2013 17:45:25 +0200 +Subject: [PATCH] Allow using obexd without systemd in the user session + +Not all sessions run systemd --user (actually, the majority +doesn't), so the dbus daemon must be able to spawn obexd +directly, and to do so it needs the full path of the daemon. + +Upstream-Status: Denied + +Not accepted by upstream maintainer for being a distro specific +configuration. See thread: + +http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 + +Signed-off-by: Javier Viguera <javier.viguera@digi.com> +--- + Makefile.obexd | 4 ++-- + obexd/src/org.bluez.obex.service | 4 ---- + obexd/src/org.bluez.obex.service.in | 4 ++++ + 3 files changed, 6 insertions(+), 6 deletions(-) + delete mode 100644 obexd/src/org.bluez.obex.service + create mode 100644 obexd/src/org.bluez.obex.service.in + +diff --git a/Makefile.obexd b/Makefile.obexd +index 2e33cbc72f2b..d5d858c857b4 100644 +--- a/Makefile.obexd ++++ b/Makefile.obexd +@@ -2,12 +2,12 @@ + if SYSTEMD + systemduserunitdir = @SYSTEMD_USERUNITDIR@ + systemduserunit_DATA = obexd/src/obex.service ++endif + + dbussessionbusdir = @DBUS_SESSIONBUSDIR@ + dbussessionbus_DATA = obexd/src/org.bluez.obex.service +-endif + +-EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service ++EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in + + obex_plugindir = $(libdir)/obex/plugins + +diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service +deleted file mode 100644 +index a53808884554..000000000000 +--- a/obexd/src/org.bluez.obex.service ++++ /dev/null +@@ -1,4 +0,0 @@ +-[D-BUS Service] +-Name=org.bluez.obex +-Exec=/bin/false +-SystemdService=dbus-org.bluez.obex.service +diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in +new file mode 100644 +index 000000000000..9c815f246b77 +--- /dev/null ++++ b/obexd/src/org.bluez.obex.service.in +@@ -0,0 +1,4 @@ ++[D-BUS Service] ++Name=org.bluez.obex ++Exec=@libexecdir@/obexd ++SystemdService=dbus-org.bluez.obex.service diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch new file mode 100644 index 000000000..24ddae6b6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch @@ -0,0 +1,28 @@ +From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 1 Apr 2016 17:07:34 +0300 +Subject: [PATCH] tests: add a target for building tests without running them + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + Makefile.am | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index 1a48a71..ba3b92f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -425,6 +425,9 @@ endif + TESTS = $(unit_tests) + AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 + ++# This allows building tests without running them ++buildtests: $(TESTS) ++ + if DBUS_RUN_SESSION + AM_TESTS_ENVIRONMENT += dbus-run-session -- + endif +-- +2.8.0.rc3 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init new file mode 100644 index 000000000..1606a5c66 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init @@ -0,0 +1,68 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC=bluetooth + +DAEMON=/usr/lib/bluez5/bluetooth/bluetoothd + +# If you want to be ignore error of "org.freedesktop.hostname1", +# please enable NOPLUGIN_OPTION. +# NOPLUGIN_OPTION="--noplugin=hostname" +NOPLUGIN_OPTION="" +SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION" + +test -f $DAEMON || exit 0 + +# FIXME: any of the sourced files may fail if/with syntax errors +test -f /etc/default/bluetooth && . /etc/default/bluetooth +test -f /etc/default/rcS && . /etc/default/rcS + +set -e + +case $1 in + start) + echo "Starting $DESC" + + if test "$BLUETOOTH_ENABLED" = 0; then + echo "disabled. see /etc/default/bluetooth" + exit 0 + fi + + start-stop-daemon --start --background $SSD_OPTIONS + echo "${DAEMON##*/}" + + ;; + stop) + echo "Stopping $DESC" + if test "$BLUETOOTH_ENABLED" = 0; then + echo "disabled." + exit 0 + fi + start-stop-daemon --stop $SSD_OPTIONS + echo "${DAEMON}" + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + status) + pidof ${DAEMON} >/dev/null + status=$? + if [ $status -eq 0 ]; then + echo "bluetooth is running." + else + echo "bluetooth is not running" + fi + exit $status + ;; + *) + N=/etc/init.d/bluetooth + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 + +# vim:noet diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest new file mode 100644 index 000000000..21df00c32 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest @@ -0,0 +1,31 @@ +#! /bin/sh + +cd unit + +failed=0 +all=0 + +for f in test-*; do + "./$f" + case "$?" in + 0) + echo "PASS: $f" + all=$((all + 1)) + ;; + 77) + echo "SKIP: $f" + ;; + *) + echo "FAIL: $f" + failed=$((failed + 1)) + all=$((all + 1)) + ;; + esac +done + +if [ "$failed" -eq 0 ] ; then + echo "All $all tests passed" +else + echo "$failed of $all tests failed" +fi + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb new file mode 100644 index 000000000..db20f79ff --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb @@ -0,0 +1,55 @@ +require bluez5.inc + +REQUIRED_DISTRO_FEATURES = "bluez5" + +SRC_URI[md5sum] = "33177e5743e24b2b3738f72be64e3ffb" +SRC_URI[sha256sum] = "c14ba9ddcb0055522073477b8fd8bf1ddf5d219e75fdfd4699b7e0ce5350d6b0" + +# noinst programs in Makefile.tools that are conditional on READLINE +# support +NOINST_TOOLS_READLINE ?= " \ + attrib/gatttool \ + tools/obex-client-tool \ + tools/obex-server-tool \ + tools/bluetooth-player \ + tools/obexctl \ +" + +# noinst programs in Makefile.tools that are conditional on EXPERIMENTAL +# support +NOINST_TOOLS_EXPERIMENTAL ?= " \ + emulator/btvirt \ + emulator/b1ee \ + emulator/hfp \ + tools/3dsp \ + tools/mgmt-tester \ + tools/gap-tester \ + tools/l2cap-tester \ + tools/sco-tester \ + tools/smp-tester \ + tools/hci-tester \ + tools/rfcomm-tester \ + tools/bdaddr \ + tools/avinfo \ + tools/avtest \ + tools/scotest \ + tools/amptest \ + tools/hwdb \ + tools/hcieventmask \ + tools/hcisecfilter \ + tools/btmgmt \ + tools/btinfo \ + tools/btattach \ + tools/btsnoop \ + tools/btproxy \ + tools/btiotest \ + tools/mcaptest \ + tools/cltest \ + tools/oobtest \ + tools/seq2bseq \ + tools/ibeacon \ + tools/btgatt-client \ + tools/btgatt-server \ + tools/gatt-service \ + profiles/iap/iapd \ +" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf.bb new file mode 100644 index 000000000..9a519ec86 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf.bb @@ -0,0 +1,36 @@ +SUMMARY = "Connman config to setup wired interface on qemu machines" +DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ +network interface for a qemu machine." +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +inherit systemd + +SRC_URI_append_qemuall = " file://wired.config \ + file://wired-setup \ + file://wired-connection.service \ +" +PR = "r2" + +S = "${WORKDIR}" + +PACKAGE_ARCH = "${MACHINE_ARCH}" + +FILES_${PN} = "${localstatedir}/* ${datadir}/*" + +do_install() { + #Configure Wired network interface in case of qemu* machines + if test -e ${WORKDIR}/wired.config && + test -e ${WORKDIR}/wired-setup && + test -e ${WORKDIR}/wired-connection.service; then + install -d ${D}${localstatedir}/lib/connman + install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman + install -d ${D}${datadir}/connman + install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir} + sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service + fi +} + +SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service new file mode 100644 index 000000000..48adfc08a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service @@ -0,0 +1,10 @@ +[Unit] +Description=Setup a wired interface +Before=connman.service + +[Service] +Type=oneshot +ExecStart=@SCRIPTDIR@/wired-setup + +[Install] +WantedBy=network.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup new file mode 100644 index 000000000..c46899ef3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup @@ -0,0 +1,16 @@ +#!/bin/sh + +CONFIGF=/var/lib/connman/wired.config + +# Extract wired network config from /proc/cmdline +NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'` + +# Check if eth0 is already set via kernel cmdline +if [ "x$NET_CONF" = "x" ]; then + # Wired interface is not configured via kernel cmdline + # Remove connman config file template + rm -f ${CONFIGF} +else + # Setup a connman config accordingly + sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF} +fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config new file mode 100644 index 000000000..42998ce89 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config @@ -0,0 +1,9 @@ +[global] +Name = Wired +Description = Wired network configuration + +[service_ethernet] +Type = ethernet +IPv4 = +MAC = 52:54:00:12:34:56 +Nameservers = 8.8.8.8 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch new file mode 100644 index 000000000..7957500dc --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch @@ -0,0 +1,35 @@ +From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Mon, 17 Dec 2012 14:01:18 +0200 +Subject: [PATCH] Removed icon from connman-gnome "about" applet + +The connman-gnome "about" applet showed a picture that +can not be displayed. There is no designated picture +in connman-gnome to be used in the about section, so +it was removed. + +[OE-Core #2509] + +Upstream-Status: Pending + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + applet/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/applet/main.c b/applet/main.c +index f12d371..c7b3c7f 100644 +--- a/applet/main.c ++++ b/applet/main.c +@@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data) + "comments", _("A connection manager for the GNOME desktop"), + "authors", authors, + "translator-credits", _("translator-credits"), +- "logo-icon-name", "network-wireless", NULL); ++ NULL); + } + + static void settings_callback(GtkWidget *item, gpointer user_data) +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch new file mode 100644 index 000000000..f4049fa3e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch @@ -0,0 +1,187 @@ +connman-gnome: fix dbus interface name + +This patch resolves following error: + +"connman-dbus.xml": "connman" is not a valid D-Bus interface name + +https://502552.bugs.gentoo.org/attachment.cgi?id=380652 + +Upstream-Status: Backport + +Signed-off-by: Chong Lu <Chong.Lu@windriver.com> +--- + common/connman-client.c | 24 ++++++++++++------------ + common/connman-client.h | 4 ++-- + common/connman-dbus.c | 6 +++--- + common/connman-dbus.xml | 2 +- + 4 files changed, 18 insertions(+), 18 deletions(-) + +diff --git a/common/connman-client.c b/common/connman-client.c +index c55e25c..9d818b2 100644 +--- a/common/connman-client.c ++++ b/common/connman-client.c +@@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, + + g_value_init(&value, DBUS_TYPE_G_DICTIONARY); + g_value_set_boxed(&value, ipv4); +- ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL); ++ ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL); + + g_object_unref(proxy); + +@@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, + g_value_set_boolean(&value, powered); + + error = NULL; +- connman_set_property(proxy, "Powered", &value, &error); ++ net_connman_set_property(proxy, "Powered", &value, &error); + if( error ) + fprintf (stderr, "error: %s\n", error->message); + +@@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, + } + + void connman_client_scan(ConnmanClient *client, const gchar *device, +- connman_scan_reply callback, gpointer user_data) ++ net_connman_scan_reply callback, gpointer user_data) + { + ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); + DBusGProxy *proxy; +@@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device, + if (proxy == NULL) + return; + +- connman_scan_async(proxy, callback, user_data); ++ net_connman_scan_async(proxy, callback, user_data); + + g_object_unref(proxy); + } +@@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client) + + DBG("client %p", client); + +- ret = connman_get_properties(priv->manager, &hash, NULL); ++ ret = net_connman_get_properties(priv->manager, &hash, NULL); + + if (ret == FALSE) + goto done; +@@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status) + g_value_init(&value, G_TYPE_BOOLEAN); + g_value_set_boolean(&value, status); + +- connman_set_property(priv->manager, "OfflineMode", &value, NULL); ++ net_connman_set_property(priv->manager, "OfflineMode", &value, NULL); + } + + static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, +@@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, + return TRUE; + + if (type == CONNMAN_TYPE_WIFI) +- connman_disconnect(proxy, NULL); ++ net_connman_disconnect(proxy, NULL); + + g_object_unref(proxy); + +@@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network) + if (proxy == NULL) + return; + +- connman_connect(proxy, NULL); ++ net_connman_connect(proxy, NULL); + + g_object_unref(proxy); + } + + void connman_client_connect_async(ConnmanClient *client, const gchar *network, +- connman_connect_reply callback, gpointer userdata) ++ net_connman_connect_reply callback, gpointer userdata) + { + ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); + DBusGProxy *proxy; +@@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network, + if (proxy == NULL) + goto done; + +- connman_connect_async(proxy, callback, userdata); ++ net_connman_connect_async(proxy, callback, userdata); + + done: + return; +@@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network) + if (proxy == NULL) + return; + +- connman_disconnect(proxy, NULL); ++ net_connman_disconnect(proxy, NULL); + + g_object_unref(proxy); + } +@@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network) + if (proxy == NULL) + return; + +- connman_remove(proxy, NULL); ++ net_connman_remove(proxy, NULL); + + g_object_unref(proxy); + } +diff --git a/common/connman-client.h b/common/connman-client.h +index 9e2e6d5..98241de 100644 +--- a/common/connman-client.h ++++ b/common/connman-client.h +@@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, + gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, + struct ipv4_config *ipv4_config); + void connman_client_scan(ConnmanClient *client, const gchar *device, +- connman_scan_reply callback, gpointer user_data); ++ net_connman_scan_reply callback, gpointer user_data); + + void connman_client_connect(ConnmanClient *client, const gchar *network); + void connman_client_disconnect(ConnmanClient *client, const gchar *network); + gchar *connman_client_get_security(ConnmanClient *client, const gchar *network); + void connman_client_connect_async(ConnmanClient *client, const gchar *network, +- connman_connect_reply callback, gpointer userdata); ++ net_connman_connect_reply callback, gpointer userdata); + void connman_client_set_remember(ConnmanClient *client, const gchar *network, + gboolean remember); + +diff --git a/common/connman-dbus.c b/common/connman-dbus.c +index b82b3e1..543eb43 100644 +--- a/common/connman-dbus.c ++++ b/common/connman-dbus.c +@@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn, + + DBG("getting manager properties"); + +- connman_get_properties_async(proxy, manager_properties, store); ++ net_connman_get_properties_async(proxy, manager_properties, store); + + DBG("getting technologies"); + +- connman_get_technologies_async(proxy, manager_technologies, store); ++ net_connman_get_technologies_async(proxy, manager_technologies, store); + + DBG("getting services"); + +- connman_get_services_async(proxy, manager_services, store); ++ net_connman_get_services_async(proxy, manager_services, store); + + return proxy; + } +diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml +index 56b9582..0199d52 100644 +--- a/common/connman-dbus.xml ++++ b/common/connman-dbus.xml +@@ -1,7 +1,7 @@ + <?xml version="1.0" encoding="UTF-8" ?> + + <node name="/"> +- <interface name="connman"> ++ <interface name="net.connman"> + <method name="GetProperties"> + <arg type="a{sv}" direction="out"/> + </method> +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png Binary files differnew file mode 100644 index 000000000..33247c1e2 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png Binary files differnew file mode 100644 index 000000000..a94fb952f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png Binary files differnew file mode 100644 index 000000000..b5eb405a9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png Binary files differnew file mode 100644 index 000000000..be54419fa --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png Binary files differnew file mode 100644 index 000000000..1c40ac9a1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch new file mode 100644 index 000000000..0421cda0b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch @@ -0,0 +1,36 @@ +In networks that don't have a DHCP server configured, ipv4 address +allocation fails and the ipv4 structure doesn't get populated. When +the GUI is trying to read the ipv4_config.method field to see whether +it contains "dhcp" string, a segmentation fault is generated. + +Ethernet manual configuration behavior remains unchanged after this fix. + +Upstream-Status: Pending + +Signed-off-by: Emilia Ciobanu <emilia.maria.silvia.ciobanu@intel.com> +Index: git/properties/ethernet.c +=================================================================== +--- git.orig/properties/ethernet.c ++++ git/properties/ethernet.c +@@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai + + data->button = button; + +- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) ++ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) + update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP); + else + update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL); +Index: git/properties/wifi.c +=================================================================== +--- git.orig/properties/wifi.c ++++ git/properties/wifi.c +@@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab + + data->ipv4_config = ipv4_config; + +- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) ++ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) + update_wifi_ipv4(data, CONNMAN_POLICY_DHCP); + else + update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL); diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb new file mode 100644 index 000000000..7b875f00f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -0,0 +1,29 @@ +SUMMARY = "GTK+ frontend for the ConnMan network connection manager" +HOMEPAGE = "http://connman.net/" +SECTION = "libs/network" +LICENSE = "GPLv2 & LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ + file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" + +DEPENDS = "gtk+ dbus-glib intltool-native gettext-native" + +# 0.7 tag +SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" +SRC_URI = "git://github.com/connectivity/connman-gnome.git \ + file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ + file://null_check_for_ipv4_config.patch \ + file://images/* \ + file://connman-gnome-fix-dbus-interface-name.patch \ + " + +S = "${WORKDIR}/git" + +inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check +ANY_OF_DISTRO_FEATURES = "${GTK2DISTROFEATURES}" + +RDEPENDS_${PN} = "connman" + +do_install_append() { + install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc new file mode 100644 index 000000000..c3752514c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc @@ -0,0 +1,210 @@ +SUMMARY = "A daemon for managing internet connections within embedded devices" +DESCRIPTION = "The ConnMan project provides a daemon for managing \ +internet connections within embedded devices running the Linux \ +operating system. The Connection Manager is designed to be slim and \ +to use as few resources as possible, so it can be easily integrated. \ +It is a fully modular system that can be extended, through plug-ins, \ +to support all kinds of wired or wireless technologies. Also, \ +configuration methods, like DHCP and domain name resolving, are \ +implemented using plug-ins." +HOMEPAGE = "http://connman.net/" +BUGTRACKER = "https://01.org/jira/browse/CM" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ + file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" + +inherit autotools pkgconfig systemd update-rc.d bluetooth + +DEPENDS = "dbus glib-2.0 ppp iptables readline" + +INC_PR = "r20" + +EXTRA_OECONF += "\ + ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ + ac_cv_path_PPPD=${sbindir}/pppd \ + --enable-debug \ + --enable-loopback \ + --enable-ethernet \ + --enable-tools \ + --enable-test \ + --disable-polkit \ + --enable-client \ +" +CFLAGS += "-D_GNU_SOURCE" + +PACKAGECONFIG ??= "wispr \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd','systemd', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wifi', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', '3g','3g', '', d)} \ +" + +# If you want ConnMan to support VPN, add following statement into +# local.conf or distro config +# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" + +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" +PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" +PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}" +PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" +PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," +PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" +PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" +PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,,xl2tpd" +PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" +# WISPr support for logging into hotspots, requires TLS +PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," + +INITSCRIPT_NAME = "connman" +INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." + +python __anonymous () { + systemd_packages = "${PN}" + pkgconfig = d.getVar('PACKAGECONFIG', True) + if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split(): + systemd_packages += " ${PN}-vpn" + d.setVar('SYSTEMD_PACKAGES', systemd_packages) +} + +SYSTEMD_SERVICE_${PN} = "connman.service" +SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" +SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman + sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman + fi + + install -d ${D}${bindir} + install -m 0755 ${B}/tools/*-test ${D}${bindir} + if [ -e ${B}/tools/wispr ]; then + install -m 0755 ${B}/tools/wispr ${D}${bindir} + fi + install -m 0755 ${B}/client/connmanctl ${D}${bindir} + + # We don't need to package an empty directory + rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts + + # Automake 1.12 won't install empty directories, but we need the + # plugins directory to be present for ownership + mkdir -p ${D}${libdir}/connman/plugins +} + +# These used to be plugins, but now they are core +RPROVIDES_${PN} = "\ + connman-plugin-loopback \ + connman-plugin-ethernet \ + ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ + " + +RDEPENDS_${PN} = "\ + dbus \ + " + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*" + +def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): + plugintype = pkg.split( '-' )[-1] + if plugintype in depmap: + rdepends = map(lambda x: multilib_prefix + x, \ + depmap[plugintype].split()) + d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) + if add_insane_skip: + d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") + +python populate_packages_prepend() { + depmap = dict(pppd="ppp") + multilib_prefix = (d.getVar("MLPREFIX", True) or "") + + hook = lambda file,pkg,x,y,z: \ + add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False) + plugin_dir = d.expand('${libdir}/connman/plugins/') + plugin_name = d.expand('${PN}-plugin-%s') + do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True ) + + hook = lambda file,pkg,x,y,z: \ + add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True) + plugin_dir = d.expand('${libdir}/connman/plugins-vpn/') + plugin_name = d.expand('${PN}-plugin-vpn-%s') + do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True ) +} + +PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" + +FILES_${PN}-tools = "${bindir}/wispr" +RDEPENDS_${PN}-tools ="${PN}" + +FILES_${PN}-tests = "${bindir}/*-test ${libdir}/${BPN}/test/*" +RDEPENDS_${PN}-tests = "python-dbus python-pygobject python-textutils python-subprocess python-fcntl python-netclient \ + ${PN} \ +" + +FILES_${PN}-client = "${bindir}/connmanctl" +RDEPENDS_${PN}-client ="${PN}" + +FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ + ${libdir}/connman/plugins \ + ${sysconfdir} ${sharedstatedir} ${localstatedir} \ + ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ + ${datadir}/dbus-1/system-services/* \ + ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" + +FILES_${PN}-dev += "${libdir}/connman/*/*.la" + +PACKAGES =+ "${PN}-vpn ${PN}-wait-online" + +SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" +DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ +managing VPN connections within embedded devices running the Linux \ +operating system. The connman-vpnd handles all the VPN connections \ +and starts/stops VPN client processes when necessary. The connman-vpnd \ +provides a DBus API for managing VPN connections. All the different \ +VPN technogies are implemented using plug-ins." +FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ + ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ + ${datadir}/dbus-1/system-services/net.connman.vpn.service \ + ${systemd_unitdir}/system/connman-vpn.service" + +SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" +DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ +the system waits until a network connection is established." +FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ + ${systemd_unitdir}/system/connman-wait-online.service" + +SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" +DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ +to create a VPN connection to OpenVPN server." +FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ + ${libdir}/connman/plugins-vpn/openvpn.so" +RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" +RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" + +SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" +DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ +to create a VPN connection to Cisco3000 VPN Concentrator." +FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ + ${libdir}/connman/plugins-vpn/vpnc.so" +RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" +RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" + +SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" +DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ +to create a VPN connection to L2TP server." +FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ + ${libdir}/connman/plugins-vpn/l2tp.so" +RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" +RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" + +SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" +DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ +to create a VPN connection to PPTP server." +FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ + ${libdir}/connman/plugins-vpn/pptp.so" +RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" +RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch new file mode 100644 index 000000000..5dc6fd634 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch @@ -0,0 +1,55 @@ +From 00d4447395725abaa651e12ed40095081e04011e Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 13 Sep 2015 13:22:01 -0700 +Subject: [PATCH 1/3] Detect backtrace() API availability before using it + +C libraries besides glibc do not have backtrace() implemented + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + configure.ac | 2 ++ + src/log.c | 5 ++--- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 69c0eeb..90099f2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -171,6 +171,8 @@ fi + AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no") + AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin") + ++AC_CHECK_HEADERS([execinfo.h]) ++ + AC_CHECK_HEADERS(resolv.h, dummy=yes, + AC_MSG_ERROR(resolver header files are required)) + AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [ +diff --git a/src/log.c b/src/log.c +index a693bd0..5b40c1f 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -30,7 +30,6 @@ + #include <stdlib.h> + #include <string.h> + #include <syslog.h> +-#include <execinfo.h> + #include <dlfcn.h> + + #include "connman.h" +@@ -215,9 +214,9 @@ static void print_backtrace(unsigned int offset) + static void signal_handler(int signo) + { + connman_error("Aborting (signal %d) [%s]", signo, program_exec); +- ++#ifdef HAVE_EXECINFO_H + print_backtrace(2); +- ++#endif /* HAVE_EXECINFO_H */ + exit(EXIT_FAILURE); + } + +-- +2.5.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch new file mode 100644 index 000000000..1b5a3e440 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch @@ -0,0 +1,42 @@ +From acea08a0e4234a4c1a87bedc087c73ff36de0c7b Mon Sep 17 00:00:00 2001 +From: Wu Zheng <wu.zheng@intel.com> +Date: Thu, 28 Jan 2016 18:04:17 +0800 +Subject: [PATCH] iptables: Add missing function item of xtables to match + iptables 1.6 + +The struct of xtables_globals has been modified in iptables 1.6. +If connman runs with iptables 1.6, it can crash. + +Program received signal SIGSEGV, Segmentation fault. +0x00000000 in ?? () +0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11 +0xb7deac1c in ?? () from /usr/lib/libxtables.so.11 +0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11 + +The the missing function item of xtables is added to xtables_globals. + +Upstream-Status: Backport + +Signed-off-by: Maxin B. John <maxin.john@intel.com> +Signed-off-by: Wu Zheng <wu.zheng@intel.com> +--- + src/iptables.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/iptables.c b/src/iptables.c +index bc0c763..5ef757a 100644 +--- a/src/iptables.c ++++ b/src/iptables.c +@@ -1566,6 +1566,9 @@ struct xtables_globals iptables_globals = { + .option_offset = 0, + .opts = iptables_opts, + .orig_opts = iptables_opts, ++#if XTABLES_VERSION_CODE > 10 ++ .compat_rev = xtables_compatible_revision, ++#endif + }; + + static struct xtables_target *prepare_target(struct connman_iptables *table, +-- +2.4.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch new file mode 100644 index 000000000..e6f03e632 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch @@ -0,0 +1,35 @@ +From 4ddaf78dad5a9ee4a0658235f71b75132192123e Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 7 Apr 2012 18:52:12 -0700 +Subject: [PATCH] plugin.h: Change visibility to default for debug symbols + +gold refuses to link in undefined weak symbols which +have hidden visibility + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + + +Upstream-Status: Pending +--- + include/plugin.h | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/plugin.h b/include/plugin.h +index 692a4e5..a9361c3 100644 +--- a/include/plugin.h ++++ b/include/plugin.h +@@ -89,9 +89,9 @@ struct connman_plugin_desc { + #else + #define CONNMAN_PLUGIN_DEFINE(name, description, version, priority, init, exit) \ + extern struct connman_debug_desc __start___debug[] \ +- __attribute__ ((weak, visibility("hidden"))); \ ++ __attribute__ ((weak, visibility("default"))); \ + extern struct connman_debug_desc __stop___debug[] \ +- __attribute__ ((weak, visibility("hidden"))); \ ++ __attribute__ ((weak, visibility("default"))); \ + extern struct connman_plugin_desc connman_plugin_desc \ + __attribute__ ((visibility("default"))); \ + struct connman_plugin_desc connman_plugin_desc = { \ +-- +1.7.5.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch new file mode 100644 index 000000000..059342771 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -0,0 +1,77 @@ +From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 6 Apr 2015 23:02:21 -0700 +Subject: [PATCH 2/3] resolve: musl does not implement res_ninit + +ported from +http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + gweb/gresolv.c | 33 ++++++++++++--------------------- + 1 file changed, 12 insertions(+), 21 deletions(-) + +diff --git a/gweb/gresolv.c b/gweb/gresolv.c +index 5cf7a9a..3ad8e70 100644 +--- a/gweb/gresolv.c ++++ b/gweb/gresolv.c +@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index) + resolv->index = index; + resolv->nameserver_list = NULL; + +- res_ninit(&resolv->res); +- + return resolv; + } + +@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv) + + flush_nameservers(resolv); + +- res_nclose(&resolv->res); +- + g_free(resolv); + } + +@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, + debug(resolv, "hostname %s", hostname); + + if (!resolv->nameserver_list) { +- int i; +- +- for (i = 0; i < resolv->res.nscount; i++) { +- char buf[100]; +- int family = resolv->res.nsaddr_list[i].sin_family; +- void *sa_addr = &resolv->res.nsaddr_list[i].sin_addr; +- +- if (family != AF_INET && +- resolv->res._u._ext.nsaddrs[i]) { +- family = AF_INET6; +- sa_addr = &resolv->res._u._ext.nsaddrs[i]->sin6_addr; ++ FILE *f = fopen("/etc/resolv.conf", "r"); ++ if (f) { ++ char line[256], *s; ++ int i; ++ while (fgets(line, sizeof(line), f)) { ++ if (strncmp(line, "nameserver", 10) || !isspace(line[10])) ++ continue; ++ for (s = &line[11]; isspace(s[0]); s++); ++ for (i = 0; s[i] && !isspace(s[i]); i++); ++ s[i] = 0; ++ g_resolv_add_nameserver(resolv, s, 53, 0); + } +- +- if (family != AF_INET && family != AF_INET6) +- continue; +- +- if (inet_ntop(family, sa_addr, buf, sizeof(buf))) +- g_resolv_add_nameserver(resolv, buf, 53, 0); ++ fclose(f); + } + + if (!resolv->nameserver_list) +-- +2.5.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch new file mode 100644 index 000000000..eefc6834b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch @@ -0,0 +1,118 @@ +From 67645a01a2f3f52625d8dd77f2811a9e213e1b7d Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 13 Sep 2015 13:28:20 -0700 +Subject: [PATCH] Fix header inclusions for musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + gweb/gresolv.c | 1 + + plugins/wifi.c | 3 +-- + src/tethering.c | 2 -- + tools/dhcp-test.c | 1 - + tools/dnsproxy-test.c | 1 + + 5 files changed, 3 insertions(+), 5 deletions(-) + +Index: connman-1.30/gweb/gresolv.c +=================================================================== +--- connman-1.30.orig/gweb/gresolv.c ++++ connman-1.30/gweb/gresolv.c +@@ -28,6 +28,7 @@ + #include <stdarg.h> + #include <string.h> + #include <stdlib.h> ++#include <stdio.h> + #include <resolv.h> + #include <sys/types.h> + #include <sys/socket.h> +Index: connman-1.30/plugins/wifi.c +=================================================================== +--- connman-1.30.orig/plugins/wifi.c ++++ connman-1.30/plugins/wifi.c +@@ -30,9 +30,8 @@ + #include <string.h> + #include <sys/ioctl.h> + #include <sys/socket.h> +-#include <linux/if_arp.h> +-#include <linux/wireless.h> + #include <net/ethernet.h> ++#include <linux/wireless.h> + + #ifndef IFF_LOWER_UP + #define IFF_LOWER_UP 0x10000 +Index: connman-1.30/src/tethering.c +=================================================================== +--- connman-1.30.orig/src/tethering.c ++++ connman-1.30/src/tethering.c +@@ -31,10 +31,8 @@ + #include <stdio.h> + #include <sys/ioctl.h> + #include <net/if.h> +-#include <linux/sockios.h> + #include <string.h> + #include <fcntl.h> +-#include <linux/if_tun.h> + #include <netinet/in.h> + #include <linux/if_bridge.h> + +Index: connman-1.30/tools/dhcp-test.c +=================================================================== +--- connman-1.30.orig/tools/dhcp-test.c ++++ connman-1.30/tools/dhcp-test.c +@@ -33,7 +33,6 @@ + #include <arpa/inet.h> + #include <net/route.h> + #include <net/ethernet.h> +-#include <linux/if_arp.h> + + #include <gdhcp/gdhcp.h> + +Index: connman-1.30/tools/dnsproxy-test.c +=================================================================== +--- connman-1.30.orig/tools/dnsproxy-test.c ++++ connman-1.30/tools/dnsproxy-test.c +@@ -27,6 +27,7 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> ++#include <stdio.h> + #include <arpa/inet.h> + #include <netinet/in.h> + #include <sys/types.h> +Index: connman-1.30/configure.ac +=================================================================== +--- connman-1.30.orig/configure.ac ++++ connman-1.30/configure.ac +@@ -173,6 +173,8 @@ AM_CONDITIONAL(PPTP_BUILTIN, test "${ena + + AC_CHECK_HEADERS([execinfo.h]) + ++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]]) ++ + AC_CHECK_HEADERS(resolv.h, dummy=yes, + AC_MSG_ERROR(resolver header files are required)) + AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [ +Index: connman-1.30/gdhcp/common.h +=================================================================== +--- connman-1.30.orig/gdhcp/common.h ++++ connman-1.30/gdhcp/common.h +@@ -19,6 +19,7 @@ + * + */ + ++#include <config.h> + #include <netinet/udp.h> + #include <netinet/ip.h> + +@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths + [OPTION_U32] = 4, + }; + +-/* already defined within netinet/in.h if using GNU compiler */ +-#ifndef __USE_GNU ++/* already defined within netinet/in.h if using GNU or musl libc */ ++#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR + struct in6_pktinfo { + struct in6_addr ipi6_addr; /* src/dst IPv6 address */ + unsigned int ipi6_ifindex; /* send/recv interface index */ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/connman b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/connman new file mode 100644 index 000000000..c64fa0d71 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/connman @@ -0,0 +1,83 @@ +#!/bin/sh + +DAEMON=/usr/sbin/connmand +PIDFILE=/var/run/connmand.pid +DESC="Connection Manager" + +if [ -f /etc/default/connman ] ; then + . /etc/default/connman +fi + +set -e + +nfsroot=0 + +exec 9<&0 < /proc/mounts +while read dev mtpt fstype rest; do + if test $mtpt = "/" ; then + case $fstype in + nfs | nfs4) + nfsroot=1 + break + ;; + *) + ;; + esac + fi +done + +do_start() { + EXTRA_PARAM="" + if test $nfsroot -eq 1 ; then + NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'` + NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'` + + if [ ! -z "$NET_ADDR" ]; then + if [ "$NET_ADDR" = dhcp ]; then + ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"` + if [ ! -z "$ethn" ]; then + EXTRA_PARAM="-I $ethn" + fi + else + for i in $NET_DEVS; do + ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'` + if [ "$NET_ADDR" = "$ADDR" ]; then + EXTRA_PARAM="-I $i" + break + fi + done + fi + fi + fi + if [ -f @DATADIR@/connman/wired-setup ] ; then + . @DATADIR@/connman/wired-setup + fi + $DAEMON $EXTRA_PARAM +} + +do_stop() { + start-stop-daemon --stop --name connmand --quiet +} + +case "$1" in + start) + echo "Starting $DESC" + do_start + ;; + stop) + echo "Stopping $DESC" + do_stop + ;; + restart|force-reload) + echo "Restarting $DESC" + do_stop + sleep 1 + do_start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb new file mode 100644 index 000000000..e71d2218a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb @@ -0,0 +1,15 @@ +require connman.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-Detect-backtrace-API-availability-before-using-it.patch \ + file://0002-resolve-musl-does-not-implement-res_ninit.patch \ + file://0003-Fix-header-inclusions-for-musl.patch \ + file://0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch \ + file://connman \ + " +SRC_URI[md5sum] = "cb1c413fcc4f49430294bbd7a92f5f3c" +SRC_URI[sha256sum] = "88fcf0b6df334796b90e2fd2e434d6f5b36cd6f13b886a119b8c90276b72b8e2" + +RRECOMMENDS_${PN} = "connman-conf" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc new file mode 100644 index 000000000..5e396f159 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -0,0 +1,127 @@ +SECTION = "console/network" +SUMMARY = "Internet Software Consortium DHCP package" +DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \ +which allows individual devices on an IP network to get their own \ +network configuration information from a server. DHCP helps make it \ +easier to administer devices." + +HOMEPAGE = "http://www.isc.org/" + +LICENSE = "ISC" +LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753" + +DEPENDS = "openssl bind" + +SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ + file://define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ + file://init-relay file://default-relay \ + file://init-server file://default-server \ + file://dhclient.conf file://dhcpd.conf \ + file://dhcpd.service file://dhcrelay.service \ + file://dhcpd6.service \ + file://search-for-libxml2.patch " + +UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/" +UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/" + +inherit autotools systemd useradd update-rc.d + +USERADD_PACKAGES = "${PN}-server" +USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${PN} --shell /bin/false --user-group ${PN}" + +SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay" +SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service" +SYSTEMD_AUTO_ENABLE_${PN}-server = "disable" + +SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service" +SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable" + +INITSCRIPT_PACKAGES = "dhcp-server" +INITSCRIPT_NAME_dhcp-server = "dhcp-server" +INITSCRIPT_PARAMS_dhcp-server = "defaults" + +TARGET_CFLAGS += "-D_GNU_SOURCE" +EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ + --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \ + --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \ + --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ + --with-libbind=${STAGING_LIBDIR}/ \ + --enable-paranoia \ + " + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -d ${D}${sysconfdir}/default + install -d ${D}${sysconfdir}/dhcp + install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay + install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay + install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server + install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server + + rm -f ${D}${sysconfdir}/dhclient.conf* + rm -f ${D}${sysconfdir}/dhcpd.conf* + install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf + install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf + + install -d ${D}${base_sbindir}/ + if [ "${sbindir}" != "${base_sbindir}" ]; then + mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/ + fi + install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script + + # Install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service + sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service + sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service +} + +PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" + +FILES_${PN} = "" +RDEPENDS_${PN}-dev = "" +RDEPENDS_${PN}-staticdev = "" + +FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server" +RRECOMMENDS_${PN}-server = "dhcp-server-config" + +FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf" + +FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay" + +FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf" +RDEPENDS_${PN}-client = "bash" + +FILES_${PN}-omshell = "${bindir}/omshell" + +pkg_postinst_dhcp-server() { + mkdir -p $D/${localstatedir}/lib/dhcp + touch $D/${localstatedir}/lib/dhcp/dhcpd.leases + touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases +} + +pkg_postinst_dhcp-client() { + mkdir -p $D/${localstatedir}/lib/dhcp +} + +pkg_postrm_dhcp-server() { + rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases + rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases + + if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then + echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." + fi +} + +pkg_postrm_dhcp-client() { + rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases + rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases + + if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then + echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." + fi +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch new file mode 100644 index 000000000..434421230 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch @@ -0,0 +1,25 @@ +Upstream-Status: Inappropriate [configuration] + +Subject: [PATCH] site.h: enable gentle shutdown + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + includes/site.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/includes/site.h b/includes/site.h +index 73fa4e8..9c33de3 100644 +--- a/includes/site.h ++++ b/includes/site.h +@@ -280,7 +280,7 @@ + situations. We plan to revisit this feature and may + make non-backwards compatible changes including the + removal of this define. Use at your own risk. */ +-/* #define ENABLE_GENTLE_SHUTDOWN */ ++#define ENABLE_GENTLE_SHUTDOWN + + /* Include old error codes. This is provided in case you + are building an external program similar to omshell for +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch new file mode 100644 index 000000000..923d5d5c5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch @@ -0,0 +1,99 @@ +Solves CVE-2015-8605 that caused DoS when an invalid lenght field in IPv4 UDP +was recived by the server. + +Upstream-Status: Backport +CVE: CVE-2015-8605 + +Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> + +======================================================================= +diff --git a/common/packet.c b/common/packet.c +index b530432..e600e37 100644 +--- a/common/packet.c ++++ b/common/packet.c +@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf, bufix, from) + } + } + +-/* UDP header and IP header decoded together for convenience. */ ++/*! ++ * ++ * \brief UDP header and IP header decoded together for convenience. ++ * ++ * Attempt to decode the UDP and IP headers and, if necessary, checksum ++ * the packet. ++ * ++ * \param inteface - the interface on which the packet was recevied ++ * \param buf - a pointer to the buffer for the received packet ++ * \param bufix - where to start processing the buffer, previous ++ * routines may have processed parts of the buffer already ++ * \param from - space to return the address of the packet sender ++ * \param buflen - remaining length of the buffer, this will have been ++ * decremented by bufix by the caller ++ * \param rbuflen - space to return the length of the payload from the udp ++ * header ++ * \param csum_ready - indication if the checksum is valid for use ++ * non-zero indicates the checksum should be validated ++ * ++ * \return - the index to the first byte of the udp payload (that is the ++ * start of the DHCP packet ++ */ + + ssize_t + decode_udp_ip_header(struct interface_info *interface, +@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_info *interface, + unsigned char *data; + struct ip ip; + struct udphdr udp; +- unsigned char *upp, *endbuf; ++ unsigned char *upp; + u_int32_t ip_len, ulen, pkt_len; + static unsigned int ip_packets_seen = 0; + static unsigned int ip_packets_bad_checksum = 0; +@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_info *interface, + static unsigned int udp_packets_length_overflow = 0; + unsigned len; + +- /* Designate the end of the input buffer for bounds checks. */ +- endbuf = buf + bufix + buflen; +- + /* Assure there is at least an IP header there. */ +- if ((buf + bufix + sizeof(ip)) > endbuf) ++ if (sizeof(ip) > buflen) + return -1; + + /* Copy the IP header into a stack aligned structure for inspection. +@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_info *interface, + ip_len = (*upp & 0x0f) << 2; + upp += ip_len; + +- /* Check the IP packet length. */ ++ /* Check packet lengths are within the buffer: ++ * first the ip header (ip_len) ++ * then the packet length from the ip header (pkt_len) ++ * then the udp header (ip_len + sizeof(udp) ++ * We are liberal in what we accept, the udp payload should fit within ++ * pkt_len, but we only check against the full buffer size. ++ */ + pkt_len = ntohs(ip.ip_len); +- if (pkt_len > buflen) +- return -1; +- +- /* Assure after ip_len bytes that there is enough room for a UDP header. */ +- if ((upp + sizeof(udp)) > endbuf) ++ if ((ip_len > buflen) || ++ (pkt_len > buflen) || ++ ((ip_len + sizeof(udp)) > buflen)) + return -1; + + /* Copy the UDP header into a stack aligned structure for inspection. */ +@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_info *interface, + return -1; + + udp_packets_length_checked++; +- if ((upp + ulen) > endbuf) { ++ /* verify that the payload length from the udp packet fits in the buffer */ ++ if ((ip_len + ulen) > buflen) { + udp_packets_length_overflow++; + if (((udp_packets_length_checked > 4) && + (udp_packets_length_overflow != 0)) && diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch new file mode 100644 index 000000000..4836dbc2a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch @@ -0,0 +1,65 @@ +From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001 +From: Catalin Enache <catalin.enache@windriver.com> +Date: Tue, 12 Apr 2016 18:23:31 +0300 +Subject: [PATCH] Add patch to limit the value of an fd we accept for a + connection. + +By limiting the highest value we accept for an fd we limit the number +of connections. + +Upstream-Status: Backport +CVE: CVE-2016-2774 + +Author: Shawn Routhier <sar@isc.org> +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + includes/site.h | 6 ++++++ + omapip/listener.c | 9 +++++++-- + 3 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/includes/site.h b/includes/site.h +index 9c33de3..df020c8 100644 +--- a/includes/site.h ++++ b/includes/site.h +@@ -290,6 +290,12 @@ + this option will be removed at some time. */ + /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */ + ++/* Limit the value of a file descriptor the serve will use ++ when accepting a connecting request. This can be used to ++ limit the number of TCP connections that the server will ++ allow at one time. A value of 0 means there is no limit.*/ ++#define MAX_FD_VALUE 200 ++ + /* Include definitions for various options. In general these + should be left as is, but if you have already defined one + of these and prefer your definition you can comment the +diff --git a/omapip/listener.c b/omapip/listener.c +index 8bdcdbd..61473cf 100644 +--- a/omapip/listener.c ++++ b/omapip/listener.c +@@ -3,7 +3,7 @@ + Subroutines that support the generic listener object. */ + + /* +- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") ++ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1999-2003 by Internet Software Consortium + * +@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h) + return ISC_R_NORESOURCES; + return ISC_R_UNEXPECTED; + } +- ++ ++ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) { ++ close(socket); ++ return (ISC_R_NORESOURCES); ++ } ++ + #if defined (TRACING) + /* If we're recording a trace, remember the connection. */ + if (trace_record ()) { +-- +2.7.4 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch new file mode 100644 index 000000000..32bdaf08e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch @@ -0,0 +1,26 @@ +define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + includes/site.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/includes/site.h b/includes/site.h +index d87b309..17bc40d 100644 +--- a/includes/site.h ++++ b/includes/site.h +@@ -139,7 +139,8 @@ + /* Define this if you want the dhcpd.conf file to go somewhere other than + the default location. By default, it goes in /etc/dhcpd.conf. */ + +-/* #define _PATH_DHCPD_CONF "/etc/dhcpd.conf" */ ++#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" ++#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" + + /* Network API definitions. You do not need to choose one of these - if + you don't choose, one will be chosen for you in your system's config +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch new file mode 100644 index 000000000..47ea5554b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch @@ -0,0 +1,70 @@ +dhcp-client: fix invoke dhclient-script failed on Read-only file system + +In read-only file system, '/etc' is on the readonly partition, +and '/etc/resolv.conf' is symlinked to a separate writable +partition. + +In this situation, we should use shell variable to instead of +temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'. + +Upstream-Status: Pending +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + client/scripts/linux | 20 +++++++++----------- + 1 file changed, 9 insertions(+), 11 deletions(-) + +diff --git a/client/scripts/linux b/client/scripts/linux +--- a/client/scripts/linux ++++ b/client/scripts/linux +@@ -27,27 +27,25 @@ ip=/sbin/ip + + make_resolv_conf() { + if [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient +- chmod 644 /etc/resolv.conf.dhclient ++ resolv_conf="" + if [ x"$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient ++ resolv_conf="search ${new_domain_search}\n" + elif [ x"$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ resolv_conf="search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >>/etc/resolv.conf.dhclient ++ resolv_conf="${resolv_conf}nameserver ${nameserver}\n" + done + +- mv /etc/resolv.conf.dhclient /etc/resolv.conf ++ echo -e "${resolv_conf}" > /etc/resolv.conf + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- cat /dev/null > /etc/resolv.conf.dhclient6 +- chmod 644 /etc/resolv.conf.dhclient6 ++ resolv_conf="" + + if [ "x${new_dhcp6_domain_search}" != x ] ; then +- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ++ resolv_conf="search ${new_dhcp6_domain_search}\n" + fi + shopt -s nocasematch + for nameserver in ${new_dhcp6_name_servers} ; do +@@ -59,11 +57,11 @@ make_resolv_conf() { + else + zone_id= + fi +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n" + done + shopt -u nocasematch + +- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ++ echo -e "${resolv_conf}" > /etc/resolv.conf + fi + } + +-- +1.8.1.2 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch new file mode 100644 index 000000000..b4a666d10 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch @@ -0,0 +1,86 @@ +Upstream-Status: Inappropriate [distribution] + +--- client/scripts/bsdos ++++ client/scripts/bsdos +@@ -47,6 +47,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +--- client/scripts/freebsd ++++ client/scripts/freebsd +@@ -57,6 +57,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +--- client/scripts/linux ++++ client/scripts/linux +@@ -69,6 +69,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +--- client/scripts/netbsd ++++ client/scripts/netbsd +@@ -47,6 +47,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +--- client/scripts/openbsd ++++ client/scripts/openbsd +@@ -47,6 +47,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + +--- client/scripts/solaris ++++ client/scripts/solaris +@@ -47,6 +47,11 @@ + . /etc/dhcp/dhclient-exit-hooks + fi + # probably should do something with exit status of the local script ++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then ++ dbus-send --system --dest=com.redhat.dhcp \ ++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ ++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" ++ fi + exit $exit_status + } + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch new file mode 100644 index 000000000..956c5d8b5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch @@ -0,0 +1,115 @@ +Upstream-Status: Pending + +11/30/2010 +--with-libbind=PATH is available but not used by Makefile, +this patch is to allow building with external bind + +Signed-off-by: Qing He <qing.he@intel.com> + +Rebase the patch to 4.3.3 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- +diff --git a/Makefile.am b/Makefile.am +--- a/Makefile.am ++++ b/Makefile.am +@@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \ + bind/Makefile.in bind/bind.tar.gz bind/version.tmp \ + common/tests/Atffile server/tests/Atffile + +-SUBDIRS = bind includes tests common omapip client dhcpctl relay server ++SUBDIRS = includes tests common omapip client dhcpctl relay server + + nobase_include_HEADERS = dhcpctl/dhcpctl.h + +diff --git a/client/Makefile.am b/client/Makefile.am +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -10,8 +10,8 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ + scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ + scripts/netbsd scripts/nextstep scripts/openbsd \ + scripts/solaris scripts/openwrt +-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \ +- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(libbind)/libirs.a \ ++ $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a + man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 + EXTRA_DIST = $(man_MANS) + +diff --git a/configure.ac b/configure.ac +--- a/configure.ac ++++ b/configure.ac +@@ -623,6 +623,7 @@ no) + fi + ;; + esac ++AC_SUBST([libbind]) + + # OpenLDAP support. + AC_ARG_WITH(ldap, +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -6,12 +6,12 @@ EXTRA_DIST = $(man_MANS) + + omshell_SOURCES = omshell.c + omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++ $(libbind)/libirs.a $(libbind)/libdns.a \ ++ $(libbind)/libisccfg.a $(libbind)/libisc.a + + libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c + + cltest_SOURCES = cltest.c + cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++ $(libbind)/libirs.a $(libbind)/libdns.a \ ++ $(libbind)/libisccfg.a $(libbind)/libisc.a +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -10,6 +10,6 @@ man_MANS = omapi.3 + EXTRA_DIST = $(man_MANS) + + svtest_SOURCES = test.c +-svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++svtest_LDADD = libomapi.a $(libbind)/libirs.a $(libbind)/libdns.a \ ++ $(libbind)/libisccfg.a $(libbind)/libisc.a + +diff --git a/relay/Makefile.am b/relay/Makefile.am +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -3,8 +3,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c + dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../bind/lib/libirs.a ../bind/lib/libdns.a \ +- ../bind/lib/libisccfg.a ../bind/lib/libisc.a ++ $(libbind)/libirs.a $(libbind)/libdns.a \ ++ $(libbind)/libisccfg.a $(libbind)/libisc.a + man_MANS = dhcrelay.8 + EXTRA_DIST = $(man_MANS) + +diff --git a/server/Makefile.am b/server/Makefile.am +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -14,10 +14,12 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ + + dhcpd_CFLAGS = $(LDAP_CFLAGS) + dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ +- ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \ +- ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a \ ++ ../dhcpctl/libdhcpctl.a $(libbind)/libirs.a \ ++ $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a \ + $(LDAP_LIBS) + ++ dhcpd_CFLAGS = $(LDAP_CFLAGS) ++ + man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 + EXTRA_DIST = $(man_MANS) + +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch new file mode 100644 index 000000000..b3f8fdb0a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch @@ -0,0 +1,89 @@ +Fix out of tree builds + +Upstream-Status: Pending + +RP 2013/03/21 + +Rebase to 4.3.1 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- +diff --git a/client/Makefile.am b/client/Makefile.am +index 8411960..1740f72 100644 +--- a/client/Makefile.am ++++ b/client/Makefile.am +@@ -4,6 +4,8 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + ++AM_CPPFLAGS = -I$(top_srcdir)/includes ++ + dist_sysconf_DATA = dhclient.conf.example + sbin_PROGRAMS = dhclient + dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ +@@ -17,8 +19,8 @@ EXTRA_DIST = $(man_MANS) + + dhclient.o: dhclient.c + $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ +- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c ++ -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhclient.c + + dhc6.o: dhc6.c + $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ +- -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c ++ -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhc6.c +diff --git a/common/Makefile.am b/common/Makefile.am +index eddef05..5ce045f 100644 +--- a/common/Makefile.am ++++ b/common/Makefile.am +@@ -1,4 +1,4 @@ +-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' ++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' + AM_CFLAGS = $(LDAP_CFLAGS) + + noinst_LIBRARIES = libdhcp.a +diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am +index 2987a53..cd72d75 100644 +--- a/dhcpctl/Makefile.am ++++ b/dhcpctl/Makefile.am +@@ -1,3 +1,5 @@ ++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) ++ + bin_PROGRAMS = omshell + lib_LIBRARIES = libdhcpctl.a + noinst_PROGRAMS = cltest +diff --git a/omapip/Makefile.am b/omapip/Makefile.am +index 5074479..9c0fab3 100644 +--- a/omapip/Makefile.am ++++ b/omapip/Makefile.am +@@ -1,3 +1,5 @@ ++AM_CPPFLAGS = -I$(top_srcdir)/includes ++ + lib_LIBRARIES = libomapi.a + noinst_PROGRAMS = svtest + +diff --git a/relay/Makefile.am b/relay/Makefile.am +index ec72a31..f842071 100644 +--- a/relay/Makefile.am ++++ b/relay/Makefile.am +@@ -1,4 +1,4 @@ +-AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' ++AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes + + sbin_PROGRAMS = dhcrelay + dhcrelay_SOURCES = dhcrelay.c +diff --git a/server/Makefile.am b/server/Makefile.am +index a446f0b..d0b873a 100644 +--- a/server/Makefile.am ++++ b/server/Makefile.am +@@ -4,7 +4,7 @@ + # production code. Sadly, we are not there yet. + SUBDIRS = . tests + +-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' ++AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes + + dist_sysconf_DATA = dhcpd.conf.example + sbin_PROGRAMS = dhcpd +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch new file mode 100644 index 000000000..57e10b029 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch @@ -0,0 +1,25 @@ +Author: Andrei Gherzan <andrei@gherzan.ro> +Date: Thu Feb 2 23:59:11 2012 +0200 + +From 4.2.0 final release, -lcrypto check was removed and we compile static libraries +from bind that are linked to libcrypto. This is why i added a patch in order to add +-lcrypto to LIBS. + +Signed-off-by: Andrei Gherzan <andrei@gherzan.ro> +Upstream-Status: Pending + +Index: dhcp-4.2.3-P2-r0/dhcp-4.2.3-P2/configure.ac +=================================================================== +--- dhcp-4.2.3-P2.orig/configure.ac 2012-02-02 18:04:20.843023196 +0200 ++++ dhcp-4.2.3-P2/configure.ac 2012-02-02 17:58:16.000000000 +0200 +@@ -456,6 +456,10 @@ + # Look for optional headers. + AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) + ++# find an MD5 library ++AC_SEARCH_LIBS(MD5_Init, [crypto]) ++AC_SEARCH_LIBS(MD5Init, [crypto]) ++ + # Solaris needs some libraries for functions + AC_SEARCH_LIBS(socket, [socket]) + AC_SEARCH_LIBS(inet_ntoa, [nsl]) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch new file mode 100644 index 000000000..61dd6a718 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch @@ -0,0 +1,176 @@ +Found this patch here: +https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html + +and made some adjustments/updates to make it work with this version. +Wasn't able to find that why this patch was not accepted by ISC DHCP developers. + +Upstream-Status: Pending + +Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> + +--- dhcp-4.2.5-P1/client/scripts/linux.orig 2013-09-04 12:22:55.000000000 +0500 ++++ dhcp-4.2.5-P1/client/scripts/linux 2013-09-04 12:52:19.068761518 +0500 +@@ -103,17 +103,11 @@ + if [ x$old_broadcast_address != x ]; then + old_broadcast_arg="broadcast $old_broadcast_address" + fi +-if [ x$new_subnet_mask != x ]; then +- new_subnet_arg="netmask $new_subnet_mask" +-fi +-if [ x$old_subnet_mask != x ]; then +- old_subnet_arg="netmask $old_subnet_mask" +-fi +-if [ x$alias_subnet_mask != x ]; then +- alias_subnet_arg="netmask $alias_subnet_mask" ++if [ -n "$new_subnet_mask" ]; then ++ new_mask="/$new_subnet_mask" + fi +-if [ x$new_interface_mtu != x ]; then +- mtu_arg="mtu $new_interface_mtu" ++if [ -n "$alias_subnet_mask" ]; then ++ alias_mask="/$alias_subnet_mask" + fi + if [ x$IF_METRIC != x ]; then + metric_arg="metric $IF_METRIC" +@@ -127,9 +121,9 @@ + if [ x$reason = xPREINIT ]; then + if [ x$alias_ip_address != x ]; then + # Bring down alias interface. Its routes will disappear too. +- ifconfig $interface:0- inet 0 ++ ${ip} -4 addr flush dev ${interface} label ${interface}:0 + fi +- ifconfig $interface 0 up ++ ${ip} link set dev ${interface} up + + # We need to give the kernel some time to get the interface up. + sleep 1 +@@ -156,25 +150,30 @@ + if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \ + [ x$alias_ip_address != x$old_ip_address ]; then + # Possible new alias. Remove old alias. +- ifconfig $interface:0- inet 0 ++ ${ip} -4 addr flush dev ${interface} label ${interface}:0 + fi + if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then + # IP address changed. Bringing down the interface will delete all routes, + # and clear the ARP cache. +- ifconfig $interface inet 0 down ++ ${ip} -4 addr flush dev ${interface} label ${interface} + + fi + if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \ + [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then + +- ifconfig $interface inet $new_ip_address $new_subnet_arg \ +- $new_broadcast_arg $mtu_arg ++ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \ ++ dev ${interface} label ${interface} ++ if [ -n "$new_interface_mtu" ]; then ++ # set MTU ++ ${ip} link set dev ${interface} mtu ${new_interface_mtu} ++ fi + # Add a network route to the computed network address. + for router in $new_routers; do + if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then +- route add -host $router dev $interface ++ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 + fi +- route add default gw $router $metric_arg dev $interface ++ ${ip} -4 route add default via ${router} dev ${interface} \ ++ ${metric_arg} >/dev/null 2>&1 + done + else + # we haven't changed the address, have we changed other options +@@ -182,21 +181,23 @@ + if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then + # if we've changed routers delete the old and add the new. + for router in $old_routers; do +- route del default gw $router ++ ${ip} -4 route delete default via ${router} + done + for router in $new_routers; do + if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then +- route add -host $router dev $interface +- fi +- route add default gw $router $metric_arg dev $interface ++ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 ++ fi ++ ${ip} -4 route add default via ${router} dev ${interface} \ ++ ${metric_arg} >/dev/null 2>&1 + done + fi + fi + if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; + then +- ifconfig $interface:0- inet 0 +- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg +- route add -host $alias_ip_address $interface:0 ++ ${ip} -4 addr flush dev ${interface} label ${interface}:0 ++ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \ ++ dev ${interface} label ${interface}:0 ++ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 + fi + make_resolv_conf + exit_with_hooks 0 +@@ -206,42 +207,49 @@ + || [ x$reason = xSTOP ]; then + if [ x$alias_ip_address != x ]; then + # Turn off alias interface. +- ifconfig $interface:0- inet 0 ++ ${ip} -4 addr flush dev ${interface} label ${interface}:0 + fi + if [ x$old_ip_address != x ]; then + # Shut down interface, which will delete routes and clear arp cache. +- ifconfig $interface inet 0 down ++ ${ip} -4 addr flush dev ${interface} label ${interface} + fi + if [ x$alias_ip_address != x ]; then +- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg +- route add -host $alias_ip_address $interface:0 ++ ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \ ++ dev ${interface} label ${interface}:0 ++ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 + fi + exit_with_hooks 0 + fi + + if [ x$reason = xTIMEOUT ]; then + if [ x$alias_ip_address != x ]; then +- ifconfig $interface:0- inet 0 ++ ${ip} -4 addr flush dev ${interface} label ${interface}:0 ++ fi ++ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \ ++ dev ${interface} label ${interface} ++ if [ -n "$new_interface_mtu" ]; then ++ # set MTU ++ ip link set dev ${interface} mtu ${new_interface_mtu} + fi +- ifconfig $interface inet $new_ip_address $new_subnet_arg \ +- $new_broadcast_arg $mtu_arg + set $new_routers + if ping -q -c 1 $1; then + if [ x$new_ip_address != x$alias_ip_address ] && \ + [ x$alias_ip_address != x ]; then +- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg +- route add -host $alias_ip_address dev $interface:0 ++ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \ ++ dev ${interface} label ${interface}:0 ++ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1 + fi + for router in $new_routers; do + if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then +- route add -host $router dev $interface ++ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1 + fi +- route add default gw $router $metric_arg dev $interface ++ ${ip} -4 route add default via ${router} dev ${interface} \ ++ ${metric_arg} >/dev/null 2>&1 + done + make_resolv_conf + exit_with_hooks 0 + fi +- ifconfig $interface inet 0 down ++ ${ip} -4 addr flush dev ${interface} + exit_with_hooks 1 + fi + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch new file mode 100644 index 000000000..a08a5b725 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch @@ -0,0 +1,23 @@ +libdns requires libxml2 if bind was built with libxml2 support +enabled. Compilation will fail for omapip/test.c in case +lxml2 isn't used during the build. So, we add losely coupled +search path which will pick up the lib if it is present. + +Signed-off-by: Awais Belal <awais_belal@mentor.com> +Upstream-Status: Pending + +diff --git a/configure.ac b/configure.ac +index c9dc8b5..85f59be 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -602,6 +602,10 @@ no) + esac + AC_SUBST([libbind]) + ++# We need to find libxml2 if bind was built with support enabled ++# otherwise we'll fail to build omapip/test.c ++AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],) ++ + # OpenLDAP support. + AC_ARG_WITH(ldap, + AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]), diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb new file mode 100644 index 000000000..4e8cd272b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb @@ -0,0 +1,15 @@ +require dhcp.inc + +SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \ + file://fix-external-bind.patch \ + file://link-with-lcrypto.patch \ + file://fixsepbuild.patch \ + file://dhclient-script-drop-resolv.conf.dhclient.patch \ + file://replace-ifconfig-route.patch \ + file://CVE-2015-8605.patch \ + file://0001-site.h-enable-gentle-shutdown.patch \ + file://CVE-2016-2774.patch \ + " + +SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e" +SRC_URI[sha256sum] = "553c4945b09b1c1b904c4780f34f72aaefa2fc8c6556715de0bc9d4e3d255ede" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-relay b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-relay new file mode 100644 index 000000000..7961f014b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-relay @@ -0,0 +1,12 @@ +# Defaults for dhcp-relay initscript +# sourced by /etc/init.d/dhcp-relay + +# What servers should the DHCP relay forward requests to? +# e.g: SERVERS="192.168.0.1" +SERVERS="" + +# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests? +INTERFACES="" + +# Additional options that are passed to the DHCP relay daemon? +OPTIONS="" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-server b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-server new file mode 100644 index 000000000..0385d1699 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/default-server @@ -0,0 +1,7 @@ +# Defaults for dhcp initscript +# sourced by /etc/init.d/dhcp-server +# installed at /etc/default/dhcp-server by the maintainer scripts + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +INTERFACES="" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.conf b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.conf new file mode 100644 index 000000000..0e6dcf96c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.conf @@ -0,0 +1,50 @@ +# Configuration file for /sbin/dhclient, which is included in Debian's +# dhcp3-client package. +# +# This is a sample configuration file for dhclient. See dhclient.conf's +# man page for more information about the syntax of this file +# and a more comprehensive list of the parameters understood by +# dhclient. +# +# Normally, if the DHCP server provides reasonable information and does +# not leave anything out (like the domain name, for example), then +# few changes must be made to this file, if any. +# + +#send host-name "andare.fugue.com"; +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +#send dhcp-lease-time 3600; +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, host-name, + netbios-name-servers, netbios-scope; +#require subnet-mask, domain-name-servers; +#timeout 60; +#retry 60; +#reboot 10; +#select-timeout 5; +#initial-interval 2; +#script "/etc/dhcp3/dhclient-script"; +#media "-link0 -link1 -link2", "link0 link1"; +#reject 192.33.137.209; + +#alias { +# interface "eth0"; +# fixed-address 192.5.5.213; +# option subnet-mask 255.255.255.255; +#} + +#lease { +# interface "eth0"; +# fixed-address 192.33.137.200; +# medium "link0 link1"; +# option host-name "andare.swiftmedia.com"; +# option subnet-mask 255.255.255.0; +# option broadcast-address 192.33.137.255; +# option routers 192.33.137.250; +# option domain-name-servers 127.0.0.1; +# renew 2 2000/1/12 00:00:01; +# rebind 2 2000/1/12 00:00:01; +# expire 2 2000/1/12 00:00:01; +#} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf new file mode 100644 index 000000000..0001c0f00 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf @@ -0,0 +1,108 @@ +# +# Sample configuration file for ISC dhcpd for Debian +# +# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +option domain-name "example.org"; +option domain-name-servers ns1.example.org, ns2.example.org; + +default-lease-time 600; +max-lease-time 7200; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +#authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility local7; + +# No service will be given on this subnet, but declaring it helps the +# DHCP server to understand the network topology. + +#subnet 10.152.187.0 netmask 255.255.255.0 { +#} + +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.fugue.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.fugue.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} + +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.service new file mode 100644 index 000000000..ae4f93eca --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd.service @@ -0,0 +1,15 @@ +[Unit] +Description=DHCPv4 Server Daemon +Documentation=man:dhcpd(8) man:dhcpd.conf(5) +After=network.target +After=time-sync.target + +[Service] +PIDFile=@localstatedir@/run/dhcpd.pid +EnvironmentFile=@SYSCONFDIR@/default/dhcp-server +EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server +ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases +ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service new file mode 100644 index 000000000..ca96abb83 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service @@ -0,0 +1,15 @@ +[Unit] +Description=DHCPv6 Server Daemon +Documentation=man:dhcpd(8) man:dhcpd.conf(5) +After=network.target +After=time-sync.target + +[Service] +PIDFile=@localstatedir@/run/dhcpd6.pid +EnvironmentFile=@SYSCONFDIR@/default/dhcp-server +EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6 +ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases +ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service new file mode 100644 index 000000000..a2d818917 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service @@ -0,0 +1,9 @@ +[Unit] +Description=DHCP Relay Agent Daemon +After=network.target + +[Service] +ExecStart=@SBINDIR@/dhcrelay -d --no-pid + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-relay b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-relay new file mode 100644 index 000000000..019a7e84c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-relay @@ -0,0 +1,44 @@ +#!/bin/sh +# +# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $ +# + +# It is not safe to start if we don't have a default configuration... +if [ ! -f /etc/default/dhcp-relay ]; then + echo "/etc/default/dhcp-relay does not exist! - Aborting..." + echo "create this file to fix the problem." + exit 1 +fi + +# Read init script configuration (interfaces the daemon should listen on +# and the DHCP server we should forward requests to.) +. /etc/default/dhcp-relay + +# Build command line for interfaces (will be passed to dhrelay below.) +IFCMD="" +if test "$INTERFACES" != ""; then + for I in $INTERFACES; do + IFCMD=${IFCMD}"-i "${I}" " + done +fi + +DHCRELAYPID=/var/run/dhcrelay.pid + +case "$1" in + start) + start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS + ;; + stop) + start-stop-daemon -K -x /usr/sbin/dhcrelay + ;; + restart | force-reload) + $0 stop + sleep 2 + $0 start + ;; + *) + echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}" + exit 1 +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-server b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-server new file mode 100644 index 000000000..5e693adf7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/init-server @@ -0,0 +1,44 @@ +#!/bin/sh +# +# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $ +# + +test -f /usr/sbin/dhcpd || exit 0 + +# It is not safe to start if we don't have a default configuration... +if [ ! -f /etc/default/dhcp-server ]; then + echo "/etc/default/dhcp-server does not exist! - Aborting..." + exit 0 +fi + +# Read init script configuration (so far only interfaces the daemon +# should listen on.) +. /etc/default/dhcp-server + +case "$1" in + start) + echo -n "Starting DHCP server: " + test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/ + test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases + start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES -user dhcp -group dhcp + echo "." + ;; + stop) + echo -n "Stopping DHCP server: dhcpd3" + start-stop-daemon -K -x /usr/sbin/dhcpd + echo "." + ;; + restart | force-reload) + $0 stop + sleep 2 + $0 start + if [ "$?" != "0" ]; then + exit 1 + fi + ;; + *) + echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}" + exit 1 +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc new file mode 100644 index 000000000..86e931063 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -0,0 +1,48 @@ +SUMMARY = "TCP / IP networking and traffic control utilities" +DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ +TCP / IP networking and traffic control in Linux. Of the utilities ip \ +and tc are the most important. ip controls IPv4 and IPv6 \ +configuration and tc stands for traffic control." +HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" +SECTION = "base" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" + +DEPENDS = "flex-native bison-native iptables elfutils" + +inherit update-alternatives + +EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" + +do_configure_append () { + sh configure ${STAGING_INCDIR} + # Explicitly disable ATM support + sed -i -e '/TC_CONFIG_ATM/d' Config +} + +do_install () { + oe_runmake DESTDIR=${D} install + mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 + install -d ${D}${datadir} + mv ${D}/share/* ${D}${datadir}/ || true + rm ${D}/share -rf || true +} + +# The .so files in iproute2-tc are modules, not traditional libraries +INSANE_SKIP_${PN}-tc = "dev-so" + +PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss" +FILES_${PN}-tc = "${base_sbindir}/tc* \ + ${libdir}/tc/*.so" +FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat" +FILES_${PN}-ifstat = "${base_sbindir}/ifstat" +FILES_${PN}-genl = "${base_sbindir}/genl" +FILES_${PN}-rtacct = "${base_sbindir}/rtacct" +FILES_${PN}-nstat = "${base_sbindir}/nstat" +FILES_${PN}-ss = "${base_sbindir}/ss" + +ALTERNATIVE_${PN} = "ip" +ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" +ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" +ALTERNATIVE_PRIORITY = "100" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch new file mode 100644 index 000000000..39c7d4031 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch @@ -0,0 +1,64 @@ +Subject: [PATCH] iproute2: de-bash scripts + +de-bash these two scripts to make iproute2 not depend on bash. + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +--- + ip/ifcfg | 15 ++++++++------- + ip/rtpr | 2 +- + 2 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/ip/ifcfg b/ip/ifcfg +index 083d9df..60bcf1f 100644 +--- a/ip/ifcfg ++++ b/ip/ifcfg +@@ -1,12 +1,13 @@ +-#! /bin/bash ++#! /bin/sh + + CheckForwarding () { +- local sbase fwd ++ local sbase fwd forwarding + sbase=/proc/sys/net/ipv4/conf + fwd=0 + if [ -d $sbase ]; then + for dir in $sbase/*/forwarding; do +- fwd=$[$fwd + `cat $dir`] ++ forwarding=`cat $dir` ++ fwd=$(($fwd+$forwarding)) + done + else + fwd=2 +@@ -127,12 +128,12 @@ fi + arping -q -A -c 1 -I $dev $ipaddr + noarp=$? + ( sleep 2 ; +- arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null & ++ arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null & + +-ip route add unreachable 224.0.0.0/24 >& /dev/null +-ip route add unreachable 255.255.255.255 >& /dev/null ++ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1 ++ip route add unreachable 255.255.255.255 > /dev/null 2>&1 + if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then +- ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null ++ ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1 + fi + + if [ $fwd -eq 0 ]; then +diff --git a/ip/rtpr b/ip/rtpr +index c3629fd..674198d 100644 +--- a/ip/rtpr ++++ b/ip/rtpr +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! /bin/sh + + exec tr "[\\\\]" "[ + ]" +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch new file mode 100644 index 000000000..866609ca9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch @@ -0,0 +1,32 @@ +From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001 +From: Koen Kooi <koen@dominion.thruhere.net> +Date: Thu, 3 Nov 2011 10:46:16 +0100 +Subject: [PATCH] make configure cross compile safe + +According to Kevin Tian: +Upstream-Status: Pending + +Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> +Signed-off-by: Shane Wang <shane.wang@intel.com> + +Index: iproute2-3.7.0/configure +=================================================================== +--- iproute2-3.7.0.orig/configure ++++ iproute2-3.7.0/configure +@@ -2,6 +2,7 @@ + # This is not an autconf generated configure + # + INCLUDE=${1:-"$PWD/include"} ++SYSROOT=$1 + + # Make a temp directory in build tree. + TMPDIR=$(mktemp -d config.XXXXXX) +@@ -158,7 +159,7 @@ check_ipt_lib_dir() + return + fi + +- for dir in /lib /usr/lib /usr/local/lib ++ for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib + do + for file in $dir/{xtables,iptables}/lib*t_*so ; do + if [ -f $file ]; then diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch new file mode 100644 index 000000000..1b415a511 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch @@ -0,0 +1,97 @@ +From 48596709d8ab59727b79a5c6db33ebb251c36543 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> +Date: Thu, 19 Nov 2015 17:44:25 +0100 +Subject: [PATCH] Avoid in6_addr redefinition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Due to both <netinet/in.h> and <linux/in6.h> being included, the +in6_addr is being redefined: once from the C library headers and once +from the kernel headers. This causes some build failures with for +example the musl C library: + +In file included from ../include/linux/xfrm.h:4:0, + from xfrm.h:29, + from ipxfrm.c:39: +../include/linux/in6.h:32:8: error: redefinition of ‘struct in6_addr’ + struct in6_addr { + ^ +In file included from .../output/host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/netdb.h:9:0, + from ipxfrm.c:34: +.../output/host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/netinet/in.h:24:8: note: originally defined here + struct in6_addr + ^ + +In order to fix this, use just the C library header <netinet/in.h>. + +Original patch taken from +http://git.alpinelinux.org/cgit/aports/tree/main/iproute2/musl-fixes.patch. + +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> +--- +Upstream-Status: Pending + + include/libiptc/ipt_kernel_headers.h | 2 -- + include/linux/if_bridge.h | 1 - + include/linux/netfilter.h | 2 -- + include/linux/xfrm.h | 1 - + 4 files changed, 6 deletions(-) + +diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h +index 7e87828..9566be5 100644 +--- a/include/libiptc/ipt_kernel_headers.h ++++ b/include/libiptc/ipt_kernel_headers.h +@@ -15,12 +15,10 @@ + #else /* libc5 */ + #include <sys/socket.h> + #include <linux/ip.h> +-#include <linux/in.h> + #include <linux/if.h> + #include <linux/icmp.h> + #include <linux/tcp.h> + #include <linux/udp.h> + #include <linux/types.h> +-#include <linux/in6.h> + #endif + #endif +diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h +index ee197a3..f823aa4 100644 +--- a/include/linux/if_bridge.h ++++ b/include/linux/if_bridge.h +@@ -15,7 +15,6 @@ + + #include <linux/types.h> + #include <linux/if_ether.h> +-#include <linux/in6.h> + + #define SYSFS_BRIDGE_ATTR "bridge" + #define SYSFS_BRIDGE_FDB "brforward" +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index b71b4c9..3e4e6ae 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -4,8 +4,6 @@ + #include <linux/types.h> + + #include <linux/sysctl.h> +-#include <linux/in.h> +-#include <linux/in6.h> + + /* Responses from hook functions. */ + #define NF_DROP 0 +diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h +index b8f5451..a9761a5 100644 +--- a/include/linux/xfrm.h ++++ b/include/linux/xfrm.h +@@ -1,7 +1,6 @@ + #ifndef _LINUX_XFRM_H + #define _LINUX_XFRM_H + +-#include <linux/in6.h> + #include <linux/types.h> + + /* All of the structures in this file may not change size as they are +-- +2.6.3 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch new file mode 100644 index 000000000..c83a243b7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch @@ -0,0 +1,24 @@ +iproute2: fix building with musl + +We need limits.h for PATH_MAX, fixes: + +rt_names.c:364:13: error: ‘PATH_MAX’ undeclared (first use in this +function) + +Upstream-Status: Backport + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- +diff --git a/lib/rt_names.c b/lib/rt_names.c +index f6d17c0..b665d3e 100644 +--- a/lib/rt_names.c ++++ b/lib/rt_names.c +@@ -18,6 +18,7 @@ + #include <sys/time.h> + #include <sys/socket.h> + #include <dirent.h> ++#include <limits.h> + + #include <asm/types.h> + #include <linux/rtnetlink.h> diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb new file mode 100644 index 000000000..7979e8beb --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb @@ -0,0 +1,14 @@ +require iproute2.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ + file://configure-cross.patch \ + file://0001-iproute2-de-bash-scripts.patch \ + file://iproute2-4.3.0-musl.patch \ + file://iproute2-fix-building-with-musl.patch \ + " +SRC_URI[md5sum] = "d762653ec3e1ab0d4a9689e169ca184f" +SRC_URI[sha256sum] = "bc91c367288a19f78ef800cd6840363be1f22da8436fbae88e1a7250490d6514" + +# CFLAGS are computed in Makefile and reference CCOPTS +# +EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init new file mode 100755 index 000000000..6f29e9c6e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init @@ -0,0 +1,78 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: irda +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Infrared port support +### END INIT INFO + +NAME="irattach" +test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach +test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid + +# Source function library. +. /etc/init.d/functions + +module_id() { + awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo +} + +if [ ! -f /etc/sysconfig/irda ]; then + case `module_id` in + "HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal") + IRDA=yes + DEVICE=/dev/ttyS2 + DONGLE= + DISCOVERY= + ;; + *) + IRDA=yes + DEVICE=/dev/ttyS1 + DONGLE= + DISCOVERY= + ;; + esac +else + . /etc/sysconfig/irda +fi + +# Check that irda is up. +[ ${IRDA} = "no" ] && exit 0 + +[ -f /usr/sbin/irattach ] || exit 0 + +ARGS= +if [ $DONGLE ]; then + ARGS="$ARGS -d $DONGLE" +fi +if [ "$DISCOVERY" = "yes" ];then + ARGS="$ARGS -s" +fi + +case "$1" in + start) + echo -n "Starting IrDA: $NAME" + start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID" + sleep 1 + [ -f /var/run/irattach.pid ] && echo " done" || echo " fail" + ;; + stop) + echo "Stopping IrDA: $NAME" + start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID" + ;; + restart|force-reload) + $0 stop + $0 start + ;; + status) + status irattach + exit $? + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch new file mode 100644 index 000000000..e95fe35f8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch @@ -0,0 +1,75 @@ +Obey LDFLAGS + +Signed-off-by: Christopher Larson <chris_larson@mentor.com> +Upstream-Status: Pending + +--- irda-utils-0.9.18.orig/findchip/Makefile ++++ irda-utils-0.9.18/findchip/Makefile +@@ -65,5 +65,5 @@ install: findchip + + gfindchip: gfindchip.c + $(prn_cc) +- $(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs` ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs` + +--- irda-utils-0.9.18.orig/irattach/Makefile ++++ irda-utils-0.9.18/irattach/Makefile +@@ -49,13 +49,13 @@ all: $(TARGETS) + + irattach: irattach.o util.o + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@ ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@ + + + + dongle_attach: dongle_attach.o + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@ ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@ + + + install: $(TARGETS) +--- irda-utils-0.9.18.orig/irdadump/Makefile ++++ irda-utils-0.9.18/irdadump/Makefile +@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS) + + irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET) + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET) ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET) + + + .c.o: +--- irda-utils-0.9.18.orig/irdaping/Makefile ++++ irda-utils-0.9.18/irdaping/Makefile +@@ -56,7 +56,7 @@ all: $(TARGETS) + + irdaping: $(OBJS) + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@ ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ + + + .c.o: +--- irda-utils-0.9.18.orig/irnetd/Makefile ++++ irda-utils-0.9.18/irnetd/Makefile +@@ -50,7 +50,7 @@ all: $(TARGETS) + + irnetd: $(OBJS) + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@ ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ + + + install: irnetd +--- irda-utils-0.9.18.orig/psion/Makefile ++++ irda-utils-0.9.18/psion/Makefile +@@ -25,4 +25,4 @@ install: $(PSION_TARGETS) + CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS) + irpsion5: + $(prn_cc_o) +- $(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@ +\ No newline at end of file ++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@ +\ No newline at end of file diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch new file mode 100644 index 000000000..97eb97502 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch @@ -0,0 +1,29 @@ +Replace use of <net/if_packet.h> with <linux/if_packet.h>. + +kernel headers <linux/if_packet.h> already provides the +needed definitions, moreover not all libc implementations +provide if_packet.h e.g. musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending + +Index: irda-utils-0.9.18/irdaping/irdaping.c +=================================================================== +--- irda-utils-0.9.18.orig/irdaping/irdaping.c ++++ irda-utils-0.9.18/irdaping/irdaping.c +@@ -33,7 +33,6 @@ + #include <sys/socket.h> + #include <sys/ioctl.h> + #include <net/if.h> /* For struct ifreq */ +-#include <net/if_packet.h> /* For struct sockaddr_pkt */ + #include <net/if_arp.h> /* For ARPHRD_IRDA */ + #include <netinet/if_ether.h> /* For ETH_P_ALL */ + #include <netinet/in.h> /* For htons */ +@@ -46,6 +45,7 @@ + #include <asm/byteorder.h> /* __cpu_to_le32 and co. */ + + #include <linux/types.h> /* For __u8 and co. */ ++#include <linux/if_packet.h> /* For struct sockaddr_pkt */ + #include <irda.h> + + #ifndef AF_IRDA diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb new file mode 100644 index 000000000..11b2ee911 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb @@ -0,0 +1,51 @@ +SUMMARY = "Common files for IrDA" +DESCRIPTION = "Provides common files needed to use IrDA. \ +IrDA allows communication over Infrared with other devices \ +such as phones and laptops." +HOMEPAGE = "http://irda.sourceforge.net/" +BUGTRACKER = "http://sourceforge.net/p/irda/bugs/" +SECTION = "base" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ + file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ + file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ + file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178" + +SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \ + file://ldflags.patch \ + file://musl.patch \ + file://init" + +SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb" +SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6" + +inherit update-rc.d + +EXTRA_OEMAKE = "\ + 'CC=${CC}' \ + 'LD=${LD}' \ + 'CFLAGS=${CFLAGS}' \ + 'LDFLAGS=${LDFLAGS}' \ + 'SYS_INCLUDES=' \ + 'V=1' \ +" + +INITSCRIPT_NAME = "irattach" +INITSCRIPT_PARAMS = "defaults 20" + +TARGETS ??= "irattach irdaping" +do_compile () { + for t in ${TARGETS}; do + oe_runmake -C $t + done +} + +do_install () { + install -d ${D}${sbindir} + for t in ${TARGETS}; do + oe_runmake -C $t ROOT="${D}" install + done + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch new file mode 100644 index 000000000..2e52c80c0 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] iw: version.sh: don't use git describe for versioning + +It will detect top-level git repositories like the Angstrom setup-scripts and break. + +Upstream-Status: Pending + +Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- +diff -Naur iw-4.3-origin/version.sh iw-4.3/version.sh +--- iw-4.3-origin/version.sh 2015-11-20 16:37:58.762077162 +0200 ++++ iw-4.3/version.sh 2015-11-20 16:52:05.526491150 +0200 +@@ -3,21 +3,7 @@ + VERSION="4.3" + OUT="$1" + +-if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then +- git update-index --refresh --unmerged > /dev/null +- descr=$(git describe --match=v*) +- +- # on git builds check that the version number above +- # is correct... +- [ "${descr%%-*}" = "v$VERSION" ] || exit 2 +- +- v="${descr#v}" +- if git diff-index --name-only HEAD | read dummy ; then +- v="$v"-dirty +- fi +-else +- v="$VERSION" +-fi ++v="$VERSION" + + echo '#include "iw.h"' > "$OUT" + echo "const char iw_version[] = \"$v\";" >> "$OUT" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch new file mode 100644 index 000000000..0ea6a5278 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Support separation of SRCDIR and OBJDIR + +Typical use of VPATH to locate the sources. + +Upstream-Status: Pending + +Signed-off-by: Christopher Larson <chris_larson@mentor.com> +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- +diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile +--- iw-4.3-origin/Makefile 2015-11-20 16:37:58.752077287 +0200 ++++ iw-4.3/Makefile 2015-11-20 16:57:15.510615815 +0200 +@@ -1,5 +1,7 @@ + MAKEFLAGS += --no-print-directory +- ++SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) ++OBJDIR ?= $(PWD) ++VPATH = $(SRCDIR) + PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man +@@ -95,11 +97,11 @@ + version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ + $(wildcard .git/index .git/refs/tags) + @$(NQ) ' GEN ' $@ +- $(Q)./version.sh $@ ++ $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ + + %.o: %.c iw.h nl80211.h + @$(NQ) ' CC ' $@ +- $(Q)$(CC) $(CFLAGS) -c -o $@ $< ++ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $< + + ifeq ($(IW_ANDROID_BUILD),) + iw: $(OBJS) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb new file mode 100644 index 000000000..6865e7ad6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb @@ -0,0 +1,33 @@ +SUMMARY = "nl80211 based CLI configuration utility for wireless devices" +DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ +wireless devices. It supports almost all new drivers that have been added \ +to the kernel recently. " +HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" +SECTION = "base" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" + +DEPENDS = "libnl" + +SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ + file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ + file://separate-objdir.patch \ +" + +SRC_URI[md5sum] = "5ca622a270687d6862c9024fab266871" +SRC_URI[sha256sum] = "2a853d95ffbd2b06c058b40ef4e6fa76a52c2709b05fb1976761fe13e9d9e39f" + +inherit pkgconfig + +EXTRA_OEMAKE = "\ + -f '${S}/Makefile' \ + \ + 'PREFIX=${prefix}' \ + 'SBINDIR=${sbindir}' \ + 'MANDIR=${mandir}' \ +" +B = "${WORKDIR}/build" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch new file mode 100644 index 000000000..f63eb90cd --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch @@ -0,0 +1,56 @@ +From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 30 Jan 2016 19:29:45 +0000 +Subject: [PATCH] check for nss.h + +nss.h may not available on all libc implementations, e.g. musl does not +have this header, this patch detects nss.h presence and defines the data +types that are required if nss.h is missing on platform + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + configure.ac | 2 +- + src/nss.c | 11 +++++++++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index aa66bc6..ce19b07 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL + + # Checks for header files. + AC_HEADER_STDC +-AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h]) ++AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h]) + + # Checks for typedefs, structures, and compiler characteristics. + AC_C_CONST +diff --git a/src/nss.c b/src/nss.c +index e48e315..406733b 100644 +--- a/src/nss.c ++++ b/src/nss.c +@@ -29,7 +29,18 @@ + #include <assert.h> + #include <netdb.h> + #include <sys/socket.h> ++#ifdef HAVE_NSS_H + #include <nss.h> ++#else ++enum nss_status { ++ NSS_STATUS_TRYAGAIN = -2, ++ NSS_STATUS_UNAVAIL, ++ NSS_STATUS_NOTFOUND, ++ NSS_STATUS_SUCCESS, ++ NSS_STATUS_RETURN ++}; ++#endif ++ + #include <stdio.h> + #include <stdlib.h> + +-- +2.7.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb new file mode 100644 index 000000000..8d2feec76 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb @@ -0,0 +1,40 @@ +SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" +HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/" +SECTION = "libs" + +LICENSE = "LGPLv2.1+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" + +DEPENDS = "avahi" +PR = "r7" + +SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \ + file://0001-check-for-nss.h.patch \ + " + +SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7" +SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d" + +S = "${WORKDIR}/nss-mdns-${PV}" + +inherit autotools + +EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" + +# suppress warning, but don't bother with autonamer +LEAD_SONAME = "libnss_mdns.so" +DEBIANNAME_${PN} = "libnss-mdns" + +RDEPENDS_${PN} = "avahi-daemon" + +pkg_postinst_${PN} () { + sed -e '/^hosts:/s/\s*\<mdns\>//' \ + -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \ + -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm_${PN} () { + sed -e '/^hosts:/s/\s*\<mdns\>//' \ + -e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \ + -i $D${sysconfdir}/nsswitch.conf +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc new file mode 100644 index 000000000..b7601b05c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc @@ -0,0 +1,40 @@ +SUMMARY = "Interface for user-level network packet capture" +DESCRIPTION = "Libpcap provides a portable framework for low-level network \ +monitoring. Libpcap can provide network statistics collection, \ +security monitoring and network debugging." +HOMEPAGE = "http://www.tcpdump.org/" +BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" +SECTION = "libs/network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ + file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" +DEPENDS = "flex-native bison-native" + +INC_PR = "r5" + +SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz" + +BINCONFIG = "${bindir}/pcap-config" + +inherit autotools binconfig-disabled pkgconfig bluetooth + +EXTRA_OECONF = "--with-pcap=linux" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)}" +PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4" +# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap. +PACKAGECONFIG[bluez5] = ",," +PACKAGECONFIG[canusb] = "--enable-canusb,--enable-canusb=no,libusb" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" +PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" + +CPPFLAGS_prepend = "-I${S} " +CFLAGS_prepend = "-I${S} " +CXXFLAGS_prepend = "-I${S} " + +do_configure_prepend () { + if [ ! -e ${S}/acinclude.m4 ]; then + cat ${S}/aclocal.m4 > ${S}/acinclude.m4 + fi + sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch new file mode 100644 index 000000000..21519825c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch @@ -0,0 +1,167 @@ +Upstream-Status: Inappropriate [configuration] + +diff -ruN libpcap-1.1.1-orig/aclocal.m4 libpcap-1.1.1/aclocal.m4 +--- libpcap-1.1.1-orig/aclocal.m4 2010-06-29 10:46:32.815117569 +0800 ++++ libpcap-1.1.1/aclocal.m4 2010-06-29 10:49:17.150149949 +0800 +@@ -37,7 +37,7 @@ + dnl AC_LBL_C_INIT. Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC, + dnl and AC_LBL_C_INIT at the top level. + dnl +-AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC, ++AC_DEFUN([AC_LBL_C_INIT_BEFORE_CC], + [ + AC_BEFORE([$0], [AC_LBL_C_INIT]) + AC_BEFORE([$0], [AC_PROG_CC]) +@@ -90,7 +90,7 @@ + dnl LDFLAGS + dnl LBL_CFLAGS + dnl +-AC_DEFUN(AC_LBL_C_INIT, ++AC_DEFUN([AC_LBL_C_INIT], + [ + AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) + AC_BEFORE([$0], [AC_LBL_DEVEL]) +@@ -217,7 +217,7 @@ + dnl V_SONAME_OPT + dnl V_RPATH_OPT + dnl +-AC_DEFUN(AC_LBL_SHLIBS_INIT, ++AC_DEFUN([AC_LBL_SHLIBS_INIT], + [AC_PREREQ(2.50) + if test "$GCC" = yes ; then + # +@@ -361,7 +361,7 @@ + # Make sure we use the V_CCOPT flags, because some of those might + # disable inlining. + # +-AC_DEFUN(AC_LBL_C_INLINE, ++AC_DEFUN([AC_LBL_C_INLINE], + [AC_MSG_CHECKING(for inline) + save_CFLAGS="$CFLAGS" + CFLAGS="$V_CCOPT" +@@ -407,7 +407,7 @@ + dnl + dnl AC_LBL_FIXINCLUDES + dnl +-AC_DEFUN(AC_LBL_FIXINCLUDES, ++AC_DEFUN([AC_LBL_FIXINCLUDES], + [if test "$GCC" = yes ; then + AC_MSG_CHECKING(for ANSI ioctl definitions) + AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes, +@@ -453,7 +453,7 @@ + dnl $2 (yacc appended) + dnl $3 (optional flex and bison -P prefix) + dnl +-AC_DEFUN(AC_LBL_LEX_AND_YACC, ++AC_DEFUN([AC_LBL_LEX_AND_YACC], + [AC_ARG_WITH(flex, [ --without-flex don't use flex]) + AC_ARG_WITH(bison, [ --without-bison don't use bison]) + if test "$with_flex" = no ; then +@@ -506,7 +506,7 @@ + dnl + dnl DECLWAITSTATUS (defined) + dnl +-AC_DEFUN(AC_LBL_UNION_WAIT, ++AC_DEFUN([AC_LBL_UNION_WAIT], + [AC_MSG_CHECKING(if union wait is used) + AC_CACHE_VAL(ac_cv_lbl_union_wait, + AC_TRY_COMPILE([ +@@ -535,7 +535,7 @@ + dnl + dnl HAVE_SOCKADDR_SA_LEN (defined) + dnl +-AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, ++AC_DEFUN([AC_LBL_SOCKADDR_SA_LEN], + [AC_MSG_CHECKING(if sockaddr struct has the sa_len member) + AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len, + AC_TRY_COMPILE([ +@@ -560,7 +560,7 @@ + dnl + dnl HAVE_SOCKADDR_STORAGE (defined) + dnl +-AC_DEFUN(AC_LBL_SOCKADDR_STORAGE, ++AC_DEFUN([AC_LBL_SOCKADDR_STORAGE], + [AC_MSG_CHECKING(if sockaddr_storage struct exists) + AC_CACHE_VAL(ac_cv_lbl_has_sockaddr_storage, + AC_TRY_COMPILE([ +@@ -593,7 +593,7 @@ + dnl won't be using code that would use that member, or we wouldn't + dnl compile in any case). + dnl +-AC_DEFUN(AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1, ++AC_DEFUN([AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1], + [AC_MSG_CHECKING(if dl_hp_ppa_info_t struct has dl_module_id_1 member) + AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1, + AC_TRY_COMPILE([ +@@ -619,7 +619,7 @@ + dnl + dnl ac_cv_lbl_have_run_path (yes or no) + dnl +-AC_DEFUN(AC_LBL_HAVE_RUN_PATH, ++AC_DEFUN([AC_LBL_HAVE_RUN_PATH], + [AC_MSG_CHECKING(for ${CC-cc} -R) + AC_CACHE_VAL(ac_cv_lbl_have_run_path, + [echo 'main(){}' > conftest.c +@@ -644,7 +644,7 @@ + dnl + dnl LBL_ALIGN (DEFINED) + dnl +-AC_DEFUN(AC_LBL_UNALIGNED_ACCESS, ++AC_DEFUN([AC_LBL_UNALIGNED_ACCESS], + [AC_MSG_CHECKING(if unaligned accesses fail) + AC_CACHE_VAL(ac_cv_lbl_unaligned_fail, + [case "$host_cpu" in +@@ -749,7 +749,7 @@ + dnl HAVE_OS_PROTO_H (defined) + dnl os-proto.h (symlinked) + dnl +-AC_DEFUN(AC_LBL_DEVEL, ++AC_DEFUN([AC_LBL_DEVEL], + [rm -f os-proto.h + if test "${LBL_CFLAGS+set}" = set; then + $1="$$1 ${LBL_CFLAGS}" +@@ -886,7 +886,7 @@ + dnl statically and happen to have a libresolv.a lying around (and no + dnl libnsl.a). + dnl +-AC_DEFUN(AC_LBL_LIBRARY_NET, [ ++AC_DEFUN([AC_LBL_LIBRARY_NET], [ + # Most operating systems have gethostbyname() in the default searched + # libraries (i.e. libc): + # Some OSes (eg. Solaris) place it in libnsl +@@ -909,7 +909,7 @@ + dnl Test for __attribute__ + dnl + +-AC_DEFUN(AC_C___ATTRIBUTE__, [ ++AC_DEFUN([AC_C___ATTRIBUTE__], [ + AC_MSG_CHECKING(for __attribute__) + AC_CACHE_VAL(ac_cv___attribute__, [ + AC_COMPILE_IFELSE( +@@ -947,7 +947,7 @@ + dnl + dnl -Scott Barron + dnl +-AC_DEFUN(AC_LBL_TPACKET_STATS, ++AC_DEFUN([AC_LBL_TPACKET_STATS], + [AC_MSG_CHECKING(if if_packet.h has tpacket_stats defined) + AC_CACHE_VAL(ac_cv_lbl_tpacket_stats, + AC_TRY_COMPILE([ +@@ -976,7 +976,7 @@ + dnl doesn't have that member (which is OK, as either we won't be using + dnl code that would use that member, or we wouldn't compile in any case). + dnl +-AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI, ++AC_DEFUN([AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI], + [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member) + AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1, + AC_TRY_COMPILE([ +@@ -1003,7 +1003,7 @@ + dnl + dnl HAVE_DLPI_PASSIVE (defined) + dnl +-AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T, ++AC_DEFUN([AC_LBL_DL_PASSIVE_REQ_T], + [AC_MSG_CHECKING(if dl_passive_req_t struct exists) + AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t, + AC_TRY_COMPILE([ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch new file mode 100644 index 000000000..b8615135b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch @@ -0,0 +1,71 @@ +From 8887132e85892a72a84ca3878e60f254ad2ce939 Mon Sep 17 00:00:00 2001 +From: Joe MacDonald <joe_macdonald@mentor.com> +Date: Tue, 24 Feb 2015 15:56:06 -0500 +Subject: [PATCH] libpcap: pkgconfig support + +Adding basic structure to support pkg-config. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> +--- + Makefile.in | 5 +++++ + configure.in | 1 + + libpcap.pc.in | 10 ++++++++++ + 3 files changed, 16 insertions(+) + create mode 100644 libpcap.pc.in + +diff --git a/Makefile.in b/Makefile.in +index 1c2d745..1f25faf 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -60,6 +60,10 @@ V_RPATH_OPT = @V_RPATH_OPT@ + DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ + PROG=libpcap + ++# pkgconfig support ++pkgconfigdir = $(libdir)/pkgconfig ++pkgconfig_DATA = libpcap.pc ++ + # Standard CFLAGS + FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS) + +@@ -275,6 +279,7 @@ EXTRA_DIST = \ + lbl/os-solaris2.h \ + lbl/os-sunos4.h \ + lbl/os-ultrix4.h \ ++ libpcap.pc \ + missing/snprintf.c \ + mkdep \ + msdos/bin2c.c \ +diff --git a/configure.in b/configure.in +index 8f5c86b..fb51b35 100644 +--- a/configure.in ++++ b/configure.in +@@ -1700,6 +1700,7 @@ esac + AC_PROG_INSTALL + + AC_CONFIG_HEADER(config.h) ++AC_CONFIG_FILES([libpcap.pc]) + + AC_OUTPUT_COMMANDS([if test -f .devel; then + echo timestamp > stamp-h +diff --git a/libpcap.pc.in b/libpcap.pc.in +new file mode 100644 +index 0000000..4f78ad8 +--- /dev/null ++++ b/libpcap.pc.in +@@ -0,0 +1,10 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libpcap ++Description: System-independent interface for user-level packet capture. ++Version: @VERSION@ ++Libs: -L${libdir} -lpcap ++Cflags: -I${includedir} +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb new file mode 100644 index 000000000..8d12b2521 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb @@ -0,0 +1,26 @@ +require libpcap.inc + +SRC_URI += "file://aclocal.patch \ + file://libpcap-pkgconfig-support.patch \ + " +SRC_URI[md5sum] = "b2e13142bbaba857ab1c6894aedaf547" +SRC_URI[sha256sum] = "7ad3112187e88328b85e46dce7a9b949632af18ee74d97ffc3f2b41fe7f448b0" + +# +# make install doesn't cover the shared lib +# make install-shared is just broken (no symlinks) +# + +do_configure_prepend () { + #remove hardcoded references to /usr/include + sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.in +} + +do_install_prepend () { + install -d ${D}${libdir} + install -d ${D}${bindir} + oe_runmake install-shared DESTDIR=${D} + oe_libinstall -a -so libpcap ${D}${libdir} + sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc + install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb new file mode 100644 index 000000000..bd488eb08 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -0,0 +1,12 @@ +SUMMARY = "Mobile Broadband Service Provider Database" +SECTION = "network" +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" +SRCREV = "519465766fabc85b9fdea5f2b5ee3d08c2b1f70d" +PV = "20151214" +PE = "1" + +SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" +S = "${WORKDIR}/git" + +inherit autotools diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch new file mode 100644 index 000000000..16875e054 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch @@ -0,0 +1,36 @@ +From bfd32d68cfc9f1e31dab88e07446d1c02bc80b5e Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Thu, 12 Feb 2015 00:39:29 -0800 +Subject: [PATCH] Makefile.am: do not ship version.h + +The HEADERS' name has been changed to pkginclude_HEADERS, so use +nodist_pkginclude_HEADERS, otherwise version.h would be shipped. + +Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 3334790..69cd58f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -10,11 +10,11 @@ pkginclude_HEADERS = include/types.h include/log.h include/plugin.h \ + include/tlv.h include/setting.h include/device.h \ + include/nfc_copy.h include/snep.h + +-nodist_include_HEADERS = include/version.h ++nodist_pkginclude_HEADERS = include/version.h + + noinst_HEADERS = include/dbus.h + +-local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_include_HEADERS) \ ++local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_pkginclude_HEADERS) \ + $(noinst_HEADERS), include/near/$(notdir $(file))) + + gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \ +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch new file mode 100644 index 000000000..466067693 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch @@ -0,0 +1,33 @@ +From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Thu, 15 Jan 2015 18:12:07 -0800 +Subject: [PATCH] Makefile.am: fix parallel issue + +There might be no src dir if src/builtin.h runs earlier, create it to +fix the race issue: + +src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h +/bin/sh: src/builtin.h: No such file or directory + +Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile.am b/Makefile.am +index 3241311..a43eaa2 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \ + src/plugin.$(OBJEXT): src/builtin.h + + src/builtin.h: src/genbuiltin $(builtin_sources) ++ $(AM_V_at)$(MKDIR_P) src + $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ + + $(src_neard_OBJECTS) \ +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/neard.in b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/neard.in new file mode 100644 index 000000000..a47d4d96c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard/neard.in @@ -0,0 +1,54 @@ +#!/bin/sh +# +# start/stop neard daemon. + +### BEGIN INIT INFO +# Provides: neard +# Required-Start: $network +# Required-Stop: $network +# Default-Start: S 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: NFC daemon +# Description: neard is a daemon used to enable NFC features +### END INIT INFO + +DAEMON=@installpath@/neard +PIDFILE=/var/run/neard.pid +DESC="Linux NFC daemon" + +if [ -f /etc/default/neard ] ; then + . /etc/default/neard +fi + +set -e + +do_start() { + $DAEMON +} + +do_stop() { + start-stop-daemon --stop --name neard --quiet +} + +case "$1" in + start) + echo "Starting $DESC" + do_start + ;; + stop) + echo "Stopping $DESC" + do_stop + ;; + restart|force-reload) + echo "Restarting $DESC" + do_stop + sleep 1 + do_start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb new file mode 100644 index 000000000..93bddb34c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb @@ -0,0 +1,60 @@ +SUMMARY = "Linux NFC daemon" +DESCRIPTION = "A daemon for the Linux Near Field Communication stack" +HOMEPAGE = "http://01.org/linux-nfc" +LICENSE = "GPLv2" + +DEPENDS = "dbus glib-2.0 libnl" + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \ + file://neard.in \ + file://Makefile.am-fix-parallel-issue.patch \ + file://Makefile.am-do-not-ship-version.h.patch \ + " +SRC_URI[md5sum] = "b746ce62eeef88e8de90765e00a75a1c" +SRC_URI[sha256sum] = "651f6513d32cdaf8a426255d03aff38a6620a89b0567ec2b36606c6330a93353" + +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ + file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ + " + +inherit autotools pkgconfig systemd update-rc.d bluetooth + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" + +EXTRA_OECONF += "--enable-tools" + +# This would copy neard start-stop shell and test scripts +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/init.d/ + sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ + > ${D}${sysconfdir}/init.d/neard + chmod 0755 ${D}${sysconfdir}/init.d/neard + fi + + # Install the tests for neard-tests + install -d ${D}${libdir}/neard + install -m 0755 ${S}/test/* ${D}${libdir}/${BPN}/ + install -m 0755 ${B}/tools/nfctool/nfctool ${D}${libdir}/${BPN}/ +} + +PACKAGES =+ "${PN}-tests" + +FILES_${PN}-tests = "${libdir}/${BPN}/*-test" + +RDEPENDS_${PN} = "dbus python python-dbus python-pygobject" + +# Bluez & Wifi are not mandatory except for handover +RRECOMMENDS_${PN} = "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ + " + +RDEPENDS_${PN}-tests = "python python-dbus python-pygobject" + +INITSCRIPT_NAME = "neard" +INITSCRIPT_PARAMS = "defaults 64" + +SYSTEMD_SERVICE_${PN} = "neard.service" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch new file mode 100644 index 000000000..14bd4036a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch @@ -0,0 +1,34 @@ +From 398fed3bb0350cb1229e54e7020ae0e044c206d1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ulrich=20=C3=96lmann?= <u.oelmann@pengutronix.de> +Date: Wed, 17 Feb 2016 08:33:45 +0100 +Subject: bugfix: adjust statd service name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream uses 'rpc-statd.service' and Yocto introduced 'nfs-statd.service' +instead but forgot to update the mount.nfs helper 'start-statd' accordingly. + +Upstream-Status: Inappropriate [other] + +Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> +--- + utils/statd/start-statd | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/statd/start-statd b/utils/statd/start-statd +index 8211a90..3c2aa6f 100755 +--- a/utils/statd/start-statd ++++ b/utils/statd/start-statd +@@ -16,7 +16,7 @@ fi + # First try systemd if it's installed. + if [ -d /run/systemd/system ]; then + # Quit only if the call worked. +- systemctl start rpc-statd.service && exit ++ systemctl start nfs-statd.service && exit + fi + + # Fall back to launching it ourselves. +-- +2.1.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch new file mode 100644 index 000000000..85002290f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch @@ -0,0 +1,41 @@ +[PATCH] nfs-utils: debianize start-statd + +Upstream-Status: Pending + +make start-statd command to use nfscommon configure, too. + +Signed-off-by: Henrik Riomar <henrik.riomar@ericsson.com> +Signed-off-by: Li Wang <li.wang@windriver.com> +Signed-off-by: Roy Li <rongqing.li@windriver.com> +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +--- + utils/statd/start-statd | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/utils/statd/start-statd b/utils/statd/start-statd +index ec9383b..3969b8c 100755 +--- a/utils/statd/start-statd ++++ b/utils/statd/start-statd +@@ -6,6 +6,13 @@ + # site. + PATH="/sbin:/usr/sbin:/bin:/usr/bin" + ++# Read config ++DEFAULTFILE=/etc/default/nfs-common ++NEED_IDMAPD= ++if [ -f $DEFAULTFILE ]; then ++ . $DEFAULTFILE ++fi ++ + # First try systemd if it's installed. + if systemctl --help >/dev/null 2>&1; then + # Quit only if the call worked. +@@ -13,4 +20,4 @@ if systemctl --help >/dev/null 2>&1; then + fi + + # Fall back to launching it ourselves. +-exec rpc.statd --no-notify ++exec rpc.statd --no-notify $STATDOPTS +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch new file mode 100644 index 000000000..4ac529044 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch @@ -0,0 +1,27 @@ +From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 14 Apr 2015 07:22:47 -0700 +Subject: [PATCH] include sys/types.h for getting u_* typedefs + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + cfg.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cfg.h b/cfg.h +index d4d4cab..fe49e8f 100644 +--- a/cfg.h ++++ b/cfg.h +@@ -33,6 +33,7 @@ + #ifndef _CONF_H_ + #define _CONF_H_ + ++#include <sys/types.h> + #include "queue.h" + + struct conf_list_node { +-- +2.1.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch new file mode 100644 index 000000000..4633da919 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch @@ -0,0 +1,18 @@ +Set nobody user and group + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> +--- a/idmapd.conf ++++ b/idmapd.conf +@@ -17,8 +17,8 @@ + + [Mapping] + +-#Nobody-User = nobody +-#Nobody-Group = nobody ++Nobody-User = nobody ++Nobody-Group = nogroup + + [Translation] + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch new file mode 100644 index 000000000..d81c7c5f3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch @@ -0,0 +1,13 @@ +Upstream-Status: Inappropriate [configuration] + +--- a/configure.in ++++ b/configure.in +@@ -1,7 +1,7 @@ + # -*- Autoconf -*- + # Process this file with autoconf to produce a configure script. + +-AC_PREREQ([2.68]) ++AC_PREREQ([2.65]) + AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org]) + AC_CONFIG_SRCDIR([nfsidmap.h]) + AC_CONFIG_MACRO_DIR([m4]) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb new file mode 100644 index 000000000..256577100 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb @@ -0,0 +1,27 @@ +SUMMARY = "NFS id mapping library" +HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/" +SECTION = "libs" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37" + +SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \ + file://fix-ac-prereq.patch \ + file://Set_nobody_user_group.patch \ + file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \ + " + +SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab" +SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf" + +UPSTREAM_CHECK_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/" + +inherit autotools + +EXTRA_OECONF = "--disable-ldap" + +do_install_append () { + install -d ${D}${sysconfdir}/ + install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf +} + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch new file mode 100644 index 000000000..7025fb555 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch @@ -0,0 +1,43 @@ +From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Fri, 15 Nov 2013 23:21:35 +0100 +Subject: [PATCH] configure: Allow to explicitly disable nfsidmap + +* keyutils availability is autodetected and builds aren't reproducible + +Upstream-Status: Pending + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + configure.ac | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index bf433d6..28a8f62 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -69,6 +69,12 @@ AC_ARG_ENABLE(nfsv4, + AC_SUBST(enable_nfsv4) + AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"]) + ++AC_ARG_ENABLE(nfsidmap, ++ [AC_HELP_STRING([--enable-nfsidmap], ++ [enable support for NFSv4 idmapper @<:@default=yes@:>@])], ++ enable_nfsidmap=$enableval, ++ enable_nfsidmap=yes) ++ + AC_ARG_ENABLE(nfsv41, + [AC_HELP_STRING([--enable-nfsv41], + [enable support for NFSv41 @<:@default=yes@:>@])], +@@ -296,7 +302,7 @@ fi + + dnl enable nfsidmap when its support by libnfsidmap + AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ]) +-AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) ++AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"]) + + + if test "$knfsd_cv_glibc2" = no; then +-- +1.8.4.3 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch new file mode 100644 index 000000000..de0b045c8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch @@ -0,0 +1,113 @@ +Upstream-Status: Pending + +Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface + +There is a hack which uses the bottom-level RPC improperly as below +in the current statd implementation: +insert a socket in the svc_fdset without a corresponding transport handle +and passes the socket to the svc_getreqset subroutine, this usage causes +a segfault of statd on a huge amount of sm-notifications. + +Fix the issue by separating the non-RPC-server sock from RPC dispatcher. + +Signed-off-by: Shan Hai <shan.hai@windriver.com> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + utils/statd/rmtcall.c | 1 - + utils/statd/statd.c | 5 +++-- + utils/statd/statd.h | 2 +- + utils/statd/svc_run.c | 8 ++++++-- + 4 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c +index fd576d9..cde091b 100644 +--- a/utils/statd/rmtcall.c ++++ b/utils/statd/rmtcall.c +@@ -104,7 +104,6 @@ statd_get_socket(void) + if (sockfd < 0) + return -1; + +- FD_SET(sockfd, &SVC_FDSET); + return sockfd; + } + +diff --git a/utils/statd/statd.c b/utils/statd/statd.c +index 51a016e..e21a259 100644 +--- a/utils/statd/statd.c ++++ b/utils/statd/statd.c +@@ -247,6 +247,7 @@ int main (int argc, char **argv) + int port = 0, out_port = 0; + int nlm_udp = 0, nlm_tcp = 0; + struct rlimit rlim; ++ int notify_sockfd; + + int pipefds[2] = { -1, -1}; + char status; +@@ -473,7 +474,7 @@ int main (int argc, char **argv) + } + + /* Make sure we have a privilege port for calling into the kernel */ +- if (statd_get_socket() < 0) ++ if ((notify_sockfd = statd_get_socket()) < 0) + exit(1); + + /* If sm-notify didn't take all the state files, load +@@ -528,7 +529,7 @@ int main (int argc, char **argv) + * Handle incoming requests: SM_NOTIFY socket requests, as + * well as callbacks from lockd. + */ +- my_svc_run(); /* I rolled my own, Olaf made it better... */ ++ my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */ + + /* Only get here when simulating a crash so we should probably + * start sm-notify running again. As we have already dropped +diff --git a/utils/statd/statd.h b/utils/statd/statd.h +index a1d8035..231ac7e 100644 +--- a/utils/statd/statd.h ++++ b/utils/statd/statd.h +@@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf, + __attribute__((__malloc__)) + extern char * statd_canonical_name(const char *hostname); + +-extern void my_svc_run(void); ++extern void my_svc_run(int); + extern void notify_hosts(void); + extern void shuffle_dirs(void); + extern int statd_get_socket(void); +diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c +index d98ecee..28c1ad6 100644 +--- a/utils/statd/svc_run.c ++++ b/utils/statd/svc_run.c +@@ -78,7 +78,7 @@ my_svc_exit(void) + * The heart of the server. A crib from libc for the most part... + */ + void +-my_svc_run(void) ++my_svc_run(int sockfd) + { + FD_SET_TYPE readfds; + int selret; +@@ -96,6 +96,8 @@ my_svc_run(void) + } + + readfds = SVC_FDSET; ++ /* Set notify sockfd for waiting for reply */ ++ FD_SET(sockfd, &readfds); + if (notify) { + struct timeval tv; + +@@ -125,8 +127,10 @@ my_svc_run(void) + + default: + selret -= process_reply(&readfds); +- if (selret) ++ if (selret) { ++ FD_CLR(sockfd, &readfds); + svc_getreqset(&readfds); ++ } + } + } + } +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service new file mode 100644 index 000000000..613ddc003 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service @@ -0,0 +1,11 @@ +[Unit] +Description=NFS Mount Daemon +After=rpcbind.service nfs-server.service +Requires=rpcbind.service nfs-server.service + +[Service] +EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf +ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service new file mode 100644 index 000000000..147d7a7b5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service @@ -0,0 +1,18 @@ +[Unit] +Description=NFS Server +Requires=rpcbind.service nfs-mountd.service +After=rpcbind.service + +[Service] +Type=oneshot +EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf +ExecStartPre=@SBINDIR@/exportfs -r +ExecStart=@SBINDIR@/rpc.nfsd $NFSD_OPTS $NFSD_COUNT +ExecStop=@SBINDIR@/rpc.nfsd 0 +ExecStopPost=@SBINDIR@/exportfs -f +ExecReload=@SBINDIR@/exportfs -r +StandardError=syslog +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service new file mode 100644 index 000000000..746dacf05 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service @@ -0,0 +1,12 @@ +[Unit] +Description=NFS file locking service +After=rpcbind.service +Requires=rpcbind.service +Before=remote-fs-pre.target + +[Service] +EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf +ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch new file mode 100644 index 000000000..d8f818167 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch @@ -0,0 +1,36 @@ +Fixes errors like +sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later +This error will occur anytime sm-notify is run before the network if fully up, +which is happening more and more with parallel startup systems. +The res_init() call is simple, safe, quick, and a patch to use it should be +able to go upstream. Presumably the whole reason sm-notify tries several +times is to wait for possible changes to the network configuration, but without +calling res_init() it will never be aware of those changes + +Backported drom Fedora + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + + +diff -up nfs-utils-1.2.3/utils/statd/sm-notify.c.orig nfs-utils-1.2.3/utils/statd/sm-notify.c +--- nfs-utils-1.2.3/utils/statd/sm-notify.c.orig 2010-09-28 08:24:16.000000000 -0400 ++++ nfs-utils-1.2.3/utils/statd/sm-notify.c 2010-10-15 16:44:43.487119601 -0400 +@@ -28,6 +28,9 @@ + #include <netdb.h> + #include <errno.h> + #include <grp.h> ++#include <netinet/in.h> ++#include <arpa/nameser.h> ++#include <resolv.h> + + #include "sockaddr.h" + #include "xlog.h" +@@ -84,6 +87,7 @@ smn_lookup(const char *name) + }; + int error; + ++ res_init(); + error = getaddrinfo(name, NULL, &hint, &ai); + if (error != 0) { + xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error)); diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch new file mode 100644 index 000000000..993f1e5ea --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch @@ -0,0 +1,42 @@ +nfs-utils: Do not pass CFLAGS to gcc while building + +Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has +been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD). + +Upstream-Status: Pending + +Signed-off-by: Chong Lu <Chong.Lu@windriver.com> +--- + tools/locktest/Makefile.am | 2 ++ + tools/rpcgen/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am +index 3156815..1729fd1 100644 +--- a/tools/locktest/Makefile.am ++++ b/tools/locktest/Makefile.am +@@ -1,6 +1,8 @@ + ## Process this file with automake to produce Makefile.in + + CC=$(CC_FOR_BUILD) ++CFLAGS= ++LDFLAGS= + LIBTOOL = @LIBTOOL@ --tag=CC + + noinst_PROGRAMS = testlk +diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am +index 8a9ec89..8bacdaa 100644 +--- a/tools/rpcgen/Makefile.am ++++ b/tools/rpcgen/Makefile.am +@@ -1,6 +1,8 @@ + ## Process this file with automake to produce Makefile.in + + CC=$(CC_FOR_BUILD) ++CFLAGS= ++LDFLAGS= + LIBTOOL = @LIBTOOL@ --tag=CC + + noinst_PROGRAMS = rpcgen +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf new file mode 100644 index 000000000..a1007a7fb --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf @@ -0,0 +1,35 @@ +# Parameters to be passed to nfs-utils (clients & server) service files. +# + +# Options to pass to rpc.nfsd. +NFSD_OPTS="" + +# Number of servers to start up; the default is 8 servers. +NFSD_COUNT="" + +# Where to mount nfsd filesystem; the default is "/proc/fs/nfsd". +PROCNFSD_MOUNTPOINT="" + +# Options used to mount nfsd filesystem; the default is "rw,nodev,noexec,nosuid". +PROCNFSD_MOUNTOPTS="" + +# Options for rpc.mountd. +# If you have a port-based firewall, you might want to set up +# a fixed port here using the --port option. +MOUNTD_OPTS="" + +# Parameters to be passed to nfs-common (nfs clients & server) init script. +# + +# If you do not set values for the NEED_ options, they will be attempted +# autodetected; this should be sufficient for most people. Valid alternatives +# for the NEED_ options are "yes" and "no". + +# Do you want to start the statd daemon? It is not needed for NFSv4. +NEED_STATD="" + +# Options to pass to rpc.statd. +# N.B. statd normally runs on both client and server, and run-time +# options should be specified accordingly. +# STATD_OPTS="-p 32765 -o 32766" +STATD_OPTS="" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon new file mode 100644 index 000000000..992267d5a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon @@ -0,0 +1,63 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: nfs-common +# Required-Start: $portmap hwclock +# Required-Stop: $portmap hwclock +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: NFS support for both client and server +# Description: NFS is a popular protocol for file sharing across +# TCP/IP networks. This service provides various +# support functions for NFS mounts. +### END INIT INFO +# +# Startup script for nfs-utils +# +# +# Location of executables: + +# Source function library. +. /etc/init.d/functions + +test -x "$NFS_STATD" || NFS_STATD=/usr/sbin/rpc.statd +test -z "$STATD_PID" && STATD_PID=/var/run/rpc.statd.pid +# +# The default state directory is /var/lib/nfs +test -n "$NFS_STATEDIR" || NFS_STATEDIR=/var/lib/nfs +# +#---------------------------------------------------------------------- +# Startup and shutdown functions. +# Actual startup/shutdown is at the end of this file. + +start_statd(){ + echo -n "starting statd: " + start-stop-daemon --start --exec "$NFS_STATD" --pidfile "$STATD_PID" + echo done +} +stop_statd(){ + echo -n 'stopping statd: ' + start-stop-daemon --stop --quiet --signal 1 --pidfile "$STATD_PID" + echo done +} +#---------------------------------------------------------------------- +# +# supported options: +# start +# stop +# restart: stops and starts mountd +#FIXME: need to create the /var/lib/nfs/... directories +case "$1" in + start) + start_statd;; + stop) + stop_statd;; + status) + status $NFS_STATD + exit $?;; + restart) + $0 stop + $0 start;; + *) + echo "Usage: $0 {start|stop|status|restart}" + exit 1;; +esac diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver new file mode 100644 index 000000000..7ed93a59d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver @@ -0,0 +1,130 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: nfs-kernel-server +# Required-Start: $remote_fs nfs-common $portmap hwclock +# Required-Stop: $remote_fs nfs-common $portmap hwclock +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Kernel NFS server support +# Description: NFS is a popular protocol for file sharing across +# TCP/IP networks. This service provides NFS server +# functionality, which is configured via the +# /etc/exports file. +### END INIT INFO +# +# Startup script for nfs-utils +# +# Source function library. +. /etc/init.d/functions +# +# The environment variable NFS_SERVERS may be set in /etc/default/nfsd +# Other control variables may be overridden here too +test -r /etc/default/nfsd && . /etc/default/nfsd +# +# Location of executables: +test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd +test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd +# +# The user mode program must also exist (it just starts the kernel +# threads using the kernel module code). +test -x "$NFS_MOUNTD" || exit 0 +test -x "$NFS_NFSD" || exit 0 +# +# Default is 8 threads, value is settable between 1 and the truely +# ridiculous 99 +test "$NFS_SERVERS" != "" && test "$NFS_SERVERS" -gt 0 && test "$NFS_SERVERS" -lt 100 || NFS_SERVERS=8 +# +#---------------------------------------------------------------------- +# Startup and shutdown functions. +# Actual startup/shutdown is at the end of this file. +#mountd +start_mountd(){ + echo -n 'starting mountd: ' + start-stop-daemon --start --exec "$NFS_MOUNTD" -- "-f /etc/exports $@" + echo done +} +stop_mountd(){ + echo -n 'stopping mountd: ' + start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD" + echo done +} +# +#nfsd +start_nfsd(){ + modprobe -q nfsd + grep -q nfsd /proc/filesystems || { + echo NFS daemon support not enabled in kernel + exit 1 + } + grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd + grep -q nfsd /proc/mounts || { + echo nfsd filesystem could not be mounted at /proc/fs/nfsd + exit 1 + } + + echo -n "starting $1 nfsd kernel threads: " + start-stop-daemon --start --exec "$NFS_NFSD" -- "$@" + echo done +} +delay_nfsd(){ + for delay in 0 1 2 3 4 5 6 7 8 9 + do + if pidof nfsd >/dev/null + then + echo -n . + sleep 1 + else + return 0 + fi + done + return 1 +} +stop_nfsd(){ + # WARNING: this kills any process with the executable + # name 'nfsd'. + echo -n 'stopping nfsd: ' + start-stop-daemon --stop --quiet --signal 1 --name nfsd + if delay_nfsd || { + echo failed + echo ' using signal 9: ' + start-stop-daemon --stop --quiet --signal 9 --name nfsd + delay_nfsd + } + then + echo done + else + echo failed + fi +} + +#---------------------------------------------------------------------- +# +# supported options: +# start +# stop +# reload: reloads the exports file +# restart: stops and starts mountd +#FIXME: need to create the /var/lib/nfs/... directories +case "$1" in + start) + exportfs -r + start_nfsd "$NFS_SERVERS" + start_mountd + test -r /etc/exports && exportfs -a;; + stop) exportfs -ua + stop_mountd + stop_nfsd;; + status) + status /usr/sbin/rpc.mountd + RETVAL=$? + status nfsd + rval=$? + [ $RETVAL -eq 0 ] && exit $rval + exit $RETVAL;; + reload) test -r /etc/exports && exportfs -r;; + restart) + $0 stop + $0 start;; + *) echo "Usage: $0 {start|stop|status|reload|restart}" + exit 1;; +esac diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount new file mode 100644 index 000000000..630801b37 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount @@ -0,0 +1,8 @@ +[Unit] +Description=NFSD configuration filesystem +After=systemd-modules-load.service + +[Mount] +What=nfsd +Where=/proc/fs/nfsd +Type=nfsd diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb new file mode 100644 index 000000000..a6268f3d4 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb @@ -0,0 +1,143 @@ +SUMMARY = "userspace utilities for kernel nfs" +DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ +NFS server and related tools." +HOMEPAGE = "http://nfs.sourceforge.net/" +SECTION = "console/network" + +LICENSE = "MIT & GPLv2+ & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" + +# util-linux for libblkid +DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3 libtirpc" +RDEPENDS_${PN}-client = "rpcbind bash" +RDEPENDS_${PN} = "${PN}-client bash" +RRECOMMENDS_${PN} = "kernel-module-nfsd" + +inherit useradd + +USERADD_PACKAGES = "${PN}-client" +USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ + --shell /bin/false --user-group rpcuser" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ + file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \ + file://nfs-utils-1.2.3-sm-notify-res_init.patch \ + file://nfsserver \ + file://nfscommon \ + file://nfs-utils.conf \ + file://nfs-server.service \ + file://nfs-mountd.service \ + file://nfs-statd.service \ + file://proc-fs-nfsd.mount \ + file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ + file://nfs-utils-debianize-start-statd.patch \ + file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \ + file://bugfix-adjust-statd-service-name.patch \ +" + +SRC_URI[md5sum] = "cd6b568c2e9301cc3bfac09d87fbbc0b" +SRC_URI[sha256sum] = "700d689c5622c87953c34102e5befafc4d3c811e676852238f0dd79c9c0c084d" + +# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will +# pull in the remainder of the dependencies. + +INITSCRIPT_PACKAGES = "${PN} ${PN}-client" +INITSCRIPT_NAME = "nfsserver" +INITSCRIPT_PARAMS = "defaults" +INITSCRIPT_NAME_${PN}-client = "nfscommon" +INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" + +inherit autotools-brokensep update-rc.d systemd pkgconfig + +SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +# --enable-uuid is need for cross-compiling +EXTRA_OECONF = "--with-statduser=rpcuser \ + --enable-mountconfig \ + --enable-libmount-mount \ + --disable-nfsv41 \ + --enable-uuid \ + --disable-gss \ + --disable-nfsdcltrack \ + --with-statdpath=/var/lib/nfs/statd \ + " + +PACKAGECONFIG ??= "tcp-wrappers" +PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" +PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils" + +INHIBIT_AUTO_STAGE = "1" + +PACKAGES =+ "${PN}-client ${PN}-stats" + +CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ + ${localstatedir}/lib/nfs/rmtab \ + ${localstatedir}/lib/nfs/xtab \ + ${localstatedir}/lib/nfs/statd/state \ + ${sysconfdir}/nfsmount.conf" + +FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \ + ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ + ${sbindir}/showmount ${sbindir}/nfsstat \ + ${localstatedir}/lib/nfs \ + ${sysconfdir}/nfs-utils.conf \ + ${sysconfdir}/nfsmount.conf \ + ${sysconfdir}/init.d/nfscommon \ + ${systemd_unitdir}/system/nfs-statd.service" +FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" +RDEPENDS_${PN}-stats = "python" + +FILES_${PN} += "${systemd_unitdir}" + +do_configure_prepend() { + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/mount/Makefile.am + + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/osd_login/Makefile.am +} + +# Make clean needed because the package comes with +# precompiled 64-bit objects that break the build +do_compile_prepend() { + make clean +} + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver + install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon + + install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} + install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${systemd_unitdir}/system/*.service + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${sysconfdir}/modules-load.d + echo "nfsd" > ${D}${sysconfdir}/modules-load.d/nfsd.conf + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + fi + + # kernel code as of 3.8 hard-codes this path as a default + install -d ${D}/var/lib/nfs/v4recovery + + # chown the directories and files + chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd + chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state + + # the following are built by CC_FOR_BUILD + rm -f ${D}${sbindir}/rpcdebug + rm -f ${D}${sbindir}/rpcgen + rm -f ${D}${sbindir}/locktest +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc new file mode 100644 index 000000000..c415a3998 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc @@ -0,0 +1,37 @@ +HOMEPAGE = "http://www.ofono.org" +SUMMARY = "open source telephony" +DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" + +inherit autotools pkgconfig update-rc.d systemd bluetooth + +DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info" + +INITSCRIPT_NAME = "ofono" +INITSCRIPT_PARAMS = "defaults 22" + +PACKAGECONFIG ??= "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ + " +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" +PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}" + +EXTRA_OECONF += "--enable-test" + +SYSTEMD_SERVICE_${PN} = "ofono.service" + +do_install_append() { + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono +} + +PACKAGES =+ "${PN}-tests" + +RDEPENDS_${PN} += "dbus" + +FILES_${PN} += "${base_libdir}/udev ${systemd_unitdir}" +FILES_${PN}-tests = "${libdir}/${BPN}/test" +RDEPENDS_${PN}-tests = "python python-pygobject python-dbus" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch new file mode 100644 index 000000000..5f8ca7710 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch @@ -0,0 +1,1270 @@ +Upstream-Status: Inappropriate [configuration] + +From 572fc23f6efd65a2ef9e6c957b2506108738672b Mon Sep 17 00:00:00 2001 +From: Cristian Iorga <cristian.iorga@intel.com> +Date: Mon, 25 Aug 2014 16:59:39 +0300 +Subject: [PATCH] Revert "test: Convert to Python 3" + +This reverts commit c027ab9fbc1a8e8c9e76bcd123df1ad7696307c2. +--- + test/activate-context | 2 +- + test/answer-calls | 2 +- + test/backtrace | 2 +- + test/cancel-ussd | 2 +- + test/cdma-connman-disable | 2 +- + test/cdma-connman-enable | 2 +- + test/cdma-dial-number | 2 +- + test/cdma-hangup | 2 +- + test/cdma-list-call | 2 +- + test/cdma-set-credentials | 2 +- + test/change-pin | 2 +- + test/create-internet-context | 2 +- + test/create-mms-context | 2 +- + test/create-multiparty | 2 +- + test/deactivate-all | 2 +- + test/deactivate-context | 2 +- + test/dial-number | 2 +- + test/disable-call-forwarding | 2 +- + test/disable-gprs | 2 +- + test/disable-modem | 2 +- + test/display-icon | 2 +- + test/enable-cbs | 2 +- + test/enable-gprs | 2 +- + test/enable-modem | 2 +- + test/enter-pin | 2 +- + test/get-icon | 2 +- + test/get-operators | 2 +- + test/get-tech-preference | 2 +- + test/hangup-active | 2 +- + test/hangup-all | 2 +- + test/hangup-call | 2 +- + test/hangup-multiparty | 2 +- + test/hold-and-answer | 2 +- + test/initiate-ussd | 4 ++-- + test/list-calls | 2 +- + test/list-contexts | 2 +- + test/list-messages | 2 +- + test/list-modems | 2 +- + test/list-operators | 2 +- + test/lock-pin | 2 +- + test/lockdown-modem | 2 +- + test/monitor-ofono | 4 ++-- + test/offline-modem | 2 +- + test/online-modem | 2 +- + test/private-chat | 2 +- + test/process-context-settings | 2 +- + test/receive-sms | 2 +- + test/reject-calls | 2 +- + test/release-and-answer | 2 +- + test/release-and-swap | 2 +- + test/remove-contexts | 2 +- + test/reset-pin | 2 +- + test/scan-for-operators | 2 +- + test/send-sms | 2 +- + test/send-ussd | 4 ++-- + test/send-vcal | 2 +- + test/send-vcard | 2 +- + test/set-call-forwarding | 2 +- + test/set-cbs-topics | 2 +- + test/set-context-property | 2 +- + test/set-fast-dormancy | 2 +- + test/set-gsm-band | 2 +- + test/set-mic-volume | 2 +- + test/set-mms-details | 2 +- + test/set-msisdn | 2 +- + test/set-roaming-allowed | 2 +- + test/set-speaker-volume | 2 +- + test/set-tech-preference | 2 +- + test/set-tty | 2 +- + test/set-umts-band | 2 +- + test/set-use-sms-reports | 2 +- + test/swap-calls | 2 +- + test/test-advice-of-charge | 2 +- + test/test-call-barring | 2 +- + test/test-call-forwarding | 2 +- + test/test-call-settings | 2 +- + test/test-cbs | 4 ++-- + test/test-gnss | 4 ++-- + test/test-message-waiting | 2 +- + test/test-modem | 2 +- + test/test-network-registration | 2 +- + test/test-phonebook | 2 +- + test/test-push-notification | 2 +- + test/test-smart-messaging | 2 +- + test/test-sms | 18 +++++++++--------- + test/test-ss | 2 +- + test/test-ss-control-cb | 2 +- + test/test-ss-control-cf | 2 +- + test/test-ss-control-cs | 2 +- + test/test-stk-menu | 34 +++++++++++++++++----------------- + test/unlock-pin | 2 +- + 94 files changed, 124 insertions(+), 124 deletions(-) + +diff --git a/test/activate-context b/test/activate-context +index e4fc702..4241396 100755 +--- a/test/activate-context ++++ b/test/activate-context +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/answer-calls b/test/answer-calls +index daa794b..45ff08f 100755 +--- a/test/answer-calls ++++ b/test/answer-calls +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/backtrace b/test/backtrace +index 03c7632..c624709 100755 +--- a/test/backtrace ++++ b/test/backtrace +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import os + import re +diff --git a/test/cancel-ussd b/test/cancel-ussd +index e7559ba..1797f26 100755 +--- a/test/cancel-ussd ++++ b/test/cancel-ussd +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/cdma-connman-disable b/test/cdma-connman-disable +index 3adc14d..0ddc0cd 100755 +--- a/test/cdma-connman-disable ++++ b/test/cdma-connman-disable +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/cdma-connman-enable b/test/cdma-connman-enable +index ac16a2d..a3cca01 100755 +--- a/test/cdma-connman-enable ++++ b/test/cdma-connman-enable +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/cdma-dial-number b/test/cdma-dial-number +index 683431e..9cdfb24 100755 +--- a/test/cdma-dial-number ++++ b/test/cdma-dial-number +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/cdma-hangup b/test/cdma-hangup +index 41ffa60..493ece4 100755 +--- a/test/cdma-hangup ++++ b/test/cdma-hangup +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/cdma-list-call b/test/cdma-list-call +index b132353..5d36a69 100755 +--- a/test/cdma-list-call ++++ b/test/cdma-list-call +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/cdma-set-credentials b/test/cdma-set-credentials +index a60c86e..a286b0e 100755 +--- a/test/cdma-set-credentials ++++ b/test/cdma-set-credentials +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/change-pin b/test/change-pin +index 301c6ce..000ce53 100755 +--- a/test/change-pin ++++ b/test/change-pin +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/create-internet-context b/test/create-internet-context +index 1089053..efd0998 100755 +--- a/test/create-internet-context ++++ b/test/create-internet-context +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/create-mms-context b/test/create-mms-context +index 598336f..e5be08d 100755 +--- a/test/create-mms-context ++++ b/test/create-mms-context +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/create-multiparty b/test/create-multiparty +index 1b76010..97047c3 100755 +--- a/test/create-multiparty ++++ b/test/create-multiparty +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/deactivate-all b/test/deactivate-all +index 5aa8587..427009e 100755 +--- a/test/deactivate-all ++++ b/test/deactivate-all +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/deactivate-context b/test/deactivate-context +index 5c86a71..df47d2e 100755 +--- a/test/deactivate-context ++++ b/test/deactivate-context +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/dial-number b/test/dial-number +index fe5adad..ee674d9 100755 +--- a/test/dial-number ++++ b/test/dial-number +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/disable-call-forwarding b/test/disable-call-forwarding +index 811e4fa..3609816 100755 +--- a/test/disable-call-forwarding ++++ b/test/disable-call-forwarding +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + from gi.repository import GLib +diff --git a/test/disable-gprs b/test/disable-gprs +index 61ce216..c6c40a5 100755 +--- a/test/disable-gprs ++++ b/test/disable-gprs +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/disable-modem b/test/disable-modem +index 6fba857..ca8c8d8 100755 +--- a/test/disable-modem ++++ b/test/disable-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/display-icon b/test/display-icon +index ac40818..753d14d 100755 +--- a/test/display-icon ++++ b/test/display-icon +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/enable-cbs b/test/enable-cbs +index 4a8bf66..c08bf2b 100755 +--- a/test/enable-cbs ++++ b/test/enable-cbs +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/enable-gprs b/test/enable-gprs +index 68d5ef0..8664891 100755 +--- a/test/enable-gprs ++++ b/test/enable-gprs +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/enable-modem b/test/enable-modem +index fc5958a..dfaaaa8 100755 +--- a/test/enable-modem ++++ b/test/enable-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/enter-pin b/test/enter-pin +index 9556363..c6ee669 100755 +--- a/test/enter-pin ++++ b/test/enter-pin +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/get-icon b/test/get-icon +index 5569a33..fdaaee7 100755 +--- a/test/get-icon ++++ b/test/get-icon +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/get-operators b/test/get-operators +index 0f35c80..62354c5 100755 +--- a/test/get-operators ++++ b/test/get-operators +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/get-tech-preference b/test/get-tech-preference +index 7ba6365..77d20d0 100755 +--- a/test/get-tech-preference ++++ b/test/get-tech-preference +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus, sys + +diff --git a/test/hangup-active b/test/hangup-active +index 82e0eb0..5af62ab 100755 +--- a/test/hangup-active ++++ b/test/hangup-active +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/hangup-all b/test/hangup-all +index 3a0138d..32933db 100755 +--- a/test/hangup-all ++++ b/test/hangup-all +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/hangup-call b/test/hangup-call +index 5a2de20..447020c 100755 +--- a/test/hangup-call ++++ b/test/hangup-call +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/hangup-multiparty b/test/hangup-multiparty +index 24751c3..48fe342 100755 +--- a/test/hangup-multiparty ++++ b/test/hangup-multiparty +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/hold-and-answer b/test/hold-and-answer +index da3be57..2c47e27 100755 +--- a/test/hold-and-answer ++++ b/test/hold-and-answer +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/initiate-ussd b/test/initiate-ussd +index faf50d0..d7022f1 100755 +--- a/test/initiate-ussd ++++ b/test/initiate-ussd +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +@@ -45,7 +45,7 @@ if state == "idle": + print("State: %s" % (state)) + + while state == "user-response": +- response = input("Enter response: ") ++ response = raw_input("Enter response: ") + + result = ussd.Respond(response, timeout=100) + +diff --git a/test/list-calls b/test/list-calls +index f3ee991..08668c6 100755 +--- a/test/list-calls ++++ b/test/list-calls +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/list-contexts b/test/list-contexts +index 78278ca..f0d4094 100755 +--- a/test/list-contexts ++++ b/test/list-contexts +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/list-messages b/test/list-messages +index 9f5bce3..cfccbea 100755 +--- a/test/list-messages ++++ b/test/list-messages +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/list-modems b/test/list-modems +index b9f510a..ed66124 100755 +--- a/test/list-modems ++++ b/test/list-modems +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/list-operators b/test/list-operators +index 064c4e3..349bf41 100755 +--- a/test/list-operators ++++ b/test/list-operators +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/lock-pin b/test/lock-pin +index 96ea9c2..5579735 100755 +--- a/test/lock-pin ++++ b/test/lock-pin +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/lockdown-modem b/test/lockdown-modem +index 4e04205..781abb6 100755 +--- a/test/lockdown-modem ++++ b/test/lockdown-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/monitor-ofono b/test/monitor-ofono +index 8830757..bd31617 100755 +--- a/test/monitor-ofono ++++ b/test/monitor-ofono +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +@@ -6,7 +6,7 @@ import dbus + import dbus.mainloop.glib + + _dbus2py = { +- dbus.String : str, ++ dbus.String : unicode, + dbus.UInt32 : int, + dbus.Int32 : int, + dbus.Int16 : int, +diff --git a/test/offline-modem b/test/offline-modem +index e8c043a..ea1f522 100755 +--- a/test/offline-modem ++++ b/test/offline-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus, sys + +diff --git a/test/online-modem b/test/online-modem +index 029c4a5..310ed7d 100755 +--- a/test/online-modem ++++ b/test/online-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus, sys + +diff --git a/test/private-chat b/test/private-chat +index e7e5406..ef2ef6c 100755 +--- a/test/private-chat ++++ b/test/private-chat +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/process-context-settings b/test/process-context-settings +index 8a3ecfa..0f058b2 100755 +--- a/test/process-context-settings ++++ b/test/process-context-settings +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import os + import dbus +diff --git a/test/receive-sms b/test/receive-sms +index a0c6915..c23eb14 100755 +--- a/test/receive-sms ++++ b/test/receive-sms +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/reject-calls b/test/reject-calls +index 71b243e..9edf1ff 100755 +--- a/test/reject-calls ++++ b/test/reject-calls +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/release-and-answer b/test/release-and-answer +index dec8e17..25fd818 100755 +--- a/test/release-and-answer ++++ b/test/release-and-answer +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/release-and-swap b/test/release-and-swap +index cb8c84e..7b3569f 100755 +--- a/test/release-and-swap ++++ b/test/release-and-swap +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/remove-contexts b/test/remove-contexts +index b54184e..c5082cb 100755 +--- a/test/remove-contexts ++++ b/test/remove-contexts +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + +diff --git a/test/reset-pin b/test/reset-pin +index 3fbd126..b429254 100755 +--- a/test/reset-pin ++++ b/test/reset-pin +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/scan-for-operators b/test/scan-for-operators +index b4fc05e..749c710 100755 +--- a/test/scan-for-operators ++++ b/test/scan-for-operators +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/send-sms b/test/send-sms +index 98808aa..e06444d 100755 +--- a/test/send-sms ++++ b/test/send-sms +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/send-ussd b/test/send-ussd +index a20e098..e585883 100755 +--- a/test/send-ussd ++++ b/test/send-ussd +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +@@ -46,7 +46,7 @@ if state == "idle": + print("State: %s" % (state)) + + while state == "user-response": +- response = input("Enter response: ") ++ response = raw_input("Enter response: ") + + print(ussd.Respond(response, timeout=100)) + +diff --git a/test/send-vcal b/test/send-vcal +index 566daef..7f8272b 100755 +--- a/test/send-vcal ++++ b/test/send-vcal +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/send-vcard b/test/send-vcard +index 4dedf51..250b36f 100755 +--- a/test/send-vcard ++++ b/test/send-vcard +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-call-forwarding b/test/set-call-forwarding +index 49d1ce0..9fd358b 100755 +--- a/test/set-call-forwarding ++++ b/test/set-call-forwarding +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + from gi.repository import GLib +diff --git a/test/set-cbs-topics b/test/set-cbs-topics +index db95e16..78d6d44 100755 +--- a/test/set-cbs-topics ++++ b/test/set-cbs-topics +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-context-property b/test/set-context-property +index 5ff7a67..64a6fb8 100755 +--- a/test/set-context-property ++++ b/test/set-context-property +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-fast-dormancy b/test/set-fast-dormancy +index ef77bcd..7bf7715 100755 +--- a/test/set-fast-dormancy ++++ b/test/set-fast-dormancy +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-gsm-band b/test/set-gsm-band +index b37bcb5..3c17c10 100755 +--- a/test/set-gsm-band ++++ b/test/set-gsm-band +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-mic-volume b/test/set-mic-volume +index cd6c73f..e0bff49 100755 +--- a/test/set-mic-volume ++++ b/test/set-mic-volume +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-mms-details b/test/set-mms-details +index 6ee59fa..d2d0838 100755 +--- a/test/set-mms-details ++++ b/test/set-mms-details +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-msisdn b/test/set-msisdn +index b5fe819..01f284d 100755 +--- a/test/set-msisdn ++++ b/test/set-msisdn +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-roaming-allowed b/test/set-roaming-allowed +index 698c8b6..9e3e058 100755 +--- a/test/set-roaming-allowed ++++ b/test/set-roaming-allowed +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-speaker-volume b/test/set-speaker-volume +index 6d4e301..7962f39 100755 +--- a/test/set-speaker-volume ++++ b/test/set-speaker-volume +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/set-tech-preference b/test/set-tech-preference +index b549abc..2666cbd 100755 +--- a/test/set-tech-preference ++++ b/test/set-tech-preference +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-tty b/test/set-tty +index eed1fba..53d6b99 100755 +--- a/test/set-tty ++++ b/test/set-tty +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-umts-band b/test/set-umts-band +index 0bae5c4..c1e6448 100755 +--- a/test/set-umts-band ++++ b/test/set-umts-band +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/set-use-sms-reports b/test/set-use-sms-reports +index 288d4e1..a4efe4f 100755 +--- a/test/set-use-sms-reports ++++ b/test/set-use-sms-reports +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +diff --git a/test/swap-calls b/test/swap-calls +index 018a8d3..eeb257b 100755 +--- a/test/swap-calls ++++ b/test/swap-calls +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/test-advice-of-charge b/test/test-advice-of-charge +index 6e87e61..0f1f57f 100755 +--- a/test/test-advice-of-charge ++++ b/test/test-advice-of-charge +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + import sys +diff --git a/test/test-call-barring b/test/test-call-barring +index eedb69f..be4ab57 100755 +--- a/test/test-call-barring ++++ b/test/test-call-barring +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + import sys +diff --git a/test/test-call-forwarding b/test/test-call-forwarding +index 5db84d7..01a7294 100755 +--- a/test/test-call-forwarding ++++ b/test/test-call-forwarding +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-call-settings b/test/test-call-settings +index 435594c..5d7ee49 100755 +--- a/test/test-call-settings ++++ b/test/test-call-settings +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-cbs b/test/test-cbs +index a5cec06..13cdd80 100755 +--- a/test/test-cbs ++++ b/test/test-cbs +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import dbus.mainloop.glib +@@ -78,7 +78,7 @@ def set_topics(cbs): + invalidData = False; + index = 0 + +- topics = input('Enter the topic ID(s) you want to register to: ') ++ topics = raw_input('Enter the topic ID(s) you want to register to: ') + + while index < len(topics): + if topics[index] == ',' or topics[index] == '-': +diff --git a/test/test-gnss b/test/test-gnss +index 6ae64db..aa0b160 100755 +--- a/test/test-gnss ++++ b/test/test-gnss +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + import sys +@@ -40,7 +40,7 @@ def print_menu(): + def stdin_handler(channel, condition, gnss, path): + in_key = os.read(channel.unix_get_fd(), 160).rstrip().decode('UTF-8') + if in_key == '0': +- xml = input('type the element and press enter: ') ++ xml = raw_input('type the element and press enter: ') + try: + gnss.SendPositioningElement(dbus.String(xml)) + print("ok") +diff --git a/test/test-message-waiting b/test/test-message-waiting +index 432862e..b93fbf3 100755 +--- a/test/test-message-waiting ++++ b/test/test-message-waiting +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + import sys +diff --git a/test/test-modem b/test/test-modem +index aa38b1f..29dbf14 100755 +--- a/test/test-modem ++++ b/test/test-modem +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-network-registration b/test/test-network-registration +index 68b4347..c5ad586 100755 +--- a/test/test-network-registration ++++ b/test/test-network-registration +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + import sys +diff --git a/test/test-phonebook b/test/test-phonebook +index 42646d3..116fd4f 100755 +--- a/test/test-phonebook ++++ b/test/test-phonebook +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus, sys + +diff --git a/test/test-push-notification b/test/test-push-notification +index d972ad3..ecc6afb 100755 +--- a/test/test-push-notification ++++ b/test/test-push-notification +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-smart-messaging b/test/test-smart-messaging +index f22efd2..188ac1e 100755 +--- a/test/test-smart-messaging ++++ b/test/test-smart-messaging +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-sms b/test/test-sms +index 30ac651..49935e1 100755 +--- a/test/test-sms ++++ b/test/test-sms +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + # -*- coding: utf-8 -*- + + from gi.repository import GLib +@@ -132,7 +132,7 @@ def stdin_handler(channel, condition, sms, value, number): + lock = "on" + if in_key == '0': + print_send_sms_menu() +- sms_type = input('Select SMS type: ') ++ sms_type = raw_input('Select SMS type: ') + + if sms_type == '1': + message_send(sms, number, value) +@@ -150,49 +150,49 @@ def stdin_handler(channel, condition, sms, value, number): + + elif in_key == '1': + message_delivery_report(sms, 1) +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(1)" + value + + ": UseDeliveryReports[TRUE]")) + + elif in_key == '2': + message_delivery_report(sms, 0) +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(2) " + value + + ": UseDeliveryReports[FALSE]")) + + elif in_key == '3': + message_service_center_address(sms, SCA) +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(3) " + value + + ": ServiceCenterAddress")) + + elif in_key == '4': + message_bearer(sms, "ps-only") +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(4) " + value + + ": Bearer[ps-only]")) + + elif in_key == '5': + message_bearer(sms, "cs-only") +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(5) " + value + + ": Bearer[cs-only]")) + + elif in_key == '6': + message_bearer(sms, "ps-preferred") +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms, number, ("(6) " + value + + ": Bearer[ps-preferred]")) + + elif in_key == '7': + message_bearer(sms, "cs-preferred") +- send_msg = input('Send test message[y/n]?: ') ++ send_msg = raw_input('Send test message[y/n]?: ') + if send_msg == 'y': + message_send(sms,number, ("(7) " + value + + ": Bearer[cs-preferred]")) +diff --git a/test/test-ss b/test/test-ss +index 4cd8732..2c80806 100755 +--- a/test/test-ss ++++ b/test/test-ss +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import sys + import dbus +diff --git a/test/test-ss-control-cb b/test/test-ss-control-cb +index ddae6d3..86bac9b 100755 +--- a/test/test-ss-control-cb ++++ b/test/test-ss-control-cb +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-ss-control-cf b/test/test-ss-control-cf +index 095eb5d..d30bf4f 100755 +--- a/test/test-ss-control-cf ++++ b/test/test-ss-control-cf +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-ss-control-cs b/test/test-ss-control-cs +index 8180474..e0ed1d1 100755 +--- a/test/test-ss-control-cs ++++ b/test/test-ss-control-cs +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +diff --git a/test/test-stk-menu b/test/test-stk-menu +index 0cf8fa2..ac0a5bd 100755 +--- a/test/test-stk-menu ++++ b/test/test-stk-menu +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + from gi.repository import GLib + +@@ -58,7 +58,7 @@ class StkAgent(dbus.service.Object): + index += 1 + + print("\nDefault: %d" % (default)) +- select = input("Enter Selection (t, b):") ++ select = raw_input("Enter Selection (t, b):") + + if select == 'b': + raise GoBack("User wishes to go back") +@@ -75,7 +75,7 @@ class StkAgent(dbus.service.Object): + print("DisplayText (%s)" % (title)) + print("Icon: (%d)" % (int(icon))) + print("Urgent: (%d)" % (urgent)) +- key = input("Press return to clear ('t' terminates, " ++ key = raw_input("Press return to clear ('t' terminates, " + "'b' goes back, 'n' busy, " + "'w' return and wait):") + +@@ -108,7 +108,7 @@ class StkAgent(dbus.service.Object): + print("Hide typing: (%s)" % (hide_typing)) + print("Enter characters, min: %d, max: %d:" % (min_chars, + max_chars)) +- userin = input("") ++ userin = raw_input("") + + return userin + +@@ -122,7 +122,7 @@ class StkAgent(dbus.service.Object): + print("Hide typing: (%s)" % (hide_typing)) + print("Enter digits, min: %d, max: %d:" % (min_chars, + max_chars)) +- userin = input("'t' terminates, 'b' goes back:") ++ userin = raw_input("'t' terminates, 'b' goes back:") + + if userin == 'b': + raise GoBack("User wishes to go back") +@@ -136,7 +136,7 @@ class StkAgent(dbus.service.Object): + def RequestKey(self, title, icon): + print("Title: (%s)" % (title)) + print("Icon: (%d)" % (int(icon))) +- key = input("Enter Key (t, b):") ++ key = raw_input("Enter Key (t, b):") + + if key == 'b': + raise GoBack("User wishes to go back") +@@ -150,7 +150,7 @@ class StkAgent(dbus.service.Object): + def RequestDigit(self, title, icon): + print("Title: (%s)" % (title)) + print("Icon: (%d)" % (int(icon))) +- key = input("Enter Digit (t, b):") ++ key = raw_input("Enter Digit (t, b):") + + if key == 'b': + raise GoBack("User wishes to go back") +@@ -164,7 +164,7 @@ class StkAgent(dbus.service.Object): + def RequestQuickDigit(self, title, icon): + print("Title: (%s)" % (title)) + print("Icon: (%d)" % (int(icon))) +- key = input("Quick digit (0-9, *, #, t, b):") ++ key = raw_input("Quick digit (0-9, *, #, t, b):") + + if key == 'b': + raise GoBack("User wishes to go back") +@@ -178,7 +178,7 @@ class StkAgent(dbus.service.Object): + def RequestConfirmation(self, title, icon): + print("Title: (%s)" % (title)) + print("Icon: (%d)" % (int(icon))) +- key = input("Enter Confirmation (t, b, y, n):") ++ key = raw_input("Enter Confirmation (t, b, y, n):") + + if key == 'b': + raise GoBack("User wishes to go back") +@@ -194,7 +194,7 @@ class StkAgent(dbus.service.Object): + def ConfirmCallSetup(self, info, icon): + print("Information: (%s)" % (info)) + print("Icon: (%d)" % (int(icon))) +- key = input("Enter Confirmation (t, y, n):") ++ key = raw_input("Enter Confirmation (t, y, n):") + + if key == 't': + raise EndSession("User wishes to terminate session") +@@ -209,7 +209,7 @@ class StkAgent(dbus.service.Object): + print("Information: (%s)" % (info)) + print("Icon: (%d)" % (int(icon))) + print("URL (%s)" % (url)) +- key = input("Enter Confirmation (y, n):") ++ key = raw_input("Enter Confirmation (y, n):") + + if key == 'y': + return True +@@ -232,7 +232,7 @@ class StkAgent(dbus.service.Object): + signal.alarm(5) + + try: +- key = input("Press return to end before end of" ++ key = raw_input("Press return to end before end of" + " single tone (t):") + signal.alarm(0) + +@@ -250,7 +250,7 @@ class StkAgent(dbus.service.Object): + print("LoopTone: %s" % (tone)) + print("Text: %s" % (text)) + print("Icon: %d" % (int(icon))) +- key = input("Press return to end before timeout " ++ key = raw_input("Press return to end before timeout " + "('t' terminates, 'w' return and wait):") + + if key == 'w': +@@ -279,7 +279,7 @@ class StkAgent(dbus.service.Object): + def DisplayAction(self, text, icon): + print("Text: (%s)" % (text)) + print("Icon: (%d)" % (int(icon))) +- key = input("Press 't' to terminate the session ") ++ key = raw_input("Press 't' to terminate the session ") + + if key == 't': + raise EndSession("User wishes to terminate session") +@@ -289,7 +289,7 @@ class StkAgent(dbus.service.Object): + def ConfirmOpenChannel(self, info, icon): + print("Open channel confirmation: (%s)" % (info)) + print("Icon: (%d)" % (int(icon))) +- key = input("Enter Confirmation (t, y, n):") ++ key = raw_input("Enter Confirmation (t, y, n):") + + if key == 't': + raise EndSession("User wishes to terminate session") +@@ -299,7 +299,7 @@ class StkAgent(dbus.service.Object): + return False + + _dbus2py = { +- dbus.String : str, ++ dbus.String : unicode, + dbus.UInt32 : int, + dbus.Int32 : int, + dbus.Int16 : int, +@@ -396,7 +396,7 @@ if __name__ == '__main__': + except: + pass + +- select = int(input("Enter Selection: ")) ++ select = int(raw_input("Enter Selection: ")) + stk.SelectItem(select, path) + elif mode == 'agent': + path = "/test/agent" +diff --git a/test/unlock-pin b/test/unlock-pin +index 61f4765..10b6626 100755 +--- a/test/unlock-pin ++++ b/test/unlock-pin +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + + import dbus + import sys +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/ofono b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/ofono new file mode 100644 index 000000000..cc9970929 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/ofono @@ -0,0 +1,42 @@ +#!/bin/sh + +DAEMON=/usr/sbin/ofonod +PIDFILE=/var/run/ofonod.pid +DESC="Telephony daemon" + +if [ -f /etc/default/ofono ] ; then + . /etc/default/ofono +fi + +set -e + +do_start() { + $DAEMON +} + +do_stop() { + start-stop-daemon --stop --name ofonod --quiet +} + +case "$1" in + start) + echo "Starting $DESC" + do_start + ;; + stop) + echo "Stopping $DESC" + do_stop + ;; + restart|force-reload) + echo "Restarting $DESC" + do_stop + sleep 1 + do_start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb new file mode 100644 index 000000000..947f9d714 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb @@ -0,0 +1,11 @@ +require ofono.inc + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://ofono \ + file://Revert-test-Convert-to-Python-3.patch \ +" +SRC_URI[md5sum] = "d280b1d267ba5bf391d2a898fea7c748" +SRC_URI[sha256sum] = "cbf20f07fd15253c682b23c1786d517f505c3688f7c4ea93da777e1523b89635" + +CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb new file mode 100644 index 000000000..beafb775c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb @@ -0,0 +1,14 @@ +require ofono.inc + +S = "${WORKDIR}/git" +SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514" +PV = "0.12-git${SRCPV}" +PR = "r5" + +SRC_URI = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \ + file://ofono" + +do_configure_prepend () { + ${S}/bootstrap +} + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch new file mode 100644 index 000000000..9fac69c3d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch @@ -0,0 +1,65 @@ +From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001 +From: "mmcc@openbsd.org" <mmcc@openbsd.org> +Date: Tue, 20 Oct 2015 03:36:35 +0000 +Subject: [PATCH] upstream commit + +Replace a function-local allocation with stack memory. + +ok djm@ + +Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + clientloop.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index 87ceb3d..1e05cba 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ ++/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path, + static char proto[512], data[512]; + FILE *f; + int got_data = 0, generated = 0, do_unlink = 0, i; +- char *xauthdir, *xauthfile; ++ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; + struct stat st; + u_int now, x11_timeout_real; + +- xauthdir = xauthfile = NULL; + *_proto = proto; + *_data = data; + proto[0] = data[0] = '\0'; +@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + display = xdisplay; + } + if (trusted == 0) { +- xauthdir = xmalloc(PATH_MAX); +- xauthfile = xmalloc(PATH_MAX); + mktemp_proto(xauthdir, PATH_MAX); + /* + * The authentication cookie should briefly outlive +@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + unlink(xauthfile); + rmdir(xauthdir); + } +- free(xauthdir); +- free(xauthfile); + + /* + * If we didn't get authentication data, just make up some +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch new file mode 100644 index 000000000..3dfc51af7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch @@ -0,0 +1,329 @@ +From ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Wed, 13 Jan 2016 23:04:47 +0000 +Subject: [PATCH] upstream commit + +eliminate fallback from untrusted X11 forwarding to trusted + forwarding when the X server disables the SECURITY extension; Reported by + Thomas Hoger; ok deraadt@ + +Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938 +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + clientloop.c | 114 ++++++++++++++++++++++++++++++++++++----------------------- + clientloop.h | 4 +-- + mux.c | 22 ++++++------ + ssh.c | 23 +++++------- + 4 files changed, 93 insertions(+), 70 deletions(-) + +Index: openssh-7.1p2/clientloop.c +=================================================================== +--- openssh-7.1p2.orig/clientloop.c ++++ openssh-7.1p2/clientloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ ++/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -288,6 +288,9 @@ client_x11_display_valid(const char *dis + { + size_t i, dlen; + ++ if (display == NULL) ++ return 0; ++ + dlen = strlen(display); + for (i = 0; i < dlen; i++) { + if (!isalnum((u_char)display[i]) && +@@ -301,34 +304,33 @@ client_x11_display_valid(const char *dis + + #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" + #define X11_TIMEOUT_SLACK 60 +-void ++int + client_x11_get_proto(const char *display, const char *xauth_path, + u_int trusted, u_int timeout, char **_proto, char **_data) + { +- char cmd[1024]; +- char line[512]; +- char xdisplay[512]; ++ char cmd[1024], line[512], xdisplay[512]; ++ char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; + static char proto[512], data[512]; + FILE *f; +- int got_data = 0, generated = 0, do_unlink = 0, i; +- char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; ++ int got_data = 0, generated = 0, do_unlink = 0, i, r; + struct stat st; + u_int now, x11_timeout_real; + + *_proto = proto; + *_data = data; +- proto[0] = data[0] = '\0'; ++ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; + +- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { +- debug("No xauth program."); +- } else if (!client_x11_display_valid(display)) { +- logit("DISPLAY '%s' invalid, falling back to fake xauth data", ++ if (!client_x11_display_valid(display)) { ++ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", + display); +- } else { +- if (display == NULL) { +- debug("x11_get_proto: DISPLAY not set"); +- return; +- } ++ return -1; ++ } ++ if (xauth_path != NULL && stat(xauth_path, &st) == -1) { ++ debug("No xauth program."); ++ xauth_path = NULL; ++ } ++ ++ if (xauth_path != NULL) { + /* + * Handle FamilyLocal case where $DISPLAY does + * not match an authorization entry. For this we +@@ -337,43 +339,60 @@ client_x11_get_proto(const char *display + * is not perfect. + */ + if (strncmp(display, "localhost:", 10) == 0) { +- snprintf(xdisplay, sizeof(xdisplay), "unix:%s", +- display + 10); ++ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", ++ display + 10)) < 0 || ++ (size_t)r >= sizeof(xdisplay)) { ++ error("%s: display name too long", __func__); ++ return -1; ++ } + display = xdisplay; + } + if (trusted == 0) { +- mktemp_proto(xauthdir, PATH_MAX); + /* ++ * Generate an untrusted X11 auth cookie. ++ * + * The authentication cookie should briefly outlive + * ssh's willingness to forward X11 connections to + * avoid nasty fail-open behaviour in the X server. + */ ++ mktemp_proto(xauthdir, sizeof(xauthdir)); ++ if (mkdtemp(xauthdir) == NULL) { ++ error("%s: mkdtemp: %s", ++ __func__, strerror(errno)); ++ return -1; ++ } ++ do_unlink = 1; ++ if ((r = snprintf(xauthfile, sizeof(xauthfile), ++ "%s/xauthfile", xauthdir)) < 0 || ++ (size_t)r >= sizeof(xauthfile)) { ++ error("%s: xauthfile path too long", __func__); ++ unlink(xauthfile); ++ rmdir(xauthdir); ++ return -1; ++ } ++ + if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) + x11_timeout_real = UINT_MAX; + else + x11_timeout_real = timeout + X11_TIMEOUT_SLACK; +- if (mkdtemp(xauthdir) != NULL) { +- do_unlink = 1; +- snprintf(xauthfile, PATH_MAX, "%s/xauthfile", +- xauthdir); +- snprintf(cmd, sizeof(cmd), +- "%s -f %s generate %s " SSH_X11_PROTO +- " untrusted timeout %u 2>" _PATH_DEVNULL, +- xauth_path, xauthfile, display, +- x11_timeout_real); +- debug2("x11_get_proto: %s", cmd); +- if (x11_refuse_time == 0) { +- now = monotime() + 1; +- if (UINT_MAX - timeout < now) +- x11_refuse_time = UINT_MAX; +- else +- x11_refuse_time = now + timeout; +- channel_set_x11_refuse_time( +- x11_refuse_time); +- } +- if (system(cmd) == 0) +- generated = 1; ++ if ((r = snprintf(cmd, sizeof(cmd), ++ "%s -f %s generate %s " SSH_X11_PROTO ++ " untrusted timeout %u 2>" _PATH_DEVNULL, ++ xauth_path, xauthfile, display, ++ x11_timeout_real)) < 0 || ++ (size_t)r >= sizeof(cmd)) ++ fatal("%s: cmd too long", __func__); ++ debug2("%s: %s", __func__, cmd); ++ if (x11_refuse_time == 0) { ++ now = monotime() + 1; ++ if (UINT_MAX - timeout < now) ++ x11_refuse_time = UINT_MAX; ++ else ++ x11_refuse_time = now + timeout; ++ channel_set_x11_refuse_time(x11_refuse_time); + } ++ if (system(cmd) == 0) ++ generated = 1; + } + + /* +@@ -395,9 +414,7 @@ client_x11_get_proto(const char *display + got_data = 1; + if (f) + pclose(f); +- } else +- error("Warning: untrusted X11 forwarding setup failed: " +- "xauth key data not generated"); ++ } + } + + if (do_unlink) { +@@ -405,6 +422,13 @@ client_x11_get_proto(const char *display + rmdir(xauthdir); + } + ++ /* Don't fall back to fake X11 data for untrusted forwarding */ ++ if (!trusted && !got_data) { ++ error("Warning: untrusted X11 forwarding setup failed: " ++ "xauth key data not generated"); ++ return -1; ++ } ++ + /* + * If we didn't get authentication data, just make up some + * data. The forwarding code will check the validity of the +@@ -427,6 +451,8 @@ client_x11_get_proto(const char *display + rnd >>= 8; + } + } ++ ++ return 0; + } + + /* +Index: openssh-7.1p2/clientloop.h +=================================================================== +--- openssh-7.1p2.orig/clientloop.h ++++ openssh-7.1p2/clientloop.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ ++/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */ + + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> +@@ -39,7 +39,7 @@ + + /* Client side main loop for the interactive session. */ + int client_loop(int, int, int); +-void client_x11_get_proto(const char *, const char *, u_int, u_int, ++int client_x11_get_proto(const char *, const char *, u_int, u_int, + char **, char **); + void client_global_request_reply_fwd(int, u_int32_t, void *); + void client_session2_setup(int, int, int, const char *, struct termios *, +Index: openssh-7.1p2/mux.c +=================================================================== +--- openssh-7.1p2.orig/mux.c ++++ openssh-7.1p2/mux.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */ ++/* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */ + /* + * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> + * +@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, + char *proto, *data; + + /* Get reasonable local authentication information. */ +- client_x11_get_proto(display, options.xauth_location, ++ if (client_x11_get_proto(display, options.xauth_location, + options.forward_x11_trusted, options.forward_x11_timeout, +- &proto, &data); +- /* Request forwarding with authentication spoofing. */ +- debug("Requesting X11 forwarding with authentication " +- "spoofing."); +- x11_request_forwarding_with_spoofing(id, display, proto, +- data, 1); +- client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); +- /* XXX exit_on_forward_failure */ ++ &proto, &data) == 0) { ++ /* Request forwarding with authentication spoofing. */ ++ debug("Requesting X11 forwarding with authentication " ++ "spoofing."); ++ x11_request_forwarding_with_spoofing(id, display, proto, ++ data, 1); ++ /* XXX exit_on_forward_failure */ ++ client_expect_confirm(id, "X11 forwarding", ++ CONFIRM_WARN); ++ } + } + + if (cctx->want_agent_fwd && options.forward_agent) { +Index: openssh-7.1p2/ssh.c +=================================================================== +--- openssh-7.1p2.orig/ssh.c ++++ openssh-7.1p2/ssh.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ ++/* $OpenBSD: ssh.c,v 1.433 2016/01/13 23:04:47 djm Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -1604,6 +1604,7 @@ ssh_session(void) + struct winsize ws; + char *cp; + const char *display; ++ char *proto = NULL, *data = NULL; + + /* Enable compression if requested. */ + if (options.compression) { +@@ -1674,13 +1675,9 @@ ssh_session(void) + display = getenv("DISPLAY"); + if (display == NULL && options.forward_x11) + debug("X11 forwarding requested but DISPLAY not set"); +- if (options.forward_x11 && display != NULL) { +- char *proto, *data; +- /* Get reasonable local authentication information. */ +- client_x11_get_proto(display, options.xauth_location, +- options.forward_x11_trusted, +- options.forward_x11_timeout, +- &proto, &data); ++ if (options.forward_x11 && client_x11_get_proto(display, ++ options.xauth_location, options.forward_x11_trusted, ++ options.forward_x11_timeout, &proto, &data) == 0) { + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); +@@ -1770,6 +1767,7 @@ ssh_session2_setup(int id, int success, + extern char **environ; + const char *display; + int interactive = tty_flag; ++ char *proto = NULL, *data = NULL; + + if (!success) + return; /* No need for error message, channels code sens one */ +@@ -1777,12 +1775,9 @@ ssh_session2_setup(int id, int success, + display = getenv("DISPLAY"); + if (display == NULL && options.forward_x11) + debug("X11 forwarding requested but DISPLAY not set"); +- if (options.forward_x11 && display != NULL) { +- char *proto, *data; +- /* Get reasonable local authentication information. */ +- client_x11_get_proto(display, options.xauth_location, +- options.forward_x11_trusted, +- options.forward_x11_timeout, &proto, &data); ++ if (options.forward_x11 && client_x11_get_proto(display, ++ options.xauth_location, options.forward_x11_trusted, ++ options.forward_x11_timeout, &proto, &data) == 0) { + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch new file mode 100644 index 000000000..f3d132e43 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch @@ -0,0 +1,33 @@ +From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sun, 8 Nov 2015 21:59:11 +0000 +Subject: [PATCH] upstream commit + +fix OOB read in packet code caused by missing return + statement found by Ben Hawkes; ok markus@ deraadt@ + +Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 + +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + packet.c | 1 + + 1 file changed, 1 insertion(+) + +Index: openssh-7.1p2/packet.c +=================================================================== +--- openssh-7.1p2.orig/packet.c ++++ openssh-7.1p2/packet.c +@@ -1855,6 +1855,7 @@ ssh_packet_process_incoming(struct ssh * + if (len >= state->packet_discard) { + if ((r = ssh_packet_stop_discard(ssh)) != 0) + return r; ++ return SSH_ERR_CONN_CORRUPT; + } + state->packet_discard -= len; + return 0; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch new file mode 100644 index 000000000..adc25c668 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch @@ -0,0 +1,69 @@ +Adjust test cases to work with busybox. + +- Replace dd parameter "obs" with "bs". +- Replace "head -<num>" with "head -n <num>". + +Signed-off-by: Maxin B. John <maxin.john@enea.com> +Upstream-Status: Pending + +Index: openssh-6.8p1/regress/cipher-speed.sh +=================================================================== +--- openssh-6.8p1.orig/regress/cipher-speed.sh ++++ openssh-6.8p1/regress/cipher-speed.sh +@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for + printf "%-60s" "$c/$m:" + ( ${SSH} -o 'compression no' \ + -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ +- exec sh -c \'"dd of=/dev/null obs=32k"\' \ ++ exec sh -c \'"dd of=/dev/null bs=32k"\' \ + < ${DATA} ) 2>&1 | getbytes + + if [ $? -ne 0 ]; then +@@ -42,7 +42,7 @@ for c in $ciphers; do + printf "%-60s" "$c:" + ( ${SSH} -o 'compression no' \ + -F $OBJ/ssh_proxy -1 -c $c somehost \ +- exec sh -c \'"dd of=/dev/null obs=32k"\' \ ++ exec sh -c \'"dd of=/dev/null bs=32k"\' \ + < ${DATA} ) 2>&1 | getbytes + if [ $? -ne 0 ]; then + fail "ssh -1 failed with cipher $c" +Index: openssh-6.8p1/regress/transfer.sh +=================================================================== +--- openssh-6.8p1.orig/regress/transfer.sh ++++ openssh-6.8p1/regress/transfer.sh +@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do + for s in 10 100 1k 32k 64k 128k 256k; do + trace "proto $p dd-size ${s}" + rm -f ${COPY} +- dd if=$DATA obs=${s} 2> /dev/null | \ ++ dd if=$DATA bs=${s} 2> /dev/null | \ + ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" +Index: openssh-6.8p1/regress/yes-head.sh +=================================================================== +--- openssh-6.8p1.orig/regress/yes-head.sh ++++ openssh-6.8p1/regress/yes-head.sh +@@ -4,7 +4,7 @@ + tid="yes pipe head" + + for p in ${SSH_PROTOCOLS}; do +- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` ++ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` + if [ $? -ne 0 ]; then + fail "yes|head test failed" + lines = 0; +Index: openssh-6.8p1/regress/key-options.sh +=================================================================== +--- openssh-6.8p1.orig/regress/key-options.sh ++++ openssh-6.8p1/regress/key-options.sh +@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do + fi + + sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys +- from=`head -1 $authkeys | cut -f1 -d ' '` ++ from=`head -n 1 $authkeys | cut -f1 -d ' '` + verbose "key option proto $p $from" + r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` + if [ "$r" = "true" ]; then diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init new file mode 100644 index 000000000..70d4a3465 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init @@ -0,0 +1,115 @@ +#! /bin/sh +set -e + +PIDFILE=/var/run/sshd.pid + +# source function library +. /etc/init.d/functions + +# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon + +test -x /usr/sbin/sshd || exit 0 +( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 + +# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS +if test -f /etc/default/ssh; then + . /etc/default/ssh +fi + +[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh +mkdir -p $SYSCONFDIR + +HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key +HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key +HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key +HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key + +check_for_no_start() { + # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists + if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then + echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)" + exit 0 + fi +} + +check_privsep_dir() { + # Create the PrivSep empty dir if necessary + if [ ! -d /var/run/sshd ]; then + mkdir /var/run/sshd + chmod 0755 /var/run/sshd + fi +} + +check_config() { + /usr/sbin/sshd -t || exit 1 +} + +check_keys() { + # create keys if necessary + if [ ! -f $HOST_KEY_RSA ]; then + echo " generating ssh RSA key..." + ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa + fi + if [ ! -f $HOST_KEY_ECDSA ]; then + echo " generating ssh ECDSA key..." + ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa + fi + if [ ! -f $HOST_KEY_DSA ]; then + echo " generating ssh DSA key..." + ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa + fi + if [ ! -f $HOST_KEY_ED25519 ]; then + echo " generating ssh ED25519 key..." + ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519 + fi +} + +export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" + +case "$1" in + start) + check_for_no_start + echo "Starting OpenBSD Secure Shell server: sshd" + check_keys + check_privsep_dir + start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS + echo "done." + ;; + stop) + echo -n "Stopping OpenBSD Secure Shell server: sshd" + start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd + echo "." + ;; + + reload|force-reload) + check_for_no_start + check_keys + check_config + echo -n "Reloading OpenBSD Secure Shell server's configuration" + start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd + echo "." + ;; + + restart) + check_keys + check_config + echo -n "Restarting OpenBSD Secure Shell server: sshd" + start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd + check_for_no_start + check_privsep_dir + sleep 2 + start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS + echo "." + ;; + + status) + status /usr/sbin/sshd + exit $? + ;; + + *) + echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}" + exit 1 +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/run-ptest new file mode 100755 index 000000000..36a3d2a7b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -0,0 +1,44 @@ +#!/bin/sh + +export TEST_SHELL=sh + +cd regress +sed -i "/\t\tagent-ptrace /d" Makefile +make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ + | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' + +SSHAGENT=`which ssh-agent` +GDB=`which gdb` + +if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then + echo "SKIP: agent-ptrace" + exit +fi + +useradd openssh-test + +eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null +r=$? +if [ $r -ne 0 ]; then + echo "FAIL: could not start ssh-agent: exit code $r" +else + su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF + quit +EOF + r=$? + if [ $r -ne 0 ]; then + echo "gdb failed: exit code $r" + fi + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out + r=$? + rm -f /tmp/gdb.out + if [ $r -ne 0 ]; then + echo "FAIL: ptrace agent" + else + echo "PASS: ptrace agent" + fi + + ${SSHAGENT} -k > /dev/null +fi +userdel openssh-test + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/ssh_config b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/ssh_config new file mode 100644 index 000000000..9e919156d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/ssh_config @@ -0,0 +1,48 @@ +# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * + ForwardAgent yes + ForwardX11 yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com +# RekeyLimit 1G 1h diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd new file mode 100644 index 000000000..4882e58b4 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd @@ -0,0 +1,10 @@ +#%PAM-1.0 + +auth include common-auth +account required pam_nologin.so +account include common-account +password include common-password +session optional pam_keyinit.so force revoke +session include common-session +session required pam_loginuid.so + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd.socket b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd.socket new file mode 100644 index 000000000..12c39b26b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=sshd.service + +[Socket] +ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd@.service b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd@.service new file mode 100644 index 000000000..9d83dfb2b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenSSH Per-Connection Daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service + +[Service] +Environment="SSHD_OPTS=" +EnvironmentFile=-/etc/default/ssh +ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS +ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +StandardInput=socket +StandardError=syslog +KillMode=process diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config new file mode 100644 index 000000000..d48bd2b98 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -0,0 +1,133 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation sandbox # Default for new installations. +#PermitUserEnvironment no +Compression no +ClientAliveInterval 15 +ClientAliveCountMax 4 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service new file mode 100644 index 000000000..148e6ad63 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -0,0 +1,22 @@ +[Unit] +Description=OpenSSH Key Generation +RequiresMountsFor=/var /run +ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key +ConditionPathExists=!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key + +[Service] +Environment="SYSCONFDIR=/etc/ssh" +EnvironmentFile=-/etc/default/ssh +ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519 +Type=oneshot +RemainAfterExit=yes diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd new file mode 100644 index 000000000..a0d2af3c6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd @@ -0,0 +1,2 @@ +d root root 0755 /var/run/sshd none +f root root 0644 /var/log/lastlog none diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb new file mode 100644 index 000000000..3b5e28a1d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb @@ -0,0 +1,161 @@ +SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine." +HOMEPAGE = "http://openssh.org" +SECTION = "console/network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" + +DEPENDS = "zlib openssl" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://sshd_config \ + file://ssh_config \ + file://init \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.socket \ + file://sshd@.service \ + file://sshdgenkeys.service \ + file://volatiles.99_sshd \ + file://add-test-support-for-busybox.patch \ + file://run-ptest \ + file://CVE-2016-1907_upstream_commit.patch \ + file://CVE-2016-1907_2.patch \ + file://CVE-2016-1907_3.patch " + +PAM_SRC_URI = "file://sshd" + +SRC_URI[md5sum] = "4d8547670e2a220d5ef805ad9e47acf2" +SRC_URI[sha256sum] = "dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd" + +inherit useradd update-rc.d update-alternatives systemd + +USERADD_PACKAGES = "${PN}-sshd" +USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +INITSCRIPT_PACKAGES = "${PN}-sshd" +INITSCRIPT_NAME_${PN}-sshd = "sshd" +INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}-sshd" +SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" + +inherit autotools-brokensep ptest + +# LFS support: +CFLAGS += "-D__FILE_OFFSET_BITS=64" + +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + --without-zlib-version-check \ + --with-privsep-path=/var/run/sshd \ + --sysconfdir=${sysconfdir}/ssh \ + --with-xauth=/usr/bin/xauth \ + --disable-strip \ + " + +# Since we do not depend on libbsd, we do not want configure to use it +# just because it finds libutil.h. But, specifying --disable-libutil +# causes compile errors, so... +CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" + +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + +# We don't want to depend on libblockfile +CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" + +# This is a workaround for uclibc because including stdio.h +# pulls in pthreads.h and causes conflicts in function prototypes. +# This results in compilation failure, so unless this is fixed, +# disable pam for uclibc. +EXTRA_OECONF_append_libc-uclibc=" --without-pam" + +do_configure_prepend () { + export LD="${CC}" + install -m 0644 ${WORKDIR}/sshd_config ${B}/ + install -m 0644 ${WORKDIR}/ssh_config ${B}/ + if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then + cp aclocal.m4 acinclude.m4 + fi +} + +do_compile_ptest() { + # skip regress/unittests/ binaries: this will silently skip + # unittests in run-ptests which is good because they are so slow. + oe_runmake regress/modpipe regress/setuid-allowed regress/netcat +} + +do_install_append () { + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11" ]; then + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd + rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin + rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} + install -d ${D}/${sysconfdir}/default/volatiles + install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd + install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} + + # Create config files for read-only rootfs + install -d ${D}${sysconfdir}/ssh + install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly + sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + + install -d ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service +} + +do_install_ptest () { + sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh + cp -r regress ${D}${PTEST_PATH} +} + +ALLOW_EMPTY_${PN} = "1" + +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" +FILES_${PN}-scp = "${bindir}/scp.${BPN}" +FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" +FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES_${PN}-sftp = "${bindir}/sftp" +FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES_${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make" + +RPROVIDES_${PN}-ssh = "ssh" +RPROVIDES_${PN}-sshd = "sshd" + +RCONFLICTS_${PN} = "dropbear" +RCONFLICTS_${PN}-sshd = "dropbear" +RCONFLICTS_${PN}-keygen = "ssh-keygen" + +CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" + +ALTERNATIVE_PRIORITY = "90" +ALTERNATIVE_${PN}-scp = "scp" +ALTERNATIVE_${PN}-ssh = "ssh" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc new file mode 100644 index 000000000..a5ddf4d4b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc @@ -0,0 +1,211 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +DEPENDS = "hostperl-runtime-native" +DEPENDS_append_class-target = " openssl-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + " +S = "${WORKDIR}/openssl-${PV}" + +PACKAGECONFIG[perl] = ",,," + +AR_append = " r" +TERMIO_libc-musl = "-DTERMIOS" +TERMIO ?= "-DTERMIO" +# Avoid binaries being marked as requiring an executable stack since it +# doesn't(which causes and this causes issues with SELinux +CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ + ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" + +export DIRS = "crypto ssl apps" +export EX_LIBS = "-lgcc -ldl" +export AS = "${CC} -c" +EXTRA_OEMAKE = "-e MAKEFLAGS=" + +inherit pkgconfig siteinfo multilib_header ptest + +PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_${PN} =+ " ${libdir}/ssl/*" +FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" +RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the base openssl package and the libcrypto +# package since the base openssl package depends on the libcrypto package. +FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" + +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +EXTRA_OECONF = " -no-ssl3" + +do_configure_prepend_darwin () { + sed -i -e '/version-script=openssl\.ld/d' Configure +} + +do_configure () { + cd util + perl perlpath.pl ${STAGING_BINDIR_NATIVE} + cd .. + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ + + os=${HOST_OS} + case $os in + linux-uclibc |\ + linux-uclibceabi |\ + linux-gnueabi |\ + linux-uclibcspe |\ + linux-gnuspe |\ + linux-musl*) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-elf-armeb + ;; + linux-aarch64*) + target=linux-generic64 + ;; + linux-sh3) + target=debian-sh3 + ;; + linux-sh4) + target=debian-sh4 + ;; + linux-i486) + target=debian-i386-i486 + ;; + linux-i586 | linux-viac3) + target=debian-i386-i586 + ;; + linux-i686) + target=debian-i386-i686/cmov + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + target=debian-mips + ;; + linux-mipsel) + target=debian-mipsel + ;; + linux-*-mips64 | linux-mips64) + target=linux-mips + ;; + linux-microblaze*|linux-nios2*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv8 + ;; + linux-sparc) + target=linux-sparcv8 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + # inject machine-specific flags + sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target +} + +do_compile_prepend_class-target () { + sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile +} + +do_compile () { + oe_runmake +} + +do_compile_ptest () { + oe_runmake buildtest +} + +do_install () { + # Create ${D}/${prefix} to fix parallel issues + mkdir -p ${D}/${prefix}/ + + oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install + + oe_libinstall -so libcrypto ${D}${libdir} + oe_libinstall -so libssl ${D}${libdir} + + install -d ${D}${includedir} + cp --dereference -R include/openssl ${D}${includedir} + + oe_multilib_header openssl/opensslconf.h + if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then + install -m 0755 ${S}/tools/c_rehash ${D}${bindir} + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget + # The c_rehash utility isn't installed by the normal installation process. + else + rm -f ${D}${bindir}/c_rehash + rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget + fi +} + +do_install_ptest () { + cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} + cp Configure config e_os.h ${D}${PTEST_PATH} + cp -r -L include ${D}${PTEST_PATH} + ln -sf ${base_libdir}/libcrypto.a ${D}${PTEST_PATH} + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/crypto + cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto + cp -r certs ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps + cp apps/server2.pem ${D}${PTEST_PATH}/apps + mkdir -p ${D}${PTEST_PATH}/util + install util/opensslwrap.sh ${D}${PTEST_PATH}/util + install util/shlib_wrap.sh ${D}${PTEST_PATH}/util +} + +do_install_append_class-native() { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl/certs \ + SSL_CERT_FILE=${libdir}/ssl/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl/engines +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch new file mode 100644 index 000000000..249446a5b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch @@ -0,0 +1,77 @@ +Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests +cross-compiled. + +Signed-off-by: Anders Roxell <anders.roxell@enea.com> +Signed-off-by: Maxin B. John <maxin.john@enea.com> +Upstream-Status: Pending +--- +Index: openssl-1.0.2/Makefile.org +=================================================================== +--- openssl-1.0.2.orig/Makefile.org ++++ openssl-1.0.2/Makefile.org +@@ -451,8 +451,16 @@ rehash.time: certs apps + test: tests + + tests: rehash ++ $(MAKE) buildtest ++ $(MAKE) runtest ++ ++buildtest: ++ @(cd test && \ ++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps); ++ ++runtest: + @(cd test && echo "testing..." && \ +- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); ++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests ); + OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a + + report: +Index: openssl-1.0.2/test/Makefile +=================================================================== +--- openssl-1.0.2.orig/test/Makefile ++++ openssl-1.0.2/test/Makefile +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) + apps: + @(cd ..; $(MAKE) DIRS=apps all) + +-alltests: \ ++all-tests= \ + test_des test_idea test_sha test_md4 test_md5 test_hmac \ + test_md2 test_mdc2 test_wp \ + test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ +@@ -148,6 +148,11 @@ alltests: \ + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ + test_constant_time + ++alltests: ++ @(for i in $(all-tests); do \ ++ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ ++ done) ++ + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt + ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt + +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem + @sh ./trsa 2>/dev/null + ../util/shlib_wrap.sh ./$(RSATEST) + +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test + sh ./testtsa; \ + fi + +-test_ige: $(IGETEST)$(EXE_EXT) ++test_ige: + @echo "Test IGE mode" + ../util/shlib_wrap.sh ./$(IGETEST) + +-test_jpake: $(JPAKETEST)$(EXE_EXT) ++test_jpake: + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./$(JPAKETEST) + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch new file mode 100644 index 000000000..613dc7b71 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch @@ -0,0 +1,27 @@ +Add musl triplet support + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Index: openssl-1.0.2a/Configure +=================================================================== +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -431,7 +431,7 @@ my %table=( + # + # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 + # +-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # Configure script adds minimally required -march for assembly support, + # if no -march was specified at command line. mips32 and mips64 below +@@ -504,6 +504,8 @@ my %table=( + "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch new file mode 100644 index 000000000..691e74afb --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch @@ -0,0 +1,37 @@ +Upstream-Status: Inappropriate [embedded specific] + +The number of colons are important :) + + +--- + Configure | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +Index: openssl-1.0.2a/Configure +=================================================================== +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -443,6 +443,23 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + ++ ++# Linux on ARM ++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ ++"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", ++ ++#### Linux on MIPS/MIPS64 ++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + # Android: linux-* but without pointers to headers and libs. + "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch new file mode 100644 index 000000000..af3989f62 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch @@ -0,0 +1,35 @@ +Upstream-Status: Backport + +When building on x32 systems where the default type is 32bit, make sure +we can transparently represent 64bit integers. Otherwise we end up with +build errors like: +/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s +Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. +... +ghash-x86_64.s: Assembler messages: +ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression + +We don't enable this globally as there are some cases where we'd get +32bit values interpreted as unsigned when we need them as signed. + +Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> +URL: https://bugs.gentoo.org/542618 + +Signed-off-By: Armin Kuster <akuster@mvista.com> + +Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl +=================================================================== +--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl ++++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl +@@ -194,7 +194,10 @@ my %globals; + } + sub out { + my $self = shift; +- ++ # When building on x32 ABIs, the expanded hex value might be too ++ # big to fit into 32bits. Enable transparent 64bit support here ++ # so we can safely print it out. ++ use bigint; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch new file mode 100644 index 000000000..68e54d561 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch @@ -0,0 +1,71 @@ +From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel <ludwig.nussel@suse.de> +Date: Wed, 21 Apr 2010 15:52:10 +0200 +Subject: [PATCH] also create old hash for compatibility + +Upstream-Status: Backport [debian] + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index b086ff9..b777d79 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -8,8 +8,6 @@ my $prefix; + + my $openssl = $ENV{OPENSSL} || "openssl"; + my $pwd; +-my $x509hash = "-subject_hash"; +-my $crlhash = "-hash"; + my $verbose = 0; + my $symlink_exists=eval {symlink("",""); 1}; + my $removelinks = 1; +@@ -18,10 +16,7 @@ my $removelinks = 1; + while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); +- if ( $flag eq '-old') { +- $x509hash = "-subject_hash_old"; +- $crlhash = "-hash_old"; +- } elsif ( $flag eq '-h') { ++ if ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; +@@ -113,7 +108,9 @@ sub hash_dir { + next; + } + link_hash_cert($fname) if($cert); ++ link_hash_cert_old($fname) if($cert); + link_hash_crl($fname) if($crl); ++ link_hash_crl_old($fname) if($crl); + } + } + +@@ -146,6 +143,7 @@ sub check_file { + + sub link_hash_cert { + my $fname = $_[0]; ++ my $x509hash = $_[1] || '-subject_hash'; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; +@@ -176,11 +174,21 @@ sub link_hash_cert { + $hashlist{$hash} = $fprint; + } + ++sub link_hash_cert_old { ++ link_hash_cert($_[0], '-subject_hash_old'); ++} ++ ++sub link_hash_crl_old { ++ link_hash_crl($_[0], '-hash_old'); ++} ++ ++ + # Same as above except for a CRL. CRL links are of the form <hash>.r<n> + + sub link_hash_crl { + my $fname = $_[0]; ++ my $crlhash = $_[1] || "-hash"; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch new file mode 100644 index 000000000..aba4d4298 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch @@ -0,0 +1,22 @@ +Upstream-Status: Backport [debian] + +Index: openssl-0.9.8m/apps/CA.pl.in +=================================================================== +--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 ++++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 +@@ -65,6 +65,7 @@ + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch new file mode 100644 index 000000000..39d432818 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch @@ -0,0 +1,73 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.2/Configure +=================================================================== +--- openssl-1.0.2.orig/Configure ++++ openssl-1.0.2/Configure +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic + + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; + ++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS ++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++$debian_cflags =~ s/\n/ /g; ++ + my $strict_warnings = 0; + + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +@@ -343,6 +347,55 @@ my %table=( + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", ++ + #### + #### Variety of LINUX:-) + #### diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch new file mode 100644 index 000000000..4085e3b1d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 +@@ -131,7 +131,7 @@ + + MAKEFILE= Makefile + +-MANDIR=$(OPENSSLDIR)/man ++MANDIR=/usr/share/man + MAN1=1 + MAN3=3 + MANSUFFIX= diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch new file mode 100644 index 000000000..21c1d1a4e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch @@ -0,0 +1,34 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 +@@ -160,7 +160,8 @@ + MANDIR=/usr/share/man + MAN1=1 + MAN3=3 +-MANSUFFIX= ++MANSUFFIX=ssl ++MANSECTION=SSL + HTMLSUFFIX=html + HTMLDIR=$(OPENSSLDIR)/html + SHELL=/bin/sh +@@ -651,7 +652,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ +@@ -668,7 +669,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch new file mode 100644 index 000000000..1ccb3b86e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch new file mode 100644 index 000000000..cc4408ab7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch @@ -0,0 +1,15 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.0c/Makefile.shared +=================================================================== +--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 ++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 +@@ -151,7 +151,7 @@ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch new file mode 100644 index 000000000..bfda3888b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch @@ -0,0 +1,177 @@ +Upstream-Status: Backport [debian] + +Index: openssl-1.0.1c/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 ++++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -16,6 +16,11 @@ + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +Index: openssl-1.0.1c/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 ++++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -122,7 +122,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -185,7 +189,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -218,7 +226,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -261,7 +273,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 ++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -161,6 +161,7 @@ + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } ++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } + } + push(@out,$initseg) if ($initseg); + } +@@ -218,8 +219,23 @@ + elsif ($::elf) + { $initseg.=<<___; + .section .init ++___ ++ if ($::pic) ++ { $initseg.=<<___; ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $f\@PLT ++ popl %ebx ++___ ++ } ++ else ++ { $initseg.=<<___; + call $f + ___ ++ } + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +Index: openssl-1.0.1c/crypto/x86cpuid.pl +=================================================================== +--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 ++++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 +@@ -8,6 +8,8 @@ + + for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + ++push(@out, ".hidden OPENSSL_ia32cap_P\n"); ++ + &function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); +@@ -139,9 +141,7 @@ + &set_label("nocpuid"); + &function_end("OPENSSL_ia32_cpuid"); + +-&external_label("OPENSSL_ia32cap_P"); +- +-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_rdtsc"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); +@@ -155,7 +155,7 @@ + # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], + # but it's safe to call it on any [supported] 32-bit platform... + # Just check for [non-]zero return value... +-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_instrument_halt"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC +@@ -222,7 +222,7 @@ + &ret (); + &function_end_B("OPENSSL_far_spin"); + +-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_wipe_cpu"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch new file mode 100644 index 000000000..a24918000 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch @@ -0,0 +1,4663 @@ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure +=================================================================== +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 +@@ -1651,6 +1651,8 @@ + } + } + ++$shared_ldflag .= " -Wl,--version-script=openssl.ld"; ++ + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; + unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; + open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 +@@ -0,0 +1,4615 @@ ++OPENSSL_1.0.0 { ++ global: ++ BIO_f_ssl; ++ BIO_new_buffer_ssl_connect; ++ BIO_new_ssl; ++ BIO_new_ssl_connect; ++ BIO_proxy_ssl_copy_session_id; ++ BIO_ssl_copy_session_id; ++ BIO_ssl_shutdown; ++ d2i_SSL_SESSION; ++ DTLSv1_client_method; ++ DTLSv1_method; ++ DTLSv1_server_method; ++ ERR_load_SSL_strings; ++ i2d_SSL_SESSION; ++ kssl_build_principal_2; ++ kssl_cget_tkt; ++ kssl_check_authent; ++ kssl_ctx_free; ++ kssl_ctx_new; ++ kssl_ctx_setkey; ++ kssl_ctx_setprinc; ++ kssl_ctx_setstring; ++ kssl_ctx_show; ++ kssl_err_set; ++ kssl_krb5_free_data_contents; ++ kssl_sget_tkt; ++ kssl_skip_confound; ++ kssl_validate_times; ++ PEM_read_bio_SSL_SESSION; ++ PEM_read_SSL_SESSION; ++ PEM_write_bio_SSL_SESSION; ++ PEM_write_SSL_SESSION; ++ SSL_accept; ++ SSL_add_client_CA; ++ SSL_add_dir_cert_subjects_to_stack; ++ SSL_add_dir_cert_subjs_to_stk; ++ SSL_add_file_cert_subjects_to_stack; ++ SSL_add_file_cert_subjs_to_stk; ++ SSL_alert_desc_string; ++ SSL_alert_desc_string_long; ++ SSL_alert_type_string; ++ SSL_alert_type_string_long; ++ SSL_callback_ctrl; ++ SSL_check_private_key; ++ SSL_CIPHER_description; ++ SSL_CIPHER_get_bits; ++ SSL_CIPHER_get_name; ++ SSL_CIPHER_get_version; ++ SSL_clear; ++ SSL_COMP_add_compression_method; ++ SSL_COMP_get_compression_methods; ++ SSL_COMP_get_compress_methods; ++ SSL_COMP_get_name; ++ SSL_connect; ++ SSL_copy_session_id; ++ SSL_ctrl; ++ SSL_CTX_add_client_CA; ++ SSL_CTX_add_session; ++ SSL_CTX_callback_ctrl; ++ SSL_CTX_check_private_key; ++ SSL_CTX_ctrl; ++ SSL_CTX_flush_sessions; ++ SSL_CTX_free; ++ SSL_CTX_get_cert_store; ++ SSL_CTX_get_client_CA_list; ++ SSL_CTX_get_client_cert_cb; ++ SSL_CTX_get_ex_data; ++ SSL_CTX_get_ex_new_index; ++ SSL_CTX_get_info_callback; ++ SSL_CTX_get_quiet_shutdown; ++ SSL_CTX_get_timeout; ++ SSL_CTX_get_verify_callback; ++ SSL_CTX_get_verify_depth; ++ SSL_CTX_get_verify_mode; ++ SSL_CTX_load_verify_locations; ++ SSL_CTX_new; ++ SSL_CTX_remove_session; ++ SSL_CTX_sess_get_get_cb; ++ SSL_CTX_sess_get_new_cb; ++ SSL_CTX_sess_get_remove_cb; ++ SSL_CTX_sessions; ++ SSL_CTX_sess_set_get_cb; ++ SSL_CTX_sess_set_new_cb; ++ SSL_CTX_sess_set_remove_cb; ++ SSL_CTX_set1_param; ++ SSL_CTX_set_cert_store; ++ SSL_CTX_set_cert_verify_callback; ++ SSL_CTX_set_cert_verify_cb; ++ SSL_CTX_set_cipher_list; ++ SSL_CTX_set_client_CA_list; ++ SSL_CTX_set_client_cert_cb; ++ SSL_CTX_set_client_cert_engine; ++ SSL_CTX_set_cookie_generate_cb; ++ SSL_CTX_set_cookie_verify_cb; ++ SSL_CTX_set_default_passwd_cb; ++ SSL_CTX_set_default_passwd_cb_userdata; ++ SSL_CTX_set_default_verify_paths; ++ SSL_CTX_set_def_passwd_cb_ud; ++ SSL_CTX_set_def_verify_paths; ++ SSL_CTX_set_ex_data; ++ SSL_CTX_set_generate_session_id; ++ SSL_CTX_set_info_callback; ++ SSL_CTX_set_msg_callback; ++ SSL_CTX_set_psk_client_callback; ++ SSL_CTX_set_psk_server_callback; ++ SSL_CTX_set_purpose; ++ SSL_CTX_set_quiet_shutdown; ++ SSL_CTX_set_session_id_context; ++ SSL_CTX_set_ssl_version; ++ SSL_CTX_set_timeout; ++ SSL_CTX_set_tmp_dh_callback; ++ SSL_CTX_set_tmp_ecdh_callback; ++ SSL_CTX_set_tmp_rsa_callback; ++ SSL_CTX_set_trust; ++ SSL_CTX_set_verify; ++ SSL_CTX_set_verify_depth; ++ SSL_CTX_use_cert_chain_file; ++ SSL_CTX_use_certificate; ++ SSL_CTX_use_certificate_ASN1; ++ SSL_CTX_use_certificate_chain_file; ++ SSL_CTX_use_certificate_file; ++ SSL_CTX_use_PrivateKey; ++ SSL_CTX_use_PrivateKey_ASN1; ++ SSL_CTX_use_PrivateKey_file; ++ SSL_CTX_use_psk_identity_hint; ++ SSL_CTX_use_RSAPrivateKey; ++ SSL_CTX_use_RSAPrivateKey_ASN1; ++ SSL_CTX_use_RSAPrivateKey_file; ++ SSL_do_handshake; ++ SSL_dup; ++ SSL_dup_CA_list; ++ SSLeay_add_ssl_algorithms; ++ SSL_free; ++ SSL_get1_session; ++ SSL_get_certificate; ++ SSL_get_cipher_list; ++ SSL_get_ciphers; ++ SSL_get_client_CA_list; ++ SSL_get_current_cipher; ++ SSL_get_current_compression; ++ SSL_get_current_expansion; ++ SSL_get_default_timeout; ++ SSL_get_error; ++ SSL_get_ex_data; ++ SSL_get_ex_data_X509_STORE_CTX_idx; ++ SSL_get_ex_d_X509_STORE_CTX_idx; ++ SSL_get_ex_new_index; ++ SSL_get_fd; ++ SSL_get_finished; ++ SSL_get_info_callback; ++ SSL_get_peer_cert_chain; ++ SSL_get_peer_certificate; ++ SSL_get_peer_finished; ++ SSL_get_privatekey; ++ SSL_get_psk_identity; ++ SSL_get_psk_identity_hint; ++ SSL_get_quiet_shutdown; ++ SSL_get_rbio; ++ SSL_get_read_ahead; ++ SSL_get_rfd; ++ SSL_get_servername; ++ SSL_get_servername_type; ++ SSL_get_session; ++ SSL_get_shared_ciphers; ++ SSL_get_shutdown; ++ SSL_get_SSL_CTX; ++ SSL_get_ssl_method; ++ SSL_get_verify_callback; ++ SSL_get_verify_depth; ++ SSL_get_verify_mode; ++ SSL_get_verify_result; ++ SSL_get_version; ++ SSL_get_wbio; ++ SSL_get_wfd; ++ SSL_has_matching_session_id; ++ SSL_library_init; ++ SSL_load_client_CA_file; ++ SSL_load_error_strings; ++ SSL_new; ++ SSL_peek; ++ SSL_pending; ++ SSL_read; ++ SSL_renegotiate; ++ SSL_renegotiate_pending; ++ SSL_rstate_string; ++ SSL_rstate_string_long; ++ SSL_SESSION_cmp; ++ SSL_SESSION_free; ++ SSL_SESSION_get_ex_data; ++ SSL_SESSION_get_ex_new_index; ++ SSL_SESSION_get_id; ++ SSL_SESSION_get_time; ++ SSL_SESSION_get_timeout; ++ SSL_SESSION_hash; ++ SSL_SESSION_new; ++ SSL_SESSION_print; ++ SSL_SESSION_print_fp; ++ SSL_SESSION_set_ex_data; ++ SSL_SESSION_set_time; ++ SSL_SESSION_set_timeout; ++ SSL_set1_param; ++ SSL_set_accept_state; ++ SSL_set_bio; ++ SSL_set_cipher_list; ++ SSL_set_client_CA_list; ++ SSL_set_connect_state; ++ SSL_set_ex_data; ++ SSL_set_fd; ++ SSL_set_generate_session_id; ++ SSL_set_info_callback; ++ SSL_set_msg_callback; ++ SSL_set_psk_client_callback; ++ SSL_set_psk_server_callback; ++ SSL_set_purpose; ++ SSL_set_quiet_shutdown; ++ SSL_set_read_ahead; ++ SSL_set_rfd; ++ SSL_set_session; ++ SSL_set_session_id_context; ++ SSL_set_session_secret_cb; ++ SSL_set_session_ticket_ext; ++ SSL_set_session_ticket_ext_cb; ++ SSL_set_shutdown; ++ SSL_set_SSL_CTX; ++ SSL_set_ssl_method; ++ SSL_set_tmp_dh_callback; ++ SSL_set_tmp_ecdh_callback; ++ SSL_set_tmp_rsa_callback; ++ SSL_set_trust; ++ SSL_set_verify; ++ SSL_set_verify_depth; ++ SSL_set_verify_result; ++ SSL_set_wfd; ++ SSL_shutdown; ++ SSL_state; ++ SSL_state_string; ++ SSL_state_string_long; ++ SSL_use_certificate; ++ SSL_use_certificate_ASN1; ++ SSL_use_certificate_file; ++ SSL_use_PrivateKey; ++ SSL_use_PrivateKey_ASN1; ++ SSL_use_PrivateKey_file; ++ SSL_use_psk_identity_hint; ++ SSL_use_RSAPrivateKey; ++ SSL_use_RSAPrivateKey_ASN1; ++ SSL_use_RSAPrivateKey_file; ++ SSLv23_client_method; ++ SSLv23_method; ++ SSLv23_server_method; ++ SSLv2_client_method; ++ SSLv2_method; ++ SSLv2_server_method; ++ SSLv3_client_method; ++ SSLv3_method; ++ SSLv3_server_method; ++ SSL_version; ++ SSL_want; ++ SSL_write; ++ TLSv1_client_method; ++ TLSv1_method; ++ TLSv1_server_method; ++ ++ ++ SSLeay; ++ SSLeay_version; ++ ASN1_BIT_STRING_asn1_meth; ++ ASN1_HEADER_free; ++ ASN1_HEADER_new; ++ ASN1_IA5STRING_asn1_meth; ++ ASN1_INTEGER_get; ++ ASN1_INTEGER_set; ++ ASN1_INTEGER_to_BN; ++ ASN1_OBJECT_create; ++ ASN1_OBJECT_free; ++ ASN1_OBJECT_new; ++ ASN1_PRINTABLE_type; ++ ASN1_STRING_cmp; ++ ASN1_STRING_dup; ++ ASN1_STRING_free; ++ ASN1_STRING_new; ++ ASN1_STRING_print; ++ ASN1_STRING_set; ++ ASN1_STRING_type_new; ++ ASN1_TYPE_free; ++ ASN1_TYPE_new; ++ ASN1_UNIVERSALSTRING_to_string; ++ ASN1_UTCTIME_check; ++ ASN1_UTCTIME_print; ++ ASN1_UTCTIME_set; ++ ASN1_check_infinite_end; ++ ASN1_d2i_bio; ++ ASN1_d2i_fp; ++ ASN1_digest; ++ ASN1_dup; ++ ASN1_get_object; ++ ASN1_i2d_bio; ++ ASN1_i2d_fp; ++ ASN1_object_size; ++ ASN1_parse; ++ ASN1_put_object; ++ ASN1_sign; ++ ASN1_verify; ++ BF_cbc_encrypt; ++ BF_cfb64_encrypt; ++ BF_ecb_encrypt; ++ BF_encrypt; ++ BF_ofb64_encrypt; ++ BF_options; ++ BF_set_key; ++ BIO_CONNECT_free; ++ BIO_CONNECT_new; ++ BIO_accept; ++ BIO_ctrl; ++ BIO_int_ctrl; ++ BIO_debug_callback; ++ BIO_dump; ++ BIO_dup_chain; ++ BIO_f_base64; ++ BIO_f_buffer; ++ BIO_f_cipher; ++ BIO_f_md; ++ BIO_f_null; ++ BIO_f_proxy_server; ++ BIO_fd_non_fatal_error; ++ BIO_fd_should_retry; ++ BIO_find_type; ++ BIO_free; ++ BIO_free_all; ++ BIO_get_accept_socket; ++ BIO_get_filter_bio; ++ BIO_get_host_ip; ++ BIO_get_port; ++ BIO_get_retry_BIO; ++ BIO_get_retry_reason; ++ BIO_gethostbyname; ++ BIO_gets; ++ BIO_new; ++ BIO_new_accept; ++ BIO_new_connect; ++ BIO_new_fd; ++ BIO_new_file; ++ BIO_new_fp; ++ BIO_new_socket; ++ BIO_pop; ++ BIO_printf; ++ BIO_push; ++ BIO_puts; ++ BIO_read; ++ BIO_s_accept; ++ BIO_s_connect; ++ BIO_s_fd; ++ BIO_s_file; ++ BIO_s_mem; ++ BIO_s_null; ++ BIO_s_proxy_client; ++ BIO_s_socket; ++ BIO_set; ++ BIO_set_cipher; ++ BIO_set_tcp_ndelay; ++ BIO_sock_cleanup; ++ BIO_sock_error; ++ BIO_sock_init; ++ BIO_sock_non_fatal_error; ++ BIO_sock_should_retry; ++ BIO_socket_ioctl; ++ BIO_write; ++ BN_CTX_free; ++ BN_CTX_new; ++ BN_MONT_CTX_free; ++ BN_MONT_CTX_new; ++ BN_MONT_CTX_set; ++ BN_add; ++ BN_add_word; ++ BN_hex2bn; ++ BN_bin2bn; ++ BN_bn2hex; ++ BN_bn2bin; ++ BN_clear; ++ BN_clear_bit; ++ BN_clear_free; ++ BN_cmp; ++ BN_copy; ++ BN_div; ++ BN_div_word; ++ BN_dup; ++ BN_free; ++ BN_from_montgomery; ++ BN_gcd; ++ BN_generate_prime; ++ BN_get_word; ++ BN_is_bit_set; ++ BN_is_prime; ++ BN_lshift; ++ BN_lshift1; ++ BN_mask_bits; ++ BN_mod; ++ BN_mod_exp; ++ BN_mod_exp_mont; ++ BN_mod_exp_simple; ++ BN_mod_inverse; ++ BN_mod_mul; ++ BN_mod_mul_montgomery; ++ BN_mod_word; ++ BN_mul; ++ BN_new; ++ BN_num_bits; ++ BN_num_bits_word; ++ BN_options; ++ BN_print; ++ BN_print_fp; ++ BN_rand; ++ BN_reciprocal; ++ BN_rshift; ++ BN_rshift1; ++ BN_set_bit; ++ BN_set_word; ++ BN_sqr; ++ BN_sub; ++ BN_to_ASN1_INTEGER; ++ BN_ucmp; ++ BN_value_one; ++ BUF_MEM_free; ++ BUF_MEM_grow; ++ BUF_MEM_new; ++ BUF_strdup; ++ CONF_free; ++ CONF_get_number; ++ CONF_get_section; ++ CONF_get_string; ++ CONF_load; ++ CRYPTO_add_lock; ++ CRYPTO_dbg_free; ++ CRYPTO_dbg_malloc; ++ CRYPTO_dbg_realloc; ++ CRYPTO_dbg_remalloc; ++ CRYPTO_free; ++ CRYPTO_get_add_lock_callback; ++ CRYPTO_get_id_callback; ++ CRYPTO_get_lock_name; ++ CRYPTO_get_locking_callback; ++ CRYPTO_get_mem_functions; ++ CRYPTO_lock; ++ CRYPTO_malloc; ++ CRYPTO_mem_ctrl; ++ CRYPTO_mem_leaks; ++ CRYPTO_mem_leaks_cb; ++ CRYPTO_mem_leaks_fp; ++ CRYPTO_realloc; ++ CRYPTO_remalloc; ++ CRYPTO_set_add_lock_callback; ++ CRYPTO_set_id_callback; ++ CRYPTO_set_locking_callback; ++ CRYPTO_set_mem_functions; ++ CRYPTO_thread_id; ++ DH_check; ++ DH_compute_key; ++ DH_free; ++ DH_generate_key; ++ DH_generate_parameters; ++ DH_new; ++ DH_size; ++ DHparams_print; ++ DHparams_print_fp; ++ DSA_free; ++ DSA_generate_key; ++ DSA_generate_parameters; ++ DSA_is_prime; ++ DSA_new; ++ DSA_print; ++ DSA_print_fp; ++ DSA_sign; ++ DSA_sign_setup; ++ DSA_size; ++ DSA_verify; ++ DSAparams_print; ++ DSAparams_print_fp; ++ ERR_clear_error; ++ ERR_error_string; ++ ERR_free_strings; ++ ERR_func_error_string; ++ ERR_get_err_state_table; ++ ERR_get_error; ++ ERR_get_error_line; ++ ERR_get_state; ++ ERR_get_string_table; ++ ERR_lib_error_string; ++ ERR_load_ASN1_strings; ++ ERR_load_BIO_strings; ++ ERR_load_BN_strings; ++ ERR_load_BUF_strings; ++ ERR_load_CONF_strings; ++ ERR_load_DH_strings; ++ ERR_load_DSA_strings; ++ ERR_load_ERR_strings; ++ ERR_load_EVP_strings; ++ ERR_load_OBJ_strings; ++ ERR_load_PEM_strings; ++ ERR_load_PROXY_strings; ++ ERR_load_RSA_strings; ++ ERR_load_X509_strings; ++ ERR_load_crypto_strings; ++ ERR_load_strings; ++ ERR_peek_error; ++ ERR_peek_error_line; ++ ERR_print_errors; ++ ERR_print_errors_fp; ++ ERR_put_error; ++ ERR_reason_error_string; ++ ERR_remove_state; ++ EVP_BytesToKey; ++ EVP_CIPHER_CTX_cleanup; ++ EVP_CipherFinal; ++ EVP_CipherInit; ++ EVP_CipherUpdate; ++ EVP_DecodeBlock; ++ EVP_DecodeFinal; ++ EVP_DecodeInit; ++ EVP_DecodeUpdate; ++ EVP_DecryptFinal; ++ EVP_DecryptInit; ++ EVP_DecryptUpdate; ++ EVP_DigestFinal; ++ EVP_DigestInit; ++ EVP_DigestUpdate; ++ EVP_EncodeBlock; ++ EVP_EncodeFinal; ++ EVP_EncodeInit; ++ EVP_EncodeUpdate; ++ EVP_EncryptFinal; ++ EVP_EncryptInit; ++ EVP_EncryptUpdate; ++ EVP_OpenFinal; ++ EVP_OpenInit; ++ EVP_PKEY_assign; ++ EVP_PKEY_copy_parameters; ++ EVP_PKEY_free; ++ EVP_PKEY_missing_parameters; ++ EVP_PKEY_new; ++ EVP_PKEY_save_parameters; ++ EVP_PKEY_size; ++ EVP_PKEY_type; ++ EVP_SealFinal; ++ EVP_SealInit; ++ EVP_SignFinal; ++ EVP_VerifyFinal; ++ EVP_add_alias; ++ EVP_add_cipher; ++ EVP_add_digest; ++ EVP_bf_cbc; ++ EVP_bf_cfb64; ++ EVP_bf_ecb; ++ EVP_bf_ofb; ++ EVP_cleanup; ++ EVP_des_cbc; ++ EVP_des_cfb64; ++ EVP_des_ecb; ++ EVP_des_ede; ++ EVP_des_ede3; ++ EVP_des_ede3_cbc; ++ EVP_des_ede3_cfb64; ++ EVP_des_ede3_ofb; ++ EVP_des_ede_cbc; ++ EVP_des_ede_cfb64; ++ EVP_des_ede_ofb; ++ EVP_des_ofb; ++ EVP_desx_cbc; ++ EVP_dss; ++ EVP_dss1; ++ EVP_enc_null; ++ EVP_get_cipherbyname; ++ EVP_get_digestbyname; ++ EVP_get_pw_prompt; ++ EVP_idea_cbc; ++ EVP_idea_cfb64; ++ EVP_idea_ecb; ++ EVP_idea_ofb; ++ EVP_md2; ++ EVP_md5; ++ EVP_md_null; ++ EVP_rc2_cbc; ++ EVP_rc2_cfb64; ++ EVP_rc2_ecb; ++ EVP_rc2_ofb; ++ EVP_rc4; ++ EVP_read_pw_string; ++ EVP_set_pw_prompt; ++ EVP_sha; ++ EVP_sha1; ++ MD2; ++ MD2_Final; ++ MD2_Init; ++ MD2_Update; ++ MD2_options; ++ MD5; ++ MD5_Final; ++ MD5_Init; ++ MD5_Update; ++ MDC2; ++ MDC2_Final; ++ MDC2_Init; ++ MDC2_Update; ++ NETSCAPE_SPKAC_free; ++ NETSCAPE_SPKAC_new; ++ NETSCAPE_SPKI_free; ++ NETSCAPE_SPKI_new; ++ NETSCAPE_SPKI_sign; ++ NETSCAPE_SPKI_verify; ++ OBJ_add_object; ++ OBJ_bsearch; ++ OBJ_cleanup; ++ OBJ_cmp; ++ OBJ_create; ++ OBJ_dup; ++ OBJ_ln2nid; ++ OBJ_new_nid; ++ OBJ_nid2ln; ++ OBJ_nid2obj; ++ OBJ_nid2sn; ++ OBJ_obj2nid; ++ OBJ_sn2nid; ++ OBJ_txt2nid; ++ PEM_ASN1_read; ++ PEM_ASN1_read_bio; ++ PEM_ASN1_write; ++ PEM_ASN1_write_bio; ++ PEM_SealFinal; ++ PEM_SealInit; ++ PEM_SealUpdate; ++ PEM_SignFinal; ++ PEM_SignInit; ++ PEM_SignUpdate; ++ PEM_X509_INFO_read; ++ PEM_X509_INFO_read_bio; ++ PEM_X509_INFO_write_bio; ++ PEM_dek_info; ++ PEM_do_header; ++ PEM_get_EVP_CIPHER_INFO; ++ PEM_proc_type; ++ PEM_read; ++ PEM_read_DHparams; ++ PEM_read_DSAPrivateKey; ++ PEM_read_DSAparams; ++ PEM_read_PKCS7; ++ PEM_read_PrivateKey; ++ PEM_read_RSAPrivateKey; ++ PEM_read_X509; ++ PEM_read_X509_CRL; ++ PEM_read_X509_REQ; ++ PEM_read_bio; ++ PEM_read_bio_DHparams; ++ PEM_read_bio_DSAPrivateKey; ++ PEM_read_bio_DSAparams; ++ PEM_read_bio_PKCS7; ++ PEM_read_bio_PrivateKey; ++ PEM_read_bio_RSAPrivateKey; ++ PEM_read_bio_X509; ++ PEM_read_bio_X509_CRL; ++ PEM_read_bio_X509_REQ; ++ PEM_write; ++ PEM_write_DHparams; ++ PEM_write_DSAPrivateKey; ++ PEM_write_DSAparams; ++ PEM_write_PKCS7; ++ PEM_write_PrivateKey; ++ PEM_write_RSAPrivateKey; ++ PEM_write_X509; ++ PEM_write_X509_CRL; ++ PEM_write_X509_REQ; ++ PEM_write_bio; ++ PEM_write_bio_DHparams; ++ PEM_write_bio_DSAPrivateKey; ++ PEM_write_bio_DSAparams; ++ PEM_write_bio_PKCS7; ++ PEM_write_bio_PrivateKey; ++ PEM_write_bio_RSAPrivateKey; ++ PEM_write_bio_X509; ++ PEM_write_bio_X509_CRL; ++ PEM_write_bio_X509_REQ; ++ PKCS7_DIGEST_free; ++ PKCS7_DIGEST_new; ++ PKCS7_ENCRYPT_free; ++ PKCS7_ENCRYPT_new; ++ PKCS7_ENC_CONTENT_free; ++ PKCS7_ENC_CONTENT_new; ++ PKCS7_ENVELOPE_free; ++ PKCS7_ENVELOPE_new; ++ PKCS7_ISSUER_AND_SERIAL_digest; ++ PKCS7_ISSUER_AND_SERIAL_free; ++ PKCS7_ISSUER_AND_SERIAL_new; ++ PKCS7_RECIP_INFO_free; ++ PKCS7_RECIP_INFO_new; ++ PKCS7_SIGNED_free; ++ PKCS7_SIGNED_new; ++ PKCS7_SIGNER_INFO_free; ++ PKCS7_SIGNER_INFO_new; ++ PKCS7_SIGN_ENVELOPE_free; ++ PKCS7_SIGN_ENVELOPE_new; ++ PKCS7_dup; ++ PKCS7_free; ++ PKCS7_new; ++ PROXY_ENTRY_add_noproxy; ++ PROXY_ENTRY_clear_noproxy; ++ PROXY_ENTRY_free; ++ PROXY_ENTRY_get_noproxy; ++ PROXY_ENTRY_new; ++ PROXY_ENTRY_set_server; ++ PROXY_add_noproxy; ++ PROXY_add_server; ++ PROXY_check_by_host; ++ PROXY_check_url; ++ PROXY_clear_noproxy; ++ PROXY_free; ++ PROXY_get_noproxy; ++ PROXY_get_proxies; ++ PROXY_get_proxy_entry; ++ PROXY_load_conf; ++ PROXY_new; ++ PROXY_print; ++ RAND_bytes; ++ RAND_cleanup; ++ RAND_file_name; ++ RAND_load_file; ++ RAND_screen; ++ RAND_seed; ++ RAND_write_file; ++ RC2_cbc_encrypt; ++ RC2_cfb64_encrypt; ++ RC2_ecb_encrypt; ++ RC2_encrypt; ++ RC2_ofb64_encrypt; ++ RC2_set_key; ++ RC4; ++ RC4_options; ++ RC4_set_key; ++ RSAPrivateKey_asn1_meth; ++ RSAPrivateKey_dup; ++ RSAPublicKey_dup; ++ RSA_PKCS1_SSLeay; ++ RSA_free; ++ RSA_generate_key; ++ RSA_new; ++ RSA_new_method; ++ RSA_print; ++ RSA_print_fp; ++ RSA_private_decrypt; ++ RSA_private_encrypt; ++ RSA_public_decrypt; ++ RSA_public_encrypt; ++ RSA_set_default_method; ++ RSA_sign; ++ RSA_sign_ASN1_OCTET_STRING; ++ RSA_size; ++ RSA_verify; ++ RSA_verify_ASN1_OCTET_STRING; ++ SHA; ++ SHA1; ++ SHA1_Final; ++ SHA1_Init; ++ SHA1_Update; ++ SHA_Final; ++ SHA_Init; ++ SHA_Update; ++ OpenSSL_add_all_algorithms; ++ OpenSSL_add_all_ciphers; ++ OpenSSL_add_all_digests; ++ TXT_DB_create_index; ++ TXT_DB_free; ++ TXT_DB_get_by_index; ++ TXT_DB_insert; ++ TXT_DB_read; ++ TXT_DB_write; ++ X509_ALGOR_free; ++ X509_ALGOR_new; ++ X509_ATTRIBUTE_free; ++ X509_ATTRIBUTE_new; ++ X509_CINF_free; ++ X509_CINF_new; ++ X509_CRL_INFO_free; ++ X509_CRL_INFO_new; ++ X509_CRL_add_ext; ++ X509_CRL_cmp; ++ X509_CRL_delete_ext; ++ X509_CRL_dup; ++ X509_CRL_free; ++ X509_CRL_get_ext; ++ X509_CRL_get_ext_by_NID; ++ X509_CRL_get_ext_by_OBJ; ++ X509_CRL_get_ext_by_critical; ++ X509_CRL_get_ext_count; ++ X509_CRL_new; ++ X509_CRL_sign; ++ X509_CRL_verify; ++ X509_EXTENSION_create_by_NID; ++ X509_EXTENSION_create_by_OBJ; ++ X509_EXTENSION_dup; ++ X509_EXTENSION_free; ++ X509_EXTENSION_get_critical; ++ X509_EXTENSION_get_data; ++ X509_EXTENSION_get_object; ++ X509_EXTENSION_new; ++ X509_EXTENSION_set_critical; ++ X509_EXTENSION_set_data; ++ X509_EXTENSION_set_object; ++ X509_INFO_free; ++ X509_INFO_new; ++ X509_LOOKUP_by_alias; ++ X509_LOOKUP_by_fingerprint; ++ X509_LOOKUP_by_issuer_serial; ++ X509_LOOKUP_by_subject; ++ X509_LOOKUP_ctrl; ++ X509_LOOKUP_file; ++ X509_LOOKUP_free; ++ X509_LOOKUP_hash_dir; ++ X509_LOOKUP_init; ++ X509_LOOKUP_new; ++ X509_LOOKUP_shutdown; ++ X509_NAME_ENTRY_create_by_NID; ++ X509_NAME_ENTRY_create_by_OBJ; ++ X509_NAME_ENTRY_dup; ++ X509_NAME_ENTRY_free; ++ X509_NAME_ENTRY_get_data; ++ X509_NAME_ENTRY_get_object; ++ X509_NAME_ENTRY_new; ++ X509_NAME_ENTRY_set_data; ++ X509_NAME_ENTRY_set_object; ++ X509_NAME_add_entry; ++ X509_NAME_cmp; ++ X509_NAME_delete_entry; ++ X509_NAME_digest; ++ X509_NAME_dup; ++ X509_NAME_entry_count; ++ X509_NAME_free; ++ X509_NAME_get_entry; ++ X509_NAME_get_index_by_NID; ++ X509_NAME_get_index_by_OBJ; ++ X509_NAME_get_text_by_NID; ++ X509_NAME_get_text_by_OBJ; ++ X509_NAME_hash; ++ X509_NAME_new; ++ X509_NAME_oneline; ++ X509_NAME_print; ++ X509_NAME_set; ++ X509_OBJECT_free_contents; ++ X509_OBJECT_retrieve_by_subject; ++ X509_OBJECT_up_ref_count; ++ X509_PKEY_free; ++ X509_PKEY_new; ++ X509_PUBKEY_free; ++ X509_PUBKEY_get; ++ X509_PUBKEY_new; ++ X509_PUBKEY_set; ++ X509_REQ_INFO_free; ++ X509_REQ_INFO_new; ++ X509_REQ_dup; ++ X509_REQ_free; ++ X509_REQ_get_pubkey; ++ X509_REQ_new; ++ X509_REQ_print; ++ X509_REQ_print_fp; ++ X509_REQ_set_pubkey; ++ X509_REQ_set_subject_name; ++ X509_REQ_set_version; ++ X509_REQ_sign; ++ X509_REQ_to_X509; ++ X509_REQ_verify; ++ X509_REVOKED_add_ext; ++ X509_REVOKED_delete_ext; ++ X509_REVOKED_free; ++ X509_REVOKED_get_ext; ++ X509_REVOKED_get_ext_by_NID; ++ X509_REVOKED_get_ext_by_OBJ; ++ X509_REVOKED_get_ext_by_critical; ++ X509_REVOKED_get_ext_by_critic; ++ X509_REVOKED_get_ext_count; ++ X509_REVOKED_new; ++ X509_SIG_free; ++ X509_SIG_new; ++ X509_STORE_CTX_cleanup; ++ X509_STORE_CTX_init; ++ X509_STORE_add_cert; ++ X509_STORE_add_lookup; ++ X509_STORE_free; ++ X509_STORE_get_by_subject; ++ X509_STORE_load_locations; ++ X509_STORE_new; ++ X509_STORE_set_default_paths; ++ X509_VAL_free; ++ X509_VAL_new; ++ X509_add_ext; ++ X509_asn1_meth; ++ X509_certificate_type; ++ X509_check_private_key; ++ X509_cmp_current_time; ++ X509_delete_ext; ++ X509_digest; ++ X509_dup; ++ X509_free; ++ X509_get_default_cert_area; ++ X509_get_default_cert_dir; ++ X509_get_default_cert_dir_env; ++ X509_get_default_cert_file; ++ X509_get_default_cert_file_env; ++ X509_get_default_private_dir; ++ X509_get_ext; ++ X509_get_ext_by_NID; ++ X509_get_ext_by_OBJ; ++ X509_get_ext_by_critical; ++ X509_get_ext_count; ++ X509_get_issuer_name; ++ X509_get_pubkey; ++ X509_get_pubkey_parameters; ++ X509_get_serialNumber; ++ X509_get_subject_name; ++ X509_gmtime_adj; ++ X509_issuer_and_serial_cmp; ++ X509_issuer_and_serial_hash; ++ X509_issuer_name_cmp; ++ X509_issuer_name_hash; ++ X509_load_cert_file; ++ X509_new; ++ X509_print; ++ X509_print_fp; ++ X509_set_issuer_name; ++ X509_set_notAfter; ++ X509_set_notBefore; ++ X509_set_pubkey; ++ X509_set_serialNumber; ++ X509_set_subject_name; ++ X509_set_version; ++ X509_sign; ++ X509_subject_name_cmp; ++ X509_subject_name_hash; ++ X509_to_X509_REQ; ++ X509_verify; ++ X509_verify_cert; ++ X509_verify_cert_error_string; ++ X509v3_add_ext; ++ X509v3_add_extension; ++ X509v3_add_netscape_extensions; ++ X509v3_add_standard_extensions; ++ X509v3_cleanup_extensions; ++ X509v3_data_type_by_NID; ++ X509v3_data_type_by_OBJ; ++ X509v3_delete_ext; ++ X509v3_get_ext; ++ X509v3_get_ext_by_NID; ++ X509v3_get_ext_by_OBJ; ++ X509v3_get_ext_by_critical; ++ X509v3_get_ext_count; ++ X509v3_pack_string; ++ X509v3_pack_type_by_NID; ++ X509v3_pack_type_by_OBJ; ++ X509v3_unpack_string; ++ _des_crypt; ++ a2d_ASN1_OBJECT; ++ a2i_ASN1_INTEGER; ++ a2i_ASN1_STRING; ++ asn1_Finish; ++ asn1_GetSequence; ++ bn_div_words; ++ bn_expand2; ++ bn_mul_add_words; ++ bn_mul_words; ++ BN_uadd; ++ BN_usub; ++ bn_sqr_words; ++ _ossl_old_crypt; ++ d2i_ASN1_BIT_STRING; ++ d2i_ASN1_BOOLEAN; ++ d2i_ASN1_HEADER; ++ d2i_ASN1_IA5STRING; ++ d2i_ASN1_INTEGER; ++ d2i_ASN1_OBJECT; ++ d2i_ASN1_OCTET_STRING; ++ d2i_ASN1_PRINTABLE; ++ d2i_ASN1_PRINTABLESTRING; ++ d2i_ASN1_SET; ++ d2i_ASN1_T61STRING; ++ d2i_ASN1_TYPE; ++ d2i_ASN1_UTCTIME; ++ d2i_ASN1_bytes; ++ d2i_ASN1_type_bytes; ++ d2i_DHparams; ++ d2i_DSAPrivateKey; ++ d2i_DSAPrivateKey_bio; ++ d2i_DSAPrivateKey_fp; ++ d2i_DSAPublicKey; ++ d2i_DSAparams; ++ d2i_NETSCAPE_SPKAC; ++ d2i_NETSCAPE_SPKI; ++ d2i_Netscape_RSA; ++ d2i_PKCS7; ++ d2i_PKCS7_DIGEST; ++ d2i_PKCS7_ENCRYPT; ++ d2i_PKCS7_ENC_CONTENT; ++ d2i_PKCS7_ENVELOPE; ++ d2i_PKCS7_ISSUER_AND_SERIAL; ++ d2i_PKCS7_RECIP_INFO; ++ d2i_PKCS7_SIGNED; ++ d2i_PKCS7_SIGNER_INFO; ++ d2i_PKCS7_SIGN_ENVELOPE; ++ d2i_PKCS7_bio; ++ d2i_PKCS7_fp; ++ d2i_PrivateKey; ++ d2i_PublicKey; ++ d2i_RSAPrivateKey; ++ d2i_RSAPrivateKey_bio; ++ d2i_RSAPrivateKey_fp; ++ d2i_RSAPublicKey; ++ d2i_X509; ++ d2i_X509_ALGOR; ++ d2i_X509_ATTRIBUTE; ++ d2i_X509_CINF; ++ d2i_X509_CRL; ++ d2i_X509_CRL_INFO; ++ d2i_X509_CRL_bio; ++ d2i_X509_CRL_fp; ++ d2i_X509_EXTENSION; ++ d2i_X509_NAME; ++ d2i_X509_NAME_ENTRY; ++ d2i_X509_PKEY; ++ d2i_X509_PUBKEY; ++ d2i_X509_REQ; ++ d2i_X509_REQ_INFO; ++ d2i_X509_REQ_bio; ++ d2i_X509_REQ_fp; ++ d2i_X509_REVOKED; ++ d2i_X509_SIG; ++ d2i_X509_VAL; ++ d2i_X509_bio; ++ d2i_X509_fp; ++ DES_cbc_cksum; ++ DES_cbc_encrypt; ++ DES_cblock_print_file; ++ DES_cfb64_encrypt; ++ DES_cfb_encrypt; ++ DES_decrypt3; ++ DES_ecb3_encrypt; ++ DES_ecb_encrypt; ++ DES_ede3_cbc_encrypt; ++ DES_ede3_cfb64_encrypt; ++ DES_ede3_ofb64_encrypt; ++ DES_enc_read; ++ DES_enc_write; ++ DES_encrypt1; ++ DES_encrypt2; ++ DES_encrypt3; ++ DES_fcrypt; ++ DES_is_weak_key; ++ DES_key_sched; ++ DES_ncbc_encrypt; ++ DES_ofb64_encrypt; ++ DES_ofb_encrypt; ++ DES_options; ++ DES_pcbc_encrypt; ++ DES_quad_cksum; ++ DES_random_key; ++ _ossl_old_des_random_seed; ++ _ossl_old_des_read_2passwords; ++ _ossl_old_des_read_password; ++ _ossl_old_des_read_pw; ++ _ossl_old_des_read_pw_string; ++ DES_set_key; ++ DES_set_odd_parity; ++ DES_string_to_2keys; ++ DES_string_to_key; ++ DES_xcbc_encrypt; ++ DES_xwhite_in2out; ++ fcrypt_body; ++ i2a_ASN1_INTEGER; ++ i2a_ASN1_OBJECT; ++ i2a_ASN1_STRING; ++ i2d_ASN1_BIT_STRING; ++ i2d_ASN1_BOOLEAN; ++ i2d_ASN1_HEADER; ++ i2d_ASN1_IA5STRING; ++ i2d_ASN1_INTEGER; ++ i2d_ASN1_OBJECT; ++ i2d_ASN1_OCTET_STRING; ++ i2d_ASN1_PRINTABLE; ++ i2d_ASN1_SET; ++ i2d_ASN1_TYPE; ++ i2d_ASN1_UTCTIME; ++ i2d_ASN1_bytes; ++ i2d_DHparams; ++ i2d_DSAPrivateKey; ++ i2d_DSAPrivateKey_bio; ++ i2d_DSAPrivateKey_fp; ++ i2d_DSAPublicKey; ++ i2d_DSAparams; ++ i2d_NETSCAPE_SPKAC; ++ i2d_NETSCAPE_SPKI; ++ i2d_Netscape_RSA; ++ i2d_PKCS7; ++ i2d_PKCS7_DIGEST; ++ i2d_PKCS7_ENCRYPT; ++ i2d_PKCS7_ENC_CONTENT; ++ i2d_PKCS7_ENVELOPE; ++ i2d_PKCS7_ISSUER_AND_SERIAL; ++ i2d_PKCS7_RECIP_INFO; ++ i2d_PKCS7_SIGNED; ++ i2d_PKCS7_SIGNER_INFO; ++ i2d_PKCS7_SIGN_ENVELOPE; ++ i2d_PKCS7_bio; ++ i2d_PKCS7_fp; ++ i2d_PrivateKey; ++ i2d_PublicKey; ++ i2d_RSAPrivateKey; ++ i2d_RSAPrivateKey_bio; ++ i2d_RSAPrivateKey_fp; ++ i2d_RSAPublicKey; ++ i2d_X509; ++ i2d_X509_ALGOR; ++ i2d_X509_ATTRIBUTE; ++ i2d_X509_CINF; ++ i2d_X509_CRL; ++ i2d_X509_CRL_INFO; ++ i2d_X509_CRL_bio; ++ i2d_X509_CRL_fp; ++ i2d_X509_EXTENSION; ++ i2d_X509_NAME; ++ i2d_X509_NAME_ENTRY; ++ i2d_X509_PKEY; ++ i2d_X509_PUBKEY; ++ i2d_X509_REQ; ++ i2d_X509_REQ_INFO; ++ i2d_X509_REQ_bio; ++ i2d_X509_REQ_fp; ++ i2d_X509_REVOKED; ++ i2d_X509_SIG; ++ i2d_X509_VAL; ++ i2d_X509_bio; ++ i2d_X509_fp; ++ idea_cbc_encrypt; ++ idea_cfb64_encrypt; ++ idea_ecb_encrypt; ++ idea_encrypt; ++ idea_ofb64_encrypt; ++ idea_options; ++ idea_set_decrypt_key; ++ idea_set_encrypt_key; ++ lh_delete; ++ lh_doall; ++ lh_doall_arg; ++ lh_free; ++ lh_insert; ++ lh_new; ++ lh_node_stats; ++ lh_node_stats_bio; ++ lh_node_usage_stats; ++ lh_node_usage_stats_bio; ++ lh_retrieve; ++ lh_stats; ++ lh_stats_bio; ++ lh_strhash; ++ sk_delete; ++ sk_delete_ptr; ++ sk_dup; ++ sk_find; ++ sk_free; ++ sk_insert; ++ sk_new; ++ sk_pop; ++ sk_pop_free; ++ sk_push; ++ sk_set_cmp_func; ++ sk_shift; ++ sk_unshift; ++ sk_zero; ++ BIO_f_nbio_test; ++ ASN1_TYPE_get; ++ ASN1_TYPE_set; ++ PKCS7_content_free; ++ ERR_load_PKCS7_strings; ++ X509_find_by_issuer_and_serial; ++ X509_find_by_subject; ++ PKCS7_ctrl; ++ PKCS7_set_type; ++ PKCS7_set_content; ++ PKCS7_SIGNER_INFO_set; ++ PKCS7_add_signer; ++ PKCS7_add_certificate; ++ PKCS7_add_crl; ++ PKCS7_content_new; ++ PKCS7_dataSign; ++ PKCS7_dataVerify; ++ PKCS7_dataInit; ++ PKCS7_add_signature; ++ PKCS7_cert_from_signer_info; ++ PKCS7_get_signer_info; ++ EVP_delete_alias; ++ EVP_mdc2; ++ PEM_read_bio_RSAPublicKey; ++ PEM_write_bio_RSAPublicKey; ++ d2i_RSAPublicKey_bio; ++ i2d_RSAPublicKey_bio; ++ PEM_read_RSAPublicKey; ++ PEM_write_RSAPublicKey; ++ d2i_RSAPublicKey_fp; ++ i2d_RSAPublicKey_fp; ++ BIO_copy_next_retry; ++ RSA_flags; ++ X509_STORE_add_crl; ++ X509_load_crl_file; ++ EVP_rc2_40_cbc; ++ EVP_rc4_40; ++ EVP_CIPHER_CTX_init; ++ HMAC; ++ HMAC_Init; ++ HMAC_Update; ++ HMAC_Final; ++ ERR_get_next_error_library; ++ EVP_PKEY_cmp_parameters; ++ HMAC_cleanup; ++ BIO_ptr_ctrl; ++ BIO_new_file_internal; ++ BIO_new_fp_internal; ++ BIO_s_file_internal; ++ BN_BLINDING_convert; ++ BN_BLINDING_invert; ++ BN_BLINDING_update; ++ RSA_blinding_on; ++ RSA_blinding_off; ++ i2t_ASN1_OBJECT; ++ BN_BLINDING_new; ++ BN_BLINDING_free; ++ EVP_cast5_cbc; ++ EVP_cast5_cfb64; ++ EVP_cast5_ecb; ++ EVP_cast5_ofb; ++ BF_decrypt; ++ CAST_set_key; ++ CAST_encrypt; ++ CAST_decrypt; ++ CAST_ecb_encrypt; ++ CAST_cbc_encrypt; ++ CAST_cfb64_encrypt; ++ CAST_ofb64_encrypt; ++ RC2_decrypt; ++ OBJ_create_objects; ++ BN_exp; ++ BN_mul_word; ++ BN_sub_word; ++ BN_dec2bn; ++ BN_bn2dec; ++ BIO_ghbn_ctrl; ++ CRYPTO_free_ex_data; ++ CRYPTO_get_ex_data; ++ CRYPTO_set_ex_data; ++ ERR_load_CRYPTO_strings; ++ ERR_load_CRYPTOlib_strings; ++ EVP_PKEY_bits; ++ MD5_Transform; ++ SHA1_Transform; ++ SHA_Transform; ++ X509_STORE_CTX_get_chain; ++ X509_STORE_CTX_get_current_cert; ++ X509_STORE_CTX_get_error; ++ X509_STORE_CTX_get_error_depth; ++ X509_STORE_CTX_get_ex_data; ++ X509_STORE_CTX_set_cert; ++ X509_STORE_CTX_set_chain; ++ X509_STORE_CTX_set_error; ++ X509_STORE_CTX_set_ex_data; ++ CRYPTO_dup_ex_data; ++ CRYPTO_get_new_lockid; ++ CRYPTO_new_ex_data; ++ RSA_set_ex_data; ++ RSA_get_ex_data; ++ RSA_get_ex_new_index; ++ RSA_padding_add_PKCS1_type_1; ++ RSA_padding_add_PKCS1_type_2; ++ RSA_padding_add_SSLv23; ++ RSA_padding_add_none; ++ RSA_padding_check_PKCS1_type_1; ++ RSA_padding_check_PKCS1_type_2; ++ RSA_padding_check_SSLv23; ++ RSA_padding_check_none; ++ bn_add_words; ++ d2i_Netscape_RSA_2; ++ CRYPTO_get_ex_new_index; ++ RIPEMD160_Init; ++ RIPEMD160_Update; ++ RIPEMD160_Final; ++ RIPEMD160; ++ RIPEMD160_Transform; ++ RC5_32_set_key; ++ RC5_32_ecb_encrypt; ++ RC5_32_encrypt; ++ RC5_32_decrypt; ++ RC5_32_cbc_encrypt; ++ RC5_32_cfb64_encrypt; ++ RC5_32_ofb64_encrypt; ++ BN_bn2mpi; ++ BN_mpi2bn; ++ ASN1_BIT_STRING_get_bit; ++ ASN1_BIT_STRING_set_bit; ++ BIO_get_ex_data; ++ BIO_get_ex_new_index; ++ BIO_set_ex_data; ++ X509v3_get_key_usage; ++ X509v3_set_key_usage; ++ a2i_X509v3_key_usage; ++ i2a_X509v3_key_usage; ++ EVP_PKEY_decrypt; ++ EVP_PKEY_encrypt; ++ PKCS7_RECIP_INFO_set; ++ PKCS7_add_recipient; ++ PKCS7_add_recipient_info; ++ PKCS7_set_cipher; ++ ASN1_TYPE_get_int_octetstring; ++ ASN1_TYPE_get_octetstring; ++ ASN1_TYPE_set_int_octetstring; ++ ASN1_TYPE_set_octetstring; ++ ASN1_UTCTIME_set_string; ++ ERR_add_error_data; ++ ERR_set_error_data; ++ EVP_CIPHER_asn1_to_param; ++ EVP_CIPHER_param_to_asn1; ++ EVP_CIPHER_get_asn1_iv; ++ EVP_CIPHER_set_asn1_iv; ++ EVP_rc5_32_12_16_cbc; ++ EVP_rc5_32_12_16_cfb64; ++ EVP_rc5_32_12_16_ecb; ++ EVP_rc5_32_12_16_ofb; ++ asn1_add_error; ++ d2i_ASN1_BMPSTRING; ++ i2d_ASN1_BMPSTRING; ++ BIO_f_ber; ++ BN_init; ++ COMP_CTX_new; ++ COMP_CTX_free; ++ COMP_CTX_compress_block; ++ COMP_CTX_expand_block; ++ X509_STORE_CTX_get_ex_new_index; ++ OBJ_NAME_add; ++ BIO_socket_nbio; ++ EVP_rc2_64_cbc; ++ OBJ_NAME_cleanup; ++ OBJ_NAME_get; ++ OBJ_NAME_init; ++ OBJ_NAME_new_index; ++ OBJ_NAME_remove; ++ BN_MONT_CTX_copy; ++ BIO_new_socks4a_connect; ++ BIO_s_socks4a_connect; ++ PROXY_set_connect_mode; ++ RAND_SSLeay; ++ RAND_set_rand_method; ++ RSA_memory_lock; ++ bn_sub_words; ++ bn_mul_normal; ++ bn_mul_comba8; ++ bn_mul_comba4; ++ bn_sqr_normal; ++ bn_sqr_comba8; ++ bn_sqr_comba4; ++ bn_cmp_words; ++ bn_mul_recursive; ++ bn_mul_part_recursive; ++ bn_sqr_recursive; ++ bn_mul_low_normal; ++ BN_RECP_CTX_init; ++ BN_RECP_CTX_new; ++ BN_RECP_CTX_free; ++ BN_RECP_CTX_set; ++ BN_mod_mul_reciprocal; ++ BN_mod_exp_recp; ++ BN_div_recp; ++ BN_CTX_init; ++ BN_MONT_CTX_init; ++ RAND_get_rand_method; ++ PKCS7_add_attribute; ++ PKCS7_add_signed_attribute; ++ PKCS7_digest_from_attributes; ++ PKCS7_get_attribute; ++ PKCS7_get_issuer_and_serial; ++ PKCS7_get_signed_attribute; ++ COMP_compress_block; ++ COMP_expand_block; ++ COMP_rle; ++ COMP_zlib; ++ ms_time_diff; ++ ms_time_new; ++ ms_time_free; ++ ms_time_cmp; ++ ms_time_get; ++ PKCS7_set_attributes; ++ PKCS7_set_signed_attributes; ++ X509_ATTRIBUTE_create; ++ X509_ATTRIBUTE_dup; ++ ASN1_GENERALIZEDTIME_check; ++ ASN1_GENERALIZEDTIME_print; ++ ASN1_GENERALIZEDTIME_set; ++ ASN1_GENERALIZEDTIME_set_string; ++ ASN1_TIME_print; ++ BASIC_CONSTRAINTS_free; ++ BASIC_CONSTRAINTS_new; ++ ERR_load_X509V3_strings; ++ NETSCAPE_CERT_SEQUENCE_free; ++ NETSCAPE_CERT_SEQUENCE_new; ++ OBJ_txt2obj; ++ PEM_read_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_NS_CERT_SEQ; ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_bio_NS_CERT_SEQ; ++ PEM_write_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_NS_CERT_SEQ; ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_bio_NS_CERT_SEQ; ++ X509V3_EXT_add; ++ X509V3_EXT_add_alias; ++ X509V3_EXT_add_conf; ++ X509V3_EXT_cleanup; ++ X509V3_EXT_conf; ++ X509V3_EXT_conf_nid; ++ X509V3_EXT_get; ++ X509V3_EXT_get_nid; ++ X509V3_EXT_print; ++ X509V3_EXT_print_fp; ++ X509V3_add_standard_extensions; ++ X509V3_add_value; ++ X509V3_add_value_bool; ++ X509V3_add_value_int; ++ X509V3_conf_free; ++ X509V3_get_value_bool; ++ X509V3_get_value_int; ++ X509V3_parse_list; ++ d2i_ASN1_GENERALIZEDTIME; ++ d2i_ASN1_TIME; ++ d2i_BASIC_CONSTRAINTS; ++ d2i_NETSCAPE_CERT_SEQUENCE; ++ d2i_ext_ku; ++ ext_ku_free; ++ ext_ku_new; ++ i2d_ASN1_GENERALIZEDTIME; ++ i2d_ASN1_TIME; ++ i2d_BASIC_CONSTRAINTS; ++ i2d_NETSCAPE_CERT_SEQUENCE; ++ i2d_ext_ku; ++ EVP_MD_CTX_copy; ++ i2d_ASN1_ENUMERATED; ++ d2i_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_set; ++ ASN1_ENUMERATED_get; ++ BN_to_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_to_BN; ++ i2a_ASN1_ENUMERATED; ++ a2i_ASN1_ENUMERATED; ++ i2d_GENERAL_NAME; ++ d2i_GENERAL_NAME; ++ GENERAL_NAME_new; ++ GENERAL_NAME_free; ++ GENERAL_NAMES_new; ++ GENERAL_NAMES_free; ++ d2i_GENERAL_NAMES; ++ i2d_GENERAL_NAMES; ++ i2v_GENERAL_NAMES; ++ i2s_ASN1_OCTET_STRING; ++ s2i_ASN1_OCTET_STRING; ++ X509V3_EXT_check_conf; ++ hex_to_string; ++ string_to_hex; ++ DES_ede3_cbcm_encrypt; ++ RSA_padding_add_PKCS1_OAEP; ++ RSA_padding_check_PKCS1_OAEP; ++ X509_CRL_print_fp; ++ X509_CRL_print; ++ i2v_GENERAL_NAME; ++ v2i_GENERAL_NAME; ++ i2d_PKEY_USAGE_PERIOD; ++ d2i_PKEY_USAGE_PERIOD; ++ PKEY_USAGE_PERIOD_new; ++ PKEY_USAGE_PERIOD_free; ++ v2i_GENERAL_NAMES; ++ i2s_ASN1_INTEGER; ++ X509V3_EXT_d2i; ++ name_cmp; ++ str_dup; ++ i2s_ASN1_ENUMERATED; ++ i2s_ASN1_ENUMERATED_TABLE; ++ BIO_s_log; ++ BIO_f_reliable; ++ PKCS7_dataFinal; ++ PKCS7_dataDecode; ++ X509V3_EXT_CRL_add_conf; ++ BN_set_params; ++ BN_get_params; ++ BIO_get_ex_num; ++ BIO_set_ex_free_func; ++ EVP_ripemd160; ++ ASN1_TIME_set; ++ i2d_AUTHORITY_KEYID; ++ d2i_AUTHORITY_KEYID; ++ AUTHORITY_KEYID_new; ++ AUTHORITY_KEYID_free; ++ ASN1_seq_unpack; ++ ASN1_seq_pack; ++ ASN1_unpack_string; ++ ASN1_pack_string; ++ PKCS12_pack_safebag; ++ PKCS12_MAKE_KEYBAG; ++ PKCS8_encrypt; ++ PKCS12_MAKE_SHKEYBAG; ++ PKCS12_pack_p7data; ++ PKCS12_pack_p7encdata; ++ PKCS12_add_localkeyid; ++ PKCS12_add_friendlyname_asc; ++ PKCS12_add_friendlyname_uni; ++ PKCS12_get_friendlyname; ++ PKCS12_pbe_crypt; ++ PKCS12_decrypt_d2i; ++ PKCS12_i2d_encrypt; ++ PKCS12_init; ++ PKCS12_key_gen_asc; ++ PKCS12_key_gen_uni; ++ PKCS12_gen_mac; ++ PKCS12_verify_mac; ++ PKCS12_set_mac; ++ PKCS12_setup_mac; ++ OPENSSL_asc2uni; ++ OPENSSL_uni2asc; ++ i2d_PKCS12_BAGS; ++ PKCS12_BAGS_new; ++ d2i_PKCS12_BAGS; ++ PKCS12_BAGS_free; ++ i2d_PKCS12; ++ d2i_PKCS12; ++ PKCS12_new; ++ PKCS12_free; ++ i2d_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_new; ++ d2i_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_free; ++ i2d_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_new; ++ d2i_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_free; ++ ERR_load_PKCS12_strings; ++ PKCS12_PBE_add; ++ PKCS8_add_keyusage; ++ PKCS12_get_attr_gen; ++ PKCS12_parse; ++ PKCS12_create; ++ i2d_PKCS12_bio; ++ i2d_PKCS12_fp; ++ d2i_PKCS12_bio; ++ d2i_PKCS12_fp; ++ i2d_PBEPARAM; ++ PBEPARAM_new; ++ d2i_PBEPARAM; ++ PBEPARAM_free; ++ i2d_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_new; ++ d2i_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_free; ++ EVP_PKCS82PKEY; ++ EVP_PKEY2PKCS8; ++ PKCS8_set_broken; ++ EVP_PBE_ALGOR_CipherInit; ++ EVP_PBE_alg_add; ++ PKCS5_pbe_set; ++ EVP_PBE_cleanup; ++ i2d_SXNET; ++ d2i_SXNET; ++ SXNET_new; ++ SXNET_free; ++ i2d_SXNETID; ++ d2i_SXNETID; ++ SXNETID_new; ++ SXNETID_free; ++ DSA_SIG_new; ++ DSA_SIG_free; ++ DSA_do_sign; ++ DSA_do_verify; ++ d2i_DSA_SIG; ++ i2d_DSA_SIG; ++ i2d_ASN1_VISIBLESTRING; ++ d2i_ASN1_VISIBLESTRING; ++ i2d_ASN1_UTF8STRING; ++ d2i_ASN1_UTF8STRING; ++ i2d_DIRECTORYSTRING; ++ d2i_DIRECTORYSTRING; ++ i2d_DISPLAYTEXT; ++ d2i_DISPLAYTEXT; ++ d2i_ASN1_SET_OF_X509; ++ i2d_ASN1_SET_OF_X509; ++ i2d_PBKDF2PARAM; ++ PBKDF2PARAM_new; ++ d2i_PBKDF2PARAM; ++ PBKDF2PARAM_free; ++ i2d_PBE2PARAM; ++ PBE2PARAM_new; ++ d2i_PBE2PARAM; ++ PBE2PARAM_free; ++ d2i_ASN1_SET_OF_GENERAL_NAME; ++ i2d_ASN1_SET_OF_GENERAL_NAME; ++ d2i_ASN1_SET_OF_SXNETID; ++ i2d_ASN1_SET_OF_SXNETID; ++ d2i_ASN1_SET_OF_POLICYQUALINFO; ++ i2d_ASN1_SET_OF_POLICYQUALINFO; ++ d2i_ASN1_SET_OF_POLICYINFO; ++ i2d_ASN1_SET_OF_POLICYINFO; ++ SXNET_add_id_asc; ++ SXNET_add_id_ulong; ++ SXNET_add_id_INTEGER; ++ SXNET_get_id_asc; ++ SXNET_get_id_ulong; ++ SXNET_get_id_INTEGER; ++ X509V3_set_conf_lhash; ++ i2d_CERTIFICATEPOLICIES; ++ CERTIFICATEPOLICIES_new; ++ CERTIFICATEPOLICIES_free; ++ d2i_CERTIFICATEPOLICIES; ++ i2d_POLICYINFO; ++ POLICYINFO_new; ++ d2i_POLICYINFO; ++ POLICYINFO_free; ++ i2d_POLICYQUALINFO; ++ POLICYQUALINFO_new; ++ d2i_POLICYQUALINFO; ++ POLICYQUALINFO_free; ++ i2d_USERNOTICE; ++ USERNOTICE_new; ++ d2i_USERNOTICE; ++ USERNOTICE_free; ++ i2d_NOTICEREF; ++ NOTICEREF_new; ++ d2i_NOTICEREF; ++ NOTICEREF_free; ++ X509V3_get_string; ++ X509V3_get_section; ++ X509V3_string_free; ++ X509V3_section_free; ++ X509V3_set_ctx; ++ s2i_ASN1_INTEGER; ++ CRYPTO_set_locked_mem_functions; ++ CRYPTO_get_locked_mem_functions; ++ CRYPTO_malloc_locked; ++ CRYPTO_free_locked; ++ BN_mod_exp2_mont; ++ ERR_get_error_line_data; ++ ERR_peek_error_line_data; ++ PKCS12_PBE_keyivgen; ++ X509_ALGOR_dup; ++ d2i_ASN1_SET_OF_DIST_POINT; ++ i2d_ASN1_SET_OF_DIST_POINT; ++ i2d_CRL_DIST_POINTS; ++ CRL_DIST_POINTS_new; ++ CRL_DIST_POINTS_free; ++ d2i_CRL_DIST_POINTS; ++ i2d_DIST_POINT; ++ DIST_POINT_new; ++ d2i_DIST_POINT; ++ DIST_POINT_free; ++ i2d_DIST_POINT_NAME; ++ DIST_POINT_NAME_new; ++ DIST_POINT_NAME_free; ++ d2i_DIST_POINT_NAME; ++ X509V3_add_value_uchar; ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_ASN1_TYPE; ++ d2i_ASN1_SET_OF_X509_EXTENSION; ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY; ++ d2i_ASN1_SET_OF_ASN1_TYPE; ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_X509_EXTENSION; ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY; ++ X509V3_EXT_i2d; ++ X509V3_EXT_val_prn; ++ X509V3_EXT_add_list; ++ EVP_CIPHER_type; ++ EVP_PBE_CipherInit; ++ X509V3_add_value_bool_nf; ++ d2i_ASN1_UINTEGER; ++ sk_value; ++ sk_num; ++ sk_set; ++ i2d_ASN1_SET_OF_X509_REVOKED; ++ sk_sort; ++ d2i_ASN1_SET_OF_X509_REVOKED; ++ i2d_ASN1_SET_OF_X509_ALGOR; ++ i2d_ASN1_SET_OF_X509_CRL; ++ d2i_ASN1_SET_OF_X509_ALGOR; ++ d2i_ASN1_SET_OF_X509_CRL; ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ PKCS5_PBE_add; ++ PEM_write_bio_PKCS8; ++ i2d_PKCS8_fp; ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_read_bio_P8_PRIV_KEY_INFO; ++ d2i_PKCS8_bio; ++ d2i_PKCS8_PRIV_KEY_INFO_fp; ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_write_bio_P8_PRIV_KEY_INFO; ++ PEM_read_PKCS8; ++ d2i_PKCS8_PRIV_KEY_INFO_bio; ++ d2i_PKCS8_fp; ++ PEM_write_PKCS8; ++ PEM_read_PKCS8_PRIV_KEY_INFO; ++ PEM_read_P8_PRIV_KEY_INFO; ++ PEM_read_bio_PKCS8; ++ PEM_write_PKCS8_PRIV_KEY_INFO; ++ PEM_write_P8_PRIV_KEY_INFO; ++ PKCS5_PBE_keyivgen; ++ i2d_PKCS8_bio; ++ i2d_PKCS8_PRIV_KEY_INFO_fp; ++ i2d_PKCS8_PRIV_KEY_INFO_bio; ++ BIO_s_bio; ++ PKCS5_pbe2_set; ++ PKCS5_PBKDF2_HMAC_SHA1; ++ PKCS5_v2_PBE_keyivgen; ++ PEM_write_bio_PKCS8PrivateKey; ++ PEM_write_PKCS8PrivateKey; ++ BIO_ctrl_get_read_request; ++ BIO_ctrl_pending; ++ BIO_ctrl_wpending; ++ BIO_new_bio_pair; ++ BIO_ctrl_get_write_guarantee; ++ CRYPTO_num_locks; ++ CONF_load_bio; ++ CONF_load_fp; ++ i2d_ASN1_SET_OF_ASN1_OBJECT; ++ d2i_ASN1_SET_OF_ASN1_OBJECT; ++ PKCS7_signatureVerify; ++ RSA_set_method; ++ RSA_get_method; ++ RSA_get_default_method; ++ RSA_check_key; ++ OBJ_obj2txt; ++ DSA_dup_DH; ++ X509_REQ_get_extensions; ++ X509_REQ_set_extension_nids; ++ BIO_nwrite; ++ X509_REQ_extension_nid; ++ BIO_nread; ++ X509_REQ_get_extension_nids; ++ BIO_nwrite0; ++ X509_REQ_add_extensions_nid; ++ BIO_nread0; ++ X509_REQ_add_extensions; ++ BIO_new_mem_buf; ++ DH_set_ex_data; ++ DH_set_method; ++ DSA_OpenSSL; ++ DH_get_ex_data; ++ DH_get_ex_new_index; ++ DSA_new_method; ++ DH_new_method; ++ DH_OpenSSL; ++ DSA_get_ex_new_index; ++ DH_get_default_method; ++ DSA_set_ex_data; ++ DH_set_default_method; ++ DSA_get_ex_data; ++ X509V3_EXT_REQ_add_conf; ++ NETSCAPE_SPKI_print; ++ NETSCAPE_SPKI_set_pubkey; ++ NETSCAPE_SPKI_b64_encode; ++ NETSCAPE_SPKI_get_pubkey; ++ NETSCAPE_SPKI_b64_decode; ++ UTF8_putc; ++ UTF8_getc; ++ RSA_null_method; ++ ASN1_tag2str; ++ BIO_ctrl_reset_read_request; ++ DISPLAYTEXT_new; ++ ASN1_GENERALIZEDTIME_free; ++ X509_REVOKED_get_ext_d2i; ++ X509_set_ex_data; ++ X509_reject_set_bit_asc; ++ X509_NAME_add_entry_by_txt; ++ X509_NAME_add_entry_by_NID; ++ X509_PURPOSE_get0; ++ PEM_read_X509_AUX; ++ d2i_AUTHORITY_INFO_ACCESS; ++ PEM_write_PUBKEY; ++ ACCESS_DESCRIPTION_new; ++ X509_CERT_AUX_free; ++ d2i_ACCESS_DESCRIPTION; ++ X509_trust_clear; ++ X509_TRUST_add; ++ ASN1_VISIBLESTRING_new; ++ X509_alias_set1; ++ ASN1_PRINTABLESTRING_free; ++ EVP_PKEY_get1_DSA; ++ ASN1_BMPSTRING_new; ++ ASN1_mbstring_copy; ++ ASN1_UTF8STRING_new; ++ DSA_get_default_method; ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_T61STRING_free; ++ DSA_set_method; ++ X509_get_ex_data; ++ ASN1_STRING_type; ++ X509_PURPOSE_get_by_sname; ++ ASN1_TIME_free; ++ ASN1_OCTET_STRING_cmp; ++ ASN1_BIT_STRING_new; ++ X509_get_ext_d2i; ++ PEM_read_bio_X509_AUX; ++ ASN1_STRING_set_default_mask_asc; ++ ASN1_STRING_set_def_mask_asc; ++ PEM_write_bio_RSA_PUBKEY; ++ ASN1_INTEGER_cmp; ++ d2i_RSA_PUBKEY_fp; ++ X509_trust_set_bit_asc; ++ PEM_write_bio_DSA_PUBKEY; ++ X509_STORE_CTX_free; ++ EVP_PKEY_set1_DSA; ++ i2d_DSA_PUBKEY_fp; ++ X509_load_cert_crl_file; ++ ASN1_TIME_new; ++ i2d_RSA_PUBKEY; ++ X509_STORE_CTX_purpose_inherit; ++ PEM_read_RSA_PUBKEY; ++ d2i_X509_AUX; ++ i2d_DSA_PUBKEY; ++ X509_CERT_AUX_print; ++ PEM_read_DSA_PUBKEY; ++ i2d_RSA_PUBKEY_bio; ++ ASN1_BIT_STRING_num_asc; ++ i2d_PUBKEY; ++ ASN1_UTCTIME_free; ++ DSA_set_default_method; ++ X509_PURPOSE_get_by_id; ++ ACCESS_DESCRIPTION_free; ++ PEM_read_bio_PUBKEY; ++ ASN1_STRING_set_by_NID; ++ X509_PURPOSE_get_id; ++ DISPLAYTEXT_free; ++ OTHERNAME_new; ++ X509_CERT_AUX_new; ++ X509_TRUST_cleanup; ++ X509_NAME_add_entry_by_OBJ; ++ X509_CRL_get_ext_d2i; ++ X509_PURPOSE_get0_name; ++ PEM_read_PUBKEY; ++ i2d_DSA_PUBKEY_bio; ++ i2d_OTHERNAME; ++ ASN1_OCTET_STRING_free; ++ ASN1_BIT_STRING_set_asc; ++ X509_get_ex_new_index; ++ ASN1_STRING_TABLE_cleanup; ++ X509_TRUST_get_by_id; ++ X509_PURPOSE_get_trust; ++ ASN1_STRING_length; ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_PRINTABLESTRING_new; ++ X509V3_get_d2i; ++ ASN1_ENUMERATED_free; ++ i2d_X509_CERT_AUX; ++ X509_STORE_CTX_set_trust; ++ ASN1_STRING_set_default_mask; ++ X509_STORE_CTX_new; ++ EVP_PKEY_get1_RSA; ++ DIRECTORYSTRING_free; ++ PEM_write_X509_AUX; ++ ASN1_OCTET_STRING_set; ++ d2i_DSA_PUBKEY_fp; ++ d2i_RSA_PUBKEY; ++ X509_TRUST_get0_name; ++ X509_TRUST_get0; ++ AUTHORITY_INFO_ACCESS_free; ++ ASN1_IA5STRING_new; ++ d2i_DSA_PUBKEY; ++ X509_check_purpose; ++ ASN1_ENUMERATED_new; ++ d2i_RSA_PUBKEY_bio; ++ d2i_PUBKEY; ++ X509_TRUST_get_trust; ++ X509_TRUST_get_flags; ++ ASN1_BMPSTRING_free; ++ ASN1_T61STRING_new; ++ ASN1_UTCTIME_new; ++ i2d_AUTHORITY_INFO_ACCESS; ++ EVP_PKEY_set1_RSA; ++ X509_STORE_CTX_set_purpose; ++ ASN1_IA5STRING_free; ++ PEM_write_bio_X509_AUX; ++ X509_PURPOSE_get_count; ++ CRYPTO_add_info; ++ X509_NAME_ENTRY_create_by_txt; ++ ASN1_STRING_get_default_mask; ++ X509_alias_get0; ++ ASN1_STRING_data; ++ i2d_ACCESS_DESCRIPTION; ++ X509_trust_set_bit; ++ ASN1_BIT_STRING_free; ++ PEM_read_bio_RSA_PUBKEY; ++ X509_add1_reject_object; ++ X509_check_trust; ++ PEM_read_bio_DSA_PUBKEY; ++ X509_PURPOSE_add; ++ ASN1_STRING_TABLE_get; ++ ASN1_UTF8STRING_free; ++ d2i_DSA_PUBKEY_bio; ++ PEM_write_RSA_PUBKEY; ++ d2i_OTHERNAME; ++ X509_reject_set_bit; ++ PEM_write_DSA_PUBKEY; ++ X509_PURPOSE_get0_sname; ++ EVP_PKEY_set1_DH; ++ ASN1_OCTET_STRING_dup; ++ ASN1_BIT_STRING_set; ++ X509_TRUST_get_count; ++ ASN1_INTEGER_free; ++ OTHERNAME_free; ++ i2d_RSA_PUBKEY_fp; ++ ASN1_INTEGER_dup; ++ d2i_X509_CERT_AUX; ++ PEM_write_bio_PUBKEY; ++ ASN1_VISIBLESTRING_free; ++ X509_PURPOSE_cleanup; ++ ASN1_mbstring_ncopy; ++ ASN1_GENERALIZEDTIME_new; ++ EVP_PKEY_get1_DH; ++ ASN1_OCTET_STRING_new; ++ ASN1_INTEGER_new; ++ i2d_X509_AUX; ++ ASN1_BIT_STRING_name_print; ++ X509_cmp; ++ ASN1_STRING_length_set; ++ DIRECTORYSTRING_new; ++ X509_add1_trust_object; ++ PKCS12_newpass; ++ SMIME_write_PKCS7; ++ SMIME_read_PKCS7; ++ DES_set_key_checked; ++ PKCS7_verify; ++ PKCS7_encrypt; ++ DES_set_key_unchecked; ++ SMIME_crlf_copy; ++ i2d_ASN1_PRINTABLESTRING; ++ PKCS7_get0_signers; ++ PKCS7_decrypt; ++ SMIME_text; ++ PKCS7_simple_smimecap; ++ PKCS7_get_smimecap; ++ PKCS7_sign; ++ PKCS7_add_attrib_smimecap; ++ CRYPTO_dbg_set_options; ++ CRYPTO_remove_all_info; ++ CRYPTO_get_mem_debug_functions; ++ CRYPTO_is_mem_check_on; ++ CRYPTO_set_mem_debug_functions; ++ CRYPTO_pop_info; ++ CRYPTO_push_info_; ++ CRYPTO_set_mem_debug_options; ++ PEM_write_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivKey_nid; ++ d2i_PKCS8PrivateKey_bio; ++ ASN1_NULL_free; ++ d2i_ASN1_NULL; ++ ASN1_NULL_new; ++ i2d_PKCS8PrivateKey_bio; ++ i2d_PKCS8PrivateKey_fp; ++ i2d_ASN1_NULL; ++ i2d_PKCS8PrivateKey_nid_fp; ++ d2i_PKCS8PrivateKey_fp; ++ i2d_PKCS8PrivateKey_nid_bio; ++ i2d_PKCS8PrivateKeyInfo_fp; ++ i2d_PKCS8PrivateKeyInfo_bio; ++ PEM_cb; ++ i2d_PrivateKey_fp; ++ d2i_PrivateKey_bio; ++ d2i_PrivateKey_fp; ++ i2d_PrivateKey_bio; ++ X509_reject_clear; ++ X509_TRUST_set_default; ++ d2i_AutoPrivateKey; ++ X509_ATTRIBUTE_get0_type; ++ X509_ATTRIBUTE_set1_data; ++ X509at_get_attr; ++ X509at_get_attr_count; ++ X509_ATTRIBUTE_create_by_NID; ++ X509_ATTRIBUTE_set1_object; ++ X509_ATTRIBUTE_count; ++ X509_ATTRIBUTE_create_by_OBJ; ++ X509_ATTRIBUTE_get0_object; ++ X509at_get_attr_by_NID; ++ X509at_add1_attr; ++ X509_ATTRIBUTE_get0_data; ++ X509at_delete_attr; ++ X509at_get_attr_by_OBJ; ++ RAND_add; ++ BIO_number_written; ++ BIO_number_read; ++ X509_STORE_CTX_get1_chain; ++ ERR_load_RAND_strings; ++ RAND_pseudo_bytes; ++ X509_REQ_get_attr_by_NID; ++ X509_REQ_get_attr; ++ X509_REQ_add1_attr_by_NID; ++ X509_REQ_get_attr_by_OBJ; ++ X509at_add1_attr_by_NID; ++ X509_REQ_add1_attr_by_OBJ; ++ X509_REQ_get_attr_count; ++ X509_REQ_add1_attr; ++ X509_REQ_delete_attr; ++ X509at_add1_attr_by_OBJ; ++ X509_REQ_add1_attr_by_txt; ++ X509_ATTRIBUTE_create_by_txt; ++ X509at_add1_attr_by_txt; ++ BN_pseudo_rand; ++ BN_is_prime_fasttest; ++ BN_CTX_end; ++ BN_CTX_start; ++ BN_CTX_get; ++ EVP_PKEY2PKCS8_broken; ++ ASN1_STRING_TABLE_add; ++ CRYPTO_dbg_get_options; ++ AUTHORITY_INFO_ACCESS_new; ++ CRYPTO_get_mem_debug_options; ++ DES_crypt; ++ PEM_write_bio_X509_REQ_NEW; ++ PEM_write_X509_REQ_NEW; ++ BIO_callback_ctrl; ++ RAND_egd; ++ RAND_status; ++ bn_dump1; ++ DES_check_key_parity; ++ lh_num_items; ++ RAND_event; ++ DSO_new; ++ DSO_new_method; ++ DSO_free; ++ DSO_flags; ++ DSO_up; ++ DSO_set_default_method; ++ DSO_get_default_method; ++ DSO_get_method; ++ DSO_set_method; ++ DSO_load; ++ DSO_bind_var; ++ DSO_METHOD_null; ++ DSO_METHOD_openssl; ++ DSO_METHOD_dlfcn; ++ DSO_METHOD_win32; ++ ERR_load_DSO_strings; ++ DSO_METHOD_dl; ++ NCONF_load; ++ NCONF_load_fp; ++ NCONF_new; ++ NCONF_get_string; ++ NCONF_free; ++ NCONF_get_number; ++ CONF_dump_fp; ++ NCONF_load_bio; ++ NCONF_dump_fp; ++ NCONF_get_section; ++ NCONF_dump_bio; ++ CONF_dump_bio; ++ NCONF_free_data; ++ CONF_set_default_method; ++ ERR_error_string_n; ++ BIO_snprintf; ++ DSO_ctrl; ++ i2d_ASN1_SET_OF_ASN1_INTEGER; ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; ++ i2d_ASN1_SET_OF_PKCS7; ++ BIO_vfree; ++ d2i_ASN1_SET_OF_ASN1_INTEGER; ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; ++ ASN1_UTCTIME_get; ++ X509_REQ_digest; ++ X509_CRL_digest; ++ d2i_ASN1_SET_OF_PKCS7; ++ EVP_CIPHER_CTX_set_key_length; ++ EVP_CIPHER_CTX_ctrl; ++ BN_mod_exp_mont_word; ++ RAND_egd_bytes; ++ X509_REQ_get1_email; ++ X509_get1_email; ++ X509_email_free; ++ i2d_RSA_NET; ++ d2i_RSA_NET_2; ++ d2i_RSA_NET; ++ DSO_bind_func; ++ CRYPTO_get_new_dynlockid; ++ sk_new_null; ++ CRYPTO_set_dynlock_destroy_callback; ++ CRYPTO_set_dynlock_destroy_cb; ++ CRYPTO_destroy_dynlockid; ++ CRYPTO_set_dynlock_size; ++ CRYPTO_set_dynlock_create_callback; ++ CRYPTO_set_dynlock_create_cb; ++ CRYPTO_set_dynlock_lock_callback; ++ CRYPTO_set_dynlock_lock_cb; ++ CRYPTO_get_dynlock_lock_callback; ++ CRYPTO_get_dynlock_lock_cb; ++ CRYPTO_get_dynlock_destroy_callback; ++ CRYPTO_get_dynlock_destroy_cb; ++ CRYPTO_get_dynlock_value; ++ CRYPTO_get_dynlock_create_callback; ++ CRYPTO_get_dynlock_create_cb; ++ c2i_ASN1_BIT_STRING; ++ i2c_ASN1_BIT_STRING; ++ RAND_poll; ++ c2i_ASN1_INTEGER; ++ i2c_ASN1_INTEGER; ++ BIO_dump_indent; ++ ASN1_parse_dump; ++ c2i_ASN1_OBJECT; ++ X509_NAME_print_ex_fp; ++ ASN1_STRING_print_ex_fp; ++ X509_NAME_print_ex; ++ ASN1_STRING_print_ex; ++ MD4; ++ MD4_Transform; ++ MD4_Final; ++ MD4_Update; ++ MD4_Init; ++ EVP_md4; ++ i2d_PUBKEY_bio; ++ i2d_PUBKEY_fp; ++ d2i_PUBKEY_bio; ++ ASN1_STRING_to_UTF8; ++ BIO_vprintf; ++ BIO_vsnprintf; ++ d2i_PUBKEY_fp; ++ X509_cmp_time; ++ X509_STORE_CTX_set_time; ++ X509_STORE_CTX_get1_issuer; ++ X509_OBJECT_retrieve_match; ++ X509_OBJECT_idx_by_subject; ++ X509_STORE_CTX_set_flags; ++ X509_STORE_CTX_trusted_stack; ++ X509_time_adj; ++ X509_check_issued; ++ ASN1_UTCTIME_cmp_time_t; ++ DES_set_weak_key_flag; ++ DES_check_key; ++ DES_rw_mode; ++ RSA_PKCS1_RSAref; ++ X509_keyid_set1; ++ BIO_next; ++ DSO_METHOD_vms; ++ BIO_f_linebuffer; ++ BN_bntest_rand; ++ OPENSSL_issetugid; ++ BN_rand_range; ++ ERR_load_ENGINE_strings; ++ ENGINE_set_DSA; ++ ENGINE_get_finish_function; ++ ENGINE_get_default_RSA; ++ ENGINE_get_BN_mod_exp; ++ DSA_get_default_openssl_method; ++ ENGINE_set_DH; ++ ENGINE_set_def_BN_mod_exp_crt; ++ ENGINE_set_default_BN_mod_exp_crt; ++ ENGINE_init; ++ DH_get_default_openssl_method; ++ RSA_set_default_openssl_method; ++ ENGINE_finish; ++ ENGINE_load_public_key; ++ ENGINE_get_DH; ++ ENGINE_ctrl; ++ ENGINE_get_init_function; ++ ENGINE_set_init_function; ++ ENGINE_set_default_DSA; ++ ENGINE_get_name; ++ ENGINE_get_last; ++ ENGINE_get_prev; ++ ENGINE_get_default_DH; ++ ENGINE_get_RSA; ++ ENGINE_set_default; ++ ENGINE_get_RAND; ++ ENGINE_get_first; ++ ENGINE_by_id; ++ ENGINE_set_finish_function; ++ ENGINE_get_def_BN_mod_exp_crt; ++ ENGINE_get_default_BN_mod_exp_crt; ++ RSA_get_default_openssl_method; ++ ENGINE_set_RSA; ++ ENGINE_load_private_key; ++ ENGINE_set_default_RAND; ++ ENGINE_set_BN_mod_exp; ++ ENGINE_remove; ++ ENGINE_free; ++ ENGINE_get_BN_mod_exp_crt; ++ ENGINE_get_next; ++ ENGINE_set_name; ++ ENGINE_get_default_DSA; ++ ENGINE_set_default_BN_mod_exp; ++ ENGINE_set_default_RSA; ++ ENGINE_get_default_RAND; ++ ENGINE_get_default_BN_mod_exp; ++ ENGINE_set_RAND; ++ ENGINE_set_id; ++ ENGINE_set_BN_mod_exp_crt; ++ ENGINE_set_default_DH; ++ ENGINE_new; ++ ENGINE_get_id; ++ DSA_set_default_openssl_method; ++ ENGINE_add; ++ DH_set_default_openssl_method; ++ ENGINE_get_DSA; ++ ENGINE_get_ctrl_function; ++ ENGINE_set_ctrl_function; ++ BN_pseudo_rand_range; ++ X509_STORE_CTX_set_verify_cb; ++ ERR_load_COMP_strings; ++ PKCS12_item_decrypt_d2i; ++ ASN1_UTF8STRING_it; ++ ENGINE_unregister_ciphers; ++ ENGINE_get_ciphers; ++ d2i_OCSP_BASICRESP; ++ KRB5_CHECKSUM_it; ++ EC_POINT_add; ++ ASN1_item_ex_i2d; ++ OCSP_CERTID_it; ++ d2i_OCSP_RESPBYTES; ++ X509V3_add1_i2d; ++ PKCS7_ENVELOPE_it; ++ UI_add_input_boolean; ++ ENGINE_unregister_RSA; ++ X509V3_EXT_nconf; ++ ASN1_GENERALSTRING_free; ++ d2i_OCSP_CERTSTATUS; ++ X509_REVOKED_set_serialNumber; ++ X509_print_ex; ++ OCSP_ONEREQ_get1_ext_d2i; ++ ENGINE_register_all_RAND; ++ ENGINE_load_dynamic; ++ PBKDF2PARAM_it; ++ EXTENDED_KEY_USAGE_new; ++ EC_GROUP_clear_free; ++ OCSP_sendreq_bio; ++ ASN1_item_digest; ++ OCSP_BASICRESP_delete_ext; ++ OCSP_SIGNATURE_it; ++ X509_CRL_it; ++ OCSP_BASICRESP_add_ext; ++ KRB5_ENCKEY_it; ++ UI_method_set_closer; ++ X509_STORE_set_purpose; ++ i2d_ASN1_GENERALSTRING; ++ OCSP_response_status; ++ i2d_OCSP_SERVICELOC; ++ ENGINE_get_digest_engine; ++ EC_GROUP_set_curve_GFp; ++ OCSP_REQUEST_get_ext_by_OBJ; ++ _ossl_old_des_random_key; ++ ASN1_T61STRING_it; ++ EC_GROUP_method_of; ++ i2d_KRB5_APREQ; ++ _ossl_old_des_encrypt; ++ ASN1_PRINTABLE_new; ++ HMAC_Init_ex; ++ d2i_KRB5_AUTHENT; ++ OCSP_archive_cutoff_new; ++ EC_POINT_set_Jprojective_coordinates_GFp; ++ EC_POINT_set_Jproj_coords_GFp; ++ _ossl_old_des_is_weak_key; ++ OCSP_BASICRESP_get_ext_by_OBJ; ++ EC_POINT_oct2point; ++ OCSP_SINGLERESP_get_ext_count; ++ UI_ctrl; ++ _shadow_DES_rw_mode; ++ asn1_do_adb; ++ ASN1_template_i2d; ++ ENGINE_register_DH; ++ UI_construct_prompt; ++ X509_STORE_set_trust; ++ UI_dup_input_string; ++ d2i_KRB5_APREQ; ++ EVP_MD_CTX_copy_ex; ++ OCSP_request_is_signed; ++ i2d_OCSP_REQINFO; ++ KRB5_ENCKEY_free; ++ OCSP_resp_get0; ++ GENERAL_NAME_it; ++ ASN1_GENERALIZEDTIME_it; ++ X509_STORE_set_flags; ++ EC_POINT_set_compressed_coordinates_GFp; ++ EC_POINT_set_compr_coords_GFp; ++ OCSP_response_status_str; ++ d2i_OCSP_REVOKEDINFO; ++ OCSP_basic_add1_cert; ++ ERR_get_implementation; ++ EVP_CipherFinal_ex; ++ OCSP_CERTSTATUS_new; ++ CRYPTO_cleanup_all_ex_data; ++ OCSP_resp_find; ++ BN_nnmod; ++ X509_CRL_sort; ++ X509_REVOKED_set_revocationDate; ++ ENGINE_register_RAND; ++ OCSP_SERVICELOC_new; ++ EC_POINT_set_affine_coordinates_GFp; ++ EC_POINT_set_affine_coords_GFp; ++ _ossl_old_des_options; ++ SXNET_it; ++ UI_dup_input_boolean; ++ PKCS12_add_CSPName_asc; ++ EC_POINT_is_at_infinity; ++ ENGINE_load_cryptodev; ++ DSO_convert_filename; ++ POLICYQUALINFO_it; ++ ENGINE_register_ciphers; ++ BN_mod_lshift_quick; ++ DSO_set_filename; ++ ASN1_item_free; ++ KRB5_TKTBODY_free; ++ AUTHORITY_KEYID_it; ++ KRB5_APREQBODY_new; ++ X509V3_EXT_REQ_add_nconf; ++ ENGINE_ctrl_cmd_string; ++ i2d_OCSP_RESPDATA; ++ EVP_MD_CTX_init; ++ EXTENDED_KEY_USAGE_free; ++ PKCS7_ATTR_SIGN_it; ++ UI_add_error_string; ++ KRB5_CHECKSUM_free; ++ OCSP_REQUEST_get_ext; ++ ENGINE_load_ubsec; ++ ENGINE_register_all_digests; ++ PKEY_USAGE_PERIOD_it; ++ PKCS12_unpack_authsafes; ++ ASN1_item_unpack; ++ NETSCAPE_SPKAC_it; ++ X509_REVOKED_it; ++ ASN1_STRING_encode; ++ EVP_aes_128_ecb; ++ KRB5_AUTHENT_free; ++ OCSP_BASICRESP_get_ext_by_critical; ++ OCSP_BASICRESP_get_ext_by_crit; ++ OCSP_cert_status_str; ++ d2i_OCSP_REQUEST; ++ UI_dup_info_string; ++ _ossl_old_des_xwhite_in2out; ++ PKCS12_it; ++ OCSP_SINGLERESP_get_ext_by_critical; ++ OCSP_SINGLERESP_get_ext_by_crit; ++ OCSP_CERTSTATUS_free; ++ _ossl_old_des_crypt; ++ ASN1_item_i2d; ++ EVP_DecryptFinal_ex; ++ ENGINE_load_openssl; ++ ENGINE_get_cmd_defns; ++ ENGINE_set_load_privkey_function; ++ ENGINE_set_load_privkey_fn; ++ EVP_EncryptFinal_ex; ++ ENGINE_set_default_digests; ++ X509_get0_pubkey_bitstr; ++ asn1_ex_i2c; ++ ENGINE_register_RSA; ++ ENGINE_unregister_DSA; ++ _ossl_old_des_key_sched; ++ X509_EXTENSION_it; ++ i2d_KRB5_AUTHENT; ++ SXNETID_it; ++ d2i_OCSP_SINGLERESP; ++ EDIPARTYNAME_new; ++ PKCS12_certbag2x509; ++ _ossl_old_des_ofb64_encrypt; ++ d2i_EXTENDED_KEY_USAGE; ++ ERR_print_errors_cb; ++ ENGINE_set_ciphers; ++ d2i_KRB5_APREQBODY; ++ UI_method_get_flusher; ++ X509_PUBKEY_it; ++ _ossl_old_des_enc_read; ++ PKCS7_ENCRYPT_it; ++ i2d_OCSP_RESPONSE; ++ EC_GROUP_get_cofactor; ++ PKCS12_unpack_p7data; ++ d2i_KRB5_AUTHDATA; ++ OCSP_copy_nonce; ++ KRB5_AUTHDATA_new; ++ OCSP_RESPDATA_new; ++ EC_GFp_mont_method; ++ OCSP_REVOKEDINFO_free; ++ UI_get_ex_data; ++ KRB5_APREQBODY_free; ++ EC_GROUP_get0_generator; ++ UI_get_default_method; ++ X509V3_set_nconf; ++ PKCS12_item_i2d_encrypt; ++ X509_add1_ext_i2d; ++ PKCS7_SIGNER_INFO_it; ++ KRB5_PRINCNAME_new; ++ PKCS12_SAFEBAG_it; ++ EC_GROUP_get_order; ++ d2i_OCSP_RESPID; ++ OCSP_request_verify; ++ NCONF_get_number_e; ++ _ossl_old_des_decrypt3; ++ X509_signature_print; ++ OCSP_SINGLERESP_free; ++ ENGINE_load_builtin_engines; ++ i2d_OCSP_ONEREQ; ++ OCSP_REQUEST_add_ext; ++ OCSP_RESPBYTES_new; ++ EVP_MD_CTX_create; ++ OCSP_resp_find_status; ++ X509_ALGOR_it; ++ ASN1_TIME_it; ++ OCSP_request_set1_name; ++ OCSP_ONEREQ_get_ext_count; ++ UI_get0_result; ++ PKCS12_AUTHSAFES_it; ++ EVP_aes_256_ecb; ++ PKCS12_pack_authsafes; ++ ASN1_IA5STRING_it; ++ UI_get_input_flags; ++ EC_GROUP_set_generator; ++ _ossl_old_des_string_to_2keys; ++ OCSP_CERTID_free; ++ X509_CERT_AUX_it; ++ CERTIFICATEPOLICIES_it; ++ _ossl_old_des_ede3_cbc_encrypt; ++ RAND_set_rand_engine; ++ DSO_get_loaded_filename; ++ X509_ATTRIBUTE_it; ++ OCSP_ONEREQ_get_ext_by_NID; ++ PKCS12_decrypt_skey; ++ KRB5_AUTHENT_it; ++ UI_dup_error_string; ++ RSAPublicKey_it; ++ i2d_OCSP_REQUEST; ++ PKCS12_x509crl2certbag; ++ OCSP_SERVICELOC_it; ++ ASN1_item_sign; ++ X509_CRL_set_issuer_name; ++ OBJ_NAME_do_all_sorted; ++ i2d_OCSP_BASICRESP; ++ i2d_OCSP_RESPBYTES; ++ PKCS12_unpack_p7encdata; ++ HMAC_CTX_init; ++ ENGINE_get_digest; ++ OCSP_RESPONSE_print; ++ KRB5_TKTBODY_it; ++ ACCESS_DESCRIPTION_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PBE2PARAM_it; ++ PKCS12_certbag2x509crl; ++ PKCS7_SIGNED_it; ++ ENGINE_get_cipher; ++ i2d_OCSP_CRLID; ++ OCSP_SINGLERESP_new; ++ ENGINE_cmd_is_executable; ++ RSA_up_ref; ++ ASN1_GENERALSTRING_it; ++ ENGINE_register_DSA; ++ X509V3_EXT_add_nconf_sk; ++ ENGINE_set_load_pubkey_function; ++ PKCS8_decrypt; ++ PEM_bytes_read_bio; ++ DIRECTORYSTRING_it; ++ d2i_OCSP_CRLID; ++ EC_POINT_is_on_curve; ++ CRYPTO_set_locked_mem_ex_functions; ++ CRYPTO_set_locked_mem_ex_funcs; ++ d2i_KRB5_CHECKSUM; ++ ASN1_item_dup; ++ X509_it; ++ BN_mod_add; ++ KRB5_AUTHDATA_free; ++ _ossl_old_des_cbc_cksum; ++ ASN1_item_verify; ++ CRYPTO_set_mem_ex_functions; ++ EC_POINT_get_Jprojective_coordinates_GFp; ++ EC_POINT_get_Jproj_coords_GFp; ++ ZLONG_it; ++ CRYPTO_get_locked_mem_ex_functions; ++ CRYPTO_get_locked_mem_ex_funcs; ++ ASN1_TIME_check; ++ UI_get0_user_data; ++ HMAC_CTX_cleanup; ++ DSA_up_ref; ++ _ossl_old_des_ede3_cfb64_encrypt; ++ _ossl_odes_ede3_cfb64_encrypt; ++ ASN1_BMPSTRING_it; ++ ASN1_tag2bit; ++ UI_method_set_flusher; ++ X509_ocspid_print; ++ KRB5_ENCDATA_it; ++ ENGINE_get_load_pubkey_function; ++ UI_add_user_data; ++ OCSP_REQUEST_delete_ext; ++ UI_get_method; ++ OCSP_ONEREQ_free; ++ ASN1_PRINTABLESTRING_it; ++ X509_CRL_set_nextUpdate; ++ OCSP_REQUEST_it; ++ OCSP_BASICRESP_it; ++ AES_ecb_encrypt; ++ BN_mod_sqr; ++ NETSCAPE_CERT_SEQUENCE_it; ++ GENERAL_NAMES_it; ++ AUTHORITY_INFO_ACCESS_it; ++ ASN1_FBOOLEAN_it; ++ UI_set_ex_data; ++ _ossl_old_des_string_to_key; ++ ENGINE_register_all_RSA; ++ d2i_KRB5_PRINCNAME; ++ OCSP_RESPBYTES_it; ++ X509_CINF_it; ++ ENGINE_unregister_digests; ++ d2i_EDIPARTYNAME; ++ d2i_OCSP_SERVICELOC; ++ ENGINE_get_digests; ++ _ossl_old_des_set_odd_parity; ++ OCSP_RESPDATA_free; ++ d2i_KRB5_TICKET; ++ OTHERNAME_it; ++ EVP_MD_CTX_cleanup; ++ d2i_ASN1_GENERALSTRING; ++ X509_CRL_set_version; ++ BN_mod_sub; ++ OCSP_SINGLERESP_get_ext_by_NID; ++ ENGINE_get_ex_new_index; ++ OCSP_REQUEST_free; ++ OCSP_REQUEST_add1_ext_i2d; ++ X509_VAL_it; ++ EC_POINTs_make_affine; ++ EC_POINT_mul; ++ X509V3_EXT_add_nconf; ++ X509_TRUST_set; ++ X509_CRL_add1_ext_i2d; ++ _ossl_old_des_fcrypt; ++ DISPLAYTEXT_it; ++ X509_CRL_set_lastUpdate; ++ OCSP_BASICRESP_free; ++ OCSP_BASICRESP_add1_ext_i2d; ++ d2i_KRB5_AUTHENTBODY; ++ CRYPTO_set_ex_data_implementation; ++ CRYPTO_set_ex_data_impl; ++ KRB5_ENCDATA_new; ++ DSO_up_ref; ++ OCSP_crl_reason_str; ++ UI_get0_result_string; ++ ASN1_GENERALSTRING_new; ++ X509_SIG_it; ++ ERR_set_implementation; ++ ERR_load_EC_strings; ++ UI_get0_action_string; ++ OCSP_ONEREQ_get_ext; ++ EC_POINT_method_of; ++ i2d_KRB5_APREQBODY; ++ _ossl_old_des_ecb3_encrypt; ++ CRYPTO_get_mem_ex_functions; ++ ENGINE_get_ex_data; ++ UI_destroy_method; ++ ASN1_item_i2d_bio; ++ OCSP_ONEREQ_get_ext_by_OBJ; ++ ASN1_primitive_new; ++ ASN1_PRINTABLE_it; ++ EVP_aes_192_ecb; ++ OCSP_SIGNATURE_new; ++ LONG_it; ++ ASN1_VISIBLESTRING_it; ++ OCSP_SINGLERESP_add1_ext_i2d; ++ d2i_OCSP_CERTID; ++ ASN1_item_d2i_fp; ++ CRL_DIST_POINTS_it; ++ GENERAL_NAME_print; ++ OCSP_SINGLERESP_delete_ext; ++ PKCS12_SAFEBAGS_it; ++ d2i_OCSP_SIGNATURE; ++ OCSP_request_add1_nonce; ++ ENGINE_set_cmd_defns; ++ OCSP_SERVICELOC_free; ++ EC_GROUP_free; ++ ASN1_BIT_STRING_it; ++ X509_REQ_it; ++ _ossl_old_des_cbc_encrypt; ++ ERR_unload_strings; ++ PKCS7_SIGN_ENVELOPE_it; ++ EDIPARTYNAME_free; ++ OCSP_REQINFO_free; ++ EC_GROUP_new_curve_GFp; ++ OCSP_REQUEST_get1_ext_d2i; ++ PKCS12_item_pack_safebag; ++ asn1_ex_c2i; ++ ENGINE_register_digests; ++ i2d_OCSP_REVOKEDINFO; ++ asn1_enc_restore; ++ UI_free; ++ UI_new_method; ++ EVP_EncryptInit_ex; ++ X509_pubkey_digest; ++ EC_POINT_invert; ++ OCSP_basic_sign; ++ i2d_OCSP_RESPID; ++ OCSP_check_nonce; ++ ENGINE_ctrl_cmd; ++ d2i_KRB5_ENCKEY; ++ OCSP_parse_url; ++ OCSP_SINGLERESP_get_ext; ++ OCSP_CRLID_free; ++ OCSP_BASICRESP_get1_ext_d2i; ++ RSAPrivateKey_it; ++ ENGINE_register_all_DH; ++ i2d_EDIPARTYNAME; ++ EC_POINT_get_affine_coordinates_GFp; ++ EC_POINT_get_affine_coords_GFp; ++ OCSP_CRLID_new; ++ ENGINE_get_flags; ++ OCSP_ONEREQ_it; ++ UI_process; ++ ASN1_INTEGER_it; ++ EVP_CipherInit_ex; ++ UI_get_string_type; ++ ENGINE_unregister_DH; ++ ENGINE_register_all_DSA; ++ OCSP_ONEREQ_get_ext_by_critical; ++ bn_dup_expand; ++ OCSP_cert_id_new; ++ BASIC_CONSTRAINTS_it; ++ BN_mod_add_quick; ++ EC_POINT_new; ++ EVP_MD_CTX_destroy; ++ OCSP_RESPBYTES_free; ++ EVP_aes_128_cbc; ++ OCSP_SINGLERESP_get1_ext_d2i; ++ EC_POINT_free; ++ DH_up_ref; ++ X509_NAME_ENTRY_it; ++ UI_get_ex_new_index; ++ BN_mod_sub_quick; ++ OCSP_ONEREQ_add_ext; ++ OCSP_request_sign; ++ EVP_DigestFinal_ex; ++ ENGINE_set_digests; ++ OCSP_id_issuer_cmp; ++ OBJ_NAME_do_all; ++ EC_POINTs_mul; ++ ENGINE_register_complete; ++ X509V3_EXT_nconf_nid; ++ ASN1_SEQUENCE_it; ++ UI_set_default_method; ++ RAND_query_egd_bytes; ++ UI_method_get_writer; ++ UI_OpenSSL; ++ PEM_def_callback; ++ ENGINE_cleanup; ++ DIST_POINT_it; ++ OCSP_SINGLERESP_it; ++ d2i_KRB5_TKTBODY; ++ EC_POINT_cmp; ++ OCSP_REVOKEDINFO_new; ++ i2d_OCSP_CERTSTATUS; ++ OCSP_basic_add1_nonce; ++ ASN1_item_ex_d2i; ++ BN_mod_lshift1_quick; ++ UI_set_method; ++ OCSP_id_get0_info; ++ BN_mod_sqrt; ++ EC_GROUP_copy; ++ KRB5_ENCDATA_free; ++ _ossl_old_des_cfb_encrypt; ++ OCSP_SINGLERESP_get_ext_by_OBJ; ++ OCSP_cert_to_id; ++ OCSP_RESPID_new; ++ OCSP_RESPDATA_it; ++ d2i_OCSP_RESPDATA; ++ ENGINE_register_all_complete; ++ OCSP_check_validity; ++ PKCS12_BAGS_it; ++ OCSP_url_svcloc_new; ++ ASN1_template_free; ++ OCSP_SINGLERESP_add_ext; ++ KRB5_AUTHENTBODY_it; ++ X509_supported_extension; ++ i2d_KRB5_AUTHDATA; ++ UI_method_get_opener; ++ ENGINE_set_ex_data; ++ OCSP_REQUEST_print; ++ CBIGNUM_it; ++ KRB5_TICKET_new; ++ KRB5_APREQ_new; ++ EC_GROUP_get_curve_GFp; ++ KRB5_ENCKEY_new; ++ ASN1_template_d2i; ++ _ossl_old_des_quad_cksum; ++ OCSP_single_get0_status; ++ BN_swap; ++ POLICYINFO_it; ++ ENGINE_set_destroy_function; ++ asn1_enc_free; ++ OCSP_RESPID_it; ++ EC_GROUP_new; ++ EVP_aes_256_cbc; ++ i2d_KRB5_PRINCNAME; ++ _ossl_old_des_encrypt2; ++ _ossl_old_des_encrypt3; ++ PKCS8_PRIV_KEY_INFO_it; ++ OCSP_REQINFO_it; ++ PBEPARAM_it; ++ KRB5_AUTHENTBODY_new; ++ X509_CRL_add0_revoked; ++ EDIPARTYNAME_it; ++ NETSCAPE_SPKI_it; ++ UI_get0_test_string; ++ ENGINE_get_cipher_engine; ++ ENGINE_register_all_ciphers; ++ EC_POINT_copy; ++ BN_kronecker; ++ _ossl_old_des_ede3_ofb64_encrypt; ++ _ossl_odes_ede3_ofb64_encrypt; ++ UI_method_get_reader; ++ OCSP_BASICRESP_get_ext_count; ++ ASN1_ENUMERATED_it; ++ UI_set_result; ++ i2d_KRB5_TICKET; ++ X509_print_ex_fp; ++ EVP_CIPHER_CTX_set_padding; ++ d2i_OCSP_RESPONSE; ++ ASN1_UTCTIME_it; ++ _ossl_old_des_enc_write; ++ OCSP_RESPONSE_new; ++ AES_set_encrypt_key; ++ OCSP_resp_count; ++ KRB5_CHECKSUM_new; ++ ENGINE_load_cswift; ++ OCSP_onereq_get0_id; ++ ENGINE_set_default_ciphers; ++ NOTICEREF_it; ++ X509V3_EXT_CRL_add_nconf; ++ OCSP_REVOKEDINFO_it; ++ AES_encrypt; ++ OCSP_REQUEST_new; ++ ASN1_ANY_it; ++ CRYPTO_ex_data_new_class; ++ _ossl_old_des_ncbc_encrypt; ++ i2d_KRB5_TKTBODY; ++ EC_POINT_clear_free; ++ AES_decrypt; ++ asn1_enc_init; ++ UI_get_result_maxsize; ++ OCSP_CERTID_new; ++ ENGINE_unregister_RAND; ++ UI_method_get_closer; ++ d2i_KRB5_ENCDATA; ++ OCSP_request_onereq_count; ++ OCSP_basic_verify; ++ KRB5_AUTHENTBODY_free; ++ ASN1_item_d2i; ++ ASN1_primitive_free; ++ i2d_EXTENDED_KEY_USAGE; ++ i2d_OCSP_SIGNATURE; ++ asn1_enc_save; ++ ENGINE_load_nuron; ++ _ossl_old_des_pcbc_encrypt; ++ PKCS12_MAC_DATA_it; ++ OCSP_accept_responses_new; ++ asn1_do_lock; ++ PKCS7_ATTR_VERIFY_it; ++ KRB5_APREQBODY_it; ++ i2d_OCSP_SINGLERESP; ++ ASN1_item_ex_new; ++ UI_add_verify_string; ++ _ossl_old_des_set_key; ++ KRB5_PRINCNAME_it; ++ EVP_DecryptInit_ex; ++ i2d_OCSP_CERTID; ++ ASN1_item_d2i_bio; ++ EC_POINT_dbl; ++ asn1_get_choice_selector; ++ i2d_KRB5_CHECKSUM; ++ ENGINE_set_table_flags; ++ AES_options; ++ ENGINE_load_chil; ++ OCSP_id_cmp; ++ OCSP_BASICRESP_new; ++ OCSP_REQUEST_get_ext_by_NID; ++ KRB5_APREQ_it; ++ ENGINE_get_destroy_function; ++ CONF_set_nconf; ++ ASN1_PRINTABLE_free; ++ OCSP_BASICRESP_get_ext_by_NID; ++ DIST_POINT_NAME_it; ++ X509V3_extensions_print; ++ _ossl_old_des_cfb64_encrypt; ++ X509_REVOKED_add1_ext_i2d; ++ _ossl_old_des_ofb_encrypt; ++ KRB5_TKTBODY_new; ++ ASN1_OCTET_STRING_it; ++ ERR_load_UI_strings; ++ i2d_KRB5_ENCKEY; ++ ASN1_template_new; ++ OCSP_SIGNATURE_free; ++ ASN1_item_i2d_fp; ++ KRB5_PRINCNAME_free; ++ PKCS7_RECIP_INFO_it; ++ EXTENDED_KEY_USAGE_it; ++ EC_GFp_simple_method; ++ EC_GROUP_precompute_mult; ++ OCSP_request_onereq_get0; ++ UI_method_set_writer; ++ KRB5_AUTHENT_new; ++ X509_CRL_INFO_it; ++ DSO_set_name_converter; ++ AES_set_decrypt_key; ++ PKCS7_DIGEST_it; ++ PKCS12_x5092certbag; ++ EVP_DigestInit_ex; ++ i2a_ACCESS_DESCRIPTION; ++ OCSP_RESPONSE_it; ++ PKCS7_ENC_CONTENT_it; ++ OCSP_request_add0_id; ++ EC_POINT_make_affine; ++ DSO_get_filename; ++ OCSP_CERTSTATUS_it; ++ OCSP_request_add1_cert; ++ UI_get0_output_string; ++ UI_dup_verify_string; ++ BN_mod_lshift; ++ KRB5_AUTHDATA_it; ++ asn1_set_choice_selector; ++ OCSP_basic_add1_status; ++ OCSP_RESPID_free; ++ asn1_get_field_ptr; ++ UI_add_input_string; ++ OCSP_CRLID_it; ++ i2d_KRB5_AUTHENTBODY; ++ OCSP_REQUEST_get_ext_count; ++ ENGINE_load_atalla; ++ X509_NAME_it; ++ USERNOTICE_it; ++ OCSP_REQINFO_new; ++ OCSP_BASICRESP_get_ext; ++ CRYPTO_get_ex_data_implementation; ++ CRYPTO_get_ex_data_impl; ++ ASN1_item_pack; ++ i2d_KRB5_ENCDATA; ++ X509_PURPOSE_set; ++ X509_REQ_INFO_it; ++ UI_method_set_opener; ++ ASN1_item_ex_free; ++ ASN1_BOOLEAN_it; ++ ENGINE_get_table_flags; ++ UI_create_method; ++ OCSP_ONEREQ_add1_ext_i2d; ++ _shadow_DES_check_key; ++ d2i_OCSP_REQINFO; ++ UI_add_info_string; ++ UI_get_result_minsize; ++ ASN1_NULL_it; ++ BN_mod_lshift1; ++ d2i_OCSP_ONEREQ; ++ OCSP_ONEREQ_new; ++ KRB5_TICKET_it; ++ EVP_aes_192_cbc; ++ KRB5_TICKET_free; ++ UI_new; ++ OCSP_response_create; ++ _ossl_old_des_xcbc_encrypt; ++ PKCS7_it; ++ OCSP_REQUEST_get_ext_by_critical; ++ OCSP_REQUEST_get_ext_by_crit; ++ ENGINE_set_flags; ++ _ossl_old_des_ecb_encrypt; ++ OCSP_response_get1_basic; ++ EVP_Digest; ++ OCSP_ONEREQ_delete_ext; ++ ASN1_TBOOLEAN_it; ++ ASN1_item_new; ++ ASN1_TIME_to_generalizedtime; ++ BIGNUM_it; ++ AES_cbc_encrypt; ++ ENGINE_get_load_privkey_function; ++ ENGINE_get_load_privkey_fn; ++ OCSP_RESPONSE_free; ++ UI_method_set_reader; ++ i2d_ASN1_T61STRING; ++ EC_POINT_set_to_infinity; ++ ERR_load_OCSP_strings; ++ EC_POINT_point2oct; ++ KRB5_APREQ_free; ++ ASN1_OBJECT_it; ++ OCSP_crlID_new; ++ OCSP_crlID2_new; ++ CONF_modules_load_file; ++ CONF_imodule_set_usr_data; ++ ENGINE_set_default_string; ++ CONF_module_get_usr_data; ++ ASN1_add_oid_module; ++ CONF_modules_finish; ++ OPENSSL_config; ++ CONF_modules_unload; ++ CONF_imodule_get_value; ++ CONF_module_set_usr_data; ++ CONF_parse_list; ++ CONF_module_add; ++ CONF_get1_default_config_file; ++ CONF_imodule_get_flags; ++ CONF_imodule_get_module; ++ CONF_modules_load; ++ CONF_imodule_get_name; ++ ERR_peek_top_error; ++ CONF_imodule_get_usr_data; ++ CONF_imodule_set_flags; ++ ENGINE_add_conf_module; ++ ERR_peek_last_error_line; ++ ERR_peek_last_error_line_data; ++ ERR_peek_last_error; ++ DES_read_2passwords; ++ DES_read_password; ++ UI_UTIL_read_pw; ++ UI_UTIL_read_pw_string; ++ ENGINE_load_aep; ++ ENGINE_load_sureware; ++ OPENSSL_add_all_algorithms_noconf; ++ OPENSSL_add_all_algo_noconf; ++ OPENSSL_add_all_algorithms_conf; ++ OPENSSL_add_all_algo_conf; ++ OPENSSL_load_builtin_modules; ++ AES_ofb128_encrypt; ++ AES_ctr128_encrypt; ++ AES_cfb128_encrypt; ++ ENGINE_load_4758cca; ++ _ossl_096_des_random_seed; ++ EVP_aes_256_ofb; ++ EVP_aes_192_ofb; ++ EVP_aes_128_cfb128; ++ EVP_aes_256_cfb128; ++ EVP_aes_128_ofb; ++ EVP_aes_192_cfb128; ++ CONF_modules_free; ++ NCONF_default; ++ OPENSSL_no_config; ++ NCONF_WIN32; ++ ASN1_UNIVERSALSTRING_new; ++ EVP_des_ede_ecb; ++ i2d_ASN1_UNIVERSALSTRING; ++ ASN1_UNIVERSALSTRING_free; ++ ASN1_UNIVERSALSTRING_it; ++ d2i_ASN1_UNIVERSALSTRING; ++ EVP_des_ede3_ecb; ++ X509_REQ_print_ex; ++ ENGINE_up_ref; ++ BUF_MEM_grow_clean; ++ CRYPTO_realloc_clean; ++ BUF_strlcat; ++ BIO_indent; ++ BUF_strlcpy; ++ OpenSSLDie; ++ OPENSSL_cleanse; ++ ENGINE_setup_bsd_cryptodev; ++ ERR_release_err_state_table; ++ EVP_aes_128_cfb8; ++ FIPS_corrupt_rsa; ++ FIPS_selftest_des; ++ EVP_aes_128_cfb1; ++ EVP_aes_192_cfb8; ++ FIPS_mode_set; ++ FIPS_selftest_dsa; ++ EVP_aes_256_cfb8; ++ FIPS_allow_md5; ++ DES_ede3_cfb_encrypt; ++ EVP_des_ede3_cfb8; ++ FIPS_rand_seeded; ++ AES_cfbr_encrypt_block; ++ AES_cfb8_encrypt; ++ FIPS_rand_seed; ++ FIPS_corrupt_des; ++ EVP_aes_192_cfb1; ++ FIPS_selftest_aes; ++ FIPS_set_prng_key; ++ EVP_des_cfb8; ++ FIPS_corrupt_dsa; ++ FIPS_test_mode; ++ FIPS_rand_method; ++ EVP_aes_256_cfb1; ++ ERR_load_FIPS_strings; ++ FIPS_corrupt_aes; ++ FIPS_selftest_sha1; ++ FIPS_selftest_rsa; ++ FIPS_corrupt_sha1; ++ EVP_des_cfb1; ++ FIPS_dsa_check; ++ AES_cfb1_encrypt; ++ EVP_des_ede3_cfb1; ++ FIPS_rand_check; ++ FIPS_md5_allowed; ++ FIPS_mode; ++ FIPS_selftest_failed; ++ sk_is_sorted; ++ X509_check_ca; ++ HMAC_CTX_set_flags; ++ d2i_PROXY_CERT_INFO_EXTENSION; ++ PROXY_POLICY_it; ++ i2d_PROXY_POLICY; ++ i2d_PROXY_CERT_INFO_EXTENSION; ++ d2i_PROXY_POLICY; ++ PROXY_CERT_INFO_EXTENSION_new; ++ PROXY_CERT_INFO_EXTENSION_free; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_POLICY_free; ++ PROXY_POLICY_new; ++ BN_MONT_CTX_set_locked; ++ FIPS_selftest_rng; ++ EVP_sha384; ++ EVP_sha512; ++ EVP_sha224; ++ EVP_sha256; ++ FIPS_selftest_hmac; ++ FIPS_corrupt_rng; ++ BN_mod_exp_mont_consttime; ++ RSA_X931_hash_id; ++ RSA_padding_check_X931; ++ RSA_verify_PKCS1_PSS; ++ RSA_padding_add_X931; ++ RSA_padding_add_PKCS1_PSS; ++ PKCS1_MGF1; ++ BN_X931_generate_Xpq; ++ RSA_X931_generate_key; ++ BN_X931_derive_prime; ++ BN_X931_generate_prime; ++ RSA_X931_derive; ++ BIO_new_dgram; ++ BN_get0_nist_prime_384; ++ ERR_set_mark; ++ X509_STORE_CTX_set0_crls; ++ ENGINE_set_STORE; ++ ENGINE_register_ECDSA; ++ STORE_meth_set_list_start_fn; ++ STORE_method_set_list_start_function; ++ BN_BLINDING_invert_ex; ++ NAME_CONSTRAINTS_free; ++ STORE_ATTR_INFO_set_number; ++ BN_BLINDING_get_thread_id; ++ X509_STORE_CTX_set0_param; ++ POLICY_MAPPING_it; ++ STORE_parse_attrs_start; ++ POLICY_CONSTRAINTS_free; ++ EVP_PKEY_add1_attr_by_NID; ++ BN_nist_mod_192; ++ EC_GROUP_get_trinomial_basis; ++ STORE_set_method; ++ GENERAL_SUBTREE_free; ++ NAME_CONSTRAINTS_it; ++ ECDH_get_default_method; ++ PKCS12_add_safe; ++ EC_KEY_new_by_curve_name; ++ STORE_meth_get_update_store_fn; ++ STORE_method_get_update_store_function; ++ ENGINE_register_ECDH; ++ SHA512_Update; ++ i2d_ECPrivateKey; ++ BN_get0_nist_prime_192; ++ STORE_modify_certificate; ++ EC_POINT_set_affine_coordinates_GF2m; ++ EC_POINT_set_affine_coords_GF2m; ++ BN_GF2m_mod_exp_arr; ++ STORE_ATTR_INFO_modify_number; ++ X509_keyid_get0; ++ ENGINE_load_gmp; ++ pitem_new; ++ BN_GF2m_mod_mul_arr; ++ STORE_list_public_key_endp; ++ o2i_ECPublicKey; ++ EC_KEY_copy; ++ BIO_dump_fp; ++ X509_policy_node_get0_parent; ++ EC_GROUP_check_discriminant; ++ i2o_ECPublicKey; ++ EC_KEY_precompute_mult; ++ a2i_IPADDRESS; ++ STORE_meth_set_initialise_fn; ++ STORE_method_set_initialise_function; ++ X509_STORE_CTX_set_depth; ++ X509_VERIFY_PARAM_inherit; ++ EC_POINT_point2bn; ++ STORE_ATTR_INFO_set_dn; ++ X509_policy_tree_get0_policies; ++ EC_GROUP_new_curve_GF2m; ++ STORE_destroy_method; ++ ENGINE_unregister_STORE; ++ EVP_PKEY_get1_EC_KEY; ++ STORE_ATTR_INFO_get0_number; ++ ENGINE_get_default_ECDH; ++ EC_KEY_get_conv_form; ++ ASN1_OCTET_STRING_NDEF_it; ++ STORE_delete_public_key; ++ STORE_get_public_key; ++ STORE_modify_arbitrary; ++ ENGINE_get_static_state; ++ pqueue_iterator; ++ ECDSA_SIG_new; ++ OPENSSL_DIR_end; ++ BN_GF2m_mod_sqr; ++ EC_POINT_bn2point; ++ X509_VERIFY_PARAM_set_depth; ++ EC_KEY_set_asn1_flag; ++ STORE_get_method; ++ EC_KEY_get_key_method_data; ++ ECDSA_sign_ex; ++ STORE_parse_attrs_end; ++ EC_GROUP_get_point_conversion_form; ++ EC_GROUP_get_point_conv_form; ++ STORE_method_set_store_function; ++ STORE_ATTR_INFO_in; ++ PEM_read_bio_ECPKParameters; ++ EC_GROUP_get_pentanomial_basis; ++ EVP_PKEY_add1_attr_by_txt; ++ BN_BLINDING_set_flags; ++ X509_VERIFY_PARAM_set1_policies; ++ X509_VERIFY_PARAM_set1_name; ++ X509_VERIFY_PARAM_set_purpose; ++ STORE_get_number; ++ ECDSA_sign_setup; ++ BN_GF2m_mod_solve_quad_arr; ++ EC_KEY_up_ref; ++ POLICY_MAPPING_free; ++ BN_GF2m_mod_div; ++ X509_VERIFY_PARAM_set_flags; ++ EC_KEY_free; ++ STORE_meth_set_list_next_fn; ++ STORE_method_set_list_next_function; ++ PEM_write_bio_ECPrivateKey; ++ d2i_EC_PUBKEY; ++ STORE_meth_get_generate_fn; ++ STORE_method_get_generate_function; ++ STORE_meth_set_list_end_fn; ++ STORE_method_set_list_end_function; ++ pqueue_print; ++ EC_GROUP_have_precompute_mult; ++ EC_KEY_print_fp; ++ BN_GF2m_mod_arr; ++ PEM_write_bio_X509_CERT_PAIR; ++ EVP_PKEY_cmp; ++ X509_policy_level_node_count; ++ STORE_new_engine; ++ STORE_list_public_key_start; ++ X509_VERIFY_PARAM_new; ++ ECDH_get_ex_data; ++ EVP_PKEY_get_attr; ++ ECDSA_do_sign; ++ ENGINE_unregister_ECDH; ++ ECDH_OpenSSL; ++ EC_KEY_set_conv_form; ++ EC_POINT_dup; ++ GENERAL_SUBTREE_new; ++ STORE_list_crl_endp; ++ EC_get_builtin_curves; ++ X509_policy_node_get0_qualifiers; ++ X509_pcy_node_get0_qualifiers; ++ STORE_list_crl_end; ++ EVP_PKEY_set1_EC_KEY; ++ BN_GF2m_mod_sqrt_arr; ++ i2d_ECPrivateKey_bio; ++ ECPKParameters_print_fp; ++ pqueue_find; ++ ECDSA_SIG_free; ++ PEM_write_bio_ECPKParameters; ++ STORE_method_set_ctrl_function; ++ STORE_list_public_key_end; ++ EC_KEY_set_private_key; ++ pqueue_peek; ++ STORE_get_arbitrary; ++ STORE_store_crl; ++ X509_policy_node_get0_policy; ++ PKCS12_add_safes; ++ BN_BLINDING_convert_ex; ++ X509_policy_tree_free; ++ OPENSSL_ia32cap_loc; ++ BN_GF2m_poly2arr; ++ STORE_ctrl; ++ STORE_ATTR_INFO_compare; ++ BN_get0_nist_prime_224; ++ i2d_ECParameters; ++ i2d_ECPKParameters; ++ BN_GENCB_call; ++ d2i_ECPKParameters; ++ STORE_meth_set_generate_fn; ++ STORE_method_set_generate_function; ++ ENGINE_set_ECDH; ++ NAME_CONSTRAINTS_new; ++ SHA256_Init; ++ EC_KEY_get0_public_key; ++ PEM_write_bio_EC_PUBKEY; ++ STORE_ATTR_INFO_set_cstr; ++ STORE_list_crl_next; ++ STORE_ATTR_INFO_in_range; ++ ECParameters_print; ++ STORE_meth_set_delete_fn; ++ STORE_method_set_delete_function; ++ STORE_list_certificate_next; ++ ASN1_generate_nconf; ++ BUF_memdup; ++ BN_GF2m_mod_mul; ++ STORE_meth_get_list_next_fn; ++ STORE_method_get_list_next_function; ++ STORE_ATTR_INFO_get0_dn; ++ STORE_list_private_key_next; ++ EC_GROUP_set_seed; ++ X509_VERIFY_PARAM_set_trust; ++ STORE_ATTR_INFO_free; ++ STORE_get_private_key; ++ EVP_PKEY_get_attr_count; ++ STORE_ATTR_INFO_new; ++ EC_GROUP_get_curve_GF2m; ++ STORE_meth_set_revoke_fn; ++ STORE_method_set_revoke_function; ++ STORE_store_number; ++ BN_is_prime_ex; ++ STORE_revoke_public_key; ++ X509_STORE_CTX_get0_param; ++ STORE_delete_arbitrary; ++ PEM_read_X509_CERT_PAIR; ++ X509_STORE_set_depth; ++ ECDSA_get_ex_data; ++ SHA224; ++ BIO_dump_indent_fp; ++ EC_KEY_set_group; ++ BUF_strndup; ++ STORE_list_certificate_start; ++ BN_GF2m_mod; ++ X509_REQ_check_private_key; ++ EC_GROUP_get_seed_len; ++ ERR_load_STORE_strings; ++ PEM_read_bio_EC_PUBKEY; ++ STORE_list_private_key_end; ++ i2d_EC_PUBKEY; ++ ECDSA_get_default_method; ++ ASN1_put_eoc; ++ X509_STORE_CTX_get_explicit_policy; ++ X509_STORE_CTX_get_expl_policy; ++ X509_VERIFY_PARAM_table_cleanup; ++ STORE_modify_private_key; ++ X509_VERIFY_PARAM_free; ++ EC_METHOD_get_field_type; ++ EC_GFp_nist_method; ++ STORE_meth_set_modify_fn; ++ STORE_method_set_modify_function; ++ STORE_parse_attrs_next; ++ ENGINE_load_padlock; ++ EC_GROUP_set_curve_name; ++ X509_CERT_PAIR_it; ++ STORE_meth_get_revoke_fn; ++ STORE_method_get_revoke_function; ++ STORE_method_set_get_function; ++ STORE_modify_number; ++ STORE_method_get_store_function; ++ STORE_store_private_key; ++ BN_GF2m_mod_sqr_arr; ++ RSA_setup_blinding; ++ BIO_s_datagram; ++ STORE_Memory; ++ sk_find_ex; ++ EC_GROUP_set_curve_GF2m; ++ ENGINE_set_default_ECDSA; ++ POLICY_CONSTRAINTS_new; ++ BN_GF2m_mod_sqrt; ++ ECDH_set_default_method; ++ EC_KEY_generate_key; ++ SHA384_Update; ++ BN_GF2m_arr2poly; ++ STORE_method_get_get_function; ++ STORE_meth_set_cleanup_fn; ++ STORE_method_set_cleanup_function; ++ EC_GROUP_check; ++ d2i_ECPrivateKey_bio; ++ EC_KEY_insert_key_method_data; ++ STORE_meth_get_lock_store_fn; ++ STORE_method_get_lock_store_function; ++ X509_VERIFY_PARAM_get_depth; ++ SHA224_Final; ++ STORE_meth_set_update_store_fn; ++ STORE_method_set_update_store_function; ++ SHA224_Update; ++ d2i_ECPrivateKey; ++ ASN1_item_ndef_i2d; ++ STORE_delete_private_key; ++ ERR_pop_to_mark; ++ ENGINE_register_all_STORE; ++ X509_policy_level_get0_node; ++ i2d_PKCS7_NDEF; ++ EC_GROUP_get_degree; ++ ASN1_generate_v3; ++ STORE_ATTR_INFO_modify_cstr; ++ X509_policy_tree_level_count; ++ BN_GF2m_add; ++ EC_KEY_get0_group; ++ STORE_generate_crl; ++ STORE_store_public_key; ++ X509_CERT_PAIR_free; ++ STORE_revoke_private_key; ++ BN_nist_mod_224; ++ SHA512_Final; ++ STORE_ATTR_INFO_modify_dn; ++ STORE_meth_get_initialise_fn; ++ STORE_method_get_initialise_function; ++ STORE_delete_number; ++ i2d_EC_PUBKEY_bio; ++ BIO_dgram_non_fatal_error; ++ EC_GROUP_get_asn1_flag; ++ STORE_ATTR_INFO_in_ex; ++ STORE_list_crl_start; ++ ECDH_get_ex_new_index; ++ STORE_meth_get_modify_fn; ++ STORE_method_get_modify_function; ++ v2i_ASN1_BIT_STRING; ++ STORE_store_certificate; ++ OBJ_bsearch_ex; ++ X509_STORE_CTX_set_default; ++ STORE_ATTR_INFO_set_sha1str; ++ BN_GF2m_mod_inv; ++ BN_GF2m_mod_exp; ++ STORE_modify_public_key; ++ STORE_meth_get_list_start_fn; ++ STORE_method_get_list_start_function; ++ EC_GROUP_get0_seed; ++ STORE_store_arbitrary; ++ STORE_meth_set_unlock_store_fn; ++ STORE_method_set_unlock_store_function; ++ BN_GF2m_mod_div_arr; ++ ENGINE_set_ECDSA; ++ STORE_create_method; ++ ECPKParameters_print; ++ EC_KEY_get0_private_key; ++ PEM_write_EC_PUBKEY; ++ X509_VERIFY_PARAM_set1; ++ ECDH_set_method; ++ v2i_GENERAL_NAME_ex; ++ ECDH_set_ex_data; ++ STORE_generate_key; ++ BN_nist_mod_521; ++ X509_policy_tree_get0_level; ++ EC_GROUP_set_point_conversion_form; ++ EC_GROUP_set_point_conv_form; ++ PEM_read_EC_PUBKEY; ++ i2d_ECDSA_SIG; ++ ECDSA_OpenSSL; ++ STORE_delete_crl; ++ EC_KEY_get_enc_flags; ++ ASN1_const_check_infinite_end; ++ EVP_PKEY_delete_attr; ++ ECDSA_set_default_method; ++ EC_POINT_set_compressed_coordinates_GF2m; ++ EC_POINT_set_compr_coords_GF2m; ++ EC_GROUP_cmp; ++ STORE_revoke_certificate; ++ BN_get0_nist_prime_256; ++ STORE_meth_get_delete_fn; ++ STORE_method_get_delete_function; ++ SHA224_Init; ++ PEM_read_ECPrivateKey; ++ SHA512_Init; ++ STORE_parse_attrs_endp; ++ BN_set_negative; ++ ERR_load_ECDSA_strings; ++ EC_GROUP_get_basis_type; ++ STORE_list_public_key_next; ++ i2v_ASN1_BIT_STRING; ++ STORE_OBJECT_free; ++ BN_nist_mod_384; ++ i2d_X509_CERT_PAIR; ++ PEM_write_ECPKParameters; ++ ECDH_compute_key; ++ STORE_ATTR_INFO_get0_sha1str; ++ ENGINE_register_all_ECDH; ++ pqueue_pop; ++ STORE_ATTR_INFO_get0_cstr; ++ POLICY_CONSTRAINTS_it; ++ STORE_get_ex_new_index; ++ EVP_PKEY_get_attr_by_OBJ; ++ X509_VERIFY_PARAM_add0_policy; ++ BN_GF2m_mod_solve_quad; ++ SHA256; ++ i2d_ECPrivateKey_fp; ++ X509_policy_tree_get0_user_policies; ++ X509_pcy_tree_get0_usr_policies; ++ OPENSSL_DIR_read; ++ ENGINE_register_all_ECDSA; ++ X509_VERIFY_PARAM_lookup; ++ EC_POINT_get_affine_coordinates_GF2m; ++ EC_POINT_get_affine_coords_GF2m; ++ EC_GROUP_dup; ++ ENGINE_get_default_ECDSA; ++ EC_KEY_new; ++ SHA256_Transform; ++ EC_KEY_set_enc_flags; ++ ECDSA_verify; ++ EC_POINT_point2hex; ++ ENGINE_get_STORE; ++ SHA512; ++ STORE_get_certificate; ++ ECDSA_do_sign_ex; ++ ECDSA_do_verify; ++ d2i_ECPrivateKey_fp; ++ STORE_delete_certificate; ++ SHA512_Transform; ++ X509_STORE_set1_param; ++ STORE_method_get_ctrl_function; ++ STORE_free; ++ PEM_write_ECPrivateKey; ++ STORE_meth_get_unlock_store_fn; ++ STORE_method_get_unlock_store_function; ++ STORE_get_ex_data; ++ EC_KEY_set_public_key; ++ PEM_read_ECPKParameters; ++ X509_CERT_PAIR_new; ++ ENGINE_register_STORE; ++ RSA_generate_key_ex; ++ DSA_generate_parameters_ex; ++ ECParameters_print_fp; ++ X509V3_NAME_from_section; ++ EVP_PKEY_add1_attr; ++ STORE_modify_crl; ++ STORE_list_private_key_start; ++ POLICY_MAPPINGS_it; ++ GENERAL_SUBTREE_it; ++ EC_GROUP_get_curve_name; ++ PEM_write_X509_CERT_PAIR; ++ BIO_dump_indent_cb; ++ d2i_X509_CERT_PAIR; ++ STORE_list_private_key_endp; ++ asn1_const_Finish; ++ i2d_EC_PUBKEY_fp; ++ BN_nist_mod_256; ++ X509_VERIFY_PARAM_add0_table; ++ pqueue_free; ++ BN_BLINDING_create_param; ++ ECDSA_size; ++ d2i_EC_PUBKEY_bio; ++ BN_get0_nist_prime_521; ++ STORE_ATTR_INFO_modify_sha1str; ++ BN_generate_prime_ex; ++ EC_GROUP_new_by_curve_name; ++ SHA256_Final; ++ DH_generate_parameters_ex; ++ PEM_read_bio_ECPrivateKey; ++ STORE_meth_get_cleanup_fn; ++ STORE_method_get_cleanup_function; ++ ENGINE_get_ECDH; ++ d2i_ECDSA_SIG; ++ BN_is_prime_fasttest_ex; ++ ECDSA_sign; ++ X509_policy_check; ++ EVP_PKEY_get_attr_by_NID; ++ STORE_set_ex_data; ++ ENGINE_get_ECDSA; ++ EVP_ecdsa; ++ BN_BLINDING_get_flags; ++ PKCS12_add_cert; ++ STORE_OBJECT_new; ++ ERR_load_ECDH_strings; ++ EC_KEY_dup; ++ EVP_CIPHER_CTX_rand_key; ++ ECDSA_set_method; ++ a2i_IPADDRESS_NC; ++ d2i_ECParameters; ++ STORE_list_certificate_end; ++ STORE_get_crl; ++ X509_POLICY_NODE_print; ++ SHA384_Init; ++ EC_GF2m_simple_method; ++ ECDSA_set_ex_data; ++ SHA384_Final; ++ PKCS7_set_digest; ++ EC_KEY_print; ++ STORE_meth_set_lock_store_fn; ++ STORE_method_set_lock_store_function; ++ ECDSA_get_ex_new_index; ++ SHA384; ++ POLICY_MAPPING_new; ++ STORE_list_certificate_endp; ++ X509_STORE_CTX_get0_policy_tree; ++ EC_GROUP_set_asn1_flag; ++ EC_KEY_check_key; ++ d2i_EC_PUBKEY_fp; ++ PKCS7_set0_type_other; ++ PEM_read_bio_X509_CERT_PAIR; ++ pqueue_next; ++ STORE_meth_get_list_end_fn; ++ STORE_method_get_list_end_function; ++ EVP_PKEY_add1_attr_by_OBJ; ++ X509_VERIFY_PARAM_set_time; ++ pqueue_new; ++ ENGINE_set_default_ECDH; ++ STORE_new_method; ++ PKCS12_add_key; ++ DSO_merge; ++ EC_POINT_hex2point; ++ BIO_dump_cb; ++ SHA256_Update; ++ pqueue_insert; ++ pitem_free; ++ BN_GF2m_mod_inv_arr; ++ ENGINE_unregister_ECDSA; ++ BN_BLINDING_set_thread_id; ++ get_rfc3526_prime_8192; ++ X509_VERIFY_PARAM_clear_flags; ++ get_rfc2409_prime_1024; ++ DH_check_pub_key; ++ get_rfc3526_prime_2048; ++ get_rfc3526_prime_6144; ++ get_rfc3526_prime_1536; ++ get_rfc3526_prime_3072; ++ get_rfc3526_prime_4096; ++ get_rfc2409_prime_768; ++ X509_VERIFY_PARAM_get_flags; ++ EVP_CIPHER_CTX_new; ++ EVP_CIPHER_CTX_free; ++ Camellia_cbc_encrypt; ++ Camellia_cfb128_encrypt; ++ Camellia_cfb1_encrypt; ++ Camellia_cfb8_encrypt; ++ Camellia_ctr128_encrypt; ++ Camellia_cfbr_encrypt_block; ++ Camellia_decrypt; ++ Camellia_ecb_encrypt; ++ Camellia_encrypt; ++ Camellia_ofb128_encrypt; ++ Camellia_set_key; ++ EVP_camellia_128_cbc; ++ EVP_camellia_128_cfb128; ++ EVP_camellia_128_cfb1; ++ EVP_camellia_128_cfb8; ++ EVP_camellia_128_ecb; ++ EVP_camellia_128_ofb; ++ EVP_camellia_192_cbc; ++ EVP_camellia_192_cfb128; ++ EVP_camellia_192_cfb1; ++ EVP_camellia_192_cfb8; ++ EVP_camellia_192_ecb; ++ EVP_camellia_192_ofb; ++ EVP_camellia_256_cbc; ++ EVP_camellia_256_cfb128; ++ EVP_camellia_256_cfb1; ++ EVP_camellia_256_cfb8; ++ EVP_camellia_256_ecb; ++ EVP_camellia_256_ofb; ++ a2i_ipadd; ++ ASIdentifiers_free; ++ i2d_ASIdOrRange; ++ EVP_CIPHER_block_size; ++ v3_asid_is_canonical; ++ IPAddressChoice_free; ++ EVP_CIPHER_CTX_set_app_data; ++ BIO_set_callback_arg; ++ v3_addr_add_prefix; ++ IPAddressOrRange_it; ++ BIO_set_flags; ++ ASIdentifiers_it; ++ v3_addr_get_range; ++ BIO_method_type; ++ v3_addr_inherits; ++ IPAddressChoice_it; ++ AES_ige_encrypt; ++ v3_addr_add_range; ++ EVP_CIPHER_CTX_nid; ++ d2i_ASRange; ++ v3_addr_add_inherit; ++ v3_asid_add_id_or_range; ++ v3_addr_validate_resource_set; ++ EVP_CIPHER_iv_length; ++ EVP_MD_type; ++ v3_asid_canonize; ++ IPAddressRange_free; ++ v3_asid_add_inherit; ++ EVP_CIPHER_CTX_key_length; ++ IPAddressRange_new; ++ ASIdOrRange_new; ++ EVP_MD_size; ++ EVP_MD_CTX_test_flags; ++ BIO_clear_flags; ++ i2d_ASRange; ++ IPAddressRange_it; ++ IPAddressChoice_new; ++ ASIdentifierChoice_new; ++ ASRange_free; ++ EVP_MD_pkey_type; ++ EVP_MD_CTX_clear_flags; ++ IPAddressFamily_free; ++ i2d_IPAddressFamily; ++ IPAddressOrRange_new; ++ EVP_CIPHER_flags; ++ v3_asid_validate_resource_set; ++ d2i_IPAddressRange; ++ AES_bi_ige_encrypt; ++ BIO_get_callback; ++ IPAddressOrRange_free; ++ v3_addr_subset; ++ d2i_IPAddressFamily; ++ v3_asid_subset; ++ BIO_test_flags; ++ i2d_ASIdentifierChoice; ++ ASRange_it; ++ d2i_ASIdentifiers; ++ ASRange_new; ++ d2i_IPAddressChoice; ++ v3_addr_get_afi; ++ EVP_CIPHER_key_length; ++ EVP_Cipher; ++ i2d_IPAddressOrRange; ++ ASIdOrRange_it; ++ EVP_CIPHER_nid; ++ i2d_IPAddressChoice; ++ EVP_CIPHER_CTX_block_size; ++ ASIdentifiers_new; ++ v3_addr_validate_path; ++ IPAddressFamily_new; ++ EVP_MD_CTX_set_flags; ++ v3_addr_is_canonical; ++ i2d_IPAddressRange; ++ IPAddressFamily_it; ++ v3_asid_inherits; ++ EVP_CIPHER_CTX_cipher; ++ EVP_CIPHER_CTX_get_app_data; ++ EVP_MD_block_size; ++ EVP_CIPHER_CTX_flags; ++ v3_asid_validate_path; ++ d2i_IPAddressOrRange; ++ v3_addr_canonize; ++ ASIdentifierChoice_it; ++ EVP_MD_CTX_md; ++ d2i_ASIdentifierChoice; ++ BIO_method_name; ++ EVP_CIPHER_CTX_iv_length; ++ ASIdOrRange_free; ++ ASIdentifierChoice_free; ++ BIO_get_callback_arg; ++ BIO_set_callback; ++ d2i_ASIdOrRange; ++ i2d_ASIdentifiers; ++ SEED_decrypt; ++ SEED_encrypt; ++ SEED_cbc_encrypt; ++ EVP_seed_ofb; ++ SEED_cfb128_encrypt; ++ SEED_ofb128_encrypt; ++ EVP_seed_cbc; ++ SEED_ecb_encrypt; ++ EVP_seed_ecb; ++ SEED_set_key; ++ EVP_seed_cfb128; ++ X509_EXTENSIONS_it; ++ X509_get1_ocsp; ++ OCSP_REQ_CTX_free; ++ i2d_X509_EXTENSIONS; ++ OCSP_sendreq_nbio; ++ OCSP_sendreq_new; ++ d2i_X509_EXTENSIONS; ++ X509_ALGORS_it; ++ X509_ALGOR_get0; ++ X509_ALGOR_set0; ++ AES_unwrap_key; ++ AES_wrap_key; ++ X509at_get0_data_by_OBJ; ++ ASN1_TYPE_set1; ++ ASN1_STRING_set0; ++ i2d_X509_ALGORS; ++ BIO_f_zlib; ++ COMP_zlib_cleanup; ++ d2i_X509_ALGORS; ++ CMS_ReceiptRequest_free; ++ PEM_write_CMS; ++ CMS_add0_CertificateChoices; ++ CMS_unsigned_add1_attr_by_OBJ; ++ ERR_load_CMS_strings; ++ CMS_sign_receipt; ++ i2d_CMS_ContentInfo; ++ CMS_signed_delete_attr; ++ d2i_CMS_bio; ++ CMS_unsigned_get_attr_by_NID; ++ CMS_verify; ++ SMIME_read_CMS; ++ CMS_decrypt_set1_key; ++ CMS_SignerInfo_get0_algs; ++ CMS_add1_cert; ++ CMS_set_detached; ++ CMS_encrypt; ++ CMS_EnvelopedData_create; ++ CMS_uncompress; ++ CMS_add0_crl; ++ CMS_SignerInfo_verify_content; ++ CMS_unsigned_get0_data_by_OBJ; ++ PEM_write_bio_CMS; ++ CMS_unsigned_get_attr; ++ CMS_RecipientInfo_ktri_cert_cmp; ++ CMS_RecipientInfo_ktri_get0_algs; ++ CMS_RecipInfo_ktri_get0_algs; ++ CMS_ContentInfo_free; ++ CMS_final; ++ CMS_add_simple_smimecap; ++ CMS_SignerInfo_verify; ++ CMS_data; ++ CMS_ContentInfo_it; ++ d2i_CMS_ReceiptRequest; ++ CMS_compress; ++ CMS_digest_create; ++ CMS_SignerInfo_cert_cmp; ++ CMS_SignerInfo_sign; ++ CMS_data_create; ++ i2d_CMS_bio; ++ CMS_EncryptedData_set1_key; ++ CMS_decrypt; ++ int_smime_write_ASN1; ++ CMS_unsigned_delete_attr; ++ CMS_unsigned_get_attr_count; ++ CMS_add_smimecap; ++ PEM_read_CMS; ++ CMS_signed_get_attr_by_OBJ; ++ d2i_CMS_ContentInfo; ++ CMS_add_standard_smimecap; ++ CMS_ContentInfo_new; ++ CMS_RecipientInfo_type; ++ CMS_get0_type; ++ CMS_is_detached; ++ CMS_sign; ++ CMS_signed_add1_attr; ++ CMS_unsigned_get_attr_by_OBJ; ++ SMIME_write_CMS; ++ CMS_EncryptedData_decrypt; ++ CMS_get0_RecipientInfos; ++ CMS_add0_RevocationInfoChoice; ++ CMS_decrypt_set1_pkey; ++ CMS_SignerInfo_set1_signer_cert; ++ CMS_get0_signers; ++ CMS_ReceiptRequest_get0_values; ++ CMS_signed_get0_data_by_OBJ; ++ CMS_get0_SignerInfos; ++ CMS_add0_cert; ++ CMS_EncryptedData_encrypt; ++ CMS_digest_verify; ++ CMS_set1_signers_certs; ++ CMS_signed_get_attr; ++ CMS_RecipientInfo_set0_key; ++ CMS_SignedData_init; ++ CMS_RecipientInfo_kekri_get0_id; ++ CMS_verify_receipt; ++ CMS_ReceiptRequest_it; ++ PEM_read_bio_CMS; ++ CMS_get1_crls; ++ CMS_add0_recipient_key; ++ SMIME_read_ASN1; ++ CMS_ReceiptRequest_new; ++ CMS_get0_content; ++ CMS_get1_ReceiptRequest; ++ CMS_signed_add1_attr_by_OBJ; ++ CMS_RecipientInfo_kekri_id_cmp; ++ CMS_add1_ReceiptRequest; ++ CMS_SignerInfo_get0_signer_id; ++ CMS_unsigned_add1_attr_by_NID; ++ CMS_unsigned_add1_attr; ++ CMS_signed_get_attr_by_NID; ++ CMS_get1_certs; ++ CMS_signed_add1_attr_by_NID; ++ CMS_unsigned_add1_attr_by_txt; ++ CMS_dataFinal; ++ CMS_RecipientInfo_ktri_get0_signer_id; ++ CMS_RecipInfo_ktri_get0_sigr_id; ++ i2d_CMS_ReceiptRequest; ++ CMS_add1_recipient_cert; ++ CMS_dataInit; ++ CMS_signed_add1_attr_by_txt; ++ CMS_RecipientInfo_decrypt; ++ CMS_signed_get_attr_count; ++ CMS_get0_eContentType; ++ CMS_set1_eContentType; ++ CMS_ReceiptRequest_create0; ++ CMS_add1_signer; ++ CMS_RecipientInfo_set0_pkey; ++ ENGINE_set_load_ssl_client_cert_function; ++ ENGINE_set_ld_ssl_clnt_cert_fn; ++ ENGINE_get_ssl_client_cert_function; ++ ENGINE_get_ssl_client_cert_fn; ++ ENGINE_load_ssl_client_cert; ++ ENGINE_load_capi; ++ OPENSSL_isservice; ++ FIPS_dsa_sig_decode; ++ EVP_CIPHER_CTX_clear_flags; ++ FIPS_rand_status; ++ FIPS_rand_set_key; ++ CRYPTO_set_mem_info_functions; ++ RSA_X931_generate_key_ex; ++ int_ERR_set_state_func; ++ int_EVP_MD_set_engine_callbacks; ++ int_CRYPTO_set_do_dynlock_callback; ++ FIPS_rng_stick; ++ EVP_CIPHER_CTX_set_flags; ++ BN_X931_generate_prime_ex; ++ FIPS_selftest_check; ++ FIPS_rand_set_dt; ++ CRYPTO_dbg_pop_info; ++ FIPS_dsa_free; ++ RSA_X931_derive_ex; ++ FIPS_rsa_new; ++ FIPS_rand_bytes; ++ fips_cipher_test; ++ EVP_CIPHER_CTX_test_flags; ++ CRYPTO_malloc_debug_init; ++ CRYPTO_dbg_push_info; ++ FIPS_corrupt_rsa_keygen; ++ FIPS_dh_new; ++ FIPS_corrupt_dsa_keygen; ++ FIPS_dh_free; ++ fips_pkey_signature_test; ++ EVP_add_alg_module; ++ int_RAND_init_engine_callbacks; ++ int_EVP_CIPHER_set_engine_callbacks; ++ int_EVP_MD_init_engine_callbacks; ++ FIPS_rand_test_mode; ++ FIPS_rand_reset; ++ FIPS_dsa_new; ++ int_RAND_set_callbacks; ++ BN_X931_derive_prime_ex; ++ int_ERR_lib_init; ++ int_EVP_CIPHER_init_engine_callbacks; ++ FIPS_rsa_free; ++ FIPS_dsa_sig_encode; ++ CRYPTO_dbg_remove_all_info; ++ OPENSSL_init; ++ CRYPTO_strdup; ++ JPAKE_STEP3A_process; ++ JPAKE_STEP1_release; ++ JPAKE_get_shared_key; ++ JPAKE_STEP3B_init; ++ JPAKE_STEP1_generate; ++ JPAKE_STEP1_init; ++ JPAKE_STEP3B_process; ++ JPAKE_STEP2_generate; ++ JPAKE_CTX_new; ++ JPAKE_CTX_free; ++ JPAKE_STEP3B_release; ++ JPAKE_STEP3A_release; ++ JPAKE_STEP2_process; ++ JPAKE_STEP3B_generate; ++ JPAKE_STEP1_process; ++ JPAKE_STEP3A_generate; ++ JPAKE_STEP2_release; ++ JPAKE_STEP3A_init; ++ ERR_load_JPAKE_strings; ++ JPAKE_STEP2_init; ++ pqueue_size; ++ i2d_TS_ACCURACY; ++ i2d_TS_MSG_IMPRINT_fp; ++ i2d_TS_MSG_IMPRINT; ++ EVP_PKEY_print_public; ++ EVP_PKEY_CTX_new; ++ i2d_TS_TST_INFO; ++ EVP_PKEY_asn1_find; ++ DSO_METHOD_beos; ++ TS_CONF_load_cert; ++ TS_REQ_get_ext; ++ EVP_PKEY_sign_init; ++ ASN1_item_print; ++ TS_TST_INFO_set_nonce; ++ TS_RESP_dup; ++ ENGINE_register_pkey_meths; ++ EVP_PKEY_asn1_add0; ++ PKCS7_add0_attrib_signing_time; ++ i2d_TS_TST_INFO_fp; ++ BIO_asn1_get_prefix; ++ TS_TST_INFO_set_time; ++ EVP_PKEY_meth_set_decrypt; ++ EVP_PKEY_set_type_str; ++ EVP_PKEY_CTX_get_keygen_info; ++ TS_REQ_set_policy_id; ++ d2i_TS_RESP_fp; ++ ENGINE_get_pkey_asn1_meth_engine; ++ ENGINE_get_pkey_asn1_meth_eng; ++ WHIRLPOOL_Init; ++ TS_RESP_set_status_info; ++ EVP_PKEY_keygen; ++ EVP_DigestSignInit; ++ TS_ACCURACY_set_millis; ++ TS_REQ_dup; ++ GENERAL_NAME_dup; ++ ASN1_SEQUENCE_ANY_it; ++ WHIRLPOOL; ++ X509_STORE_get1_crls; ++ ENGINE_get_pkey_asn1_meth; ++ EVP_PKEY_asn1_new; ++ BIO_new_NDEF; ++ ENGINE_get_pkey_meth; ++ TS_MSG_IMPRINT_set_algo; ++ i2d_TS_TST_INFO_bio; ++ TS_TST_INFO_set_ordering; ++ TS_TST_INFO_get_ext_by_OBJ; ++ CRYPTO_THREADID_set_pointer; ++ TS_CONF_get_tsa_section; ++ SMIME_write_ASN1; ++ TS_RESP_CTX_set_signer_key; ++ EVP_PKEY_encrypt_old; ++ EVP_PKEY_encrypt_init; ++ CRYPTO_THREADID_cpy; ++ ASN1_PCTX_get_cert_flags; ++ i2d_ESS_SIGNING_CERT; ++ TS_CONF_load_key; ++ i2d_ASN1_SEQUENCE_ANY; ++ d2i_TS_MSG_IMPRINT_bio; ++ EVP_PKEY_asn1_set_public; ++ b2i_PublicKey_bio; ++ BIO_asn1_set_prefix; ++ EVP_PKEY_new_mac_key; ++ BIO_new_CMS; ++ CRYPTO_THREADID_cmp; ++ TS_REQ_ext_free; ++ EVP_PKEY_asn1_set_free; ++ EVP_PKEY_get0_asn1; ++ d2i_NETSCAPE_X509; ++ EVP_PKEY_verify_recover_init; ++ EVP_PKEY_CTX_set_data; ++ EVP_PKEY_keygen_init; ++ TS_RESP_CTX_set_status_info; ++ TS_MSG_IMPRINT_get_algo; ++ TS_REQ_print_bio; ++ EVP_PKEY_CTX_ctrl_str; ++ EVP_PKEY_get_default_digest_nid; ++ PEM_write_bio_PKCS7_stream; ++ TS_MSG_IMPRINT_print_bio; ++ BN_asc2bn; ++ TS_REQ_get_policy_id; ++ ENGINE_set_default_pkey_asn1_meths; ++ ENGINE_set_def_pkey_asn1_meths; ++ d2i_TS_ACCURACY; ++ DSO_global_lookup; ++ TS_CONF_set_tsa_name; ++ i2d_ASN1_SET_ANY; ++ ENGINE_load_gost; ++ WHIRLPOOL_BitUpdate; ++ ASN1_PCTX_get_flags; ++ TS_TST_INFO_get_ext_by_NID; ++ TS_RESP_new; ++ ESS_CERT_ID_dup; ++ TS_STATUS_INFO_dup; ++ TS_REQ_delete_ext; ++ EVP_DigestVerifyFinal; ++ EVP_PKEY_print_params; ++ i2d_CMS_bio_stream; ++ TS_REQ_get_msg_imprint; ++ OBJ_find_sigid_by_algs; ++ TS_TST_INFO_get_serial; ++ TS_REQ_get_nonce; ++ X509_PUBKEY_set0_param; ++ EVP_PKEY_CTX_set0_keygen_info; ++ DIST_POINT_set_dpname; ++ i2d_ISSUING_DIST_POINT; ++ ASN1_SET_ANY_it; ++ EVP_PKEY_CTX_get_data; ++ TS_STATUS_INFO_print_bio; ++ EVP_PKEY_derive_init; ++ d2i_TS_TST_INFO; ++ EVP_PKEY_asn1_add_alias; ++ d2i_TS_RESP_bio; ++ OTHERNAME_cmp; ++ GENERAL_NAME_set0_value; ++ PKCS7_RECIP_INFO_get0_alg; ++ TS_RESP_CTX_new; ++ TS_RESP_set_tst_info; ++ PKCS7_final; ++ EVP_PKEY_base_id; ++ TS_RESP_CTX_set_signer_cert; ++ TS_REQ_set_msg_imprint; ++ EVP_PKEY_CTX_ctrl; ++ TS_CONF_set_digests; ++ d2i_TS_MSG_IMPRINT; ++ EVP_PKEY_meth_set_ctrl; ++ TS_REQ_get_ext_by_NID; ++ PKCS5_pbe_set0_algor; ++ BN_BLINDING_thread_id; ++ TS_ACCURACY_new; ++ X509_CRL_METHOD_free; ++ ASN1_PCTX_get_nm_flags; ++ EVP_PKEY_meth_set_sign; ++ CRYPTO_THREADID_current; ++ EVP_PKEY_decrypt_init; ++ NETSCAPE_X509_free; ++ i2b_PVK_bio; ++ EVP_PKEY_print_private; ++ GENERAL_NAME_get0_value; ++ b2i_PVK_bio; ++ ASN1_UTCTIME_adj; ++ TS_TST_INFO_new; ++ EVP_MD_do_all_sorted; ++ TS_CONF_set_default_engine; ++ TS_ACCURACY_set_seconds; ++ TS_TST_INFO_get_time; ++ PKCS8_pkey_get0; ++ EVP_PKEY_asn1_get0; ++ OBJ_add_sigid; ++ PKCS7_SIGNER_INFO_sign; ++ EVP_PKEY_paramgen_init; ++ EVP_PKEY_sign; ++ OBJ_sigid_free; ++ EVP_PKEY_meth_set_init; ++ d2i_ESS_ISSUER_SERIAL; ++ ISSUING_DIST_POINT_new; ++ ASN1_TIME_adj; ++ TS_OBJ_print_bio; ++ EVP_PKEY_meth_set_verify_recover; ++ EVP_PKEY_meth_set_vrfy_recover; ++ TS_RESP_get_status_info; ++ CMS_stream; ++ EVP_PKEY_CTX_set_cb; ++ PKCS7_to_TS_TST_INFO; ++ ASN1_PCTX_get_oid_flags; ++ TS_TST_INFO_add_ext; ++ EVP_PKEY_meth_set_derive; ++ i2d_TS_RESP_fp; ++ i2d_TS_MSG_IMPRINT_bio; ++ TS_RESP_CTX_set_accuracy; ++ TS_REQ_set_nonce; ++ ESS_CERT_ID_new; ++ ENGINE_pkey_asn1_find_str; ++ TS_REQ_get_ext_count; ++ BUF_reverse; ++ TS_TST_INFO_print_bio; ++ d2i_ISSUING_DIST_POINT; ++ ENGINE_get_pkey_meths; ++ i2b_PrivateKey_bio; ++ i2d_TS_RESP; ++ b2i_PublicKey; ++ TS_VERIFY_CTX_cleanup; ++ TS_STATUS_INFO_free; ++ TS_RESP_verify_token; ++ OBJ_bsearch_ex_; ++ ASN1_bn_print; ++ EVP_PKEY_asn1_get_count; ++ ENGINE_register_pkey_asn1_meths; ++ ASN1_PCTX_set_nm_flags; ++ EVP_DigestVerifyInit; ++ ENGINE_set_default_pkey_meths; ++ TS_TST_INFO_get_policy_id; ++ TS_REQ_get_cert_req; ++ X509_CRL_set_meth_data; ++ PKCS8_pkey_set0; ++ ASN1_STRING_copy; ++ d2i_TS_TST_INFO_fp; ++ X509_CRL_match; ++ EVP_PKEY_asn1_set_private; ++ TS_TST_INFO_get_ext_d2i; ++ TS_RESP_CTX_add_policy; ++ d2i_TS_RESP; ++ TS_CONF_load_certs; ++ TS_TST_INFO_get_msg_imprint; ++ ERR_load_TS_strings; ++ TS_TST_INFO_get_version; ++ EVP_PKEY_CTX_dup; ++ EVP_PKEY_meth_set_verify; ++ i2b_PublicKey_bio; ++ TS_CONF_set_certs; ++ EVP_PKEY_asn1_get0_info; ++ TS_VERIFY_CTX_free; ++ TS_REQ_get_ext_by_critical; ++ TS_RESP_CTX_set_serial_cb; ++ X509_CRL_get_meth_data; ++ TS_RESP_CTX_set_time_cb; ++ TS_MSG_IMPRINT_get_msg; ++ TS_TST_INFO_ext_free; ++ TS_REQ_get_version; ++ TS_REQ_add_ext; ++ EVP_PKEY_CTX_set_app_data; ++ OBJ_bsearch_; ++ EVP_PKEY_meth_set_verifyctx; ++ i2d_PKCS7_bio_stream; ++ CRYPTO_THREADID_set_numeric; ++ PKCS7_sign_add_signer; ++ d2i_TS_TST_INFO_bio; ++ TS_TST_INFO_get_ordering; ++ TS_RESP_print_bio; ++ TS_TST_INFO_get_exts; ++ HMAC_CTX_copy; ++ PKCS5_pbe2_set_iv; ++ ENGINE_get_pkey_asn1_meths; ++ b2i_PrivateKey; ++ EVP_PKEY_CTX_get_app_data; ++ TS_REQ_set_cert_req; ++ CRYPTO_THREADID_set_callback; ++ TS_CONF_set_serial; ++ TS_TST_INFO_free; ++ d2i_TS_REQ_fp; ++ TS_RESP_verify_response; ++ i2d_ESS_ISSUER_SERIAL; ++ TS_ACCURACY_get_seconds; ++ EVP_CIPHER_do_all; ++ b2i_PrivateKey_bio; ++ OCSP_CERTID_dup; ++ X509_PUBKEY_get0_param; ++ TS_MSG_IMPRINT_dup; ++ PKCS7_print_ctx; ++ i2d_TS_REQ_bio; ++ EVP_whirlpool; ++ EVP_PKEY_asn1_set_param; ++ EVP_PKEY_meth_set_encrypt; ++ ASN1_PCTX_set_flags; ++ i2d_ESS_CERT_ID; ++ TS_VERIFY_CTX_new; ++ TS_RESP_CTX_set_extension_cb; ++ ENGINE_register_all_pkey_meths; ++ TS_RESP_CTX_set_status_info_cond; ++ TS_RESP_CTX_set_stat_info_cond; ++ EVP_PKEY_verify; ++ WHIRLPOOL_Final; ++ X509_CRL_METHOD_new; ++ EVP_DigestSignFinal; ++ TS_RESP_CTX_set_def_policy; ++ NETSCAPE_X509_it; ++ TS_RESP_create_response; ++ PKCS7_SIGNER_INFO_get0_algs; ++ TS_TST_INFO_get_nonce; ++ EVP_PKEY_decrypt_old; ++ TS_TST_INFO_set_policy_id; ++ TS_CONF_set_ess_cert_id_chain; ++ EVP_PKEY_CTX_get0_pkey; ++ d2i_TS_REQ; ++ EVP_PKEY_asn1_find_str; ++ BIO_f_asn1; ++ ESS_SIGNING_CERT_new; ++ EVP_PBE_find; ++ X509_CRL_get0_by_cert; ++ EVP_PKEY_derive; ++ i2d_TS_REQ; ++ TS_TST_INFO_delete_ext; ++ ESS_ISSUER_SERIAL_free; ++ ASN1_PCTX_set_str_flags; ++ ENGINE_get_pkey_asn1_meth_str; ++ TS_CONF_set_signer_key; ++ TS_ACCURACY_get_millis; ++ TS_RESP_get_token; ++ TS_ACCURACY_dup; ++ ENGINE_register_all_pkey_asn1_meths; ++ ENGINE_reg_all_pkey_asn1_meths; ++ X509_CRL_set_default_method; ++ CRYPTO_THREADID_hash; ++ CMS_ContentInfo_print_ctx; ++ TS_RESP_free; ++ ISSUING_DIST_POINT_free; ++ ESS_ISSUER_SERIAL_new; ++ CMS_add1_crl; ++ PKCS7_add1_attrib_digest; ++ TS_RESP_CTX_add_md; ++ TS_TST_INFO_dup; ++ ENGINE_set_pkey_asn1_meths; ++ PEM_write_bio_Parameters; ++ TS_TST_INFO_get_accuracy; ++ X509_CRL_get0_by_serial; ++ TS_TST_INFO_set_version; ++ TS_RESP_CTX_get_tst_info; ++ TS_RESP_verify_signature; ++ CRYPTO_THREADID_get_callback; ++ TS_TST_INFO_get_tsa; ++ TS_STATUS_INFO_new; ++ EVP_PKEY_CTX_get_cb; ++ TS_REQ_get_ext_d2i; ++ GENERAL_NAME_set0_othername; ++ TS_TST_INFO_get_ext_count; ++ TS_RESP_CTX_get_request; ++ i2d_NETSCAPE_X509; ++ ENGINE_get_pkey_meth_engine; ++ EVP_PKEY_meth_set_signctx; ++ EVP_PKEY_asn1_copy; ++ ASN1_TYPE_cmp; ++ EVP_CIPHER_do_all_sorted; ++ EVP_PKEY_CTX_free; ++ ISSUING_DIST_POINT_it; ++ d2i_TS_MSG_IMPRINT_fp; ++ X509_STORE_get1_certs; ++ EVP_PKEY_CTX_get_operation; ++ d2i_ESS_SIGNING_CERT; ++ TS_CONF_set_ordering; ++ EVP_PBE_alg_add_type; ++ TS_REQ_set_version; ++ EVP_PKEY_get0; ++ BIO_asn1_set_suffix; ++ i2d_TS_STATUS_INFO; ++ EVP_MD_do_all; ++ TS_TST_INFO_set_accuracy; ++ PKCS7_add_attrib_content_type; ++ ERR_remove_thread_state; ++ EVP_PKEY_meth_add0; ++ TS_TST_INFO_set_tsa; ++ EVP_PKEY_meth_new; ++ WHIRLPOOL_Update; ++ TS_CONF_set_accuracy; ++ ASN1_PCTX_set_oid_flags; ++ ESS_SIGNING_CERT_dup; ++ d2i_TS_REQ_bio; ++ X509_time_adj_ex; ++ TS_RESP_CTX_add_flags; ++ d2i_TS_STATUS_INFO; ++ TS_MSG_IMPRINT_set_msg; ++ BIO_asn1_get_suffix; ++ TS_REQ_free; ++ EVP_PKEY_meth_free; ++ TS_REQ_get_exts; ++ TS_RESP_CTX_set_clock_precision_digits; ++ TS_RESP_CTX_set_clk_prec_digits; ++ TS_RESP_CTX_add_failure_info; ++ i2d_TS_RESP_bio; ++ EVP_PKEY_CTX_get0_peerkey; ++ PEM_write_bio_CMS_stream; ++ TS_REQ_new; ++ TS_MSG_IMPRINT_new; ++ EVP_PKEY_meth_find; ++ EVP_PKEY_id; ++ TS_TST_INFO_set_serial; ++ a2i_GENERAL_NAME; ++ TS_CONF_set_crypto_device; ++ EVP_PKEY_verify_init; ++ TS_CONF_set_policies; ++ ASN1_PCTX_new; ++ ESS_CERT_ID_free; ++ ENGINE_unregister_pkey_meths; ++ TS_MSG_IMPRINT_free; ++ TS_VERIFY_CTX_init; ++ PKCS7_stream; ++ TS_RESP_CTX_set_certs; ++ TS_CONF_set_def_policy; ++ ASN1_GENERALIZEDTIME_adj; ++ NETSCAPE_X509_new; ++ TS_ACCURACY_free; ++ TS_RESP_get_tst_info; ++ EVP_PKEY_derive_set_peer; ++ PEM_read_bio_Parameters; ++ TS_CONF_set_clock_precision_digits; ++ TS_CONF_set_clk_prec_digits; ++ ESS_ISSUER_SERIAL_dup; ++ TS_ACCURACY_get_micros; ++ ASN1_PCTX_get_str_flags; ++ NAME_CONSTRAINTS_check; ++ ASN1_BIT_STRING_check; ++ X509_check_akid; ++ ENGINE_unregister_pkey_asn1_meths; ++ ENGINE_unreg_pkey_asn1_meths; ++ ASN1_PCTX_free; ++ PEM_write_bio_ASN1_stream; ++ i2d_ASN1_bio_stream; ++ TS_X509_ALGOR_print_bio; ++ EVP_PKEY_meth_set_cleanup; ++ EVP_PKEY_asn1_free; ++ ESS_SIGNING_CERT_free; ++ TS_TST_INFO_set_msg_imprint; ++ GENERAL_NAME_cmp; ++ d2i_ASN1_SET_ANY; ++ ENGINE_set_pkey_meths; ++ i2d_TS_REQ_fp; ++ d2i_ASN1_SEQUENCE_ANY; ++ GENERAL_NAME_get0_otherName; ++ d2i_ESS_CERT_ID; ++ OBJ_find_sigid_algs; ++ EVP_PKEY_meth_set_keygen; ++ PKCS5_PBKDF2_HMAC; ++ EVP_PKEY_paramgen; ++ EVP_PKEY_meth_set_paramgen; ++ BIO_new_PKCS7; ++ EVP_PKEY_verify_recover; ++ TS_ext_print_bio; ++ TS_ASN1_INTEGER_print_bio; ++ check_defer; ++ DSO_pathbyaddr; ++ EVP_PKEY_set_type; ++ TS_ACCURACY_set_micros; ++ TS_REQ_to_TS_VERIFY_CTX; ++ EVP_PKEY_meth_set_copy; ++ ASN1_PCTX_set_cert_flags; ++ TS_TST_INFO_get_ext; ++ EVP_PKEY_asn1_set_ctrl; ++ TS_TST_INFO_get_ext_by_critical; ++ EVP_PKEY_CTX_new_id; ++ TS_REQ_get_ext_by_OBJ; ++ TS_CONF_set_signer_cert; ++ X509_NAME_hash_old; ++ ASN1_TIME_set_string; ++ EVP_MD_flags; ++ TS_RESP_CTX_free; ++ DSAparams_dup; ++ DHparams_dup; ++ OCSP_REQ_CTX_add1_header; ++ OCSP_REQ_CTX_set1_req; ++ X509_STORE_set_verify_cb; ++ X509_STORE_CTX_get0_current_crl; ++ X509_STORE_CTX_get0_parent_ctx; ++ X509_STORE_CTX_get0_current_issuer; ++ X509_STORE_CTX_get0_cur_issuer; ++ X509_issuer_name_hash_old; ++ X509_subject_name_hash_old; ++ EVP_CIPHER_CTX_copy; ++ UI_method_get_prompt_constructor; ++ UI_method_get_prompt_constructr; ++ UI_method_set_prompt_constructor; ++ UI_method_set_prompt_constructr; ++ EVP_read_pw_string_min; ++ CRYPTO_cts128_encrypt; ++ CRYPTO_cts128_decrypt_block; ++ CRYPTO_cfb128_1_encrypt; ++ CRYPTO_cbc128_encrypt; ++ CRYPTO_ctr128_encrypt; ++ CRYPTO_ofb128_encrypt; ++ CRYPTO_cts128_decrypt; ++ CRYPTO_cts128_encrypt_block; ++ CRYPTO_cbc128_decrypt; ++ CRYPTO_cfb128_encrypt; ++ CRYPTO_cfb128_8_encrypt; ++ ++ local: ++ *; ++}; ++ ++ ++OPENSSL_1.0.1 { ++ global: ++ SSL_renegotiate_abbreviated; ++ TLSv1_1_method; ++ TLSv1_1_client_method; ++ TLSv1_1_server_method; ++ SSL_CTX_set_srp_client_pwd_callback; ++ SSL_CTX_set_srp_client_pwd_cb; ++ SSL_get_srp_g; ++ SSL_CTX_set_srp_username_callback; ++ SSL_CTX_set_srp_un_cb; ++ SSL_get_srp_userinfo; ++ SSL_set_srp_server_param; ++ SSL_set_srp_server_param_pw; ++ SSL_get_srp_N; ++ SSL_get_srp_username; ++ SSL_CTX_set_srp_password; ++ SSL_CTX_set_srp_strength; ++ SSL_CTX_set_srp_verify_param_callback; ++ SSL_CTX_set_srp_vfy_param_cb; ++ SSL_CTX_set_srp_cb_arg; ++ SSL_CTX_set_srp_username; ++ SSL_CTX_SRP_CTX_init; ++ SSL_SRP_CTX_init; ++ SRP_Calc_A_param; ++ SRP_generate_server_master_secret; ++ SRP_gen_server_master_secret; ++ SSL_CTX_SRP_CTX_free; ++ SRP_generate_client_master_secret; ++ SRP_gen_client_master_secret; ++ SSL_srp_server_param_with_username; ++ SSL_srp_server_param_with_un; ++ SSL_SRP_CTX_free; ++ SSL_set_debug; ++ SSL_SESSION_get0_peer; ++ TLSv1_2_client_method; ++ SSL_SESSION_set1_id_context; ++ TLSv1_2_server_method; ++ SSL_cache_hit; ++ SSL_get0_kssl_ctx; ++ SSL_set0_kssl_ctx; ++ SSL_set_state; ++ SSL_CIPHER_get_id; ++ TLSv1_2_method; ++ kssl_ctx_get0_client_princ; ++ SSL_export_keying_material; ++ SSL_set_tlsext_use_srtp; ++ SSL_CTX_set_next_protos_advertised_cb; ++ SSL_CTX_set_next_protos_adv_cb; ++ SSL_get0_next_proto_negotiated; ++ SSL_get_selected_srtp_profile; ++ SSL_CTX_set_tlsext_use_srtp; ++ SSL_select_next_proto; ++ SSL_get_srtp_profiles; ++ SSL_CTX_set_next_proto_select_cb; ++ SSL_CTX_set_next_proto_sel_cb; ++ SSL_SESSION_get_compress_id; ++ ++ SRP_VBASE_get_by_user; ++ SRP_Calc_server_key; ++ SRP_create_verifier; ++ SRP_create_verifier_BN; ++ SRP_Calc_u; ++ SRP_VBASE_free; ++ SRP_Calc_client_key; ++ SRP_get_default_gN; ++ SRP_Calc_x; ++ SRP_Calc_B; ++ SRP_VBASE_new; ++ SRP_check_known_gN_param; ++ SRP_Calc_A; ++ SRP_Verify_A_mod_N; ++ SRP_VBASE_init; ++ SRP_Verify_B_mod_N; ++ EC_KEY_set_public_key_affine_coordinates; ++ EC_KEY_set_pub_key_aff_coords; ++ EVP_aes_192_ctr; ++ EVP_PKEY_meth_get0_info; ++ EVP_PKEY_meth_copy; ++ ERR_add_error_vdata; ++ EVP_aes_128_ctr; ++ EVP_aes_256_ctr; ++ EC_GFp_nistp224_method; ++ EC_KEY_get_flags; ++ RSA_padding_add_PKCS1_PSS_mgf1; ++ EVP_aes_128_xts; ++ EVP_aes_256_xts; ++ EVP_aes_128_gcm; ++ EC_KEY_clear_flags; ++ EC_KEY_set_flags; ++ EVP_aes_256_ccm; ++ RSA_verify_PKCS1_PSS_mgf1; ++ EVP_aes_128_ccm; ++ EVP_aes_192_gcm; ++ X509_ALGOR_set_md; ++ RAND_init_fips; ++ EVP_aes_256_gcm; ++ EVP_aes_192_ccm; ++ CMAC_CTX_copy; ++ CMAC_CTX_free; ++ CMAC_CTX_get0_cipher_ctx; ++ CMAC_CTX_cleanup; ++ CMAC_Init; ++ CMAC_Update; ++ CMAC_resume; ++ CMAC_CTX_new; ++ CMAC_Final; ++ CRYPTO_ctr128_encrypt_ctr32; ++ CRYPTO_gcm128_release; ++ CRYPTO_ccm128_decrypt_ccm64; ++ CRYPTO_ccm128_encrypt; ++ CRYPTO_gcm128_encrypt; ++ CRYPTO_xts128_encrypt; ++ EVP_rc4_hmac_md5; ++ CRYPTO_nistcts128_decrypt_block; ++ CRYPTO_gcm128_setiv; ++ CRYPTO_nistcts128_encrypt; ++ EVP_aes_128_cbc_hmac_sha1; ++ CRYPTO_gcm128_tag; ++ CRYPTO_ccm128_encrypt_ccm64; ++ ENGINE_load_rdrand; ++ CRYPTO_ccm128_setiv; ++ CRYPTO_nistcts128_encrypt_block; ++ CRYPTO_gcm128_aad; ++ CRYPTO_ccm128_init; ++ CRYPTO_nistcts128_decrypt; ++ CRYPTO_gcm128_new; ++ CRYPTO_ccm128_tag; ++ CRYPTO_ccm128_decrypt; ++ CRYPTO_ccm128_aad; ++ CRYPTO_gcm128_init; ++ CRYPTO_gcm128_decrypt; ++ ENGINE_load_rsax; ++ CRYPTO_gcm128_decrypt_ctr32; ++ CRYPTO_gcm128_encrypt_ctr32; ++ CRYPTO_gcm128_finish; ++ EVP_aes_256_cbc_hmac_sha1; ++ PKCS5_pbkdf2_set; ++ CMS_add0_recipient_password; ++ CMS_decrypt_set1_password; ++ CMS_RecipientInfo_set0_password; ++ RAND_set_fips_drbg_type; ++ X509_REQ_sign_ctx; ++ RSA_PSS_PARAMS_new; ++ X509_CRL_sign_ctx; ++ X509_signature_dump; ++ d2i_RSA_PSS_PARAMS; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_free; ++ X509_sign_ctx; ++ i2d_RSA_PSS_PARAMS; ++ ASN1_item_sign_ctx; ++ EC_GFp_nistp521_method; ++ EC_GFp_nistp256_method; ++ OPENSSL_stderr; ++ OPENSSL_cpuid_setup; ++ OPENSSL_showfatal; ++ BIO_new_dgram_sctp; ++ BIO_dgram_sctp_msg_waiting; ++ BIO_dgram_sctp_wait_for_dry; ++ BIO_s_datagram_sctp; ++ BIO_dgram_is_sctp; ++ BIO_dgram_sctp_notification_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.1d { ++ global: ++ CRYPTO_memcmp; ++} OPENSSL_1.0.1; ++ ++OPENSSL_1.0.2 { ++ global: ++ SSL_CTX_set_alpn_protos; ++ SSL_set_alpn_protos; ++ SSL_CTX_set_alpn_select_cb; ++ SSL_get0_alpn_selected; ++ SSL_CTX_set_custom_cli_ext; ++ SSL_CTX_set_custom_srv_ext; ++ SSL_CTX_set_srv_supp_data; ++ SSL_CTX_set_cli_supp_data; ++ SSL_set_cert_cb; ++ SSL_CTX_use_serverinfo; ++ SSL_CTX_use_serverinfo_file; ++ SSL_CTX_set_cert_cb; ++ SSL_CTX_get0_param; ++ SSL_get0_param; ++ SSL_certs_clear; ++ DTLSv1_2_method; ++ DTLSv1_2_server_method; ++ DTLSv1_2_client_method; ++ DTLS_method; ++ DTLS_server_method; ++ DTLS_client_method; ++ SSL_CTX_get_ssl_method; ++ SSL_CTX_get0_certificate; ++ SSL_CTX_get0_privatekey; ++ SSL_COMP_set0_compression_methods; ++ SSL_COMP_free_compression_methods; ++ SSL_CIPHER_find; ++ SSL_is_server; ++ SSL_CONF_CTX_new; ++ SSL_CONF_CTX_finish; ++ SSL_CONF_CTX_free; ++ SSL_CONF_CTX_set_flags; ++ SSL_CONF_CTX_clear_flags; ++ SSL_CONF_CTX_set1_prefix; ++ SSL_CONF_CTX_set_ssl; ++ SSL_CONF_CTX_set_ssl_ctx; ++ SSL_CONF_cmd; ++ SSL_CONF_cmd_argv; ++ SSL_CONF_cmd_value_type; ++ SSL_trace; ++ SSL_CIPHER_standard_name; ++ SSL_get_tlsa_record_byname; ++ ASN1_TIME_diff; ++ BIO_hex_string; ++ CMS_RecipientInfo_get0_pkey_ctx; ++ CMS_RecipientInfo_encrypt; ++ CMS_SignerInfo_get0_pkey_ctx; ++ CMS_SignerInfo_get0_md_ctx; ++ CMS_SignerInfo_get0_signature; ++ CMS_RecipientInfo_kari_get0_alg; ++ CMS_RecipientInfo_kari_get0_reks; ++ CMS_RecipientInfo_kari_get0_orig_id; ++ CMS_RecipientInfo_kari_orig_id_cmp; ++ CMS_RecipientEncryptedKey_get0_id; ++ CMS_RecipientEncryptedKey_cert_cmp; ++ CMS_RecipientInfo_kari_set0_pkey; ++ CMS_RecipientInfo_kari_get0_ctx; ++ CMS_RecipientInfo_kari_decrypt; ++ CMS_SharedInfo_encode; ++ DH_compute_key_padded; ++ d2i_DHxparams; ++ i2d_DHxparams; ++ DH_get_1024_160; ++ DH_get_2048_224; ++ DH_get_2048_256; ++ DH_KDF_X9_42; ++ ECDH_KDF_X9_62; ++ ECDSA_METHOD_new; ++ ECDSA_METHOD_free; ++ ECDSA_METHOD_set_app_data; ++ ECDSA_METHOD_get_app_data; ++ ECDSA_METHOD_set_sign; ++ ECDSA_METHOD_set_sign_setup; ++ ECDSA_METHOD_set_verify; ++ ECDSA_METHOD_set_flags; ++ ECDSA_METHOD_set_name; ++ EVP_des_ede3_wrap; ++ EVP_aes_128_wrap; ++ EVP_aes_192_wrap; ++ EVP_aes_256_wrap; ++ EVP_aes_128_cbc_hmac_sha256; ++ EVP_aes_256_cbc_hmac_sha256; ++ CRYPTO_128_wrap; ++ CRYPTO_128_unwrap; ++ OCSP_REQ_CTX_nbio; ++ OCSP_REQ_CTX_new; ++ OCSP_set_max_response_length; ++ OCSP_REQ_CTX_i2d; ++ OCSP_REQ_CTX_nbio_d2i; ++ OCSP_REQ_CTX_get0_mem_bio; ++ OCSP_REQ_CTX_http; ++ RSA_padding_add_PKCS1_OAEP_mgf1; ++ RSA_padding_check_PKCS1_OAEP_mgf1; ++ RSA_OAEP_PARAMS_free; ++ RSA_OAEP_PARAMS_it; ++ RSA_OAEP_PARAMS_new; ++ SSL_get_sigalgs; ++ SSL_get_shared_sigalgs; ++ SSL_check_chain; ++ X509_chain_up_ref; ++ X509_http_nbio; ++ X509_CRL_http_nbio; ++ X509_REVOKED_dup; ++ i2d_re_X509_tbs; ++ X509_get0_signature; ++ X509_get_signature_nid; ++ X509_CRL_diff; ++ X509_chain_check_suiteb; ++ X509_CRL_check_suiteb; ++ X509_check_host; ++ X509_check_email; ++ X509_check_ip; ++ X509_check_ip_asc; ++ X509_STORE_set_lookup_crls_cb; ++ X509_STORE_CTX_get0_store; ++ X509_VERIFY_PARAM_set1_host; ++ X509_VERIFY_PARAM_add1_host; ++ X509_VERIFY_PARAM_set_hostflags; ++ X509_VERIFY_PARAM_get0_peername; ++ X509_VERIFY_PARAM_set1_email; ++ X509_VERIFY_PARAM_set1_ip; ++ X509_VERIFY_PARAM_set1_ip_asc; ++ X509_VERIFY_PARAM_get0_name; ++ X509_VERIFY_PARAM_get_count; ++ X509_VERIFY_PARAM_get0; ++ X509V3_EXT_free; ++ EC_GROUP_get_mont_data; ++ EC_curve_nid2nist; ++ EC_curve_nist2nid; ++ PEM_write_bio_DHxparams; ++ PEM_write_DHxparams; ++ SSL_CTX_add_client_custom_ext; ++ SSL_CTX_add_server_custom_ext; ++ SSL_extension_supported; ++ BUF_strnlen; ++ sk_deep_copy; ++ SSL_test_functions; ++} OPENSSL_1.0.1d; ++ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch new file mode 100644 index 000000000..c43bcd1c7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch @@ -0,0 +1,29 @@ +From: Raphael Geissert <geissert@debian.org> +Description: make X509_verify_cert indicate that any certificate whose + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. +Forwarded: not-needed +Origin: vendor +Last-Update: 2011-11-05 + +Upstream-Status: Backport [debian] + + +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c +=================================================================== +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 +@@ -964,10 +964,11 @@ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); +- /* Mark DigiNotar certificates as revoked, no matter +- * where in the chain they are. ++ /* Mark certificates containing the following names as ++ * revoked, no matter where in the chain they are. + */ +- if (x->name && strstr(x->name, "DigiNotar")) ++ if (x->name && (strstr(x->name, "DigiNotar") || ++ strstr(x->name, "Digicert Sdn. Bhd."))) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch new file mode 100644 index 000000000..d81e22cd8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch @@ -0,0 +1,68 @@ +From: Raphael Geissert <geissert@debian.org> +Description: make X509_verify_cert indicate that any certificate whose + name contains "DigiNotar" is revoked. +Forwarded: not-needed +Origin: vendor +Last-Update: 2011-09-08 +Bug: http://bugs.debian.org/639744 +Reviewed-by: Kurt Roeckx <kurt@roeckx.be> +Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> + +This is not meant as final patch. + +Upstream-Status: Backport [debian] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: openssl-1.0.2g/crypto/x509/x509_vfy.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c ++++ openssl-1.0.2g/crypto/x509/x509_vfy.c +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); ++static int check_ca_blacklist(X509_STORE_CTX *ctx); + + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, X509_CRL *crl, X509 *x); +@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx + if (!ok) + goto err; + ++ ok = check_ca_blacklist(ctx); ++ if(!ok) goto err; ++ + #ifndef OPENSSL_NO_RFC3779 + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); +@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX + return 1; + } + ++static int check_ca_blacklist(X509_STORE_CTX *ctx) ++ { ++ X509 *x; ++ int i; ++ /* Check all certificates against the blacklist */ ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) ++ { ++ x = sk_X509_value(ctx->chain, i); ++ /* Mark DigiNotar certificates as revoked, no matter ++ * where in the chain they are. ++ */ ++ if (x->name && strstr(x->name, "DigiNotar")) ++ { ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0,ctx)) ++ return 0; ++ } ++ } ++ return 1; ++ } ++ + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch new file mode 100644 index 000000000..29f11a288 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch @@ -0,0 +1,4656 @@ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure +=================================================================== +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 +@@ -1651,6 +1651,8 @@ + } + } + ++$shared_ldflag .= " -Wl,--version-script=openssl.ld"; ++ + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; + unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; + open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 +@@ -0,0 +1,4608 @@ ++OPENSSL_1.0.2d { ++ global: ++ BIO_f_ssl; ++ BIO_new_buffer_ssl_connect; ++ BIO_new_ssl; ++ BIO_new_ssl_connect; ++ BIO_proxy_ssl_copy_session_id; ++ BIO_ssl_copy_session_id; ++ BIO_ssl_shutdown; ++ d2i_SSL_SESSION; ++ DTLSv1_client_method; ++ DTLSv1_method; ++ DTLSv1_server_method; ++ ERR_load_SSL_strings; ++ i2d_SSL_SESSION; ++ kssl_build_principal_2; ++ kssl_cget_tkt; ++ kssl_check_authent; ++ kssl_ctx_free; ++ kssl_ctx_new; ++ kssl_ctx_setkey; ++ kssl_ctx_setprinc; ++ kssl_ctx_setstring; ++ kssl_ctx_show; ++ kssl_err_set; ++ kssl_krb5_free_data_contents; ++ kssl_sget_tkt; ++ kssl_skip_confound; ++ kssl_validate_times; ++ PEM_read_bio_SSL_SESSION; ++ PEM_read_SSL_SESSION; ++ PEM_write_bio_SSL_SESSION; ++ PEM_write_SSL_SESSION; ++ SSL_accept; ++ SSL_add_client_CA; ++ SSL_add_dir_cert_subjects_to_stack; ++ SSL_add_dir_cert_subjs_to_stk; ++ SSL_add_file_cert_subjects_to_stack; ++ SSL_add_file_cert_subjs_to_stk; ++ SSL_alert_desc_string; ++ SSL_alert_desc_string_long; ++ SSL_alert_type_string; ++ SSL_alert_type_string_long; ++ SSL_callback_ctrl; ++ SSL_check_private_key; ++ SSL_CIPHER_description; ++ SSL_CIPHER_get_bits; ++ SSL_CIPHER_get_name; ++ SSL_CIPHER_get_version; ++ SSL_clear; ++ SSL_COMP_add_compression_method; ++ SSL_COMP_get_compression_methods; ++ SSL_COMP_get_compress_methods; ++ SSL_COMP_get_name; ++ SSL_connect; ++ SSL_copy_session_id; ++ SSL_ctrl; ++ SSL_CTX_add_client_CA; ++ SSL_CTX_add_session; ++ SSL_CTX_callback_ctrl; ++ SSL_CTX_check_private_key; ++ SSL_CTX_ctrl; ++ SSL_CTX_flush_sessions; ++ SSL_CTX_free; ++ SSL_CTX_get_cert_store; ++ SSL_CTX_get_client_CA_list; ++ SSL_CTX_get_client_cert_cb; ++ SSL_CTX_get_ex_data; ++ SSL_CTX_get_ex_new_index; ++ SSL_CTX_get_info_callback; ++ SSL_CTX_get_quiet_shutdown; ++ SSL_CTX_get_timeout; ++ SSL_CTX_get_verify_callback; ++ SSL_CTX_get_verify_depth; ++ SSL_CTX_get_verify_mode; ++ SSL_CTX_load_verify_locations; ++ SSL_CTX_new; ++ SSL_CTX_remove_session; ++ SSL_CTX_sess_get_get_cb; ++ SSL_CTX_sess_get_new_cb; ++ SSL_CTX_sess_get_remove_cb; ++ SSL_CTX_sessions; ++ SSL_CTX_sess_set_get_cb; ++ SSL_CTX_sess_set_new_cb; ++ SSL_CTX_sess_set_remove_cb; ++ SSL_CTX_set1_param; ++ SSL_CTX_set_cert_store; ++ SSL_CTX_set_cert_verify_callback; ++ SSL_CTX_set_cert_verify_cb; ++ SSL_CTX_set_cipher_list; ++ SSL_CTX_set_client_CA_list; ++ SSL_CTX_set_client_cert_cb; ++ SSL_CTX_set_client_cert_engine; ++ SSL_CTX_set_cookie_generate_cb; ++ SSL_CTX_set_cookie_verify_cb; ++ SSL_CTX_set_default_passwd_cb; ++ SSL_CTX_set_default_passwd_cb_userdata; ++ SSL_CTX_set_default_verify_paths; ++ SSL_CTX_set_def_passwd_cb_ud; ++ SSL_CTX_set_def_verify_paths; ++ SSL_CTX_set_ex_data; ++ SSL_CTX_set_generate_session_id; ++ SSL_CTX_set_info_callback; ++ SSL_CTX_set_msg_callback; ++ SSL_CTX_set_psk_client_callback; ++ SSL_CTX_set_psk_server_callback; ++ SSL_CTX_set_purpose; ++ SSL_CTX_set_quiet_shutdown; ++ SSL_CTX_set_session_id_context; ++ SSL_CTX_set_ssl_version; ++ SSL_CTX_set_timeout; ++ SSL_CTX_set_tmp_dh_callback; ++ SSL_CTX_set_tmp_ecdh_callback; ++ SSL_CTX_set_tmp_rsa_callback; ++ SSL_CTX_set_trust; ++ SSL_CTX_set_verify; ++ SSL_CTX_set_verify_depth; ++ SSL_CTX_use_cert_chain_file; ++ SSL_CTX_use_certificate; ++ SSL_CTX_use_certificate_ASN1; ++ SSL_CTX_use_certificate_chain_file; ++ SSL_CTX_use_certificate_file; ++ SSL_CTX_use_PrivateKey; ++ SSL_CTX_use_PrivateKey_ASN1; ++ SSL_CTX_use_PrivateKey_file; ++ SSL_CTX_use_psk_identity_hint; ++ SSL_CTX_use_RSAPrivateKey; ++ SSL_CTX_use_RSAPrivateKey_ASN1; ++ SSL_CTX_use_RSAPrivateKey_file; ++ SSL_do_handshake; ++ SSL_dup; ++ SSL_dup_CA_list; ++ SSLeay_add_ssl_algorithms; ++ SSL_free; ++ SSL_get1_session; ++ SSL_get_certificate; ++ SSL_get_cipher_list; ++ SSL_get_ciphers; ++ SSL_get_client_CA_list; ++ SSL_get_current_cipher; ++ SSL_get_current_compression; ++ SSL_get_current_expansion; ++ SSL_get_default_timeout; ++ SSL_get_error; ++ SSL_get_ex_data; ++ SSL_get_ex_data_X509_STORE_CTX_idx; ++ SSL_get_ex_d_X509_STORE_CTX_idx; ++ SSL_get_ex_new_index; ++ SSL_get_fd; ++ SSL_get_finished; ++ SSL_get_info_callback; ++ SSL_get_peer_cert_chain; ++ SSL_get_peer_certificate; ++ SSL_get_peer_finished; ++ SSL_get_privatekey; ++ SSL_get_psk_identity; ++ SSL_get_psk_identity_hint; ++ SSL_get_quiet_shutdown; ++ SSL_get_rbio; ++ SSL_get_read_ahead; ++ SSL_get_rfd; ++ SSL_get_servername; ++ SSL_get_servername_type; ++ SSL_get_session; ++ SSL_get_shared_ciphers; ++ SSL_get_shutdown; ++ SSL_get_SSL_CTX; ++ SSL_get_ssl_method; ++ SSL_get_verify_callback; ++ SSL_get_verify_depth; ++ SSL_get_verify_mode; ++ SSL_get_verify_result; ++ SSL_get_version; ++ SSL_get_wbio; ++ SSL_get_wfd; ++ SSL_has_matching_session_id; ++ SSL_library_init; ++ SSL_load_client_CA_file; ++ SSL_load_error_strings; ++ SSL_new; ++ SSL_peek; ++ SSL_pending; ++ SSL_read; ++ SSL_renegotiate; ++ SSL_renegotiate_pending; ++ SSL_rstate_string; ++ SSL_rstate_string_long; ++ SSL_SESSION_cmp; ++ SSL_SESSION_free; ++ SSL_SESSION_get_ex_data; ++ SSL_SESSION_get_ex_new_index; ++ SSL_SESSION_get_id; ++ SSL_SESSION_get_time; ++ SSL_SESSION_get_timeout; ++ SSL_SESSION_hash; ++ SSL_SESSION_new; ++ SSL_SESSION_print; ++ SSL_SESSION_print_fp; ++ SSL_SESSION_set_ex_data; ++ SSL_SESSION_set_time; ++ SSL_SESSION_set_timeout; ++ SSL_set1_param; ++ SSL_set_accept_state; ++ SSL_set_bio; ++ SSL_set_cipher_list; ++ SSL_set_client_CA_list; ++ SSL_set_connect_state; ++ SSL_set_ex_data; ++ SSL_set_fd; ++ SSL_set_generate_session_id; ++ SSL_set_info_callback; ++ SSL_set_msg_callback; ++ SSL_set_psk_client_callback; ++ SSL_set_psk_server_callback; ++ SSL_set_purpose; ++ SSL_set_quiet_shutdown; ++ SSL_set_read_ahead; ++ SSL_set_rfd; ++ SSL_set_session; ++ SSL_set_session_id_context; ++ SSL_set_session_secret_cb; ++ SSL_set_session_ticket_ext; ++ SSL_set_session_ticket_ext_cb; ++ SSL_set_shutdown; ++ SSL_set_SSL_CTX; ++ SSL_set_ssl_method; ++ SSL_set_tmp_dh_callback; ++ SSL_set_tmp_ecdh_callback; ++ SSL_set_tmp_rsa_callback; ++ SSL_set_trust; ++ SSL_set_verify; ++ SSL_set_verify_depth; ++ SSL_set_verify_result; ++ SSL_set_wfd; ++ SSL_shutdown; ++ SSL_state; ++ SSL_state_string; ++ SSL_state_string_long; ++ SSL_use_certificate; ++ SSL_use_certificate_ASN1; ++ SSL_use_certificate_file; ++ SSL_use_PrivateKey; ++ SSL_use_PrivateKey_ASN1; ++ SSL_use_PrivateKey_file; ++ SSL_use_psk_identity_hint; ++ SSL_use_RSAPrivateKey; ++ SSL_use_RSAPrivateKey_ASN1; ++ SSL_use_RSAPrivateKey_file; ++ SSLv23_client_method; ++ SSLv23_method; ++ SSLv23_server_method; ++ SSLv2_client_method; ++ SSLv2_method; ++ SSLv2_server_method; ++ SSLv3_client_method; ++ SSLv3_method; ++ SSLv3_server_method; ++ SSL_version; ++ SSL_want; ++ SSL_write; ++ TLSv1_client_method; ++ TLSv1_method; ++ TLSv1_server_method; ++ ++ ++ SSLeay; ++ SSLeay_version; ++ ASN1_BIT_STRING_asn1_meth; ++ ASN1_HEADER_free; ++ ASN1_HEADER_new; ++ ASN1_IA5STRING_asn1_meth; ++ ASN1_INTEGER_get; ++ ASN1_INTEGER_set; ++ ASN1_INTEGER_to_BN; ++ ASN1_OBJECT_create; ++ ASN1_OBJECT_free; ++ ASN1_OBJECT_new; ++ ASN1_PRINTABLE_type; ++ ASN1_STRING_cmp; ++ ASN1_STRING_dup; ++ ASN1_STRING_free; ++ ASN1_STRING_new; ++ ASN1_STRING_print; ++ ASN1_STRING_set; ++ ASN1_STRING_type_new; ++ ASN1_TYPE_free; ++ ASN1_TYPE_new; ++ ASN1_UNIVERSALSTRING_to_string; ++ ASN1_UTCTIME_check; ++ ASN1_UTCTIME_print; ++ ASN1_UTCTIME_set; ++ ASN1_check_infinite_end; ++ ASN1_d2i_bio; ++ ASN1_d2i_fp; ++ ASN1_digest; ++ ASN1_dup; ++ ASN1_get_object; ++ ASN1_i2d_bio; ++ ASN1_i2d_fp; ++ ASN1_object_size; ++ ASN1_parse; ++ ASN1_put_object; ++ ASN1_sign; ++ ASN1_verify; ++ BF_cbc_encrypt; ++ BF_cfb64_encrypt; ++ BF_ecb_encrypt; ++ BF_encrypt; ++ BF_ofb64_encrypt; ++ BF_options; ++ BF_set_key; ++ BIO_CONNECT_free; ++ BIO_CONNECT_new; ++ BIO_accept; ++ BIO_ctrl; ++ BIO_int_ctrl; ++ BIO_debug_callback; ++ BIO_dump; ++ BIO_dup_chain; ++ BIO_f_base64; ++ BIO_f_buffer; ++ BIO_f_cipher; ++ BIO_f_md; ++ BIO_f_null; ++ BIO_f_proxy_server; ++ BIO_fd_non_fatal_error; ++ BIO_fd_should_retry; ++ BIO_find_type; ++ BIO_free; ++ BIO_free_all; ++ BIO_get_accept_socket; ++ BIO_get_filter_bio; ++ BIO_get_host_ip; ++ BIO_get_port; ++ BIO_get_retry_BIO; ++ BIO_get_retry_reason; ++ BIO_gethostbyname; ++ BIO_gets; ++ BIO_new; ++ BIO_new_accept; ++ BIO_new_connect; ++ BIO_new_fd; ++ BIO_new_file; ++ BIO_new_fp; ++ BIO_new_socket; ++ BIO_pop; ++ BIO_printf; ++ BIO_push; ++ BIO_puts; ++ BIO_read; ++ BIO_s_accept; ++ BIO_s_connect; ++ BIO_s_fd; ++ BIO_s_file; ++ BIO_s_mem; ++ BIO_s_null; ++ BIO_s_proxy_client; ++ BIO_s_socket; ++ BIO_set; ++ BIO_set_cipher; ++ BIO_set_tcp_ndelay; ++ BIO_sock_cleanup; ++ BIO_sock_error; ++ BIO_sock_init; ++ BIO_sock_non_fatal_error; ++ BIO_sock_should_retry; ++ BIO_socket_ioctl; ++ BIO_write; ++ BN_CTX_free; ++ BN_CTX_new; ++ BN_MONT_CTX_free; ++ BN_MONT_CTX_new; ++ BN_MONT_CTX_set; ++ BN_add; ++ BN_add_word; ++ BN_hex2bn; ++ BN_bin2bn; ++ BN_bn2hex; ++ BN_bn2bin; ++ BN_clear; ++ BN_clear_bit; ++ BN_clear_free; ++ BN_cmp; ++ BN_copy; ++ BN_div; ++ BN_div_word; ++ BN_dup; ++ BN_free; ++ BN_from_montgomery; ++ BN_gcd; ++ BN_generate_prime; ++ BN_get_word; ++ BN_is_bit_set; ++ BN_is_prime; ++ BN_lshift; ++ BN_lshift1; ++ BN_mask_bits; ++ BN_mod; ++ BN_mod_exp; ++ BN_mod_exp_mont; ++ BN_mod_exp_simple; ++ BN_mod_inverse; ++ BN_mod_mul; ++ BN_mod_mul_montgomery; ++ BN_mod_word; ++ BN_mul; ++ BN_new; ++ BN_num_bits; ++ BN_num_bits_word; ++ BN_options; ++ BN_print; ++ BN_print_fp; ++ BN_rand; ++ BN_reciprocal; ++ BN_rshift; ++ BN_rshift1; ++ BN_set_bit; ++ BN_set_word; ++ BN_sqr; ++ BN_sub; ++ BN_to_ASN1_INTEGER; ++ BN_ucmp; ++ BN_value_one; ++ BUF_MEM_free; ++ BUF_MEM_grow; ++ BUF_MEM_new; ++ BUF_strdup; ++ CONF_free; ++ CONF_get_number; ++ CONF_get_section; ++ CONF_get_string; ++ CONF_load; ++ CRYPTO_add_lock; ++ CRYPTO_dbg_free; ++ CRYPTO_dbg_malloc; ++ CRYPTO_dbg_realloc; ++ CRYPTO_dbg_remalloc; ++ CRYPTO_free; ++ CRYPTO_get_add_lock_callback; ++ CRYPTO_get_id_callback; ++ CRYPTO_get_lock_name; ++ CRYPTO_get_locking_callback; ++ CRYPTO_get_mem_functions; ++ CRYPTO_lock; ++ CRYPTO_malloc; ++ CRYPTO_mem_ctrl; ++ CRYPTO_mem_leaks; ++ CRYPTO_mem_leaks_cb; ++ CRYPTO_mem_leaks_fp; ++ CRYPTO_realloc; ++ CRYPTO_remalloc; ++ CRYPTO_set_add_lock_callback; ++ CRYPTO_set_id_callback; ++ CRYPTO_set_locking_callback; ++ CRYPTO_set_mem_functions; ++ CRYPTO_thread_id; ++ DH_check; ++ DH_compute_key; ++ DH_free; ++ DH_generate_key; ++ DH_generate_parameters; ++ DH_new; ++ DH_size; ++ DHparams_print; ++ DHparams_print_fp; ++ DSA_free; ++ DSA_generate_key; ++ DSA_generate_parameters; ++ DSA_is_prime; ++ DSA_new; ++ DSA_print; ++ DSA_print_fp; ++ DSA_sign; ++ DSA_sign_setup; ++ DSA_size; ++ DSA_verify; ++ DSAparams_print; ++ DSAparams_print_fp; ++ ERR_clear_error; ++ ERR_error_string; ++ ERR_free_strings; ++ ERR_func_error_string; ++ ERR_get_err_state_table; ++ ERR_get_error; ++ ERR_get_error_line; ++ ERR_get_state; ++ ERR_get_string_table; ++ ERR_lib_error_string; ++ ERR_load_ASN1_strings; ++ ERR_load_BIO_strings; ++ ERR_load_BN_strings; ++ ERR_load_BUF_strings; ++ ERR_load_CONF_strings; ++ ERR_load_DH_strings; ++ ERR_load_DSA_strings; ++ ERR_load_ERR_strings; ++ ERR_load_EVP_strings; ++ ERR_load_OBJ_strings; ++ ERR_load_PEM_strings; ++ ERR_load_PROXY_strings; ++ ERR_load_RSA_strings; ++ ERR_load_X509_strings; ++ ERR_load_crypto_strings; ++ ERR_load_strings; ++ ERR_peek_error; ++ ERR_peek_error_line; ++ ERR_print_errors; ++ ERR_print_errors_fp; ++ ERR_put_error; ++ ERR_reason_error_string; ++ ERR_remove_state; ++ EVP_BytesToKey; ++ EVP_CIPHER_CTX_cleanup; ++ EVP_CipherFinal; ++ EVP_CipherInit; ++ EVP_CipherUpdate; ++ EVP_DecodeBlock; ++ EVP_DecodeFinal; ++ EVP_DecodeInit; ++ EVP_DecodeUpdate; ++ EVP_DecryptFinal; ++ EVP_DecryptInit; ++ EVP_DecryptUpdate; ++ EVP_DigestFinal; ++ EVP_DigestInit; ++ EVP_DigestUpdate; ++ EVP_EncodeBlock; ++ EVP_EncodeFinal; ++ EVP_EncodeInit; ++ EVP_EncodeUpdate; ++ EVP_EncryptFinal; ++ EVP_EncryptInit; ++ EVP_EncryptUpdate; ++ EVP_OpenFinal; ++ EVP_OpenInit; ++ EVP_PKEY_assign; ++ EVP_PKEY_copy_parameters; ++ EVP_PKEY_free; ++ EVP_PKEY_missing_parameters; ++ EVP_PKEY_new; ++ EVP_PKEY_save_parameters; ++ EVP_PKEY_size; ++ EVP_PKEY_type; ++ EVP_SealFinal; ++ EVP_SealInit; ++ EVP_SignFinal; ++ EVP_VerifyFinal; ++ EVP_add_alias; ++ EVP_add_cipher; ++ EVP_add_digest; ++ EVP_bf_cbc; ++ EVP_bf_cfb64; ++ EVP_bf_ecb; ++ EVP_bf_ofb; ++ EVP_cleanup; ++ EVP_des_cbc; ++ EVP_des_cfb64; ++ EVP_des_ecb; ++ EVP_des_ede; ++ EVP_des_ede3; ++ EVP_des_ede3_cbc; ++ EVP_des_ede3_cfb64; ++ EVP_des_ede3_ofb; ++ EVP_des_ede_cbc; ++ EVP_des_ede_cfb64; ++ EVP_des_ede_ofb; ++ EVP_des_ofb; ++ EVP_desx_cbc; ++ EVP_dss; ++ EVP_dss1; ++ EVP_enc_null; ++ EVP_get_cipherbyname; ++ EVP_get_digestbyname; ++ EVP_get_pw_prompt; ++ EVP_idea_cbc; ++ EVP_idea_cfb64; ++ EVP_idea_ecb; ++ EVP_idea_ofb; ++ EVP_md2; ++ EVP_md5; ++ EVP_md_null; ++ EVP_rc2_cbc; ++ EVP_rc2_cfb64; ++ EVP_rc2_ecb; ++ EVP_rc2_ofb; ++ EVP_rc4; ++ EVP_read_pw_string; ++ EVP_set_pw_prompt; ++ EVP_sha; ++ EVP_sha1; ++ MD2; ++ MD2_Final; ++ MD2_Init; ++ MD2_Update; ++ MD2_options; ++ MD5; ++ MD5_Final; ++ MD5_Init; ++ MD5_Update; ++ MDC2; ++ MDC2_Final; ++ MDC2_Init; ++ MDC2_Update; ++ NETSCAPE_SPKAC_free; ++ NETSCAPE_SPKAC_new; ++ NETSCAPE_SPKI_free; ++ NETSCAPE_SPKI_new; ++ NETSCAPE_SPKI_sign; ++ NETSCAPE_SPKI_verify; ++ OBJ_add_object; ++ OBJ_bsearch; ++ OBJ_cleanup; ++ OBJ_cmp; ++ OBJ_create; ++ OBJ_dup; ++ OBJ_ln2nid; ++ OBJ_new_nid; ++ OBJ_nid2ln; ++ OBJ_nid2obj; ++ OBJ_nid2sn; ++ OBJ_obj2nid; ++ OBJ_sn2nid; ++ OBJ_txt2nid; ++ PEM_ASN1_read; ++ PEM_ASN1_read_bio; ++ PEM_ASN1_write; ++ PEM_ASN1_write_bio; ++ PEM_SealFinal; ++ PEM_SealInit; ++ PEM_SealUpdate; ++ PEM_SignFinal; ++ PEM_SignInit; ++ PEM_SignUpdate; ++ PEM_X509_INFO_read; ++ PEM_X509_INFO_read_bio; ++ PEM_X509_INFO_write_bio; ++ PEM_dek_info; ++ PEM_do_header; ++ PEM_get_EVP_CIPHER_INFO; ++ PEM_proc_type; ++ PEM_read; ++ PEM_read_DHparams; ++ PEM_read_DSAPrivateKey; ++ PEM_read_DSAparams; ++ PEM_read_PKCS7; ++ PEM_read_PrivateKey; ++ PEM_read_RSAPrivateKey; ++ PEM_read_X509; ++ PEM_read_X509_CRL; ++ PEM_read_X509_REQ; ++ PEM_read_bio; ++ PEM_read_bio_DHparams; ++ PEM_read_bio_DSAPrivateKey; ++ PEM_read_bio_DSAparams; ++ PEM_read_bio_PKCS7; ++ PEM_read_bio_PrivateKey; ++ PEM_read_bio_RSAPrivateKey; ++ PEM_read_bio_X509; ++ PEM_read_bio_X509_CRL; ++ PEM_read_bio_X509_REQ; ++ PEM_write; ++ PEM_write_DHparams; ++ PEM_write_DSAPrivateKey; ++ PEM_write_DSAparams; ++ PEM_write_PKCS7; ++ PEM_write_PrivateKey; ++ PEM_write_RSAPrivateKey; ++ PEM_write_X509; ++ PEM_write_X509_CRL; ++ PEM_write_X509_REQ; ++ PEM_write_bio; ++ PEM_write_bio_DHparams; ++ PEM_write_bio_DSAPrivateKey; ++ PEM_write_bio_DSAparams; ++ PEM_write_bio_PKCS7; ++ PEM_write_bio_PrivateKey; ++ PEM_write_bio_RSAPrivateKey; ++ PEM_write_bio_X509; ++ PEM_write_bio_X509_CRL; ++ PEM_write_bio_X509_REQ; ++ PKCS7_DIGEST_free; ++ PKCS7_DIGEST_new; ++ PKCS7_ENCRYPT_free; ++ PKCS7_ENCRYPT_new; ++ PKCS7_ENC_CONTENT_free; ++ PKCS7_ENC_CONTENT_new; ++ PKCS7_ENVELOPE_free; ++ PKCS7_ENVELOPE_new; ++ PKCS7_ISSUER_AND_SERIAL_digest; ++ PKCS7_ISSUER_AND_SERIAL_free; ++ PKCS7_ISSUER_AND_SERIAL_new; ++ PKCS7_RECIP_INFO_free; ++ PKCS7_RECIP_INFO_new; ++ PKCS7_SIGNED_free; ++ PKCS7_SIGNED_new; ++ PKCS7_SIGNER_INFO_free; ++ PKCS7_SIGNER_INFO_new; ++ PKCS7_SIGN_ENVELOPE_free; ++ PKCS7_SIGN_ENVELOPE_new; ++ PKCS7_dup; ++ PKCS7_free; ++ PKCS7_new; ++ PROXY_ENTRY_add_noproxy; ++ PROXY_ENTRY_clear_noproxy; ++ PROXY_ENTRY_free; ++ PROXY_ENTRY_get_noproxy; ++ PROXY_ENTRY_new; ++ PROXY_ENTRY_set_server; ++ PROXY_add_noproxy; ++ PROXY_add_server; ++ PROXY_check_by_host; ++ PROXY_check_url; ++ PROXY_clear_noproxy; ++ PROXY_free; ++ PROXY_get_noproxy; ++ PROXY_get_proxies; ++ PROXY_get_proxy_entry; ++ PROXY_load_conf; ++ PROXY_new; ++ PROXY_print; ++ RAND_bytes; ++ RAND_cleanup; ++ RAND_file_name; ++ RAND_load_file; ++ RAND_screen; ++ RAND_seed; ++ RAND_write_file; ++ RC2_cbc_encrypt; ++ RC2_cfb64_encrypt; ++ RC2_ecb_encrypt; ++ RC2_encrypt; ++ RC2_ofb64_encrypt; ++ RC2_set_key; ++ RC4; ++ RC4_options; ++ RC4_set_key; ++ RSAPrivateKey_asn1_meth; ++ RSAPrivateKey_dup; ++ RSAPublicKey_dup; ++ RSA_PKCS1_SSLeay; ++ RSA_free; ++ RSA_generate_key; ++ RSA_new; ++ RSA_new_method; ++ RSA_print; ++ RSA_print_fp; ++ RSA_private_decrypt; ++ RSA_private_encrypt; ++ RSA_public_decrypt; ++ RSA_public_encrypt; ++ RSA_set_default_method; ++ RSA_sign; ++ RSA_sign_ASN1_OCTET_STRING; ++ RSA_size; ++ RSA_verify; ++ RSA_verify_ASN1_OCTET_STRING; ++ SHA; ++ SHA1; ++ SHA1_Final; ++ SHA1_Init; ++ SHA1_Update; ++ SHA_Final; ++ SHA_Init; ++ SHA_Update; ++ OpenSSL_add_all_algorithms; ++ OpenSSL_add_all_ciphers; ++ OpenSSL_add_all_digests; ++ TXT_DB_create_index; ++ TXT_DB_free; ++ TXT_DB_get_by_index; ++ TXT_DB_insert; ++ TXT_DB_read; ++ TXT_DB_write; ++ X509_ALGOR_free; ++ X509_ALGOR_new; ++ X509_ATTRIBUTE_free; ++ X509_ATTRIBUTE_new; ++ X509_CINF_free; ++ X509_CINF_new; ++ X509_CRL_INFO_free; ++ X509_CRL_INFO_new; ++ X509_CRL_add_ext; ++ X509_CRL_cmp; ++ X509_CRL_delete_ext; ++ X509_CRL_dup; ++ X509_CRL_free; ++ X509_CRL_get_ext; ++ X509_CRL_get_ext_by_NID; ++ X509_CRL_get_ext_by_OBJ; ++ X509_CRL_get_ext_by_critical; ++ X509_CRL_get_ext_count; ++ X509_CRL_new; ++ X509_CRL_sign; ++ X509_CRL_verify; ++ X509_EXTENSION_create_by_NID; ++ X509_EXTENSION_create_by_OBJ; ++ X509_EXTENSION_dup; ++ X509_EXTENSION_free; ++ X509_EXTENSION_get_critical; ++ X509_EXTENSION_get_data; ++ X509_EXTENSION_get_object; ++ X509_EXTENSION_new; ++ X509_EXTENSION_set_critical; ++ X509_EXTENSION_set_data; ++ X509_EXTENSION_set_object; ++ X509_INFO_free; ++ X509_INFO_new; ++ X509_LOOKUP_by_alias; ++ X509_LOOKUP_by_fingerprint; ++ X509_LOOKUP_by_issuer_serial; ++ X509_LOOKUP_by_subject; ++ X509_LOOKUP_ctrl; ++ X509_LOOKUP_file; ++ X509_LOOKUP_free; ++ X509_LOOKUP_hash_dir; ++ X509_LOOKUP_init; ++ X509_LOOKUP_new; ++ X509_LOOKUP_shutdown; ++ X509_NAME_ENTRY_create_by_NID; ++ X509_NAME_ENTRY_create_by_OBJ; ++ X509_NAME_ENTRY_dup; ++ X509_NAME_ENTRY_free; ++ X509_NAME_ENTRY_get_data; ++ X509_NAME_ENTRY_get_object; ++ X509_NAME_ENTRY_new; ++ X509_NAME_ENTRY_set_data; ++ X509_NAME_ENTRY_set_object; ++ X509_NAME_add_entry; ++ X509_NAME_cmp; ++ X509_NAME_delete_entry; ++ X509_NAME_digest; ++ X509_NAME_dup; ++ X509_NAME_entry_count; ++ X509_NAME_free; ++ X509_NAME_get_entry; ++ X509_NAME_get_index_by_NID; ++ X509_NAME_get_index_by_OBJ; ++ X509_NAME_get_text_by_NID; ++ X509_NAME_get_text_by_OBJ; ++ X509_NAME_hash; ++ X509_NAME_new; ++ X509_NAME_oneline; ++ X509_NAME_print; ++ X509_NAME_set; ++ X509_OBJECT_free_contents; ++ X509_OBJECT_retrieve_by_subject; ++ X509_OBJECT_up_ref_count; ++ X509_PKEY_free; ++ X509_PKEY_new; ++ X509_PUBKEY_free; ++ X509_PUBKEY_get; ++ X509_PUBKEY_new; ++ X509_PUBKEY_set; ++ X509_REQ_INFO_free; ++ X509_REQ_INFO_new; ++ X509_REQ_dup; ++ X509_REQ_free; ++ X509_REQ_get_pubkey; ++ X509_REQ_new; ++ X509_REQ_print; ++ X509_REQ_print_fp; ++ X509_REQ_set_pubkey; ++ X509_REQ_set_subject_name; ++ X509_REQ_set_version; ++ X509_REQ_sign; ++ X509_REQ_to_X509; ++ X509_REQ_verify; ++ X509_REVOKED_add_ext; ++ X509_REVOKED_delete_ext; ++ X509_REVOKED_free; ++ X509_REVOKED_get_ext; ++ X509_REVOKED_get_ext_by_NID; ++ X509_REVOKED_get_ext_by_OBJ; ++ X509_REVOKED_get_ext_by_critical; ++ X509_REVOKED_get_ext_by_critic; ++ X509_REVOKED_get_ext_count; ++ X509_REVOKED_new; ++ X509_SIG_free; ++ X509_SIG_new; ++ X509_STORE_CTX_cleanup; ++ X509_STORE_CTX_init; ++ X509_STORE_add_cert; ++ X509_STORE_add_lookup; ++ X509_STORE_free; ++ X509_STORE_get_by_subject; ++ X509_STORE_load_locations; ++ X509_STORE_new; ++ X509_STORE_set_default_paths; ++ X509_VAL_free; ++ X509_VAL_new; ++ X509_add_ext; ++ X509_asn1_meth; ++ X509_certificate_type; ++ X509_check_private_key; ++ X509_cmp_current_time; ++ X509_delete_ext; ++ X509_digest; ++ X509_dup; ++ X509_free; ++ X509_get_default_cert_area; ++ X509_get_default_cert_dir; ++ X509_get_default_cert_dir_env; ++ X509_get_default_cert_file; ++ X509_get_default_cert_file_env; ++ X509_get_default_private_dir; ++ X509_get_ext; ++ X509_get_ext_by_NID; ++ X509_get_ext_by_OBJ; ++ X509_get_ext_by_critical; ++ X509_get_ext_count; ++ X509_get_issuer_name; ++ X509_get_pubkey; ++ X509_get_pubkey_parameters; ++ X509_get_serialNumber; ++ X509_get_subject_name; ++ X509_gmtime_adj; ++ X509_issuer_and_serial_cmp; ++ X509_issuer_and_serial_hash; ++ X509_issuer_name_cmp; ++ X509_issuer_name_hash; ++ X509_load_cert_file; ++ X509_new; ++ X509_print; ++ X509_print_fp; ++ X509_set_issuer_name; ++ X509_set_notAfter; ++ X509_set_notBefore; ++ X509_set_pubkey; ++ X509_set_serialNumber; ++ X509_set_subject_name; ++ X509_set_version; ++ X509_sign; ++ X509_subject_name_cmp; ++ X509_subject_name_hash; ++ X509_to_X509_REQ; ++ X509_verify; ++ X509_verify_cert; ++ X509_verify_cert_error_string; ++ X509v3_add_ext; ++ X509v3_add_extension; ++ X509v3_add_netscape_extensions; ++ X509v3_add_standard_extensions; ++ X509v3_cleanup_extensions; ++ X509v3_data_type_by_NID; ++ X509v3_data_type_by_OBJ; ++ X509v3_delete_ext; ++ X509v3_get_ext; ++ X509v3_get_ext_by_NID; ++ X509v3_get_ext_by_OBJ; ++ X509v3_get_ext_by_critical; ++ X509v3_get_ext_count; ++ X509v3_pack_string; ++ X509v3_pack_type_by_NID; ++ X509v3_pack_type_by_OBJ; ++ X509v3_unpack_string; ++ _des_crypt; ++ a2d_ASN1_OBJECT; ++ a2i_ASN1_INTEGER; ++ a2i_ASN1_STRING; ++ asn1_Finish; ++ asn1_GetSequence; ++ bn_div_words; ++ bn_expand2; ++ bn_mul_add_words; ++ bn_mul_words; ++ BN_uadd; ++ BN_usub; ++ bn_sqr_words; ++ _ossl_old_crypt; ++ d2i_ASN1_BIT_STRING; ++ d2i_ASN1_BOOLEAN; ++ d2i_ASN1_HEADER; ++ d2i_ASN1_IA5STRING; ++ d2i_ASN1_INTEGER; ++ d2i_ASN1_OBJECT; ++ d2i_ASN1_OCTET_STRING; ++ d2i_ASN1_PRINTABLE; ++ d2i_ASN1_PRINTABLESTRING; ++ d2i_ASN1_SET; ++ d2i_ASN1_T61STRING; ++ d2i_ASN1_TYPE; ++ d2i_ASN1_UTCTIME; ++ d2i_ASN1_bytes; ++ d2i_ASN1_type_bytes; ++ d2i_DHparams; ++ d2i_DSAPrivateKey; ++ d2i_DSAPrivateKey_bio; ++ d2i_DSAPrivateKey_fp; ++ d2i_DSAPublicKey; ++ d2i_DSAparams; ++ d2i_NETSCAPE_SPKAC; ++ d2i_NETSCAPE_SPKI; ++ d2i_Netscape_RSA; ++ d2i_PKCS7; ++ d2i_PKCS7_DIGEST; ++ d2i_PKCS7_ENCRYPT; ++ d2i_PKCS7_ENC_CONTENT; ++ d2i_PKCS7_ENVELOPE; ++ d2i_PKCS7_ISSUER_AND_SERIAL; ++ d2i_PKCS7_RECIP_INFO; ++ d2i_PKCS7_SIGNED; ++ d2i_PKCS7_SIGNER_INFO; ++ d2i_PKCS7_SIGN_ENVELOPE; ++ d2i_PKCS7_bio; ++ d2i_PKCS7_fp; ++ d2i_PrivateKey; ++ d2i_PublicKey; ++ d2i_RSAPrivateKey; ++ d2i_RSAPrivateKey_bio; ++ d2i_RSAPrivateKey_fp; ++ d2i_RSAPublicKey; ++ d2i_X509; ++ d2i_X509_ALGOR; ++ d2i_X509_ATTRIBUTE; ++ d2i_X509_CINF; ++ d2i_X509_CRL; ++ d2i_X509_CRL_INFO; ++ d2i_X509_CRL_bio; ++ d2i_X509_CRL_fp; ++ d2i_X509_EXTENSION; ++ d2i_X509_NAME; ++ d2i_X509_NAME_ENTRY; ++ d2i_X509_PKEY; ++ d2i_X509_PUBKEY; ++ d2i_X509_REQ; ++ d2i_X509_REQ_INFO; ++ d2i_X509_REQ_bio; ++ d2i_X509_REQ_fp; ++ d2i_X509_REVOKED; ++ d2i_X509_SIG; ++ d2i_X509_VAL; ++ d2i_X509_bio; ++ d2i_X509_fp; ++ DES_cbc_cksum; ++ DES_cbc_encrypt; ++ DES_cblock_print_file; ++ DES_cfb64_encrypt; ++ DES_cfb_encrypt; ++ DES_decrypt3; ++ DES_ecb3_encrypt; ++ DES_ecb_encrypt; ++ DES_ede3_cbc_encrypt; ++ DES_ede3_cfb64_encrypt; ++ DES_ede3_ofb64_encrypt; ++ DES_enc_read; ++ DES_enc_write; ++ DES_encrypt1; ++ DES_encrypt2; ++ DES_encrypt3; ++ DES_fcrypt; ++ DES_is_weak_key; ++ DES_key_sched; ++ DES_ncbc_encrypt; ++ DES_ofb64_encrypt; ++ DES_ofb_encrypt; ++ DES_options; ++ DES_pcbc_encrypt; ++ DES_quad_cksum; ++ DES_random_key; ++ _ossl_old_des_random_seed; ++ _ossl_old_des_read_2passwords; ++ _ossl_old_des_read_password; ++ _ossl_old_des_read_pw; ++ _ossl_old_des_read_pw_string; ++ DES_set_key; ++ DES_set_odd_parity; ++ DES_string_to_2keys; ++ DES_string_to_key; ++ DES_xcbc_encrypt; ++ DES_xwhite_in2out; ++ fcrypt_body; ++ i2a_ASN1_INTEGER; ++ i2a_ASN1_OBJECT; ++ i2a_ASN1_STRING; ++ i2d_ASN1_BIT_STRING; ++ i2d_ASN1_BOOLEAN; ++ i2d_ASN1_HEADER; ++ i2d_ASN1_IA5STRING; ++ i2d_ASN1_INTEGER; ++ i2d_ASN1_OBJECT; ++ i2d_ASN1_OCTET_STRING; ++ i2d_ASN1_PRINTABLE; ++ i2d_ASN1_SET; ++ i2d_ASN1_TYPE; ++ i2d_ASN1_UTCTIME; ++ i2d_ASN1_bytes; ++ i2d_DHparams; ++ i2d_DSAPrivateKey; ++ i2d_DSAPrivateKey_bio; ++ i2d_DSAPrivateKey_fp; ++ i2d_DSAPublicKey; ++ i2d_DSAparams; ++ i2d_NETSCAPE_SPKAC; ++ i2d_NETSCAPE_SPKI; ++ i2d_Netscape_RSA; ++ i2d_PKCS7; ++ i2d_PKCS7_DIGEST; ++ i2d_PKCS7_ENCRYPT; ++ i2d_PKCS7_ENC_CONTENT; ++ i2d_PKCS7_ENVELOPE; ++ i2d_PKCS7_ISSUER_AND_SERIAL; ++ i2d_PKCS7_RECIP_INFO; ++ i2d_PKCS7_SIGNED; ++ i2d_PKCS7_SIGNER_INFO; ++ i2d_PKCS7_SIGN_ENVELOPE; ++ i2d_PKCS7_bio; ++ i2d_PKCS7_fp; ++ i2d_PrivateKey; ++ i2d_PublicKey; ++ i2d_RSAPrivateKey; ++ i2d_RSAPrivateKey_bio; ++ i2d_RSAPrivateKey_fp; ++ i2d_RSAPublicKey; ++ i2d_X509; ++ i2d_X509_ALGOR; ++ i2d_X509_ATTRIBUTE; ++ i2d_X509_CINF; ++ i2d_X509_CRL; ++ i2d_X509_CRL_INFO; ++ i2d_X509_CRL_bio; ++ i2d_X509_CRL_fp; ++ i2d_X509_EXTENSION; ++ i2d_X509_NAME; ++ i2d_X509_NAME_ENTRY; ++ i2d_X509_PKEY; ++ i2d_X509_PUBKEY; ++ i2d_X509_REQ; ++ i2d_X509_REQ_INFO; ++ i2d_X509_REQ_bio; ++ i2d_X509_REQ_fp; ++ i2d_X509_REVOKED; ++ i2d_X509_SIG; ++ i2d_X509_VAL; ++ i2d_X509_bio; ++ i2d_X509_fp; ++ idea_cbc_encrypt; ++ idea_cfb64_encrypt; ++ idea_ecb_encrypt; ++ idea_encrypt; ++ idea_ofb64_encrypt; ++ idea_options; ++ idea_set_decrypt_key; ++ idea_set_encrypt_key; ++ lh_delete; ++ lh_doall; ++ lh_doall_arg; ++ lh_free; ++ lh_insert; ++ lh_new; ++ lh_node_stats; ++ lh_node_stats_bio; ++ lh_node_usage_stats; ++ lh_node_usage_stats_bio; ++ lh_retrieve; ++ lh_stats; ++ lh_stats_bio; ++ lh_strhash; ++ sk_delete; ++ sk_delete_ptr; ++ sk_dup; ++ sk_find; ++ sk_free; ++ sk_insert; ++ sk_new; ++ sk_pop; ++ sk_pop_free; ++ sk_push; ++ sk_set_cmp_func; ++ sk_shift; ++ sk_unshift; ++ sk_zero; ++ BIO_f_nbio_test; ++ ASN1_TYPE_get; ++ ASN1_TYPE_set; ++ PKCS7_content_free; ++ ERR_load_PKCS7_strings; ++ X509_find_by_issuer_and_serial; ++ X509_find_by_subject; ++ PKCS7_ctrl; ++ PKCS7_set_type; ++ PKCS7_set_content; ++ PKCS7_SIGNER_INFO_set; ++ PKCS7_add_signer; ++ PKCS7_add_certificate; ++ PKCS7_add_crl; ++ PKCS7_content_new; ++ PKCS7_dataSign; ++ PKCS7_dataVerify; ++ PKCS7_dataInit; ++ PKCS7_add_signature; ++ PKCS7_cert_from_signer_info; ++ PKCS7_get_signer_info; ++ EVP_delete_alias; ++ EVP_mdc2; ++ PEM_read_bio_RSAPublicKey; ++ PEM_write_bio_RSAPublicKey; ++ d2i_RSAPublicKey_bio; ++ i2d_RSAPublicKey_bio; ++ PEM_read_RSAPublicKey; ++ PEM_write_RSAPublicKey; ++ d2i_RSAPublicKey_fp; ++ i2d_RSAPublicKey_fp; ++ BIO_copy_next_retry; ++ RSA_flags; ++ X509_STORE_add_crl; ++ X509_load_crl_file; ++ EVP_rc2_40_cbc; ++ EVP_rc4_40; ++ EVP_CIPHER_CTX_init; ++ HMAC; ++ HMAC_Init; ++ HMAC_Update; ++ HMAC_Final; ++ ERR_get_next_error_library; ++ EVP_PKEY_cmp_parameters; ++ HMAC_cleanup; ++ BIO_ptr_ctrl; ++ BIO_new_file_internal; ++ BIO_new_fp_internal; ++ BIO_s_file_internal; ++ BN_BLINDING_convert; ++ BN_BLINDING_invert; ++ BN_BLINDING_update; ++ RSA_blinding_on; ++ RSA_blinding_off; ++ i2t_ASN1_OBJECT; ++ BN_BLINDING_new; ++ BN_BLINDING_free; ++ EVP_cast5_cbc; ++ EVP_cast5_cfb64; ++ EVP_cast5_ecb; ++ EVP_cast5_ofb; ++ BF_decrypt; ++ CAST_set_key; ++ CAST_encrypt; ++ CAST_decrypt; ++ CAST_ecb_encrypt; ++ CAST_cbc_encrypt; ++ CAST_cfb64_encrypt; ++ CAST_ofb64_encrypt; ++ RC2_decrypt; ++ OBJ_create_objects; ++ BN_exp; ++ BN_mul_word; ++ BN_sub_word; ++ BN_dec2bn; ++ BN_bn2dec; ++ BIO_ghbn_ctrl; ++ CRYPTO_free_ex_data; ++ CRYPTO_get_ex_data; ++ CRYPTO_set_ex_data; ++ ERR_load_CRYPTO_strings; ++ ERR_load_CRYPTOlib_strings; ++ EVP_PKEY_bits; ++ MD5_Transform; ++ SHA1_Transform; ++ SHA_Transform; ++ X509_STORE_CTX_get_chain; ++ X509_STORE_CTX_get_current_cert; ++ X509_STORE_CTX_get_error; ++ X509_STORE_CTX_get_error_depth; ++ X509_STORE_CTX_get_ex_data; ++ X509_STORE_CTX_set_cert; ++ X509_STORE_CTX_set_chain; ++ X509_STORE_CTX_set_error; ++ X509_STORE_CTX_set_ex_data; ++ CRYPTO_dup_ex_data; ++ CRYPTO_get_new_lockid; ++ CRYPTO_new_ex_data; ++ RSA_set_ex_data; ++ RSA_get_ex_data; ++ RSA_get_ex_new_index; ++ RSA_padding_add_PKCS1_type_1; ++ RSA_padding_add_PKCS1_type_2; ++ RSA_padding_add_SSLv23; ++ RSA_padding_add_none; ++ RSA_padding_check_PKCS1_type_1; ++ RSA_padding_check_PKCS1_type_2; ++ RSA_padding_check_SSLv23; ++ RSA_padding_check_none; ++ bn_add_words; ++ d2i_Netscape_RSA_2; ++ CRYPTO_get_ex_new_index; ++ RIPEMD160_Init; ++ RIPEMD160_Update; ++ RIPEMD160_Final; ++ RIPEMD160; ++ RIPEMD160_Transform; ++ RC5_32_set_key; ++ RC5_32_ecb_encrypt; ++ RC5_32_encrypt; ++ RC5_32_decrypt; ++ RC5_32_cbc_encrypt; ++ RC5_32_cfb64_encrypt; ++ RC5_32_ofb64_encrypt; ++ BN_bn2mpi; ++ BN_mpi2bn; ++ ASN1_BIT_STRING_get_bit; ++ ASN1_BIT_STRING_set_bit; ++ BIO_get_ex_data; ++ BIO_get_ex_new_index; ++ BIO_set_ex_data; ++ X509v3_get_key_usage; ++ X509v3_set_key_usage; ++ a2i_X509v3_key_usage; ++ i2a_X509v3_key_usage; ++ EVP_PKEY_decrypt; ++ EVP_PKEY_encrypt; ++ PKCS7_RECIP_INFO_set; ++ PKCS7_add_recipient; ++ PKCS7_add_recipient_info; ++ PKCS7_set_cipher; ++ ASN1_TYPE_get_int_octetstring; ++ ASN1_TYPE_get_octetstring; ++ ASN1_TYPE_set_int_octetstring; ++ ASN1_TYPE_set_octetstring; ++ ASN1_UTCTIME_set_string; ++ ERR_add_error_data; ++ ERR_set_error_data; ++ EVP_CIPHER_asn1_to_param; ++ EVP_CIPHER_param_to_asn1; ++ EVP_CIPHER_get_asn1_iv; ++ EVP_CIPHER_set_asn1_iv; ++ EVP_rc5_32_12_16_cbc; ++ EVP_rc5_32_12_16_cfb64; ++ EVP_rc5_32_12_16_ecb; ++ EVP_rc5_32_12_16_ofb; ++ asn1_add_error; ++ d2i_ASN1_BMPSTRING; ++ i2d_ASN1_BMPSTRING; ++ BIO_f_ber; ++ BN_init; ++ COMP_CTX_new; ++ COMP_CTX_free; ++ COMP_CTX_compress_block; ++ COMP_CTX_expand_block; ++ X509_STORE_CTX_get_ex_new_index; ++ OBJ_NAME_add; ++ BIO_socket_nbio; ++ EVP_rc2_64_cbc; ++ OBJ_NAME_cleanup; ++ OBJ_NAME_get; ++ OBJ_NAME_init; ++ OBJ_NAME_new_index; ++ OBJ_NAME_remove; ++ BN_MONT_CTX_copy; ++ BIO_new_socks4a_connect; ++ BIO_s_socks4a_connect; ++ PROXY_set_connect_mode; ++ RAND_SSLeay; ++ RAND_set_rand_method; ++ RSA_memory_lock; ++ bn_sub_words; ++ bn_mul_normal; ++ bn_mul_comba8; ++ bn_mul_comba4; ++ bn_sqr_normal; ++ bn_sqr_comba8; ++ bn_sqr_comba4; ++ bn_cmp_words; ++ bn_mul_recursive; ++ bn_mul_part_recursive; ++ bn_sqr_recursive; ++ bn_mul_low_normal; ++ BN_RECP_CTX_init; ++ BN_RECP_CTX_new; ++ BN_RECP_CTX_free; ++ BN_RECP_CTX_set; ++ BN_mod_mul_reciprocal; ++ BN_mod_exp_recp; ++ BN_div_recp; ++ BN_CTX_init; ++ BN_MONT_CTX_init; ++ RAND_get_rand_method; ++ PKCS7_add_attribute; ++ PKCS7_add_signed_attribute; ++ PKCS7_digest_from_attributes; ++ PKCS7_get_attribute; ++ PKCS7_get_issuer_and_serial; ++ PKCS7_get_signed_attribute; ++ COMP_compress_block; ++ COMP_expand_block; ++ COMP_rle; ++ COMP_zlib; ++ ms_time_diff; ++ ms_time_new; ++ ms_time_free; ++ ms_time_cmp; ++ ms_time_get; ++ PKCS7_set_attributes; ++ PKCS7_set_signed_attributes; ++ X509_ATTRIBUTE_create; ++ X509_ATTRIBUTE_dup; ++ ASN1_GENERALIZEDTIME_check; ++ ASN1_GENERALIZEDTIME_print; ++ ASN1_GENERALIZEDTIME_set; ++ ASN1_GENERALIZEDTIME_set_string; ++ ASN1_TIME_print; ++ BASIC_CONSTRAINTS_free; ++ BASIC_CONSTRAINTS_new; ++ ERR_load_X509V3_strings; ++ NETSCAPE_CERT_SEQUENCE_free; ++ NETSCAPE_CERT_SEQUENCE_new; ++ OBJ_txt2obj; ++ PEM_read_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_NS_CERT_SEQ; ++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_read_bio_NS_CERT_SEQ; ++ PEM_write_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_NS_CERT_SEQ; ++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; ++ PEM_write_bio_NS_CERT_SEQ; ++ X509V3_EXT_add; ++ X509V3_EXT_add_alias; ++ X509V3_EXT_add_conf; ++ X509V3_EXT_cleanup; ++ X509V3_EXT_conf; ++ X509V3_EXT_conf_nid; ++ X509V3_EXT_get; ++ X509V3_EXT_get_nid; ++ X509V3_EXT_print; ++ X509V3_EXT_print_fp; ++ X509V3_add_standard_extensions; ++ X509V3_add_value; ++ X509V3_add_value_bool; ++ X509V3_add_value_int; ++ X509V3_conf_free; ++ X509V3_get_value_bool; ++ X509V3_get_value_int; ++ X509V3_parse_list; ++ d2i_ASN1_GENERALIZEDTIME; ++ d2i_ASN1_TIME; ++ d2i_BASIC_CONSTRAINTS; ++ d2i_NETSCAPE_CERT_SEQUENCE; ++ d2i_ext_ku; ++ ext_ku_free; ++ ext_ku_new; ++ i2d_ASN1_GENERALIZEDTIME; ++ i2d_ASN1_TIME; ++ i2d_BASIC_CONSTRAINTS; ++ i2d_NETSCAPE_CERT_SEQUENCE; ++ i2d_ext_ku; ++ EVP_MD_CTX_copy; ++ i2d_ASN1_ENUMERATED; ++ d2i_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_set; ++ ASN1_ENUMERATED_get; ++ BN_to_ASN1_ENUMERATED; ++ ASN1_ENUMERATED_to_BN; ++ i2a_ASN1_ENUMERATED; ++ a2i_ASN1_ENUMERATED; ++ i2d_GENERAL_NAME; ++ d2i_GENERAL_NAME; ++ GENERAL_NAME_new; ++ GENERAL_NAME_free; ++ GENERAL_NAMES_new; ++ GENERAL_NAMES_free; ++ d2i_GENERAL_NAMES; ++ i2d_GENERAL_NAMES; ++ i2v_GENERAL_NAMES; ++ i2s_ASN1_OCTET_STRING; ++ s2i_ASN1_OCTET_STRING; ++ X509V3_EXT_check_conf; ++ hex_to_string; ++ string_to_hex; ++ DES_ede3_cbcm_encrypt; ++ RSA_padding_add_PKCS1_OAEP; ++ RSA_padding_check_PKCS1_OAEP; ++ X509_CRL_print_fp; ++ X509_CRL_print; ++ i2v_GENERAL_NAME; ++ v2i_GENERAL_NAME; ++ i2d_PKEY_USAGE_PERIOD; ++ d2i_PKEY_USAGE_PERIOD; ++ PKEY_USAGE_PERIOD_new; ++ PKEY_USAGE_PERIOD_free; ++ v2i_GENERAL_NAMES; ++ i2s_ASN1_INTEGER; ++ X509V3_EXT_d2i; ++ name_cmp; ++ str_dup; ++ i2s_ASN1_ENUMERATED; ++ i2s_ASN1_ENUMERATED_TABLE; ++ BIO_s_log; ++ BIO_f_reliable; ++ PKCS7_dataFinal; ++ PKCS7_dataDecode; ++ X509V3_EXT_CRL_add_conf; ++ BN_set_params; ++ BN_get_params; ++ BIO_get_ex_num; ++ BIO_set_ex_free_func; ++ EVP_ripemd160; ++ ASN1_TIME_set; ++ i2d_AUTHORITY_KEYID; ++ d2i_AUTHORITY_KEYID; ++ AUTHORITY_KEYID_new; ++ AUTHORITY_KEYID_free; ++ ASN1_seq_unpack; ++ ASN1_seq_pack; ++ ASN1_unpack_string; ++ ASN1_pack_string; ++ PKCS12_pack_safebag; ++ PKCS12_MAKE_KEYBAG; ++ PKCS8_encrypt; ++ PKCS12_MAKE_SHKEYBAG; ++ PKCS12_pack_p7data; ++ PKCS12_pack_p7encdata; ++ PKCS12_add_localkeyid; ++ PKCS12_add_friendlyname_asc; ++ PKCS12_add_friendlyname_uni; ++ PKCS12_get_friendlyname; ++ PKCS12_pbe_crypt; ++ PKCS12_decrypt_d2i; ++ PKCS12_i2d_encrypt; ++ PKCS12_init; ++ PKCS12_key_gen_asc; ++ PKCS12_key_gen_uni; ++ PKCS12_gen_mac; ++ PKCS12_verify_mac; ++ PKCS12_set_mac; ++ PKCS12_setup_mac; ++ OPENSSL_asc2uni; ++ OPENSSL_uni2asc; ++ i2d_PKCS12_BAGS; ++ PKCS12_BAGS_new; ++ d2i_PKCS12_BAGS; ++ PKCS12_BAGS_free; ++ i2d_PKCS12; ++ d2i_PKCS12; ++ PKCS12_new; ++ PKCS12_free; ++ i2d_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_new; ++ d2i_PKCS12_MAC_DATA; ++ PKCS12_MAC_DATA_free; ++ i2d_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_new; ++ d2i_PKCS12_SAFEBAG; ++ PKCS12_SAFEBAG_free; ++ ERR_load_PKCS12_strings; ++ PKCS12_PBE_add; ++ PKCS8_add_keyusage; ++ PKCS12_get_attr_gen; ++ PKCS12_parse; ++ PKCS12_create; ++ i2d_PKCS12_bio; ++ i2d_PKCS12_fp; ++ d2i_PKCS12_bio; ++ d2i_PKCS12_fp; ++ i2d_PBEPARAM; ++ PBEPARAM_new; ++ d2i_PBEPARAM; ++ PBEPARAM_free; ++ i2d_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_new; ++ d2i_PKCS8_PRIV_KEY_INFO; ++ PKCS8_PRIV_KEY_INFO_free; ++ EVP_PKCS82PKEY; ++ EVP_PKEY2PKCS8; ++ PKCS8_set_broken; ++ EVP_PBE_ALGOR_CipherInit; ++ EVP_PBE_alg_add; ++ PKCS5_pbe_set; ++ EVP_PBE_cleanup; ++ i2d_SXNET; ++ d2i_SXNET; ++ SXNET_new; ++ SXNET_free; ++ i2d_SXNETID; ++ d2i_SXNETID; ++ SXNETID_new; ++ SXNETID_free; ++ DSA_SIG_new; ++ DSA_SIG_free; ++ DSA_do_sign; ++ DSA_do_verify; ++ d2i_DSA_SIG; ++ i2d_DSA_SIG; ++ i2d_ASN1_VISIBLESTRING; ++ d2i_ASN1_VISIBLESTRING; ++ i2d_ASN1_UTF8STRING; ++ d2i_ASN1_UTF8STRING; ++ i2d_DIRECTORYSTRING; ++ d2i_DIRECTORYSTRING; ++ i2d_DISPLAYTEXT; ++ d2i_DISPLAYTEXT; ++ d2i_ASN1_SET_OF_X509; ++ i2d_ASN1_SET_OF_X509; ++ i2d_PBKDF2PARAM; ++ PBKDF2PARAM_new; ++ d2i_PBKDF2PARAM; ++ PBKDF2PARAM_free; ++ i2d_PBE2PARAM; ++ PBE2PARAM_new; ++ d2i_PBE2PARAM; ++ PBE2PARAM_free; ++ d2i_ASN1_SET_OF_GENERAL_NAME; ++ i2d_ASN1_SET_OF_GENERAL_NAME; ++ d2i_ASN1_SET_OF_SXNETID; ++ i2d_ASN1_SET_OF_SXNETID; ++ d2i_ASN1_SET_OF_POLICYQUALINFO; ++ i2d_ASN1_SET_OF_POLICYQUALINFO; ++ d2i_ASN1_SET_OF_POLICYINFO; ++ i2d_ASN1_SET_OF_POLICYINFO; ++ SXNET_add_id_asc; ++ SXNET_add_id_ulong; ++ SXNET_add_id_INTEGER; ++ SXNET_get_id_asc; ++ SXNET_get_id_ulong; ++ SXNET_get_id_INTEGER; ++ X509V3_set_conf_lhash; ++ i2d_CERTIFICATEPOLICIES; ++ CERTIFICATEPOLICIES_new; ++ CERTIFICATEPOLICIES_free; ++ d2i_CERTIFICATEPOLICIES; ++ i2d_POLICYINFO; ++ POLICYINFO_new; ++ d2i_POLICYINFO; ++ POLICYINFO_free; ++ i2d_POLICYQUALINFO; ++ POLICYQUALINFO_new; ++ d2i_POLICYQUALINFO; ++ POLICYQUALINFO_free; ++ i2d_USERNOTICE; ++ USERNOTICE_new; ++ d2i_USERNOTICE; ++ USERNOTICE_free; ++ i2d_NOTICEREF; ++ NOTICEREF_new; ++ d2i_NOTICEREF; ++ NOTICEREF_free; ++ X509V3_get_string; ++ X509V3_get_section; ++ X509V3_string_free; ++ X509V3_section_free; ++ X509V3_set_ctx; ++ s2i_ASN1_INTEGER; ++ CRYPTO_set_locked_mem_functions; ++ CRYPTO_get_locked_mem_functions; ++ CRYPTO_malloc_locked; ++ CRYPTO_free_locked; ++ BN_mod_exp2_mont; ++ ERR_get_error_line_data; ++ ERR_peek_error_line_data; ++ PKCS12_PBE_keyivgen; ++ X509_ALGOR_dup; ++ d2i_ASN1_SET_OF_DIST_POINT; ++ i2d_ASN1_SET_OF_DIST_POINT; ++ i2d_CRL_DIST_POINTS; ++ CRL_DIST_POINTS_new; ++ CRL_DIST_POINTS_free; ++ d2i_CRL_DIST_POINTS; ++ i2d_DIST_POINT; ++ DIST_POINT_new; ++ d2i_DIST_POINT; ++ DIST_POINT_free; ++ i2d_DIST_POINT_NAME; ++ DIST_POINT_NAME_new; ++ DIST_POINT_NAME_free; ++ d2i_DIST_POINT_NAME; ++ X509V3_add_value_uchar; ++ d2i_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_ASN1_TYPE; ++ d2i_ASN1_SET_OF_X509_EXTENSION; ++ d2i_ASN1_SET_OF_X509_NAME_ENTRY; ++ d2i_ASN1_SET_OF_ASN1_TYPE; ++ i2d_ASN1_SET_OF_X509_ATTRIBUTE; ++ i2d_ASN1_SET_OF_X509_EXTENSION; ++ i2d_ASN1_SET_OF_X509_NAME_ENTRY; ++ X509V3_EXT_i2d; ++ X509V3_EXT_val_prn; ++ X509V3_EXT_add_list; ++ EVP_CIPHER_type; ++ EVP_PBE_CipherInit; ++ X509V3_add_value_bool_nf; ++ d2i_ASN1_UINTEGER; ++ sk_value; ++ sk_num; ++ sk_set; ++ i2d_ASN1_SET_OF_X509_REVOKED; ++ sk_sort; ++ d2i_ASN1_SET_OF_X509_REVOKED; ++ i2d_ASN1_SET_OF_X509_ALGOR; ++ i2d_ASN1_SET_OF_X509_CRL; ++ d2i_ASN1_SET_OF_X509_ALGOR; ++ d2i_ASN1_SET_OF_X509_CRL; ++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; ++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; ++ PKCS5_PBE_add; ++ PEM_write_bio_PKCS8; ++ i2d_PKCS8_fp; ++ PEM_read_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_read_bio_P8_PRIV_KEY_INFO; ++ d2i_PKCS8_bio; ++ d2i_PKCS8_PRIV_KEY_INFO_fp; ++ PEM_write_bio_PKCS8_PRIV_KEY_INFO; ++ PEM_write_bio_P8_PRIV_KEY_INFO; ++ PEM_read_PKCS8; ++ d2i_PKCS8_PRIV_KEY_INFO_bio; ++ d2i_PKCS8_fp; ++ PEM_write_PKCS8; ++ PEM_read_PKCS8_PRIV_KEY_INFO; ++ PEM_read_P8_PRIV_KEY_INFO; ++ PEM_read_bio_PKCS8; ++ PEM_write_PKCS8_PRIV_KEY_INFO; ++ PEM_write_P8_PRIV_KEY_INFO; ++ PKCS5_PBE_keyivgen; ++ i2d_PKCS8_bio; ++ i2d_PKCS8_PRIV_KEY_INFO_fp; ++ i2d_PKCS8_PRIV_KEY_INFO_bio; ++ BIO_s_bio; ++ PKCS5_pbe2_set; ++ PKCS5_PBKDF2_HMAC_SHA1; ++ PKCS5_v2_PBE_keyivgen; ++ PEM_write_bio_PKCS8PrivateKey; ++ PEM_write_PKCS8PrivateKey; ++ BIO_ctrl_get_read_request; ++ BIO_ctrl_pending; ++ BIO_ctrl_wpending; ++ BIO_new_bio_pair; ++ BIO_ctrl_get_write_guarantee; ++ CRYPTO_num_locks; ++ CONF_load_bio; ++ CONF_load_fp; ++ i2d_ASN1_SET_OF_ASN1_OBJECT; ++ d2i_ASN1_SET_OF_ASN1_OBJECT; ++ PKCS7_signatureVerify; ++ RSA_set_method; ++ RSA_get_method; ++ RSA_get_default_method; ++ RSA_check_key; ++ OBJ_obj2txt; ++ DSA_dup_DH; ++ X509_REQ_get_extensions; ++ X509_REQ_set_extension_nids; ++ BIO_nwrite; ++ X509_REQ_extension_nid; ++ BIO_nread; ++ X509_REQ_get_extension_nids; ++ BIO_nwrite0; ++ X509_REQ_add_extensions_nid; ++ BIO_nread0; ++ X509_REQ_add_extensions; ++ BIO_new_mem_buf; ++ DH_set_ex_data; ++ DH_set_method; ++ DSA_OpenSSL; ++ DH_get_ex_data; ++ DH_get_ex_new_index; ++ DSA_new_method; ++ DH_new_method; ++ DH_OpenSSL; ++ DSA_get_ex_new_index; ++ DH_get_default_method; ++ DSA_set_ex_data; ++ DH_set_default_method; ++ DSA_get_ex_data; ++ X509V3_EXT_REQ_add_conf; ++ NETSCAPE_SPKI_print; ++ NETSCAPE_SPKI_set_pubkey; ++ NETSCAPE_SPKI_b64_encode; ++ NETSCAPE_SPKI_get_pubkey; ++ NETSCAPE_SPKI_b64_decode; ++ UTF8_putc; ++ UTF8_getc; ++ RSA_null_method; ++ ASN1_tag2str; ++ BIO_ctrl_reset_read_request; ++ DISPLAYTEXT_new; ++ ASN1_GENERALIZEDTIME_free; ++ X509_REVOKED_get_ext_d2i; ++ X509_set_ex_data; ++ X509_reject_set_bit_asc; ++ X509_NAME_add_entry_by_txt; ++ X509_NAME_add_entry_by_NID; ++ X509_PURPOSE_get0; ++ PEM_read_X509_AUX; ++ d2i_AUTHORITY_INFO_ACCESS; ++ PEM_write_PUBKEY; ++ ACCESS_DESCRIPTION_new; ++ X509_CERT_AUX_free; ++ d2i_ACCESS_DESCRIPTION; ++ X509_trust_clear; ++ X509_TRUST_add; ++ ASN1_VISIBLESTRING_new; ++ X509_alias_set1; ++ ASN1_PRINTABLESTRING_free; ++ EVP_PKEY_get1_DSA; ++ ASN1_BMPSTRING_new; ++ ASN1_mbstring_copy; ++ ASN1_UTF8STRING_new; ++ DSA_get_default_method; ++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_T61STRING_free; ++ DSA_set_method; ++ X509_get_ex_data; ++ ASN1_STRING_type; ++ X509_PURPOSE_get_by_sname; ++ ASN1_TIME_free; ++ ASN1_OCTET_STRING_cmp; ++ ASN1_BIT_STRING_new; ++ X509_get_ext_d2i; ++ PEM_read_bio_X509_AUX; ++ ASN1_STRING_set_default_mask_asc; ++ ASN1_STRING_set_def_mask_asc; ++ PEM_write_bio_RSA_PUBKEY; ++ ASN1_INTEGER_cmp; ++ d2i_RSA_PUBKEY_fp; ++ X509_trust_set_bit_asc; ++ PEM_write_bio_DSA_PUBKEY; ++ X509_STORE_CTX_free; ++ EVP_PKEY_set1_DSA; ++ i2d_DSA_PUBKEY_fp; ++ X509_load_cert_crl_file; ++ ASN1_TIME_new; ++ i2d_RSA_PUBKEY; ++ X509_STORE_CTX_purpose_inherit; ++ PEM_read_RSA_PUBKEY; ++ d2i_X509_AUX; ++ i2d_DSA_PUBKEY; ++ X509_CERT_AUX_print; ++ PEM_read_DSA_PUBKEY; ++ i2d_RSA_PUBKEY_bio; ++ ASN1_BIT_STRING_num_asc; ++ i2d_PUBKEY; ++ ASN1_UTCTIME_free; ++ DSA_set_default_method; ++ X509_PURPOSE_get_by_id; ++ ACCESS_DESCRIPTION_free; ++ PEM_read_bio_PUBKEY; ++ ASN1_STRING_set_by_NID; ++ X509_PURPOSE_get_id; ++ DISPLAYTEXT_free; ++ OTHERNAME_new; ++ X509_CERT_AUX_new; ++ X509_TRUST_cleanup; ++ X509_NAME_add_entry_by_OBJ; ++ X509_CRL_get_ext_d2i; ++ X509_PURPOSE_get0_name; ++ PEM_read_PUBKEY; ++ i2d_DSA_PUBKEY_bio; ++ i2d_OTHERNAME; ++ ASN1_OCTET_STRING_free; ++ ASN1_BIT_STRING_set_asc; ++ X509_get_ex_new_index; ++ ASN1_STRING_TABLE_cleanup; ++ X509_TRUST_get_by_id; ++ X509_PURPOSE_get_trust; ++ ASN1_STRING_length; ++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; ++ ASN1_PRINTABLESTRING_new; ++ X509V3_get_d2i; ++ ASN1_ENUMERATED_free; ++ i2d_X509_CERT_AUX; ++ X509_STORE_CTX_set_trust; ++ ASN1_STRING_set_default_mask; ++ X509_STORE_CTX_new; ++ EVP_PKEY_get1_RSA; ++ DIRECTORYSTRING_free; ++ PEM_write_X509_AUX; ++ ASN1_OCTET_STRING_set; ++ d2i_DSA_PUBKEY_fp; ++ d2i_RSA_PUBKEY; ++ X509_TRUST_get0_name; ++ X509_TRUST_get0; ++ AUTHORITY_INFO_ACCESS_free; ++ ASN1_IA5STRING_new; ++ d2i_DSA_PUBKEY; ++ X509_check_purpose; ++ ASN1_ENUMERATED_new; ++ d2i_RSA_PUBKEY_bio; ++ d2i_PUBKEY; ++ X509_TRUST_get_trust; ++ X509_TRUST_get_flags; ++ ASN1_BMPSTRING_free; ++ ASN1_T61STRING_new; ++ ASN1_UTCTIME_new; ++ i2d_AUTHORITY_INFO_ACCESS; ++ EVP_PKEY_set1_RSA; ++ X509_STORE_CTX_set_purpose; ++ ASN1_IA5STRING_free; ++ PEM_write_bio_X509_AUX; ++ X509_PURPOSE_get_count; ++ CRYPTO_add_info; ++ X509_NAME_ENTRY_create_by_txt; ++ ASN1_STRING_get_default_mask; ++ X509_alias_get0; ++ ASN1_STRING_data; ++ i2d_ACCESS_DESCRIPTION; ++ X509_trust_set_bit; ++ ASN1_BIT_STRING_free; ++ PEM_read_bio_RSA_PUBKEY; ++ X509_add1_reject_object; ++ X509_check_trust; ++ PEM_read_bio_DSA_PUBKEY; ++ X509_PURPOSE_add; ++ ASN1_STRING_TABLE_get; ++ ASN1_UTF8STRING_free; ++ d2i_DSA_PUBKEY_bio; ++ PEM_write_RSA_PUBKEY; ++ d2i_OTHERNAME; ++ X509_reject_set_bit; ++ PEM_write_DSA_PUBKEY; ++ X509_PURPOSE_get0_sname; ++ EVP_PKEY_set1_DH; ++ ASN1_OCTET_STRING_dup; ++ ASN1_BIT_STRING_set; ++ X509_TRUST_get_count; ++ ASN1_INTEGER_free; ++ OTHERNAME_free; ++ i2d_RSA_PUBKEY_fp; ++ ASN1_INTEGER_dup; ++ d2i_X509_CERT_AUX; ++ PEM_write_bio_PUBKEY; ++ ASN1_VISIBLESTRING_free; ++ X509_PURPOSE_cleanup; ++ ASN1_mbstring_ncopy; ++ ASN1_GENERALIZEDTIME_new; ++ EVP_PKEY_get1_DH; ++ ASN1_OCTET_STRING_new; ++ ASN1_INTEGER_new; ++ i2d_X509_AUX; ++ ASN1_BIT_STRING_name_print; ++ X509_cmp; ++ ASN1_STRING_length_set; ++ DIRECTORYSTRING_new; ++ X509_add1_trust_object; ++ PKCS12_newpass; ++ SMIME_write_PKCS7; ++ SMIME_read_PKCS7; ++ DES_set_key_checked; ++ PKCS7_verify; ++ PKCS7_encrypt; ++ DES_set_key_unchecked; ++ SMIME_crlf_copy; ++ i2d_ASN1_PRINTABLESTRING; ++ PKCS7_get0_signers; ++ PKCS7_decrypt; ++ SMIME_text; ++ PKCS7_simple_smimecap; ++ PKCS7_get_smimecap; ++ PKCS7_sign; ++ PKCS7_add_attrib_smimecap; ++ CRYPTO_dbg_set_options; ++ CRYPTO_remove_all_info; ++ CRYPTO_get_mem_debug_functions; ++ CRYPTO_is_mem_check_on; ++ CRYPTO_set_mem_debug_functions; ++ CRYPTO_pop_info; ++ CRYPTO_push_info_; ++ CRYPTO_set_mem_debug_options; ++ PEM_write_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivateKey_nid; ++ PEM_write_bio_PKCS8PrivKey_nid; ++ d2i_PKCS8PrivateKey_bio; ++ ASN1_NULL_free; ++ d2i_ASN1_NULL; ++ ASN1_NULL_new; ++ i2d_PKCS8PrivateKey_bio; ++ i2d_PKCS8PrivateKey_fp; ++ i2d_ASN1_NULL; ++ i2d_PKCS8PrivateKey_nid_fp; ++ d2i_PKCS8PrivateKey_fp; ++ i2d_PKCS8PrivateKey_nid_bio; ++ i2d_PKCS8PrivateKeyInfo_fp; ++ i2d_PKCS8PrivateKeyInfo_bio; ++ PEM_cb; ++ i2d_PrivateKey_fp; ++ d2i_PrivateKey_bio; ++ d2i_PrivateKey_fp; ++ i2d_PrivateKey_bio; ++ X509_reject_clear; ++ X509_TRUST_set_default; ++ d2i_AutoPrivateKey; ++ X509_ATTRIBUTE_get0_type; ++ X509_ATTRIBUTE_set1_data; ++ X509at_get_attr; ++ X509at_get_attr_count; ++ X509_ATTRIBUTE_create_by_NID; ++ X509_ATTRIBUTE_set1_object; ++ X509_ATTRIBUTE_count; ++ X509_ATTRIBUTE_create_by_OBJ; ++ X509_ATTRIBUTE_get0_object; ++ X509at_get_attr_by_NID; ++ X509at_add1_attr; ++ X509_ATTRIBUTE_get0_data; ++ X509at_delete_attr; ++ X509at_get_attr_by_OBJ; ++ RAND_add; ++ BIO_number_written; ++ BIO_number_read; ++ X509_STORE_CTX_get1_chain; ++ ERR_load_RAND_strings; ++ RAND_pseudo_bytes; ++ X509_REQ_get_attr_by_NID; ++ X509_REQ_get_attr; ++ X509_REQ_add1_attr_by_NID; ++ X509_REQ_get_attr_by_OBJ; ++ X509at_add1_attr_by_NID; ++ X509_REQ_add1_attr_by_OBJ; ++ X509_REQ_get_attr_count; ++ X509_REQ_add1_attr; ++ X509_REQ_delete_attr; ++ X509at_add1_attr_by_OBJ; ++ X509_REQ_add1_attr_by_txt; ++ X509_ATTRIBUTE_create_by_txt; ++ X509at_add1_attr_by_txt; ++ BN_pseudo_rand; ++ BN_is_prime_fasttest; ++ BN_CTX_end; ++ BN_CTX_start; ++ BN_CTX_get; ++ EVP_PKEY2PKCS8_broken; ++ ASN1_STRING_TABLE_add; ++ CRYPTO_dbg_get_options; ++ AUTHORITY_INFO_ACCESS_new; ++ CRYPTO_get_mem_debug_options; ++ DES_crypt; ++ PEM_write_bio_X509_REQ_NEW; ++ PEM_write_X509_REQ_NEW; ++ BIO_callback_ctrl; ++ RAND_egd; ++ RAND_status; ++ bn_dump1; ++ DES_check_key_parity; ++ lh_num_items; ++ RAND_event; ++ DSO_new; ++ DSO_new_method; ++ DSO_free; ++ DSO_flags; ++ DSO_up; ++ DSO_set_default_method; ++ DSO_get_default_method; ++ DSO_get_method; ++ DSO_set_method; ++ DSO_load; ++ DSO_bind_var; ++ DSO_METHOD_null; ++ DSO_METHOD_openssl; ++ DSO_METHOD_dlfcn; ++ DSO_METHOD_win32; ++ ERR_load_DSO_strings; ++ DSO_METHOD_dl; ++ NCONF_load; ++ NCONF_load_fp; ++ NCONF_new; ++ NCONF_get_string; ++ NCONF_free; ++ NCONF_get_number; ++ CONF_dump_fp; ++ NCONF_load_bio; ++ NCONF_dump_fp; ++ NCONF_get_section; ++ NCONF_dump_bio; ++ CONF_dump_bio; ++ NCONF_free_data; ++ CONF_set_default_method; ++ ERR_error_string_n; ++ BIO_snprintf; ++ DSO_ctrl; ++ i2d_ASN1_SET_OF_ASN1_INTEGER; ++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; ++ i2d_ASN1_SET_OF_PKCS7; ++ BIO_vfree; ++ d2i_ASN1_SET_OF_ASN1_INTEGER; ++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; ++ ASN1_UTCTIME_get; ++ X509_REQ_digest; ++ X509_CRL_digest; ++ d2i_ASN1_SET_OF_PKCS7; ++ EVP_CIPHER_CTX_set_key_length; ++ EVP_CIPHER_CTX_ctrl; ++ BN_mod_exp_mont_word; ++ RAND_egd_bytes; ++ X509_REQ_get1_email; ++ X509_get1_email; ++ X509_email_free; ++ i2d_RSA_NET; ++ d2i_RSA_NET_2; ++ d2i_RSA_NET; ++ DSO_bind_func; ++ CRYPTO_get_new_dynlockid; ++ sk_new_null; ++ CRYPTO_set_dynlock_destroy_callback; ++ CRYPTO_set_dynlock_destroy_cb; ++ CRYPTO_destroy_dynlockid; ++ CRYPTO_set_dynlock_size; ++ CRYPTO_set_dynlock_create_callback; ++ CRYPTO_set_dynlock_create_cb; ++ CRYPTO_set_dynlock_lock_callback; ++ CRYPTO_set_dynlock_lock_cb; ++ CRYPTO_get_dynlock_lock_callback; ++ CRYPTO_get_dynlock_lock_cb; ++ CRYPTO_get_dynlock_destroy_callback; ++ CRYPTO_get_dynlock_destroy_cb; ++ CRYPTO_get_dynlock_value; ++ CRYPTO_get_dynlock_create_callback; ++ CRYPTO_get_dynlock_create_cb; ++ c2i_ASN1_BIT_STRING; ++ i2c_ASN1_BIT_STRING; ++ RAND_poll; ++ c2i_ASN1_INTEGER; ++ i2c_ASN1_INTEGER; ++ BIO_dump_indent; ++ ASN1_parse_dump; ++ c2i_ASN1_OBJECT; ++ X509_NAME_print_ex_fp; ++ ASN1_STRING_print_ex_fp; ++ X509_NAME_print_ex; ++ ASN1_STRING_print_ex; ++ MD4; ++ MD4_Transform; ++ MD4_Final; ++ MD4_Update; ++ MD4_Init; ++ EVP_md4; ++ i2d_PUBKEY_bio; ++ i2d_PUBKEY_fp; ++ d2i_PUBKEY_bio; ++ ASN1_STRING_to_UTF8; ++ BIO_vprintf; ++ BIO_vsnprintf; ++ d2i_PUBKEY_fp; ++ X509_cmp_time; ++ X509_STORE_CTX_set_time; ++ X509_STORE_CTX_get1_issuer; ++ X509_OBJECT_retrieve_match; ++ X509_OBJECT_idx_by_subject; ++ X509_STORE_CTX_set_flags; ++ X509_STORE_CTX_trusted_stack; ++ X509_time_adj; ++ X509_check_issued; ++ ASN1_UTCTIME_cmp_time_t; ++ DES_set_weak_key_flag; ++ DES_check_key; ++ DES_rw_mode; ++ RSA_PKCS1_RSAref; ++ X509_keyid_set1; ++ BIO_next; ++ DSO_METHOD_vms; ++ BIO_f_linebuffer; ++ BN_bntest_rand; ++ OPENSSL_issetugid; ++ BN_rand_range; ++ ERR_load_ENGINE_strings; ++ ENGINE_set_DSA; ++ ENGINE_get_finish_function; ++ ENGINE_get_default_RSA; ++ ENGINE_get_BN_mod_exp; ++ DSA_get_default_openssl_method; ++ ENGINE_set_DH; ++ ENGINE_set_def_BN_mod_exp_crt; ++ ENGINE_set_default_BN_mod_exp_crt; ++ ENGINE_init; ++ DH_get_default_openssl_method; ++ RSA_set_default_openssl_method; ++ ENGINE_finish; ++ ENGINE_load_public_key; ++ ENGINE_get_DH; ++ ENGINE_ctrl; ++ ENGINE_get_init_function; ++ ENGINE_set_init_function; ++ ENGINE_set_default_DSA; ++ ENGINE_get_name; ++ ENGINE_get_last; ++ ENGINE_get_prev; ++ ENGINE_get_default_DH; ++ ENGINE_get_RSA; ++ ENGINE_set_default; ++ ENGINE_get_RAND; ++ ENGINE_get_first; ++ ENGINE_by_id; ++ ENGINE_set_finish_function; ++ ENGINE_get_def_BN_mod_exp_crt; ++ ENGINE_get_default_BN_mod_exp_crt; ++ RSA_get_default_openssl_method; ++ ENGINE_set_RSA; ++ ENGINE_load_private_key; ++ ENGINE_set_default_RAND; ++ ENGINE_set_BN_mod_exp; ++ ENGINE_remove; ++ ENGINE_free; ++ ENGINE_get_BN_mod_exp_crt; ++ ENGINE_get_next; ++ ENGINE_set_name; ++ ENGINE_get_default_DSA; ++ ENGINE_set_default_BN_mod_exp; ++ ENGINE_set_default_RSA; ++ ENGINE_get_default_RAND; ++ ENGINE_get_default_BN_mod_exp; ++ ENGINE_set_RAND; ++ ENGINE_set_id; ++ ENGINE_set_BN_mod_exp_crt; ++ ENGINE_set_default_DH; ++ ENGINE_new; ++ ENGINE_get_id; ++ DSA_set_default_openssl_method; ++ ENGINE_add; ++ DH_set_default_openssl_method; ++ ENGINE_get_DSA; ++ ENGINE_get_ctrl_function; ++ ENGINE_set_ctrl_function; ++ BN_pseudo_rand_range; ++ X509_STORE_CTX_set_verify_cb; ++ ERR_load_COMP_strings; ++ PKCS12_item_decrypt_d2i; ++ ASN1_UTF8STRING_it; ++ ENGINE_unregister_ciphers; ++ ENGINE_get_ciphers; ++ d2i_OCSP_BASICRESP; ++ KRB5_CHECKSUM_it; ++ EC_POINT_add; ++ ASN1_item_ex_i2d; ++ OCSP_CERTID_it; ++ d2i_OCSP_RESPBYTES; ++ X509V3_add1_i2d; ++ PKCS7_ENVELOPE_it; ++ UI_add_input_boolean; ++ ENGINE_unregister_RSA; ++ X509V3_EXT_nconf; ++ ASN1_GENERALSTRING_free; ++ d2i_OCSP_CERTSTATUS; ++ X509_REVOKED_set_serialNumber; ++ X509_print_ex; ++ OCSP_ONEREQ_get1_ext_d2i; ++ ENGINE_register_all_RAND; ++ ENGINE_load_dynamic; ++ PBKDF2PARAM_it; ++ EXTENDED_KEY_USAGE_new; ++ EC_GROUP_clear_free; ++ OCSP_sendreq_bio; ++ ASN1_item_digest; ++ OCSP_BASICRESP_delete_ext; ++ OCSP_SIGNATURE_it; ++ X509_CRL_it; ++ OCSP_BASICRESP_add_ext; ++ KRB5_ENCKEY_it; ++ UI_method_set_closer; ++ X509_STORE_set_purpose; ++ i2d_ASN1_GENERALSTRING; ++ OCSP_response_status; ++ i2d_OCSP_SERVICELOC; ++ ENGINE_get_digest_engine; ++ EC_GROUP_set_curve_GFp; ++ OCSP_REQUEST_get_ext_by_OBJ; ++ _ossl_old_des_random_key; ++ ASN1_T61STRING_it; ++ EC_GROUP_method_of; ++ i2d_KRB5_APREQ; ++ _ossl_old_des_encrypt; ++ ASN1_PRINTABLE_new; ++ HMAC_Init_ex; ++ d2i_KRB5_AUTHENT; ++ OCSP_archive_cutoff_new; ++ EC_POINT_set_Jprojective_coordinates_GFp; ++ EC_POINT_set_Jproj_coords_GFp; ++ _ossl_old_des_is_weak_key; ++ OCSP_BASICRESP_get_ext_by_OBJ; ++ EC_POINT_oct2point; ++ OCSP_SINGLERESP_get_ext_count; ++ UI_ctrl; ++ _shadow_DES_rw_mode; ++ asn1_do_adb; ++ ASN1_template_i2d; ++ ENGINE_register_DH; ++ UI_construct_prompt; ++ X509_STORE_set_trust; ++ UI_dup_input_string; ++ d2i_KRB5_APREQ; ++ EVP_MD_CTX_copy_ex; ++ OCSP_request_is_signed; ++ i2d_OCSP_REQINFO; ++ KRB5_ENCKEY_free; ++ OCSP_resp_get0; ++ GENERAL_NAME_it; ++ ASN1_GENERALIZEDTIME_it; ++ X509_STORE_set_flags; ++ EC_POINT_set_compressed_coordinates_GFp; ++ EC_POINT_set_compr_coords_GFp; ++ OCSP_response_status_str; ++ d2i_OCSP_REVOKEDINFO; ++ OCSP_basic_add1_cert; ++ ERR_get_implementation; ++ EVP_CipherFinal_ex; ++ OCSP_CERTSTATUS_new; ++ CRYPTO_cleanup_all_ex_data; ++ OCSP_resp_find; ++ BN_nnmod; ++ X509_CRL_sort; ++ X509_REVOKED_set_revocationDate; ++ ENGINE_register_RAND; ++ OCSP_SERVICELOC_new; ++ EC_POINT_set_affine_coordinates_GFp; ++ EC_POINT_set_affine_coords_GFp; ++ _ossl_old_des_options; ++ SXNET_it; ++ UI_dup_input_boolean; ++ PKCS12_add_CSPName_asc; ++ EC_POINT_is_at_infinity; ++ ENGINE_load_cryptodev; ++ DSO_convert_filename; ++ POLICYQUALINFO_it; ++ ENGINE_register_ciphers; ++ BN_mod_lshift_quick; ++ DSO_set_filename; ++ ASN1_item_free; ++ KRB5_TKTBODY_free; ++ AUTHORITY_KEYID_it; ++ KRB5_APREQBODY_new; ++ X509V3_EXT_REQ_add_nconf; ++ ENGINE_ctrl_cmd_string; ++ i2d_OCSP_RESPDATA; ++ EVP_MD_CTX_init; ++ EXTENDED_KEY_USAGE_free; ++ PKCS7_ATTR_SIGN_it; ++ UI_add_error_string; ++ KRB5_CHECKSUM_free; ++ OCSP_REQUEST_get_ext; ++ ENGINE_load_ubsec; ++ ENGINE_register_all_digests; ++ PKEY_USAGE_PERIOD_it; ++ PKCS12_unpack_authsafes; ++ ASN1_item_unpack; ++ NETSCAPE_SPKAC_it; ++ X509_REVOKED_it; ++ ASN1_STRING_encode; ++ EVP_aes_128_ecb; ++ KRB5_AUTHENT_free; ++ OCSP_BASICRESP_get_ext_by_critical; ++ OCSP_BASICRESP_get_ext_by_crit; ++ OCSP_cert_status_str; ++ d2i_OCSP_REQUEST; ++ UI_dup_info_string; ++ _ossl_old_des_xwhite_in2out; ++ PKCS12_it; ++ OCSP_SINGLERESP_get_ext_by_critical; ++ OCSP_SINGLERESP_get_ext_by_crit; ++ OCSP_CERTSTATUS_free; ++ _ossl_old_des_crypt; ++ ASN1_item_i2d; ++ EVP_DecryptFinal_ex; ++ ENGINE_load_openssl; ++ ENGINE_get_cmd_defns; ++ ENGINE_set_load_privkey_function; ++ ENGINE_set_load_privkey_fn; ++ EVP_EncryptFinal_ex; ++ ENGINE_set_default_digests; ++ X509_get0_pubkey_bitstr; ++ asn1_ex_i2c; ++ ENGINE_register_RSA; ++ ENGINE_unregister_DSA; ++ _ossl_old_des_key_sched; ++ X509_EXTENSION_it; ++ i2d_KRB5_AUTHENT; ++ SXNETID_it; ++ d2i_OCSP_SINGLERESP; ++ EDIPARTYNAME_new; ++ PKCS12_certbag2x509; ++ _ossl_old_des_ofb64_encrypt; ++ d2i_EXTENDED_KEY_USAGE; ++ ERR_print_errors_cb; ++ ENGINE_set_ciphers; ++ d2i_KRB5_APREQBODY; ++ UI_method_get_flusher; ++ X509_PUBKEY_it; ++ _ossl_old_des_enc_read; ++ PKCS7_ENCRYPT_it; ++ i2d_OCSP_RESPONSE; ++ EC_GROUP_get_cofactor; ++ PKCS12_unpack_p7data; ++ d2i_KRB5_AUTHDATA; ++ OCSP_copy_nonce; ++ KRB5_AUTHDATA_new; ++ OCSP_RESPDATA_new; ++ EC_GFp_mont_method; ++ OCSP_REVOKEDINFO_free; ++ UI_get_ex_data; ++ KRB5_APREQBODY_free; ++ EC_GROUP_get0_generator; ++ UI_get_default_method; ++ X509V3_set_nconf; ++ PKCS12_item_i2d_encrypt; ++ X509_add1_ext_i2d; ++ PKCS7_SIGNER_INFO_it; ++ KRB5_PRINCNAME_new; ++ PKCS12_SAFEBAG_it; ++ EC_GROUP_get_order; ++ d2i_OCSP_RESPID; ++ OCSP_request_verify; ++ NCONF_get_number_e; ++ _ossl_old_des_decrypt3; ++ X509_signature_print; ++ OCSP_SINGLERESP_free; ++ ENGINE_load_builtin_engines; ++ i2d_OCSP_ONEREQ; ++ OCSP_REQUEST_add_ext; ++ OCSP_RESPBYTES_new; ++ EVP_MD_CTX_create; ++ OCSP_resp_find_status; ++ X509_ALGOR_it; ++ ASN1_TIME_it; ++ OCSP_request_set1_name; ++ OCSP_ONEREQ_get_ext_count; ++ UI_get0_result; ++ PKCS12_AUTHSAFES_it; ++ EVP_aes_256_ecb; ++ PKCS12_pack_authsafes; ++ ASN1_IA5STRING_it; ++ UI_get_input_flags; ++ EC_GROUP_set_generator; ++ _ossl_old_des_string_to_2keys; ++ OCSP_CERTID_free; ++ X509_CERT_AUX_it; ++ CERTIFICATEPOLICIES_it; ++ _ossl_old_des_ede3_cbc_encrypt; ++ RAND_set_rand_engine; ++ DSO_get_loaded_filename; ++ X509_ATTRIBUTE_it; ++ OCSP_ONEREQ_get_ext_by_NID; ++ PKCS12_decrypt_skey; ++ KRB5_AUTHENT_it; ++ UI_dup_error_string; ++ RSAPublicKey_it; ++ i2d_OCSP_REQUEST; ++ PKCS12_x509crl2certbag; ++ OCSP_SERVICELOC_it; ++ ASN1_item_sign; ++ X509_CRL_set_issuer_name; ++ OBJ_NAME_do_all_sorted; ++ i2d_OCSP_BASICRESP; ++ i2d_OCSP_RESPBYTES; ++ PKCS12_unpack_p7encdata; ++ HMAC_CTX_init; ++ ENGINE_get_digest; ++ OCSP_RESPONSE_print; ++ KRB5_TKTBODY_it; ++ ACCESS_DESCRIPTION_it; ++ PKCS7_ISSUER_AND_SERIAL_it; ++ PBE2PARAM_it; ++ PKCS12_certbag2x509crl; ++ PKCS7_SIGNED_it; ++ ENGINE_get_cipher; ++ i2d_OCSP_CRLID; ++ OCSP_SINGLERESP_new; ++ ENGINE_cmd_is_executable; ++ RSA_up_ref; ++ ASN1_GENERALSTRING_it; ++ ENGINE_register_DSA; ++ X509V3_EXT_add_nconf_sk; ++ ENGINE_set_load_pubkey_function; ++ PKCS8_decrypt; ++ PEM_bytes_read_bio; ++ DIRECTORYSTRING_it; ++ d2i_OCSP_CRLID; ++ EC_POINT_is_on_curve; ++ CRYPTO_set_locked_mem_ex_functions; ++ CRYPTO_set_locked_mem_ex_funcs; ++ d2i_KRB5_CHECKSUM; ++ ASN1_item_dup; ++ X509_it; ++ BN_mod_add; ++ KRB5_AUTHDATA_free; ++ _ossl_old_des_cbc_cksum; ++ ASN1_item_verify; ++ CRYPTO_set_mem_ex_functions; ++ EC_POINT_get_Jprojective_coordinates_GFp; ++ EC_POINT_get_Jproj_coords_GFp; ++ ZLONG_it; ++ CRYPTO_get_locked_mem_ex_functions; ++ CRYPTO_get_locked_mem_ex_funcs; ++ ASN1_TIME_check; ++ UI_get0_user_data; ++ HMAC_CTX_cleanup; ++ DSA_up_ref; ++ _ossl_old_des_ede3_cfb64_encrypt; ++ _ossl_odes_ede3_cfb64_encrypt; ++ ASN1_BMPSTRING_it; ++ ASN1_tag2bit; ++ UI_method_set_flusher; ++ X509_ocspid_print; ++ KRB5_ENCDATA_it; ++ ENGINE_get_load_pubkey_function; ++ UI_add_user_data; ++ OCSP_REQUEST_delete_ext; ++ UI_get_method; ++ OCSP_ONEREQ_free; ++ ASN1_PRINTABLESTRING_it; ++ X509_CRL_set_nextUpdate; ++ OCSP_REQUEST_it; ++ OCSP_BASICRESP_it; ++ AES_ecb_encrypt; ++ BN_mod_sqr; ++ NETSCAPE_CERT_SEQUENCE_it; ++ GENERAL_NAMES_it; ++ AUTHORITY_INFO_ACCESS_it; ++ ASN1_FBOOLEAN_it; ++ UI_set_ex_data; ++ _ossl_old_des_string_to_key; ++ ENGINE_register_all_RSA; ++ d2i_KRB5_PRINCNAME; ++ OCSP_RESPBYTES_it; ++ X509_CINF_it; ++ ENGINE_unregister_digests; ++ d2i_EDIPARTYNAME; ++ d2i_OCSP_SERVICELOC; ++ ENGINE_get_digests; ++ _ossl_old_des_set_odd_parity; ++ OCSP_RESPDATA_free; ++ d2i_KRB5_TICKET; ++ OTHERNAME_it; ++ EVP_MD_CTX_cleanup; ++ d2i_ASN1_GENERALSTRING; ++ X509_CRL_set_version; ++ BN_mod_sub; ++ OCSP_SINGLERESP_get_ext_by_NID; ++ ENGINE_get_ex_new_index; ++ OCSP_REQUEST_free; ++ OCSP_REQUEST_add1_ext_i2d; ++ X509_VAL_it; ++ EC_POINTs_make_affine; ++ EC_POINT_mul; ++ X509V3_EXT_add_nconf; ++ X509_TRUST_set; ++ X509_CRL_add1_ext_i2d; ++ _ossl_old_des_fcrypt; ++ DISPLAYTEXT_it; ++ X509_CRL_set_lastUpdate; ++ OCSP_BASICRESP_free; ++ OCSP_BASICRESP_add1_ext_i2d; ++ d2i_KRB5_AUTHENTBODY; ++ CRYPTO_set_ex_data_implementation; ++ CRYPTO_set_ex_data_impl; ++ KRB5_ENCDATA_new; ++ DSO_up_ref; ++ OCSP_crl_reason_str; ++ UI_get0_result_string; ++ ASN1_GENERALSTRING_new; ++ X509_SIG_it; ++ ERR_set_implementation; ++ ERR_load_EC_strings; ++ UI_get0_action_string; ++ OCSP_ONEREQ_get_ext; ++ EC_POINT_method_of; ++ i2d_KRB5_APREQBODY; ++ _ossl_old_des_ecb3_encrypt; ++ CRYPTO_get_mem_ex_functions; ++ ENGINE_get_ex_data; ++ UI_destroy_method; ++ ASN1_item_i2d_bio; ++ OCSP_ONEREQ_get_ext_by_OBJ; ++ ASN1_primitive_new; ++ ASN1_PRINTABLE_it; ++ EVP_aes_192_ecb; ++ OCSP_SIGNATURE_new; ++ LONG_it; ++ ASN1_VISIBLESTRING_it; ++ OCSP_SINGLERESP_add1_ext_i2d; ++ d2i_OCSP_CERTID; ++ ASN1_item_d2i_fp; ++ CRL_DIST_POINTS_it; ++ GENERAL_NAME_print; ++ OCSP_SINGLERESP_delete_ext; ++ PKCS12_SAFEBAGS_it; ++ d2i_OCSP_SIGNATURE; ++ OCSP_request_add1_nonce; ++ ENGINE_set_cmd_defns; ++ OCSP_SERVICELOC_free; ++ EC_GROUP_free; ++ ASN1_BIT_STRING_it; ++ X509_REQ_it; ++ _ossl_old_des_cbc_encrypt; ++ ERR_unload_strings; ++ PKCS7_SIGN_ENVELOPE_it; ++ EDIPARTYNAME_free; ++ OCSP_REQINFO_free; ++ EC_GROUP_new_curve_GFp; ++ OCSP_REQUEST_get1_ext_d2i; ++ PKCS12_item_pack_safebag; ++ asn1_ex_c2i; ++ ENGINE_register_digests; ++ i2d_OCSP_REVOKEDINFO; ++ asn1_enc_restore; ++ UI_free; ++ UI_new_method; ++ EVP_EncryptInit_ex; ++ X509_pubkey_digest; ++ EC_POINT_invert; ++ OCSP_basic_sign; ++ i2d_OCSP_RESPID; ++ OCSP_check_nonce; ++ ENGINE_ctrl_cmd; ++ d2i_KRB5_ENCKEY; ++ OCSP_parse_url; ++ OCSP_SINGLERESP_get_ext; ++ OCSP_CRLID_free; ++ OCSP_BASICRESP_get1_ext_d2i; ++ RSAPrivateKey_it; ++ ENGINE_register_all_DH; ++ i2d_EDIPARTYNAME; ++ EC_POINT_get_affine_coordinates_GFp; ++ EC_POINT_get_affine_coords_GFp; ++ OCSP_CRLID_new; ++ ENGINE_get_flags; ++ OCSP_ONEREQ_it; ++ UI_process; ++ ASN1_INTEGER_it; ++ EVP_CipherInit_ex; ++ UI_get_string_type; ++ ENGINE_unregister_DH; ++ ENGINE_register_all_DSA; ++ OCSP_ONEREQ_get_ext_by_critical; ++ bn_dup_expand; ++ OCSP_cert_id_new; ++ BASIC_CONSTRAINTS_it; ++ BN_mod_add_quick; ++ EC_POINT_new; ++ EVP_MD_CTX_destroy; ++ OCSP_RESPBYTES_free; ++ EVP_aes_128_cbc; ++ OCSP_SINGLERESP_get1_ext_d2i; ++ EC_POINT_free; ++ DH_up_ref; ++ X509_NAME_ENTRY_it; ++ UI_get_ex_new_index; ++ BN_mod_sub_quick; ++ OCSP_ONEREQ_add_ext; ++ OCSP_request_sign; ++ EVP_DigestFinal_ex; ++ ENGINE_set_digests; ++ OCSP_id_issuer_cmp; ++ OBJ_NAME_do_all; ++ EC_POINTs_mul; ++ ENGINE_register_complete; ++ X509V3_EXT_nconf_nid; ++ ASN1_SEQUENCE_it; ++ UI_set_default_method; ++ RAND_query_egd_bytes; ++ UI_method_get_writer; ++ UI_OpenSSL; ++ PEM_def_callback; ++ ENGINE_cleanup; ++ DIST_POINT_it; ++ OCSP_SINGLERESP_it; ++ d2i_KRB5_TKTBODY; ++ EC_POINT_cmp; ++ OCSP_REVOKEDINFO_new; ++ i2d_OCSP_CERTSTATUS; ++ OCSP_basic_add1_nonce; ++ ASN1_item_ex_d2i; ++ BN_mod_lshift1_quick; ++ UI_set_method; ++ OCSP_id_get0_info; ++ BN_mod_sqrt; ++ EC_GROUP_copy; ++ KRB5_ENCDATA_free; ++ _ossl_old_des_cfb_encrypt; ++ OCSP_SINGLERESP_get_ext_by_OBJ; ++ OCSP_cert_to_id; ++ OCSP_RESPID_new; ++ OCSP_RESPDATA_it; ++ d2i_OCSP_RESPDATA; ++ ENGINE_register_all_complete; ++ OCSP_check_validity; ++ PKCS12_BAGS_it; ++ OCSP_url_svcloc_new; ++ ASN1_template_free; ++ OCSP_SINGLERESP_add_ext; ++ KRB5_AUTHENTBODY_it; ++ X509_supported_extension; ++ i2d_KRB5_AUTHDATA; ++ UI_method_get_opener; ++ ENGINE_set_ex_data; ++ OCSP_REQUEST_print; ++ CBIGNUM_it; ++ KRB5_TICKET_new; ++ KRB5_APREQ_new; ++ EC_GROUP_get_curve_GFp; ++ KRB5_ENCKEY_new; ++ ASN1_template_d2i; ++ _ossl_old_des_quad_cksum; ++ OCSP_single_get0_status; ++ BN_swap; ++ POLICYINFO_it; ++ ENGINE_set_destroy_function; ++ asn1_enc_free; ++ OCSP_RESPID_it; ++ EC_GROUP_new; ++ EVP_aes_256_cbc; ++ i2d_KRB5_PRINCNAME; ++ _ossl_old_des_encrypt2; ++ _ossl_old_des_encrypt3; ++ PKCS8_PRIV_KEY_INFO_it; ++ OCSP_REQINFO_it; ++ PBEPARAM_it; ++ KRB5_AUTHENTBODY_new; ++ X509_CRL_add0_revoked; ++ EDIPARTYNAME_it; ++ NETSCAPE_SPKI_it; ++ UI_get0_test_string; ++ ENGINE_get_cipher_engine; ++ ENGINE_register_all_ciphers; ++ EC_POINT_copy; ++ BN_kronecker; ++ _ossl_old_des_ede3_ofb64_encrypt; ++ _ossl_odes_ede3_ofb64_encrypt; ++ UI_method_get_reader; ++ OCSP_BASICRESP_get_ext_count; ++ ASN1_ENUMERATED_it; ++ UI_set_result; ++ i2d_KRB5_TICKET; ++ X509_print_ex_fp; ++ EVP_CIPHER_CTX_set_padding; ++ d2i_OCSP_RESPONSE; ++ ASN1_UTCTIME_it; ++ _ossl_old_des_enc_write; ++ OCSP_RESPONSE_new; ++ AES_set_encrypt_key; ++ OCSP_resp_count; ++ KRB5_CHECKSUM_new; ++ ENGINE_load_cswift; ++ OCSP_onereq_get0_id; ++ ENGINE_set_default_ciphers; ++ NOTICEREF_it; ++ X509V3_EXT_CRL_add_nconf; ++ OCSP_REVOKEDINFO_it; ++ AES_encrypt; ++ OCSP_REQUEST_new; ++ ASN1_ANY_it; ++ CRYPTO_ex_data_new_class; ++ _ossl_old_des_ncbc_encrypt; ++ i2d_KRB5_TKTBODY; ++ EC_POINT_clear_free; ++ AES_decrypt; ++ asn1_enc_init; ++ UI_get_result_maxsize; ++ OCSP_CERTID_new; ++ ENGINE_unregister_RAND; ++ UI_method_get_closer; ++ d2i_KRB5_ENCDATA; ++ OCSP_request_onereq_count; ++ OCSP_basic_verify; ++ KRB5_AUTHENTBODY_free; ++ ASN1_item_d2i; ++ ASN1_primitive_free; ++ i2d_EXTENDED_KEY_USAGE; ++ i2d_OCSP_SIGNATURE; ++ asn1_enc_save; ++ ENGINE_load_nuron; ++ _ossl_old_des_pcbc_encrypt; ++ PKCS12_MAC_DATA_it; ++ OCSP_accept_responses_new; ++ asn1_do_lock; ++ PKCS7_ATTR_VERIFY_it; ++ KRB5_APREQBODY_it; ++ i2d_OCSP_SINGLERESP; ++ ASN1_item_ex_new; ++ UI_add_verify_string; ++ _ossl_old_des_set_key; ++ KRB5_PRINCNAME_it; ++ EVP_DecryptInit_ex; ++ i2d_OCSP_CERTID; ++ ASN1_item_d2i_bio; ++ EC_POINT_dbl; ++ asn1_get_choice_selector; ++ i2d_KRB5_CHECKSUM; ++ ENGINE_set_table_flags; ++ AES_options; ++ ENGINE_load_chil; ++ OCSP_id_cmp; ++ OCSP_BASICRESP_new; ++ OCSP_REQUEST_get_ext_by_NID; ++ KRB5_APREQ_it; ++ ENGINE_get_destroy_function; ++ CONF_set_nconf; ++ ASN1_PRINTABLE_free; ++ OCSP_BASICRESP_get_ext_by_NID; ++ DIST_POINT_NAME_it; ++ X509V3_extensions_print; ++ _ossl_old_des_cfb64_encrypt; ++ X509_REVOKED_add1_ext_i2d; ++ _ossl_old_des_ofb_encrypt; ++ KRB5_TKTBODY_new; ++ ASN1_OCTET_STRING_it; ++ ERR_load_UI_strings; ++ i2d_KRB5_ENCKEY; ++ ASN1_template_new; ++ OCSP_SIGNATURE_free; ++ ASN1_item_i2d_fp; ++ KRB5_PRINCNAME_free; ++ PKCS7_RECIP_INFO_it; ++ EXTENDED_KEY_USAGE_it; ++ EC_GFp_simple_method; ++ EC_GROUP_precompute_mult; ++ OCSP_request_onereq_get0; ++ UI_method_set_writer; ++ KRB5_AUTHENT_new; ++ X509_CRL_INFO_it; ++ DSO_set_name_converter; ++ AES_set_decrypt_key; ++ PKCS7_DIGEST_it; ++ PKCS12_x5092certbag; ++ EVP_DigestInit_ex; ++ i2a_ACCESS_DESCRIPTION; ++ OCSP_RESPONSE_it; ++ PKCS7_ENC_CONTENT_it; ++ OCSP_request_add0_id; ++ EC_POINT_make_affine; ++ DSO_get_filename; ++ OCSP_CERTSTATUS_it; ++ OCSP_request_add1_cert; ++ UI_get0_output_string; ++ UI_dup_verify_string; ++ BN_mod_lshift; ++ KRB5_AUTHDATA_it; ++ asn1_set_choice_selector; ++ OCSP_basic_add1_status; ++ OCSP_RESPID_free; ++ asn1_get_field_ptr; ++ UI_add_input_string; ++ OCSP_CRLID_it; ++ i2d_KRB5_AUTHENTBODY; ++ OCSP_REQUEST_get_ext_count; ++ ENGINE_load_atalla; ++ X509_NAME_it; ++ USERNOTICE_it; ++ OCSP_REQINFO_new; ++ OCSP_BASICRESP_get_ext; ++ CRYPTO_get_ex_data_implementation; ++ CRYPTO_get_ex_data_impl; ++ ASN1_item_pack; ++ i2d_KRB5_ENCDATA; ++ X509_PURPOSE_set; ++ X509_REQ_INFO_it; ++ UI_method_set_opener; ++ ASN1_item_ex_free; ++ ASN1_BOOLEAN_it; ++ ENGINE_get_table_flags; ++ UI_create_method; ++ OCSP_ONEREQ_add1_ext_i2d; ++ _shadow_DES_check_key; ++ d2i_OCSP_REQINFO; ++ UI_add_info_string; ++ UI_get_result_minsize; ++ ASN1_NULL_it; ++ BN_mod_lshift1; ++ d2i_OCSP_ONEREQ; ++ OCSP_ONEREQ_new; ++ KRB5_TICKET_it; ++ EVP_aes_192_cbc; ++ KRB5_TICKET_free; ++ UI_new; ++ OCSP_response_create; ++ _ossl_old_des_xcbc_encrypt; ++ PKCS7_it; ++ OCSP_REQUEST_get_ext_by_critical; ++ OCSP_REQUEST_get_ext_by_crit; ++ ENGINE_set_flags; ++ _ossl_old_des_ecb_encrypt; ++ OCSP_response_get1_basic; ++ EVP_Digest; ++ OCSP_ONEREQ_delete_ext; ++ ASN1_TBOOLEAN_it; ++ ASN1_item_new; ++ ASN1_TIME_to_generalizedtime; ++ BIGNUM_it; ++ AES_cbc_encrypt; ++ ENGINE_get_load_privkey_function; ++ ENGINE_get_load_privkey_fn; ++ OCSP_RESPONSE_free; ++ UI_method_set_reader; ++ i2d_ASN1_T61STRING; ++ EC_POINT_set_to_infinity; ++ ERR_load_OCSP_strings; ++ EC_POINT_point2oct; ++ KRB5_APREQ_free; ++ ASN1_OBJECT_it; ++ OCSP_crlID_new; ++ OCSP_crlID2_new; ++ CONF_modules_load_file; ++ CONF_imodule_set_usr_data; ++ ENGINE_set_default_string; ++ CONF_module_get_usr_data; ++ ASN1_add_oid_module; ++ CONF_modules_finish; ++ OPENSSL_config; ++ CONF_modules_unload; ++ CONF_imodule_get_value; ++ CONF_module_set_usr_data; ++ CONF_parse_list; ++ CONF_module_add; ++ CONF_get1_default_config_file; ++ CONF_imodule_get_flags; ++ CONF_imodule_get_module; ++ CONF_modules_load; ++ CONF_imodule_get_name; ++ ERR_peek_top_error; ++ CONF_imodule_get_usr_data; ++ CONF_imodule_set_flags; ++ ENGINE_add_conf_module; ++ ERR_peek_last_error_line; ++ ERR_peek_last_error_line_data; ++ ERR_peek_last_error; ++ DES_read_2passwords; ++ DES_read_password; ++ UI_UTIL_read_pw; ++ UI_UTIL_read_pw_string; ++ ENGINE_load_aep; ++ ENGINE_load_sureware; ++ OPENSSL_add_all_algorithms_noconf; ++ OPENSSL_add_all_algo_noconf; ++ OPENSSL_add_all_algorithms_conf; ++ OPENSSL_add_all_algo_conf; ++ OPENSSL_load_builtin_modules; ++ AES_ofb128_encrypt; ++ AES_ctr128_encrypt; ++ AES_cfb128_encrypt; ++ ENGINE_load_4758cca; ++ _ossl_096_des_random_seed; ++ EVP_aes_256_ofb; ++ EVP_aes_192_ofb; ++ EVP_aes_128_cfb128; ++ EVP_aes_256_cfb128; ++ EVP_aes_128_ofb; ++ EVP_aes_192_cfb128; ++ CONF_modules_free; ++ NCONF_default; ++ OPENSSL_no_config; ++ NCONF_WIN32; ++ ASN1_UNIVERSALSTRING_new; ++ EVP_des_ede_ecb; ++ i2d_ASN1_UNIVERSALSTRING; ++ ASN1_UNIVERSALSTRING_free; ++ ASN1_UNIVERSALSTRING_it; ++ d2i_ASN1_UNIVERSALSTRING; ++ EVP_des_ede3_ecb; ++ X509_REQ_print_ex; ++ ENGINE_up_ref; ++ BUF_MEM_grow_clean; ++ CRYPTO_realloc_clean; ++ BUF_strlcat; ++ BIO_indent; ++ BUF_strlcpy; ++ OpenSSLDie; ++ OPENSSL_cleanse; ++ ENGINE_setup_bsd_cryptodev; ++ ERR_release_err_state_table; ++ EVP_aes_128_cfb8; ++ FIPS_corrupt_rsa; ++ FIPS_selftest_des; ++ EVP_aes_128_cfb1; ++ EVP_aes_192_cfb8; ++ FIPS_mode_set; ++ FIPS_selftest_dsa; ++ EVP_aes_256_cfb8; ++ FIPS_allow_md5; ++ DES_ede3_cfb_encrypt; ++ EVP_des_ede3_cfb8; ++ FIPS_rand_seeded; ++ AES_cfbr_encrypt_block; ++ AES_cfb8_encrypt; ++ FIPS_rand_seed; ++ FIPS_corrupt_des; ++ EVP_aes_192_cfb1; ++ FIPS_selftest_aes; ++ FIPS_set_prng_key; ++ EVP_des_cfb8; ++ FIPS_corrupt_dsa; ++ FIPS_test_mode; ++ FIPS_rand_method; ++ EVP_aes_256_cfb1; ++ ERR_load_FIPS_strings; ++ FIPS_corrupt_aes; ++ FIPS_selftest_sha1; ++ FIPS_selftest_rsa; ++ FIPS_corrupt_sha1; ++ EVP_des_cfb1; ++ FIPS_dsa_check; ++ AES_cfb1_encrypt; ++ EVP_des_ede3_cfb1; ++ FIPS_rand_check; ++ FIPS_md5_allowed; ++ FIPS_mode; ++ FIPS_selftest_failed; ++ sk_is_sorted; ++ X509_check_ca; ++ HMAC_CTX_set_flags; ++ d2i_PROXY_CERT_INFO_EXTENSION; ++ PROXY_POLICY_it; ++ i2d_PROXY_POLICY; ++ i2d_PROXY_CERT_INFO_EXTENSION; ++ d2i_PROXY_POLICY; ++ PROXY_CERT_INFO_EXTENSION_new; ++ PROXY_CERT_INFO_EXTENSION_free; ++ PROXY_CERT_INFO_EXTENSION_it; ++ PROXY_POLICY_free; ++ PROXY_POLICY_new; ++ BN_MONT_CTX_set_locked; ++ FIPS_selftest_rng; ++ EVP_sha384; ++ EVP_sha512; ++ EVP_sha224; ++ EVP_sha256; ++ FIPS_selftest_hmac; ++ FIPS_corrupt_rng; ++ BN_mod_exp_mont_consttime; ++ RSA_X931_hash_id; ++ RSA_padding_check_X931; ++ RSA_verify_PKCS1_PSS; ++ RSA_padding_add_X931; ++ RSA_padding_add_PKCS1_PSS; ++ PKCS1_MGF1; ++ BN_X931_generate_Xpq; ++ RSA_X931_generate_key; ++ BN_X931_derive_prime; ++ BN_X931_generate_prime; ++ RSA_X931_derive; ++ BIO_new_dgram; ++ BN_get0_nist_prime_384; ++ ERR_set_mark; ++ X509_STORE_CTX_set0_crls; ++ ENGINE_set_STORE; ++ ENGINE_register_ECDSA; ++ STORE_meth_set_list_start_fn; ++ STORE_method_set_list_start_function; ++ BN_BLINDING_invert_ex; ++ NAME_CONSTRAINTS_free; ++ STORE_ATTR_INFO_set_number; ++ BN_BLINDING_get_thread_id; ++ X509_STORE_CTX_set0_param; ++ POLICY_MAPPING_it; ++ STORE_parse_attrs_start; ++ POLICY_CONSTRAINTS_free; ++ EVP_PKEY_add1_attr_by_NID; ++ BN_nist_mod_192; ++ EC_GROUP_get_trinomial_basis; ++ STORE_set_method; ++ GENERAL_SUBTREE_free; ++ NAME_CONSTRAINTS_it; ++ ECDH_get_default_method; ++ PKCS12_add_safe; ++ EC_KEY_new_by_curve_name; ++ STORE_meth_get_update_store_fn; ++ STORE_method_get_update_store_function; ++ ENGINE_register_ECDH; ++ SHA512_Update; ++ i2d_ECPrivateKey; ++ BN_get0_nist_prime_192; ++ STORE_modify_certificate; ++ EC_POINT_set_affine_coordinates_GF2m; ++ EC_POINT_set_affine_coords_GF2m; ++ BN_GF2m_mod_exp_arr; ++ STORE_ATTR_INFO_modify_number; ++ X509_keyid_get0; ++ ENGINE_load_gmp; ++ pitem_new; ++ BN_GF2m_mod_mul_arr; ++ STORE_list_public_key_endp; ++ o2i_ECPublicKey; ++ EC_KEY_copy; ++ BIO_dump_fp; ++ X509_policy_node_get0_parent; ++ EC_GROUP_check_discriminant; ++ i2o_ECPublicKey; ++ EC_KEY_precompute_mult; ++ a2i_IPADDRESS; ++ STORE_meth_set_initialise_fn; ++ STORE_method_set_initialise_function; ++ X509_STORE_CTX_set_depth; ++ X509_VERIFY_PARAM_inherit; ++ EC_POINT_point2bn; ++ STORE_ATTR_INFO_set_dn; ++ X509_policy_tree_get0_policies; ++ EC_GROUP_new_curve_GF2m; ++ STORE_destroy_method; ++ ENGINE_unregister_STORE; ++ EVP_PKEY_get1_EC_KEY; ++ STORE_ATTR_INFO_get0_number; ++ ENGINE_get_default_ECDH; ++ EC_KEY_get_conv_form; ++ ASN1_OCTET_STRING_NDEF_it; ++ STORE_delete_public_key; ++ STORE_get_public_key; ++ STORE_modify_arbitrary; ++ ENGINE_get_static_state; ++ pqueue_iterator; ++ ECDSA_SIG_new; ++ OPENSSL_DIR_end; ++ BN_GF2m_mod_sqr; ++ EC_POINT_bn2point; ++ X509_VERIFY_PARAM_set_depth; ++ EC_KEY_set_asn1_flag; ++ STORE_get_method; ++ EC_KEY_get_key_method_data; ++ ECDSA_sign_ex; ++ STORE_parse_attrs_end; ++ EC_GROUP_get_point_conversion_form; ++ EC_GROUP_get_point_conv_form; ++ STORE_method_set_store_function; ++ STORE_ATTR_INFO_in; ++ PEM_read_bio_ECPKParameters; ++ EC_GROUP_get_pentanomial_basis; ++ EVP_PKEY_add1_attr_by_txt; ++ BN_BLINDING_set_flags; ++ X509_VERIFY_PARAM_set1_policies; ++ X509_VERIFY_PARAM_set1_name; ++ X509_VERIFY_PARAM_set_purpose; ++ STORE_get_number; ++ ECDSA_sign_setup; ++ BN_GF2m_mod_solve_quad_arr; ++ EC_KEY_up_ref; ++ POLICY_MAPPING_free; ++ BN_GF2m_mod_div; ++ X509_VERIFY_PARAM_set_flags; ++ EC_KEY_free; ++ STORE_meth_set_list_next_fn; ++ STORE_method_set_list_next_function; ++ PEM_write_bio_ECPrivateKey; ++ d2i_EC_PUBKEY; ++ STORE_meth_get_generate_fn; ++ STORE_method_get_generate_function; ++ STORE_meth_set_list_end_fn; ++ STORE_method_set_list_end_function; ++ pqueue_print; ++ EC_GROUP_have_precompute_mult; ++ EC_KEY_print_fp; ++ BN_GF2m_mod_arr; ++ PEM_write_bio_X509_CERT_PAIR; ++ EVP_PKEY_cmp; ++ X509_policy_level_node_count; ++ STORE_new_engine; ++ STORE_list_public_key_start; ++ X509_VERIFY_PARAM_new; ++ ECDH_get_ex_data; ++ EVP_PKEY_get_attr; ++ ECDSA_do_sign; ++ ENGINE_unregister_ECDH; ++ ECDH_OpenSSL; ++ EC_KEY_set_conv_form; ++ EC_POINT_dup; ++ GENERAL_SUBTREE_new; ++ STORE_list_crl_endp; ++ EC_get_builtin_curves; ++ X509_policy_node_get0_qualifiers; ++ X509_pcy_node_get0_qualifiers; ++ STORE_list_crl_end; ++ EVP_PKEY_set1_EC_KEY; ++ BN_GF2m_mod_sqrt_arr; ++ i2d_ECPrivateKey_bio; ++ ECPKParameters_print_fp; ++ pqueue_find; ++ ECDSA_SIG_free; ++ PEM_write_bio_ECPKParameters; ++ STORE_method_set_ctrl_function; ++ STORE_list_public_key_end; ++ EC_KEY_set_private_key; ++ pqueue_peek; ++ STORE_get_arbitrary; ++ STORE_store_crl; ++ X509_policy_node_get0_policy; ++ PKCS12_add_safes; ++ BN_BLINDING_convert_ex; ++ X509_policy_tree_free; ++ OPENSSL_ia32cap_loc; ++ BN_GF2m_poly2arr; ++ STORE_ctrl; ++ STORE_ATTR_INFO_compare; ++ BN_get0_nist_prime_224; ++ i2d_ECParameters; ++ i2d_ECPKParameters; ++ BN_GENCB_call; ++ d2i_ECPKParameters; ++ STORE_meth_set_generate_fn; ++ STORE_method_set_generate_function; ++ ENGINE_set_ECDH; ++ NAME_CONSTRAINTS_new; ++ SHA256_Init; ++ EC_KEY_get0_public_key; ++ PEM_write_bio_EC_PUBKEY; ++ STORE_ATTR_INFO_set_cstr; ++ STORE_list_crl_next; ++ STORE_ATTR_INFO_in_range; ++ ECParameters_print; ++ STORE_meth_set_delete_fn; ++ STORE_method_set_delete_function; ++ STORE_list_certificate_next; ++ ASN1_generate_nconf; ++ BUF_memdup; ++ BN_GF2m_mod_mul; ++ STORE_meth_get_list_next_fn; ++ STORE_method_get_list_next_function; ++ STORE_ATTR_INFO_get0_dn; ++ STORE_list_private_key_next; ++ EC_GROUP_set_seed; ++ X509_VERIFY_PARAM_set_trust; ++ STORE_ATTR_INFO_free; ++ STORE_get_private_key; ++ EVP_PKEY_get_attr_count; ++ STORE_ATTR_INFO_new; ++ EC_GROUP_get_curve_GF2m; ++ STORE_meth_set_revoke_fn; ++ STORE_method_set_revoke_function; ++ STORE_store_number; ++ BN_is_prime_ex; ++ STORE_revoke_public_key; ++ X509_STORE_CTX_get0_param; ++ STORE_delete_arbitrary; ++ PEM_read_X509_CERT_PAIR; ++ X509_STORE_set_depth; ++ ECDSA_get_ex_data; ++ SHA224; ++ BIO_dump_indent_fp; ++ EC_KEY_set_group; ++ BUF_strndup; ++ STORE_list_certificate_start; ++ BN_GF2m_mod; ++ X509_REQ_check_private_key; ++ EC_GROUP_get_seed_len; ++ ERR_load_STORE_strings; ++ PEM_read_bio_EC_PUBKEY; ++ STORE_list_private_key_end; ++ i2d_EC_PUBKEY; ++ ECDSA_get_default_method; ++ ASN1_put_eoc; ++ X509_STORE_CTX_get_explicit_policy; ++ X509_STORE_CTX_get_expl_policy; ++ X509_VERIFY_PARAM_table_cleanup; ++ STORE_modify_private_key; ++ X509_VERIFY_PARAM_free; ++ EC_METHOD_get_field_type; ++ EC_GFp_nist_method; ++ STORE_meth_set_modify_fn; ++ STORE_method_set_modify_function; ++ STORE_parse_attrs_next; ++ ENGINE_load_padlock; ++ EC_GROUP_set_curve_name; ++ X509_CERT_PAIR_it; ++ STORE_meth_get_revoke_fn; ++ STORE_method_get_revoke_function; ++ STORE_method_set_get_function; ++ STORE_modify_number; ++ STORE_method_get_store_function; ++ STORE_store_private_key; ++ BN_GF2m_mod_sqr_arr; ++ RSA_setup_blinding; ++ BIO_s_datagram; ++ STORE_Memory; ++ sk_find_ex; ++ EC_GROUP_set_curve_GF2m; ++ ENGINE_set_default_ECDSA; ++ POLICY_CONSTRAINTS_new; ++ BN_GF2m_mod_sqrt; ++ ECDH_set_default_method; ++ EC_KEY_generate_key; ++ SHA384_Update; ++ BN_GF2m_arr2poly; ++ STORE_method_get_get_function; ++ STORE_meth_set_cleanup_fn; ++ STORE_method_set_cleanup_function; ++ EC_GROUP_check; ++ d2i_ECPrivateKey_bio; ++ EC_KEY_insert_key_method_data; ++ STORE_meth_get_lock_store_fn; ++ STORE_method_get_lock_store_function; ++ X509_VERIFY_PARAM_get_depth; ++ SHA224_Final; ++ STORE_meth_set_update_store_fn; ++ STORE_method_set_update_store_function; ++ SHA224_Update; ++ d2i_ECPrivateKey; ++ ASN1_item_ndef_i2d; ++ STORE_delete_private_key; ++ ERR_pop_to_mark; ++ ENGINE_register_all_STORE; ++ X509_policy_level_get0_node; ++ i2d_PKCS7_NDEF; ++ EC_GROUP_get_degree; ++ ASN1_generate_v3; ++ STORE_ATTR_INFO_modify_cstr; ++ X509_policy_tree_level_count; ++ BN_GF2m_add; ++ EC_KEY_get0_group; ++ STORE_generate_crl; ++ STORE_store_public_key; ++ X509_CERT_PAIR_free; ++ STORE_revoke_private_key; ++ BN_nist_mod_224; ++ SHA512_Final; ++ STORE_ATTR_INFO_modify_dn; ++ STORE_meth_get_initialise_fn; ++ STORE_method_get_initialise_function; ++ STORE_delete_number; ++ i2d_EC_PUBKEY_bio; ++ BIO_dgram_non_fatal_error; ++ EC_GROUP_get_asn1_flag; ++ STORE_ATTR_INFO_in_ex; ++ STORE_list_crl_start; ++ ECDH_get_ex_new_index; ++ STORE_meth_get_modify_fn; ++ STORE_method_get_modify_function; ++ v2i_ASN1_BIT_STRING; ++ STORE_store_certificate; ++ OBJ_bsearch_ex; ++ X509_STORE_CTX_set_default; ++ STORE_ATTR_INFO_set_sha1str; ++ BN_GF2m_mod_inv; ++ BN_GF2m_mod_exp; ++ STORE_modify_public_key; ++ STORE_meth_get_list_start_fn; ++ STORE_method_get_list_start_function; ++ EC_GROUP_get0_seed; ++ STORE_store_arbitrary; ++ STORE_meth_set_unlock_store_fn; ++ STORE_method_set_unlock_store_function; ++ BN_GF2m_mod_div_arr; ++ ENGINE_set_ECDSA; ++ STORE_create_method; ++ ECPKParameters_print; ++ EC_KEY_get0_private_key; ++ PEM_write_EC_PUBKEY; ++ X509_VERIFY_PARAM_set1; ++ ECDH_set_method; ++ v2i_GENERAL_NAME_ex; ++ ECDH_set_ex_data; ++ STORE_generate_key; ++ BN_nist_mod_521; ++ X509_policy_tree_get0_level; ++ EC_GROUP_set_point_conversion_form; ++ EC_GROUP_set_point_conv_form; ++ PEM_read_EC_PUBKEY; ++ i2d_ECDSA_SIG; ++ ECDSA_OpenSSL; ++ STORE_delete_crl; ++ EC_KEY_get_enc_flags; ++ ASN1_const_check_infinite_end; ++ EVP_PKEY_delete_attr; ++ ECDSA_set_default_method; ++ EC_POINT_set_compressed_coordinates_GF2m; ++ EC_POINT_set_compr_coords_GF2m; ++ EC_GROUP_cmp; ++ STORE_revoke_certificate; ++ BN_get0_nist_prime_256; ++ STORE_meth_get_delete_fn; ++ STORE_method_get_delete_function; ++ SHA224_Init; ++ PEM_read_ECPrivateKey; ++ SHA512_Init; ++ STORE_parse_attrs_endp; ++ BN_set_negative; ++ ERR_load_ECDSA_strings; ++ EC_GROUP_get_basis_type; ++ STORE_list_public_key_next; ++ i2v_ASN1_BIT_STRING; ++ STORE_OBJECT_free; ++ BN_nist_mod_384; ++ i2d_X509_CERT_PAIR; ++ PEM_write_ECPKParameters; ++ ECDH_compute_key; ++ STORE_ATTR_INFO_get0_sha1str; ++ ENGINE_register_all_ECDH; ++ pqueue_pop; ++ STORE_ATTR_INFO_get0_cstr; ++ POLICY_CONSTRAINTS_it; ++ STORE_get_ex_new_index; ++ EVP_PKEY_get_attr_by_OBJ; ++ X509_VERIFY_PARAM_add0_policy; ++ BN_GF2m_mod_solve_quad; ++ SHA256; ++ i2d_ECPrivateKey_fp; ++ X509_policy_tree_get0_user_policies; ++ X509_pcy_tree_get0_usr_policies; ++ OPENSSL_DIR_read; ++ ENGINE_register_all_ECDSA; ++ X509_VERIFY_PARAM_lookup; ++ EC_POINT_get_affine_coordinates_GF2m; ++ EC_POINT_get_affine_coords_GF2m; ++ EC_GROUP_dup; ++ ENGINE_get_default_ECDSA; ++ EC_KEY_new; ++ SHA256_Transform; ++ EC_KEY_set_enc_flags; ++ ECDSA_verify; ++ EC_POINT_point2hex; ++ ENGINE_get_STORE; ++ SHA512; ++ STORE_get_certificate; ++ ECDSA_do_sign_ex; ++ ECDSA_do_verify; ++ d2i_ECPrivateKey_fp; ++ STORE_delete_certificate; ++ SHA512_Transform; ++ X509_STORE_set1_param; ++ STORE_method_get_ctrl_function; ++ STORE_free; ++ PEM_write_ECPrivateKey; ++ STORE_meth_get_unlock_store_fn; ++ STORE_method_get_unlock_store_function; ++ STORE_get_ex_data; ++ EC_KEY_set_public_key; ++ PEM_read_ECPKParameters; ++ X509_CERT_PAIR_new; ++ ENGINE_register_STORE; ++ RSA_generate_key_ex; ++ DSA_generate_parameters_ex; ++ ECParameters_print_fp; ++ X509V3_NAME_from_section; ++ EVP_PKEY_add1_attr; ++ STORE_modify_crl; ++ STORE_list_private_key_start; ++ POLICY_MAPPINGS_it; ++ GENERAL_SUBTREE_it; ++ EC_GROUP_get_curve_name; ++ PEM_write_X509_CERT_PAIR; ++ BIO_dump_indent_cb; ++ d2i_X509_CERT_PAIR; ++ STORE_list_private_key_endp; ++ asn1_const_Finish; ++ i2d_EC_PUBKEY_fp; ++ BN_nist_mod_256; ++ X509_VERIFY_PARAM_add0_table; ++ pqueue_free; ++ BN_BLINDING_create_param; ++ ECDSA_size; ++ d2i_EC_PUBKEY_bio; ++ BN_get0_nist_prime_521; ++ STORE_ATTR_INFO_modify_sha1str; ++ BN_generate_prime_ex; ++ EC_GROUP_new_by_curve_name; ++ SHA256_Final; ++ DH_generate_parameters_ex; ++ PEM_read_bio_ECPrivateKey; ++ STORE_meth_get_cleanup_fn; ++ STORE_method_get_cleanup_function; ++ ENGINE_get_ECDH; ++ d2i_ECDSA_SIG; ++ BN_is_prime_fasttest_ex; ++ ECDSA_sign; ++ X509_policy_check; ++ EVP_PKEY_get_attr_by_NID; ++ STORE_set_ex_data; ++ ENGINE_get_ECDSA; ++ EVP_ecdsa; ++ BN_BLINDING_get_flags; ++ PKCS12_add_cert; ++ STORE_OBJECT_new; ++ ERR_load_ECDH_strings; ++ EC_KEY_dup; ++ EVP_CIPHER_CTX_rand_key; ++ ECDSA_set_method; ++ a2i_IPADDRESS_NC; ++ d2i_ECParameters; ++ STORE_list_certificate_end; ++ STORE_get_crl; ++ X509_POLICY_NODE_print; ++ SHA384_Init; ++ EC_GF2m_simple_method; ++ ECDSA_set_ex_data; ++ SHA384_Final; ++ PKCS7_set_digest; ++ EC_KEY_print; ++ STORE_meth_set_lock_store_fn; ++ STORE_method_set_lock_store_function; ++ ECDSA_get_ex_new_index; ++ SHA384; ++ POLICY_MAPPING_new; ++ STORE_list_certificate_endp; ++ X509_STORE_CTX_get0_policy_tree; ++ EC_GROUP_set_asn1_flag; ++ EC_KEY_check_key; ++ d2i_EC_PUBKEY_fp; ++ PKCS7_set0_type_other; ++ PEM_read_bio_X509_CERT_PAIR; ++ pqueue_next; ++ STORE_meth_get_list_end_fn; ++ STORE_method_get_list_end_function; ++ EVP_PKEY_add1_attr_by_OBJ; ++ X509_VERIFY_PARAM_set_time; ++ pqueue_new; ++ ENGINE_set_default_ECDH; ++ STORE_new_method; ++ PKCS12_add_key; ++ DSO_merge; ++ EC_POINT_hex2point; ++ BIO_dump_cb; ++ SHA256_Update; ++ pqueue_insert; ++ pitem_free; ++ BN_GF2m_mod_inv_arr; ++ ENGINE_unregister_ECDSA; ++ BN_BLINDING_set_thread_id; ++ get_rfc3526_prime_8192; ++ X509_VERIFY_PARAM_clear_flags; ++ get_rfc2409_prime_1024; ++ DH_check_pub_key; ++ get_rfc3526_prime_2048; ++ get_rfc3526_prime_6144; ++ get_rfc3526_prime_1536; ++ get_rfc3526_prime_3072; ++ get_rfc3526_prime_4096; ++ get_rfc2409_prime_768; ++ X509_VERIFY_PARAM_get_flags; ++ EVP_CIPHER_CTX_new; ++ EVP_CIPHER_CTX_free; ++ Camellia_cbc_encrypt; ++ Camellia_cfb128_encrypt; ++ Camellia_cfb1_encrypt; ++ Camellia_cfb8_encrypt; ++ Camellia_ctr128_encrypt; ++ Camellia_cfbr_encrypt_block; ++ Camellia_decrypt; ++ Camellia_ecb_encrypt; ++ Camellia_encrypt; ++ Camellia_ofb128_encrypt; ++ Camellia_set_key; ++ EVP_camellia_128_cbc; ++ EVP_camellia_128_cfb128; ++ EVP_camellia_128_cfb1; ++ EVP_camellia_128_cfb8; ++ EVP_camellia_128_ecb; ++ EVP_camellia_128_ofb; ++ EVP_camellia_192_cbc; ++ EVP_camellia_192_cfb128; ++ EVP_camellia_192_cfb1; ++ EVP_camellia_192_cfb8; ++ EVP_camellia_192_ecb; ++ EVP_camellia_192_ofb; ++ EVP_camellia_256_cbc; ++ EVP_camellia_256_cfb128; ++ EVP_camellia_256_cfb1; ++ EVP_camellia_256_cfb8; ++ EVP_camellia_256_ecb; ++ EVP_camellia_256_ofb; ++ a2i_ipadd; ++ ASIdentifiers_free; ++ i2d_ASIdOrRange; ++ EVP_CIPHER_block_size; ++ v3_asid_is_canonical; ++ IPAddressChoice_free; ++ EVP_CIPHER_CTX_set_app_data; ++ BIO_set_callback_arg; ++ v3_addr_add_prefix; ++ IPAddressOrRange_it; ++ BIO_set_flags; ++ ASIdentifiers_it; ++ v3_addr_get_range; ++ BIO_method_type; ++ v3_addr_inherits; ++ IPAddressChoice_it; ++ AES_ige_encrypt; ++ v3_addr_add_range; ++ EVP_CIPHER_CTX_nid; ++ d2i_ASRange; ++ v3_addr_add_inherit; ++ v3_asid_add_id_or_range; ++ v3_addr_validate_resource_set; ++ EVP_CIPHER_iv_length; ++ EVP_MD_type; ++ v3_asid_canonize; ++ IPAddressRange_free; ++ v3_asid_add_inherit; ++ EVP_CIPHER_CTX_key_length; ++ IPAddressRange_new; ++ ASIdOrRange_new; ++ EVP_MD_size; ++ EVP_MD_CTX_test_flags; ++ BIO_clear_flags; ++ i2d_ASRange; ++ IPAddressRange_it; ++ IPAddressChoice_new; ++ ASIdentifierChoice_new; ++ ASRange_free; ++ EVP_MD_pkey_type; ++ EVP_MD_CTX_clear_flags; ++ IPAddressFamily_free; ++ i2d_IPAddressFamily; ++ IPAddressOrRange_new; ++ EVP_CIPHER_flags; ++ v3_asid_validate_resource_set; ++ d2i_IPAddressRange; ++ AES_bi_ige_encrypt; ++ BIO_get_callback; ++ IPAddressOrRange_free; ++ v3_addr_subset; ++ d2i_IPAddressFamily; ++ v3_asid_subset; ++ BIO_test_flags; ++ i2d_ASIdentifierChoice; ++ ASRange_it; ++ d2i_ASIdentifiers; ++ ASRange_new; ++ d2i_IPAddressChoice; ++ v3_addr_get_afi; ++ EVP_CIPHER_key_length; ++ EVP_Cipher; ++ i2d_IPAddressOrRange; ++ ASIdOrRange_it; ++ EVP_CIPHER_nid; ++ i2d_IPAddressChoice; ++ EVP_CIPHER_CTX_block_size; ++ ASIdentifiers_new; ++ v3_addr_validate_path; ++ IPAddressFamily_new; ++ EVP_MD_CTX_set_flags; ++ v3_addr_is_canonical; ++ i2d_IPAddressRange; ++ IPAddressFamily_it; ++ v3_asid_inherits; ++ EVP_CIPHER_CTX_cipher; ++ EVP_CIPHER_CTX_get_app_data; ++ EVP_MD_block_size; ++ EVP_CIPHER_CTX_flags; ++ v3_asid_validate_path; ++ d2i_IPAddressOrRange; ++ v3_addr_canonize; ++ ASIdentifierChoice_it; ++ EVP_MD_CTX_md; ++ d2i_ASIdentifierChoice; ++ BIO_method_name; ++ EVP_CIPHER_CTX_iv_length; ++ ASIdOrRange_free; ++ ASIdentifierChoice_free; ++ BIO_get_callback_arg; ++ BIO_set_callback; ++ d2i_ASIdOrRange; ++ i2d_ASIdentifiers; ++ SEED_decrypt; ++ SEED_encrypt; ++ SEED_cbc_encrypt; ++ EVP_seed_ofb; ++ SEED_cfb128_encrypt; ++ SEED_ofb128_encrypt; ++ EVP_seed_cbc; ++ SEED_ecb_encrypt; ++ EVP_seed_ecb; ++ SEED_set_key; ++ EVP_seed_cfb128; ++ X509_EXTENSIONS_it; ++ X509_get1_ocsp; ++ OCSP_REQ_CTX_free; ++ i2d_X509_EXTENSIONS; ++ OCSP_sendreq_nbio; ++ OCSP_sendreq_new; ++ d2i_X509_EXTENSIONS; ++ X509_ALGORS_it; ++ X509_ALGOR_get0; ++ X509_ALGOR_set0; ++ AES_unwrap_key; ++ AES_wrap_key; ++ X509at_get0_data_by_OBJ; ++ ASN1_TYPE_set1; ++ ASN1_STRING_set0; ++ i2d_X509_ALGORS; ++ BIO_f_zlib; ++ COMP_zlib_cleanup; ++ d2i_X509_ALGORS; ++ CMS_ReceiptRequest_free; ++ PEM_write_CMS; ++ CMS_add0_CertificateChoices; ++ CMS_unsigned_add1_attr_by_OBJ; ++ ERR_load_CMS_strings; ++ CMS_sign_receipt; ++ i2d_CMS_ContentInfo; ++ CMS_signed_delete_attr; ++ d2i_CMS_bio; ++ CMS_unsigned_get_attr_by_NID; ++ CMS_verify; ++ SMIME_read_CMS; ++ CMS_decrypt_set1_key; ++ CMS_SignerInfo_get0_algs; ++ CMS_add1_cert; ++ CMS_set_detached; ++ CMS_encrypt; ++ CMS_EnvelopedData_create; ++ CMS_uncompress; ++ CMS_add0_crl; ++ CMS_SignerInfo_verify_content; ++ CMS_unsigned_get0_data_by_OBJ; ++ PEM_write_bio_CMS; ++ CMS_unsigned_get_attr; ++ CMS_RecipientInfo_ktri_cert_cmp; ++ CMS_RecipientInfo_ktri_get0_algs; ++ CMS_RecipInfo_ktri_get0_algs; ++ CMS_ContentInfo_free; ++ CMS_final; ++ CMS_add_simple_smimecap; ++ CMS_SignerInfo_verify; ++ CMS_data; ++ CMS_ContentInfo_it; ++ d2i_CMS_ReceiptRequest; ++ CMS_compress; ++ CMS_digest_create; ++ CMS_SignerInfo_cert_cmp; ++ CMS_SignerInfo_sign; ++ CMS_data_create; ++ i2d_CMS_bio; ++ CMS_EncryptedData_set1_key; ++ CMS_decrypt; ++ int_smime_write_ASN1; ++ CMS_unsigned_delete_attr; ++ CMS_unsigned_get_attr_count; ++ CMS_add_smimecap; ++ PEM_read_CMS; ++ CMS_signed_get_attr_by_OBJ; ++ d2i_CMS_ContentInfo; ++ CMS_add_standard_smimecap; ++ CMS_ContentInfo_new; ++ CMS_RecipientInfo_type; ++ CMS_get0_type; ++ CMS_is_detached; ++ CMS_sign; ++ CMS_signed_add1_attr; ++ CMS_unsigned_get_attr_by_OBJ; ++ SMIME_write_CMS; ++ CMS_EncryptedData_decrypt; ++ CMS_get0_RecipientInfos; ++ CMS_add0_RevocationInfoChoice; ++ CMS_decrypt_set1_pkey; ++ CMS_SignerInfo_set1_signer_cert; ++ CMS_get0_signers; ++ CMS_ReceiptRequest_get0_values; ++ CMS_signed_get0_data_by_OBJ; ++ CMS_get0_SignerInfos; ++ CMS_add0_cert; ++ CMS_EncryptedData_encrypt; ++ CMS_digest_verify; ++ CMS_set1_signers_certs; ++ CMS_signed_get_attr; ++ CMS_RecipientInfo_set0_key; ++ CMS_SignedData_init; ++ CMS_RecipientInfo_kekri_get0_id; ++ CMS_verify_receipt; ++ CMS_ReceiptRequest_it; ++ PEM_read_bio_CMS; ++ CMS_get1_crls; ++ CMS_add0_recipient_key; ++ SMIME_read_ASN1; ++ CMS_ReceiptRequest_new; ++ CMS_get0_content; ++ CMS_get1_ReceiptRequest; ++ CMS_signed_add1_attr_by_OBJ; ++ CMS_RecipientInfo_kekri_id_cmp; ++ CMS_add1_ReceiptRequest; ++ CMS_SignerInfo_get0_signer_id; ++ CMS_unsigned_add1_attr_by_NID; ++ CMS_unsigned_add1_attr; ++ CMS_signed_get_attr_by_NID; ++ CMS_get1_certs; ++ CMS_signed_add1_attr_by_NID; ++ CMS_unsigned_add1_attr_by_txt; ++ CMS_dataFinal; ++ CMS_RecipientInfo_ktri_get0_signer_id; ++ CMS_RecipInfo_ktri_get0_sigr_id; ++ i2d_CMS_ReceiptRequest; ++ CMS_add1_recipient_cert; ++ CMS_dataInit; ++ CMS_signed_add1_attr_by_txt; ++ CMS_RecipientInfo_decrypt; ++ CMS_signed_get_attr_count; ++ CMS_get0_eContentType; ++ CMS_set1_eContentType; ++ CMS_ReceiptRequest_create0; ++ CMS_add1_signer; ++ CMS_RecipientInfo_set0_pkey; ++ ENGINE_set_load_ssl_client_cert_function; ++ ENGINE_set_ld_ssl_clnt_cert_fn; ++ ENGINE_get_ssl_client_cert_function; ++ ENGINE_get_ssl_client_cert_fn; ++ ENGINE_load_ssl_client_cert; ++ ENGINE_load_capi; ++ OPENSSL_isservice; ++ FIPS_dsa_sig_decode; ++ EVP_CIPHER_CTX_clear_flags; ++ FIPS_rand_status; ++ FIPS_rand_set_key; ++ CRYPTO_set_mem_info_functions; ++ RSA_X931_generate_key_ex; ++ int_ERR_set_state_func; ++ int_EVP_MD_set_engine_callbacks; ++ int_CRYPTO_set_do_dynlock_callback; ++ FIPS_rng_stick; ++ EVP_CIPHER_CTX_set_flags; ++ BN_X931_generate_prime_ex; ++ FIPS_selftest_check; ++ FIPS_rand_set_dt; ++ CRYPTO_dbg_pop_info; ++ FIPS_dsa_free; ++ RSA_X931_derive_ex; ++ FIPS_rsa_new; ++ FIPS_rand_bytes; ++ fips_cipher_test; ++ EVP_CIPHER_CTX_test_flags; ++ CRYPTO_malloc_debug_init; ++ CRYPTO_dbg_push_info; ++ FIPS_corrupt_rsa_keygen; ++ FIPS_dh_new; ++ FIPS_corrupt_dsa_keygen; ++ FIPS_dh_free; ++ fips_pkey_signature_test; ++ EVP_add_alg_module; ++ int_RAND_init_engine_callbacks; ++ int_EVP_CIPHER_set_engine_callbacks; ++ int_EVP_MD_init_engine_callbacks; ++ FIPS_rand_test_mode; ++ FIPS_rand_reset; ++ FIPS_dsa_new; ++ int_RAND_set_callbacks; ++ BN_X931_derive_prime_ex; ++ int_ERR_lib_init; ++ int_EVP_CIPHER_init_engine_callbacks; ++ FIPS_rsa_free; ++ FIPS_dsa_sig_encode; ++ CRYPTO_dbg_remove_all_info; ++ OPENSSL_init; ++ CRYPTO_strdup; ++ JPAKE_STEP3A_process; ++ JPAKE_STEP1_release; ++ JPAKE_get_shared_key; ++ JPAKE_STEP3B_init; ++ JPAKE_STEP1_generate; ++ JPAKE_STEP1_init; ++ JPAKE_STEP3B_process; ++ JPAKE_STEP2_generate; ++ JPAKE_CTX_new; ++ JPAKE_CTX_free; ++ JPAKE_STEP3B_release; ++ JPAKE_STEP3A_release; ++ JPAKE_STEP2_process; ++ JPAKE_STEP3B_generate; ++ JPAKE_STEP1_process; ++ JPAKE_STEP3A_generate; ++ JPAKE_STEP2_release; ++ JPAKE_STEP3A_init; ++ ERR_load_JPAKE_strings; ++ JPAKE_STEP2_init; ++ pqueue_size; ++ i2d_TS_ACCURACY; ++ i2d_TS_MSG_IMPRINT_fp; ++ i2d_TS_MSG_IMPRINT; ++ EVP_PKEY_print_public; ++ EVP_PKEY_CTX_new; ++ i2d_TS_TST_INFO; ++ EVP_PKEY_asn1_find; ++ DSO_METHOD_beos; ++ TS_CONF_load_cert; ++ TS_REQ_get_ext; ++ EVP_PKEY_sign_init; ++ ASN1_item_print; ++ TS_TST_INFO_set_nonce; ++ TS_RESP_dup; ++ ENGINE_register_pkey_meths; ++ EVP_PKEY_asn1_add0; ++ PKCS7_add0_attrib_signing_time; ++ i2d_TS_TST_INFO_fp; ++ BIO_asn1_get_prefix; ++ TS_TST_INFO_set_time; ++ EVP_PKEY_meth_set_decrypt; ++ EVP_PKEY_set_type_str; ++ EVP_PKEY_CTX_get_keygen_info; ++ TS_REQ_set_policy_id; ++ d2i_TS_RESP_fp; ++ ENGINE_get_pkey_asn1_meth_engine; ++ ENGINE_get_pkey_asn1_meth_eng; ++ WHIRLPOOL_Init; ++ TS_RESP_set_status_info; ++ EVP_PKEY_keygen; ++ EVP_DigestSignInit; ++ TS_ACCURACY_set_millis; ++ TS_REQ_dup; ++ GENERAL_NAME_dup; ++ ASN1_SEQUENCE_ANY_it; ++ WHIRLPOOL; ++ X509_STORE_get1_crls; ++ ENGINE_get_pkey_asn1_meth; ++ EVP_PKEY_asn1_new; ++ BIO_new_NDEF; ++ ENGINE_get_pkey_meth; ++ TS_MSG_IMPRINT_set_algo; ++ i2d_TS_TST_INFO_bio; ++ TS_TST_INFO_set_ordering; ++ TS_TST_INFO_get_ext_by_OBJ; ++ CRYPTO_THREADID_set_pointer; ++ TS_CONF_get_tsa_section; ++ SMIME_write_ASN1; ++ TS_RESP_CTX_set_signer_key; ++ EVP_PKEY_encrypt_old; ++ EVP_PKEY_encrypt_init; ++ CRYPTO_THREADID_cpy; ++ ASN1_PCTX_get_cert_flags; ++ i2d_ESS_SIGNING_CERT; ++ TS_CONF_load_key; ++ i2d_ASN1_SEQUENCE_ANY; ++ d2i_TS_MSG_IMPRINT_bio; ++ EVP_PKEY_asn1_set_public; ++ b2i_PublicKey_bio; ++ BIO_asn1_set_prefix; ++ EVP_PKEY_new_mac_key; ++ BIO_new_CMS; ++ CRYPTO_THREADID_cmp; ++ TS_REQ_ext_free; ++ EVP_PKEY_asn1_set_free; ++ EVP_PKEY_get0_asn1; ++ d2i_NETSCAPE_X509; ++ EVP_PKEY_verify_recover_init; ++ EVP_PKEY_CTX_set_data; ++ EVP_PKEY_keygen_init; ++ TS_RESP_CTX_set_status_info; ++ TS_MSG_IMPRINT_get_algo; ++ TS_REQ_print_bio; ++ EVP_PKEY_CTX_ctrl_str; ++ EVP_PKEY_get_default_digest_nid; ++ PEM_write_bio_PKCS7_stream; ++ TS_MSG_IMPRINT_print_bio; ++ BN_asc2bn; ++ TS_REQ_get_policy_id; ++ ENGINE_set_default_pkey_asn1_meths; ++ ENGINE_set_def_pkey_asn1_meths; ++ d2i_TS_ACCURACY; ++ DSO_global_lookup; ++ TS_CONF_set_tsa_name; ++ i2d_ASN1_SET_ANY; ++ ENGINE_load_gost; ++ WHIRLPOOL_BitUpdate; ++ ASN1_PCTX_get_flags; ++ TS_TST_INFO_get_ext_by_NID; ++ TS_RESP_new; ++ ESS_CERT_ID_dup; ++ TS_STATUS_INFO_dup; ++ TS_REQ_delete_ext; ++ EVP_DigestVerifyFinal; ++ EVP_PKEY_print_params; ++ i2d_CMS_bio_stream; ++ TS_REQ_get_msg_imprint; ++ OBJ_find_sigid_by_algs; ++ TS_TST_INFO_get_serial; ++ TS_REQ_get_nonce; ++ X509_PUBKEY_set0_param; ++ EVP_PKEY_CTX_set0_keygen_info; ++ DIST_POINT_set_dpname; ++ i2d_ISSUING_DIST_POINT; ++ ASN1_SET_ANY_it; ++ EVP_PKEY_CTX_get_data; ++ TS_STATUS_INFO_print_bio; ++ EVP_PKEY_derive_init; ++ d2i_TS_TST_INFO; ++ EVP_PKEY_asn1_add_alias; ++ d2i_TS_RESP_bio; ++ OTHERNAME_cmp; ++ GENERAL_NAME_set0_value; ++ PKCS7_RECIP_INFO_get0_alg; ++ TS_RESP_CTX_new; ++ TS_RESP_set_tst_info; ++ PKCS7_final; ++ EVP_PKEY_base_id; ++ TS_RESP_CTX_set_signer_cert; ++ TS_REQ_set_msg_imprint; ++ EVP_PKEY_CTX_ctrl; ++ TS_CONF_set_digests; ++ d2i_TS_MSG_IMPRINT; ++ EVP_PKEY_meth_set_ctrl; ++ TS_REQ_get_ext_by_NID; ++ PKCS5_pbe_set0_algor; ++ BN_BLINDING_thread_id; ++ TS_ACCURACY_new; ++ X509_CRL_METHOD_free; ++ ASN1_PCTX_get_nm_flags; ++ EVP_PKEY_meth_set_sign; ++ CRYPTO_THREADID_current; ++ EVP_PKEY_decrypt_init; ++ NETSCAPE_X509_free; ++ i2b_PVK_bio; ++ EVP_PKEY_print_private; ++ GENERAL_NAME_get0_value; ++ b2i_PVK_bio; ++ ASN1_UTCTIME_adj; ++ TS_TST_INFO_new; ++ EVP_MD_do_all_sorted; ++ TS_CONF_set_default_engine; ++ TS_ACCURACY_set_seconds; ++ TS_TST_INFO_get_time; ++ PKCS8_pkey_get0; ++ EVP_PKEY_asn1_get0; ++ OBJ_add_sigid; ++ PKCS7_SIGNER_INFO_sign; ++ EVP_PKEY_paramgen_init; ++ EVP_PKEY_sign; ++ OBJ_sigid_free; ++ EVP_PKEY_meth_set_init; ++ d2i_ESS_ISSUER_SERIAL; ++ ISSUING_DIST_POINT_new; ++ ASN1_TIME_adj; ++ TS_OBJ_print_bio; ++ EVP_PKEY_meth_set_verify_recover; ++ EVP_PKEY_meth_set_vrfy_recover; ++ TS_RESP_get_status_info; ++ CMS_stream; ++ EVP_PKEY_CTX_set_cb; ++ PKCS7_to_TS_TST_INFO; ++ ASN1_PCTX_get_oid_flags; ++ TS_TST_INFO_add_ext; ++ EVP_PKEY_meth_set_derive; ++ i2d_TS_RESP_fp; ++ i2d_TS_MSG_IMPRINT_bio; ++ TS_RESP_CTX_set_accuracy; ++ TS_REQ_set_nonce; ++ ESS_CERT_ID_new; ++ ENGINE_pkey_asn1_find_str; ++ TS_REQ_get_ext_count; ++ BUF_reverse; ++ TS_TST_INFO_print_bio; ++ d2i_ISSUING_DIST_POINT; ++ ENGINE_get_pkey_meths; ++ i2b_PrivateKey_bio; ++ i2d_TS_RESP; ++ b2i_PublicKey; ++ TS_VERIFY_CTX_cleanup; ++ TS_STATUS_INFO_free; ++ TS_RESP_verify_token; ++ OBJ_bsearch_ex_; ++ ASN1_bn_print; ++ EVP_PKEY_asn1_get_count; ++ ENGINE_register_pkey_asn1_meths; ++ ASN1_PCTX_set_nm_flags; ++ EVP_DigestVerifyInit; ++ ENGINE_set_default_pkey_meths; ++ TS_TST_INFO_get_policy_id; ++ TS_REQ_get_cert_req; ++ X509_CRL_set_meth_data; ++ PKCS8_pkey_set0; ++ ASN1_STRING_copy; ++ d2i_TS_TST_INFO_fp; ++ X509_CRL_match; ++ EVP_PKEY_asn1_set_private; ++ TS_TST_INFO_get_ext_d2i; ++ TS_RESP_CTX_add_policy; ++ d2i_TS_RESP; ++ TS_CONF_load_certs; ++ TS_TST_INFO_get_msg_imprint; ++ ERR_load_TS_strings; ++ TS_TST_INFO_get_version; ++ EVP_PKEY_CTX_dup; ++ EVP_PKEY_meth_set_verify; ++ i2b_PublicKey_bio; ++ TS_CONF_set_certs; ++ EVP_PKEY_asn1_get0_info; ++ TS_VERIFY_CTX_free; ++ TS_REQ_get_ext_by_critical; ++ TS_RESP_CTX_set_serial_cb; ++ X509_CRL_get_meth_data; ++ TS_RESP_CTX_set_time_cb; ++ TS_MSG_IMPRINT_get_msg; ++ TS_TST_INFO_ext_free; ++ TS_REQ_get_version; ++ TS_REQ_add_ext; ++ EVP_PKEY_CTX_set_app_data; ++ OBJ_bsearch_; ++ EVP_PKEY_meth_set_verifyctx; ++ i2d_PKCS7_bio_stream; ++ CRYPTO_THREADID_set_numeric; ++ PKCS7_sign_add_signer; ++ d2i_TS_TST_INFO_bio; ++ TS_TST_INFO_get_ordering; ++ TS_RESP_print_bio; ++ TS_TST_INFO_get_exts; ++ HMAC_CTX_copy; ++ PKCS5_pbe2_set_iv; ++ ENGINE_get_pkey_asn1_meths; ++ b2i_PrivateKey; ++ EVP_PKEY_CTX_get_app_data; ++ TS_REQ_set_cert_req; ++ CRYPTO_THREADID_set_callback; ++ TS_CONF_set_serial; ++ TS_TST_INFO_free; ++ d2i_TS_REQ_fp; ++ TS_RESP_verify_response; ++ i2d_ESS_ISSUER_SERIAL; ++ TS_ACCURACY_get_seconds; ++ EVP_CIPHER_do_all; ++ b2i_PrivateKey_bio; ++ OCSP_CERTID_dup; ++ X509_PUBKEY_get0_param; ++ TS_MSG_IMPRINT_dup; ++ PKCS7_print_ctx; ++ i2d_TS_REQ_bio; ++ EVP_whirlpool; ++ EVP_PKEY_asn1_set_param; ++ EVP_PKEY_meth_set_encrypt; ++ ASN1_PCTX_set_flags; ++ i2d_ESS_CERT_ID; ++ TS_VERIFY_CTX_new; ++ TS_RESP_CTX_set_extension_cb; ++ ENGINE_register_all_pkey_meths; ++ TS_RESP_CTX_set_status_info_cond; ++ TS_RESP_CTX_set_stat_info_cond; ++ EVP_PKEY_verify; ++ WHIRLPOOL_Final; ++ X509_CRL_METHOD_new; ++ EVP_DigestSignFinal; ++ TS_RESP_CTX_set_def_policy; ++ NETSCAPE_X509_it; ++ TS_RESP_create_response; ++ PKCS7_SIGNER_INFO_get0_algs; ++ TS_TST_INFO_get_nonce; ++ EVP_PKEY_decrypt_old; ++ TS_TST_INFO_set_policy_id; ++ TS_CONF_set_ess_cert_id_chain; ++ EVP_PKEY_CTX_get0_pkey; ++ d2i_TS_REQ; ++ EVP_PKEY_asn1_find_str; ++ BIO_f_asn1; ++ ESS_SIGNING_CERT_new; ++ EVP_PBE_find; ++ X509_CRL_get0_by_cert; ++ EVP_PKEY_derive; ++ i2d_TS_REQ; ++ TS_TST_INFO_delete_ext; ++ ESS_ISSUER_SERIAL_free; ++ ASN1_PCTX_set_str_flags; ++ ENGINE_get_pkey_asn1_meth_str; ++ TS_CONF_set_signer_key; ++ TS_ACCURACY_get_millis; ++ TS_RESP_get_token; ++ TS_ACCURACY_dup; ++ ENGINE_register_all_pkey_asn1_meths; ++ ENGINE_reg_all_pkey_asn1_meths; ++ X509_CRL_set_default_method; ++ CRYPTO_THREADID_hash; ++ CMS_ContentInfo_print_ctx; ++ TS_RESP_free; ++ ISSUING_DIST_POINT_free; ++ ESS_ISSUER_SERIAL_new; ++ CMS_add1_crl; ++ PKCS7_add1_attrib_digest; ++ TS_RESP_CTX_add_md; ++ TS_TST_INFO_dup; ++ ENGINE_set_pkey_asn1_meths; ++ PEM_write_bio_Parameters; ++ TS_TST_INFO_get_accuracy; ++ X509_CRL_get0_by_serial; ++ TS_TST_INFO_set_version; ++ TS_RESP_CTX_get_tst_info; ++ TS_RESP_verify_signature; ++ CRYPTO_THREADID_get_callback; ++ TS_TST_INFO_get_tsa; ++ TS_STATUS_INFO_new; ++ EVP_PKEY_CTX_get_cb; ++ TS_REQ_get_ext_d2i; ++ GENERAL_NAME_set0_othername; ++ TS_TST_INFO_get_ext_count; ++ TS_RESP_CTX_get_request; ++ i2d_NETSCAPE_X509; ++ ENGINE_get_pkey_meth_engine; ++ EVP_PKEY_meth_set_signctx; ++ EVP_PKEY_asn1_copy; ++ ASN1_TYPE_cmp; ++ EVP_CIPHER_do_all_sorted; ++ EVP_PKEY_CTX_free; ++ ISSUING_DIST_POINT_it; ++ d2i_TS_MSG_IMPRINT_fp; ++ X509_STORE_get1_certs; ++ EVP_PKEY_CTX_get_operation; ++ d2i_ESS_SIGNING_CERT; ++ TS_CONF_set_ordering; ++ EVP_PBE_alg_add_type; ++ TS_REQ_set_version; ++ EVP_PKEY_get0; ++ BIO_asn1_set_suffix; ++ i2d_TS_STATUS_INFO; ++ EVP_MD_do_all; ++ TS_TST_INFO_set_accuracy; ++ PKCS7_add_attrib_content_type; ++ ERR_remove_thread_state; ++ EVP_PKEY_meth_add0; ++ TS_TST_INFO_set_tsa; ++ EVP_PKEY_meth_new; ++ WHIRLPOOL_Update; ++ TS_CONF_set_accuracy; ++ ASN1_PCTX_set_oid_flags; ++ ESS_SIGNING_CERT_dup; ++ d2i_TS_REQ_bio; ++ X509_time_adj_ex; ++ TS_RESP_CTX_add_flags; ++ d2i_TS_STATUS_INFO; ++ TS_MSG_IMPRINT_set_msg; ++ BIO_asn1_get_suffix; ++ TS_REQ_free; ++ EVP_PKEY_meth_free; ++ TS_REQ_get_exts; ++ TS_RESP_CTX_set_clock_precision_digits; ++ TS_RESP_CTX_set_clk_prec_digits; ++ TS_RESP_CTX_add_failure_info; ++ i2d_TS_RESP_bio; ++ EVP_PKEY_CTX_get0_peerkey; ++ PEM_write_bio_CMS_stream; ++ TS_REQ_new; ++ TS_MSG_IMPRINT_new; ++ EVP_PKEY_meth_find; ++ EVP_PKEY_id; ++ TS_TST_INFO_set_serial; ++ a2i_GENERAL_NAME; ++ TS_CONF_set_crypto_device; ++ EVP_PKEY_verify_init; ++ TS_CONF_set_policies; ++ ASN1_PCTX_new; ++ ESS_CERT_ID_free; ++ ENGINE_unregister_pkey_meths; ++ TS_MSG_IMPRINT_free; ++ TS_VERIFY_CTX_init; ++ PKCS7_stream; ++ TS_RESP_CTX_set_certs; ++ TS_CONF_set_def_policy; ++ ASN1_GENERALIZEDTIME_adj; ++ NETSCAPE_X509_new; ++ TS_ACCURACY_free; ++ TS_RESP_get_tst_info; ++ EVP_PKEY_derive_set_peer; ++ PEM_read_bio_Parameters; ++ TS_CONF_set_clock_precision_digits; ++ TS_CONF_set_clk_prec_digits; ++ ESS_ISSUER_SERIAL_dup; ++ TS_ACCURACY_get_micros; ++ ASN1_PCTX_get_str_flags; ++ NAME_CONSTRAINTS_check; ++ ASN1_BIT_STRING_check; ++ X509_check_akid; ++ ENGINE_unregister_pkey_asn1_meths; ++ ENGINE_unreg_pkey_asn1_meths; ++ ASN1_PCTX_free; ++ PEM_write_bio_ASN1_stream; ++ i2d_ASN1_bio_stream; ++ TS_X509_ALGOR_print_bio; ++ EVP_PKEY_meth_set_cleanup; ++ EVP_PKEY_asn1_free; ++ ESS_SIGNING_CERT_free; ++ TS_TST_INFO_set_msg_imprint; ++ GENERAL_NAME_cmp; ++ d2i_ASN1_SET_ANY; ++ ENGINE_set_pkey_meths; ++ i2d_TS_REQ_fp; ++ d2i_ASN1_SEQUENCE_ANY; ++ GENERAL_NAME_get0_otherName; ++ d2i_ESS_CERT_ID; ++ OBJ_find_sigid_algs; ++ EVP_PKEY_meth_set_keygen; ++ PKCS5_PBKDF2_HMAC; ++ EVP_PKEY_paramgen; ++ EVP_PKEY_meth_set_paramgen; ++ BIO_new_PKCS7; ++ EVP_PKEY_verify_recover; ++ TS_ext_print_bio; ++ TS_ASN1_INTEGER_print_bio; ++ check_defer; ++ DSO_pathbyaddr; ++ EVP_PKEY_set_type; ++ TS_ACCURACY_set_micros; ++ TS_REQ_to_TS_VERIFY_CTX; ++ EVP_PKEY_meth_set_copy; ++ ASN1_PCTX_set_cert_flags; ++ TS_TST_INFO_get_ext; ++ EVP_PKEY_asn1_set_ctrl; ++ TS_TST_INFO_get_ext_by_critical; ++ EVP_PKEY_CTX_new_id; ++ TS_REQ_get_ext_by_OBJ; ++ TS_CONF_set_signer_cert; ++ X509_NAME_hash_old; ++ ASN1_TIME_set_string; ++ EVP_MD_flags; ++ TS_RESP_CTX_free; ++ DSAparams_dup; ++ DHparams_dup; ++ OCSP_REQ_CTX_add1_header; ++ OCSP_REQ_CTX_set1_req; ++ X509_STORE_set_verify_cb; ++ X509_STORE_CTX_get0_current_crl; ++ X509_STORE_CTX_get0_parent_ctx; ++ X509_STORE_CTX_get0_current_issuer; ++ X509_STORE_CTX_get0_cur_issuer; ++ X509_issuer_name_hash_old; ++ X509_subject_name_hash_old; ++ EVP_CIPHER_CTX_copy; ++ UI_method_get_prompt_constructor; ++ UI_method_get_prompt_constructr; ++ UI_method_set_prompt_constructor; ++ UI_method_set_prompt_constructr; ++ EVP_read_pw_string_min; ++ CRYPTO_cts128_encrypt; ++ CRYPTO_cts128_decrypt_block; ++ CRYPTO_cfb128_1_encrypt; ++ CRYPTO_cbc128_encrypt; ++ CRYPTO_ctr128_encrypt; ++ CRYPTO_ofb128_encrypt; ++ CRYPTO_cts128_decrypt; ++ CRYPTO_cts128_encrypt_block; ++ CRYPTO_cbc128_decrypt; ++ CRYPTO_cfb128_encrypt; ++ CRYPTO_cfb128_8_encrypt; ++ SSL_renegotiate_abbreviated; ++ TLSv1_1_method; ++ TLSv1_1_client_method; ++ TLSv1_1_server_method; ++ SSL_CTX_set_srp_client_pwd_callback; ++ SSL_CTX_set_srp_client_pwd_cb; ++ SSL_get_srp_g; ++ SSL_CTX_set_srp_username_callback; ++ SSL_CTX_set_srp_un_cb; ++ SSL_get_srp_userinfo; ++ SSL_set_srp_server_param; ++ SSL_set_srp_server_param_pw; ++ SSL_get_srp_N; ++ SSL_get_srp_username; ++ SSL_CTX_set_srp_password; ++ SSL_CTX_set_srp_strength; ++ SSL_CTX_set_srp_verify_param_callback; ++ SSL_CTX_set_srp_vfy_param_cb; ++ SSL_CTX_set_srp_cb_arg; ++ SSL_CTX_set_srp_username; ++ SSL_CTX_SRP_CTX_init; ++ SSL_SRP_CTX_init; ++ SRP_Calc_A_param; ++ SRP_generate_server_master_secret; ++ SRP_gen_server_master_secret; ++ SSL_CTX_SRP_CTX_free; ++ SRP_generate_client_master_secret; ++ SRP_gen_client_master_secret; ++ SSL_srp_server_param_with_username; ++ SSL_srp_server_param_with_un; ++ SSL_SRP_CTX_free; ++ SSL_set_debug; ++ SSL_SESSION_get0_peer; ++ TLSv1_2_client_method; ++ SSL_SESSION_set1_id_context; ++ TLSv1_2_server_method; ++ SSL_cache_hit; ++ SSL_get0_kssl_ctx; ++ SSL_set0_kssl_ctx; ++ SSL_set_state; ++ SSL_CIPHER_get_id; ++ TLSv1_2_method; ++ kssl_ctx_get0_client_princ; ++ SSL_export_keying_material; ++ SSL_set_tlsext_use_srtp; ++ SSL_CTX_set_next_protos_advertised_cb; ++ SSL_CTX_set_next_protos_adv_cb; ++ SSL_get0_next_proto_negotiated; ++ SSL_get_selected_srtp_profile; ++ SSL_CTX_set_tlsext_use_srtp; ++ SSL_select_next_proto; ++ SSL_get_srtp_profiles; ++ SSL_CTX_set_next_proto_select_cb; ++ SSL_CTX_set_next_proto_sel_cb; ++ SSL_SESSION_get_compress_id; ++ ++ SRP_VBASE_get_by_user; ++ SRP_Calc_server_key; ++ SRP_create_verifier; ++ SRP_create_verifier_BN; ++ SRP_Calc_u; ++ SRP_VBASE_free; ++ SRP_Calc_client_key; ++ SRP_get_default_gN; ++ SRP_Calc_x; ++ SRP_Calc_B; ++ SRP_VBASE_new; ++ SRP_check_known_gN_param; ++ SRP_Calc_A; ++ SRP_Verify_A_mod_N; ++ SRP_VBASE_init; ++ SRP_Verify_B_mod_N; ++ EC_KEY_set_public_key_affine_coordinates; ++ EC_KEY_set_pub_key_aff_coords; ++ EVP_aes_192_ctr; ++ EVP_PKEY_meth_get0_info; ++ EVP_PKEY_meth_copy; ++ ERR_add_error_vdata; ++ EVP_aes_128_ctr; ++ EVP_aes_256_ctr; ++ EC_GFp_nistp224_method; ++ EC_KEY_get_flags; ++ RSA_padding_add_PKCS1_PSS_mgf1; ++ EVP_aes_128_xts; ++ EVP_aes_256_xts; ++ EVP_aes_128_gcm; ++ EC_KEY_clear_flags; ++ EC_KEY_set_flags; ++ EVP_aes_256_ccm; ++ RSA_verify_PKCS1_PSS_mgf1; ++ EVP_aes_128_ccm; ++ EVP_aes_192_gcm; ++ X509_ALGOR_set_md; ++ RAND_init_fips; ++ EVP_aes_256_gcm; ++ EVP_aes_192_ccm; ++ CMAC_CTX_copy; ++ CMAC_CTX_free; ++ CMAC_CTX_get0_cipher_ctx; ++ CMAC_CTX_cleanup; ++ CMAC_Init; ++ CMAC_Update; ++ CMAC_resume; ++ CMAC_CTX_new; ++ CMAC_Final; ++ CRYPTO_ctr128_encrypt_ctr32; ++ CRYPTO_gcm128_release; ++ CRYPTO_ccm128_decrypt_ccm64; ++ CRYPTO_ccm128_encrypt; ++ CRYPTO_gcm128_encrypt; ++ CRYPTO_xts128_encrypt; ++ EVP_rc4_hmac_md5; ++ CRYPTO_nistcts128_decrypt_block; ++ CRYPTO_gcm128_setiv; ++ CRYPTO_nistcts128_encrypt; ++ EVP_aes_128_cbc_hmac_sha1; ++ CRYPTO_gcm128_tag; ++ CRYPTO_ccm128_encrypt_ccm64; ++ ENGINE_load_rdrand; ++ CRYPTO_ccm128_setiv; ++ CRYPTO_nistcts128_encrypt_block; ++ CRYPTO_gcm128_aad; ++ CRYPTO_ccm128_init; ++ CRYPTO_nistcts128_decrypt; ++ CRYPTO_gcm128_new; ++ CRYPTO_ccm128_tag; ++ CRYPTO_ccm128_decrypt; ++ CRYPTO_ccm128_aad; ++ CRYPTO_gcm128_init; ++ CRYPTO_gcm128_decrypt; ++ ENGINE_load_rsax; ++ CRYPTO_gcm128_decrypt_ctr32; ++ CRYPTO_gcm128_encrypt_ctr32; ++ CRYPTO_gcm128_finish; ++ EVP_aes_256_cbc_hmac_sha1; ++ PKCS5_pbkdf2_set; ++ CMS_add0_recipient_password; ++ CMS_decrypt_set1_password; ++ CMS_RecipientInfo_set0_password; ++ RAND_set_fips_drbg_type; ++ X509_REQ_sign_ctx; ++ RSA_PSS_PARAMS_new; ++ X509_CRL_sign_ctx; ++ X509_signature_dump; ++ d2i_RSA_PSS_PARAMS; ++ RSA_PSS_PARAMS_it; ++ RSA_PSS_PARAMS_free; ++ X509_sign_ctx; ++ i2d_RSA_PSS_PARAMS; ++ ASN1_item_sign_ctx; ++ EC_GFp_nistp521_method; ++ EC_GFp_nistp256_method; ++ OPENSSL_stderr; ++ OPENSSL_cpuid_setup; ++ OPENSSL_showfatal; ++ BIO_new_dgram_sctp; ++ BIO_dgram_sctp_msg_waiting; ++ BIO_dgram_sctp_wait_for_dry; ++ BIO_s_datagram_sctp; ++ BIO_dgram_is_sctp; ++ BIO_dgram_sctp_notification_cb; ++ CRYPTO_memcmp; ++ SSL_CTX_set_alpn_protos; ++ SSL_set_alpn_protos; ++ SSL_CTX_set_alpn_select_cb; ++ SSL_get0_alpn_selected; ++ SSL_CTX_set_custom_cli_ext; ++ SSL_CTX_set_custom_srv_ext; ++ SSL_CTX_set_srv_supp_data; ++ SSL_CTX_set_cli_supp_data; ++ SSL_set_cert_cb; ++ SSL_CTX_use_serverinfo; ++ SSL_CTX_use_serverinfo_file; ++ SSL_CTX_set_cert_cb; ++ SSL_CTX_get0_param; ++ SSL_get0_param; ++ SSL_certs_clear; ++ DTLSv1_2_method; ++ DTLSv1_2_server_method; ++ DTLSv1_2_client_method; ++ DTLS_method; ++ DTLS_server_method; ++ DTLS_client_method; ++ SSL_CTX_get_ssl_method; ++ SSL_CTX_get0_certificate; ++ SSL_CTX_get0_privatekey; ++ SSL_COMP_set0_compression_methods; ++ SSL_COMP_free_compression_methods; ++ SSL_CIPHER_find; ++ SSL_is_server; ++ SSL_CONF_CTX_new; ++ SSL_CONF_CTX_finish; ++ SSL_CONF_CTX_free; ++ SSL_CONF_CTX_set_flags; ++ SSL_CONF_CTX_clear_flags; ++ SSL_CONF_CTX_set1_prefix; ++ SSL_CONF_CTX_set_ssl; ++ SSL_CONF_CTX_set_ssl_ctx; ++ SSL_CONF_cmd; ++ SSL_CONF_cmd_argv; ++ SSL_CONF_cmd_value_type; ++ SSL_trace; ++ SSL_CIPHER_standard_name; ++ SSL_get_tlsa_record_byname; ++ ASN1_TIME_diff; ++ BIO_hex_string; ++ CMS_RecipientInfo_get0_pkey_ctx; ++ CMS_RecipientInfo_encrypt; ++ CMS_SignerInfo_get0_pkey_ctx; ++ CMS_SignerInfo_get0_md_ctx; ++ CMS_SignerInfo_get0_signature; ++ CMS_RecipientInfo_kari_get0_alg; ++ CMS_RecipientInfo_kari_get0_reks; ++ CMS_RecipientInfo_kari_get0_orig_id; ++ CMS_RecipientInfo_kari_orig_id_cmp; ++ CMS_RecipientEncryptedKey_get0_id; ++ CMS_RecipientEncryptedKey_cert_cmp; ++ CMS_RecipientInfo_kari_set0_pkey; ++ CMS_RecipientInfo_kari_get0_ctx; ++ CMS_RecipientInfo_kari_decrypt; ++ CMS_SharedInfo_encode; ++ DH_compute_key_padded; ++ d2i_DHxparams; ++ i2d_DHxparams; ++ DH_get_1024_160; ++ DH_get_2048_224; ++ DH_get_2048_256; ++ DH_KDF_X9_42; ++ ECDH_KDF_X9_62; ++ ECDSA_METHOD_new; ++ ECDSA_METHOD_free; ++ ECDSA_METHOD_set_app_data; ++ ECDSA_METHOD_get_app_data; ++ ECDSA_METHOD_set_sign; ++ ECDSA_METHOD_set_sign_setup; ++ ECDSA_METHOD_set_verify; ++ ECDSA_METHOD_set_flags; ++ ECDSA_METHOD_set_name; ++ EVP_des_ede3_wrap; ++ EVP_aes_128_wrap; ++ EVP_aes_192_wrap; ++ EVP_aes_256_wrap; ++ EVP_aes_128_cbc_hmac_sha256; ++ EVP_aes_256_cbc_hmac_sha256; ++ CRYPTO_128_wrap; ++ CRYPTO_128_unwrap; ++ OCSP_REQ_CTX_nbio; ++ OCSP_REQ_CTX_new; ++ OCSP_set_max_response_length; ++ OCSP_REQ_CTX_i2d; ++ OCSP_REQ_CTX_nbio_d2i; ++ OCSP_REQ_CTX_get0_mem_bio; ++ OCSP_REQ_CTX_http; ++ RSA_padding_add_PKCS1_OAEP_mgf1; ++ RSA_padding_check_PKCS1_OAEP_mgf1; ++ RSA_OAEP_PARAMS_free; ++ RSA_OAEP_PARAMS_it; ++ RSA_OAEP_PARAMS_new; ++ SSL_get_sigalgs; ++ SSL_get_shared_sigalgs; ++ SSL_check_chain; ++ X509_chain_up_ref; ++ X509_http_nbio; ++ X509_CRL_http_nbio; ++ X509_REVOKED_dup; ++ i2d_re_X509_tbs; ++ X509_get0_signature; ++ X509_get_signature_nid; ++ X509_CRL_diff; ++ X509_chain_check_suiteb; ++ X509_CRL_check_suiteb; ++ X509_check_host; ++ X509_check_email; ++ X509_check_ip; ++ X509_check_ip_asc; ++ X509_STORE_set_lookup_crls_cb; ++ X509_STORE_CTX_get0_store; ++ X509_VERIFY_PARAM_set1_host; ++ X509_VERIFY_PARAM_add1_host; ++ X509_VERIFY_PARAM_set_hostflags; ++ X509_VERIFY_PARAM_get0_peername; ++ X509_VERIFY_PARAM_set1_email; ++ X509_VERIFY_PARAM_set1_ip; ++ X509_VERIFY_PARAM_set1_ip_asc; ++ X509_VERIFY_PARAM_get0_name; ++ X509_VERIFY_PARAM_get_count; ++ X509_VERIFY_PARAM_get0; ++ X509V3_EXT_free; ++ EC_GROUP_get_mont_data; ++ EC_curve_nid2nist; ++ EC_curve_nist2nid; ++ PEM_write_bio_DHxparams; ++ PEM_write_DHxparams; ++ SSL_CTX_add_client_custom_ext; ++ SSL_CTX_add_server_custom_ext; ++ SSL_extension_supported; ++ BUF_strnlen; ++ sk_deep_copy; ++ SSL_test_functions; ++ ++ local: ++ *; ++}; ++ ++OPENSSL_1.0.2g { ++ global: ++ SRP_VBASE_get1_by_user; ++ SRP_user_pwd_free; ++} OPENSSL_1.0.2d; ++ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.2 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.2 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch new file mode 100644 index 000000000..a5746483e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch @@ -0,0 +1,64 @@ +Upstream-Status: Inappropriate [configuration] + + +Index: openssl-1.0.2/engines/Makefile +=================================================================== +--- openssl-1.0.2.orig/engines/Makefile ++++ openssl-1.0.2/engines/Makefile +@@ -107,13 +107,13 @@ install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -122,10 +122,10 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +Index: openssl-1.0.2/engines/ccgost/Makefile +=================================================================== +--- openssl-1.0.2.orig/engines/ccgost/Makefile ++++ openssl-1.0.2/engines/ccgost/Makefile +@@ -47,7 +47,7 @@ install: + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -56,10 +56,10 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl new file mode 100644 index 000000000..8e1b42c88 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl @@ -0,0 +1,54 @@ +warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n"; + +# This library is deprecated and unmaintained. It is included for +# compatibility with Perl 4 scripts which may use it, but it will be +# removed in a future version of Perl. Please use the File::Find module +# instead. + +# Usage: +# require "find.pl"; +# +# &find('/foo','/bar'); +# +# sub wanted { ... } +# where wanted does whatever you want. $dir contains the +# current directory name, and $_ the current filename within +# that directory. $name contains "$dir/$_". You are cd'ed +# to $dir when the function is called. The function may +# set $prune to prune the tree. +# +# For example, +# +# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune +# +# corresponds to this +# +# sub wanted { +# /^\.nfs.*$/ && +# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && +# int(-M _) > 7 && +# unlink($_) +# || +# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) && +# $dev < 0 && +# ($prune = 1); +# } +# +# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats. + +use File::Find (); + +*name = *File::Find::name; +*prune = *File::Find::prune; +*dir = *File::Find::dir; +*topdir = *File::Find::topdir; +*topdev = *File::Find::topdev; +*topino = *File::Find::topino; +*topmode = *File::Find::topmode; +*topnlink = *File::Find::topnlink; + +sub find { + &File::Find::find(\&wanted, @_); +} + +1; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch new file mode 100644 index 000000000..06d1ea69d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch @@ -0,0 +1,21 @@ +Upstream-Status: Submitted + +This patch adds the fix for one of the ciphers used in openssl, namely +the cipher des-ede3-cfb1. Complete bug log and patch is present here: +http://rt.openssl.org/Ticket/Display.html?id=2867 + +Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com> + +Index: openssl-1.0.2/crypto/evp/e_des3.c +=================================================================== +--- openssl-1.0.2.orig/crypto/evp/e_des3.c ++++ openssl-1.0.2/crypto/evp/e_des3.c +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH + size_t n; + unsigned char c[1], d[1]; + +- for (n = 0; n < inl; ++n) { ++ for (n = 0; n * 8 < inl; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c, d, 1, 1, + &data(ctx)->ks1, &data(ctx)->ks2, diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch new file mode 100644 index 000000000..292e13dc5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch @@ -0,0 +1,24 @@ +Upstream-Status: Inappropriate [open-embedded] + +Index: openssl-1.0.0/Makefile.shared +=================================================================== +--- openssl-1.0.0.orig/Makefile.shared ++++ openssl-1.0.0/Makefile.shared +@@ -92,7 +92,7 @@ + LINK_APP= \ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ +- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ ++ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ +@@ -102,7 +102,7 @@ + ( $(SET_X); \ + LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ + SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ +- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ ++ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch new file mode 100644 index 000000000..1e5bfa17d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch @@ -0,0 +1,46 @@ +https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest + +From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 21 Mar 2015 06:01:25 -0400 +Subject: [PATCH] crypto: use bigint in x86-64 perl + +Upstream-Status: Pending +Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> + +When building on x32 systems where the default type is 32bit, make sure +we can transparently represent 64bit integers. Otherwise we end up with +build errors like: +/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s +Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. +... +ghash-x86_64.s: Assembler messages: +ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression + +We don't enable this globally as there are some cases where we'd get +32bit values interpreted as unsigned when we need them as signed. + +Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> +URL: https://bugs.gentoo.org/542618 +--- + crypto/perlasm/x86_64-xlate.pl | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl +index aae8288..0bf9774 100755 +--- a/crypto/perlasm/x86_64-xlate.pl ++++ b/crypto/perlasm/x86_64-xlate.pl +@@ -195,6 +195,10 @@ my %globals; + sub out { + my $self = shift; + ++ # When building on x32 ABIs, the expanded hex value might be too ++ # big to fit into 32bits. Enable transparent 64bit support here ++ # so we can safely print it out. ++ use bigint; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} +-- +2.3.3 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch new file mode 100644 index 000000000..cebc8cf0d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -0,0 +1,23 @@ +openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() + +We should avoid accessing the type pointer if it's NULL, +this could happen if ctx->digest is not NULL. + +Upstream-Status: Submitted +http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html + +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> +--- +Index: openssl-1.0.2/crypto/evp/digest.c +=================================================================== +--- openssl-1.0.2.orig/crypto/evp/digest.c ++++ openssl-1.0.2/crypto/evp/digest.c +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + return 0; + } + #endif +- if (ctx->digest != type) { ++ if (type && (ctx->digest != type)) { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest = type; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch new file mode 100644 index 000000000..de49729e5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch @@ -0,0 +1,19 @@ +openssl: Fix pod2man des.pod error on Ubuntu 12.04 + +This is a formatting fix, '=back' is required before +'=head1' on Ubuntu 12.04. + +Upstream-Status: Pending +Signed-off-by: Baogen Shang <baogen.shang@windriver.com> +diff -urpN a_origin/des.pod b_modify/des.pod +--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800 ++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800 +@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin + output. If there is no name specified after the B<-u>, the name text.des + will be embedded in the header. + ++=back ++ + =head1 SEE ALSO + + ps(1), diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch new file mode 100644 index 000000000..cbce32c89 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch @@ -0,0 +1,39 @@ +Upstream-Status: Pending + +Received from H J Liu @ Intel +Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 + +ported the patch to the 1.0.0e version +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 +Index: openssl-1.0.2/crypto/bn/bn.h +=================================================================== +--- openssl-1.0.2.orig/crypto/bn/bn.h ++++ openssl-1.0.2/crypto/bn/bn.h +@@ -173,6 +173,13 @@ extern "C" { + # endif + # endif + ++/* Address type. */ ++#ifdef _WIN64 ++#define BN_ADDR unsigned long long ++#else ++#define BN_ADDR unsigned long ++#endif ++ + /* + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha +Index: openssl-1.0.2/crypto/bn/bn_exp.c +=================================================================== +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.2/crypto/bn/bn_exp.c +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU + * multiple. + */ + #define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + + /* + * This variant of BN_mod_exp_mont() uses fixed windows and the special diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch new file mode 100644 index 000000000..b6c2c148b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch @@ -0,0 +1,326 @@ +Fix the parallel races in the Makefiles. + +This patch was taken from the Gentoo packaging: +https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +--- openssl-1.0.2g/crypto/Makefile ++++ openssl-1.0.2g/crypto/Makefile +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +@@ -111,7 +111,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -120,7 +120,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +--- openssl-1.0.2g/engines/Makefile ++++ openssl-1.0.2g/engines/Makefile +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +--- openssl-1.0.2g/Makefile.org ++++ openssl-1.0.2g/Makefile.org +@@ -279,17 +279,17 @@ + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -544,7 +544,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +--- openssl-1.0.2g/Makefile.shared ++++ openssl-1.0.2g/Makefile.shared +@@ -105,6 +105,7 @@ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +--- openssl-1.0.2g/test/Makefile ++++ openssl-1.0.2g/test/Makefile +@@ -139,7 +139,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -421,130 +421,130 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) +- @target=$(EVPEXTRATEST); $(BUILD_CMD) ++ +@target=$(EVPEXTRATEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) +- @target=$(V3NAMETEST); $(BUILD_CMD) ++ +@target=$(V3NAMETEST); $(BUILD_CMD) + + $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) +- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) ++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + + $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o +- @target=$(CONSTTIMETEST) $(BUILD_CMD) ++ +@target=$(CONSTTIMETEST) $(BUILD_CMD) + + $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o +- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) ++ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) + + $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o +- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) ++ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) + + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o +- @target=$(SSLV2CONFTEST) $(BUILD_CMD) ++ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -557,7 +557,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. +
\ No newline at end of file diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch new file mode 100644 index 000000000..ef6d17934 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch @@ -0,0 +1,34 @@ +Remove Makefile dependencies for test targets + +These are probably here because the executables aren't always built for +other platforms (e.g. Windows); however we can safely assume they'll +always be there. None of the other test targets have such dependencies +and if we don't remove them, make tries to rebuild the executables and +fails during run-ptest. + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> + +Index: openssl-1.0.2/test/Makefile +=================================================================== +--- openssl-1.0.2.orig/test/Makefile ++++ openssl-1.0.2/test/Makefile +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms- + @echo "CMS consistency test" + $(PERL) cms-test.pl + +-test_srp: $(SRPTEST)$(EXE_EXT) ++test_srp: + @echo "Test SRP" + ../util/shlib_wrap.sh ./srptest + +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT) + @echo "Test X509v3_check_*" + ../util/shlib_wrap.sh ./$(V3NAMETEST) + +-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) ++test_heartbeat: + ../util/shlib_wrap.sh ./$(HEARTBEATTEST) + + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch new file mode 100644 index 000000000..4202e61d1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch @@ -0,0 +1,248 @@ +Additional Makefile dependencies removal for test targets + +Removing the dependency check for test targets as these tests are +causing a number of failures and "noise" during ptest execution. + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Maxin B. John <maxin.john@intel.com> + +diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile +--- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300 ++++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300 +@@ -155,67 +155,67 @@ + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ + done) + +-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ++test_evp: + ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt + +-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) ++test_evp_extra: + ../util/shlib_wrap.sh ./$(EVPEXTRATEST) + +-test_des: $(DESTEST)$(EXE_EXT) ++test_des: + ../util/shlib_wrap.sh ./$(DESTEST) + +-test_idea: $(IDEATEST)$(EXE_EXT) ++test_idea: + ../util/shlib_wrap.sh ./$(IDEATEST) + +-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) ++test_sha: + ../util/shlib_wrap.sh ./$(SHATEST) + ../util/shlib_wrap.sh ./$(SHA1TEST) + ../util/shlib_wrap.sh ./$(SHA256TEST) + ../util/shlib_wrap.sh ./$(SHA512TEST) + +-test_mdc2: $(MDC2TEST)$(EXE_EXT) ++test_mdc2: + ../util/shlib_wrap.sh ./$(MDC2TEST) + +-test_md5: $(MD5TEST)$(EXE_EXT) ++test_md5: + ../util/shlib_wrap.sh ./$(MD5TEST) + +-test_md4: $(MD4TEST)$(EXE_EXT) ++test_md4: + ../util/shlib_wrap.sh ./$(MD4TEST) + +-test_hmac: $(HMACTEST)$(EXE_EXT) ++test_hmac: + ../util/shlib_wrap.sh ./$(HMACTEST) + +-test_wp: $(WPTEST)$(EXE_EXT) ++test_wp: + ../util/shlib_wrap.sh ./$(WPTEST) + +-test_md2: $(MD2TEST)$(EXE_EXT) ++test_md2: + ../util/shlib_wrap.sh ./$(MD2TEST) + +-test_rmd: $(RMDTEST)$(EXE_EXT) ++test_rmd: + ../util/shlib_wrap.sh ./$(RMDTEST) + +-test_bf: $(BFTEST)$(EXE_EXT) ++test_bf: + ../util/shlib_wrap.sh ./$(BFTEST) + +-test_cast: $(CASTTEST)$(EXE_EXT) ++test_cast: + ../util/shlib_wrap.sh ./$(CASTTEST) + +-test_rc2: $(RC2TEST)$(EXE_EXT) ++test_rc2: + ../util/shlib_wrap.sh ./$(RC2TEST) + +-test_rc4: $(RC4TEST)$(EXE_EXT) ++test_rc4: + ../util/shlib_wrap.sh ./$(RC4TEST) + +-test_rc5: $(RC5TEST)$(EXE_EXT) ++test_rc5: + ../util/shlib_wrap.sh ./$(RC5TEST) + +-test_rand: $(RANDTEST)$(EXE_EXT) ++test_rand: + ../util/shlib_wrap.sh ./$(RANDTEST) + +-test_enc: ../apps/openssl$(EXE_EXT) testenc ++test_enc: + @sh ./testenc + +-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem ++test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate +@@ -223,25 +223,25 @@ + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem ++test_rsa: + @sh ./trsa 2>/dev/null + ../util/shlib_wrap.sh ./$(RSATEST) + +-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem ++test_crl: + @sh ./tcrl 2>/dev/null + +-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem ++test_sid: + @sh ./tsid 2>/dev/null + +-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem ++test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem ++test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest ++test_bn: + @echo starting big number library test, could take a while... + @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest + @echo quit >>tmp.bntest +@@ -250,33 +250,33 @@ + @echo 'test a^b%c implementations' + ../util/shlib_wrap.sh ./$(EXPTEST) + +-test_ec: $(ECTEST)$(EXE_EXT) ++test_ec: + @echo 'test elliptic curves' + ../util/shlib_wrap.sh ./$(ECTEST) + +-test_ecdsa: $(ECDSATEST)$(EXE_EXT) ++test_ecdsa: + @echo 'test ecdsa' + ../util/shlib_wrap.sh ./$(ECDSATEST) + +-test_ecdh: $(ECDHTEST)$(EXE_EXT) ++test_ecdh: + @echo 'test ecdh' + ../util/shlib_wrap.sh ./$(ECDHTEST) + +-test_verify: ../apps/openssl$(EXE_EXT) ++test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem + +-test_dh: $(DHTEST)$(EXE_EXT) ++test_dh: + @echo "Generate a set of DH parameters" + ../util/shlib_wrap.sh ./$(DHTEST) + +-test_dsa: $(DSATEST)$(EXE_EXT) ++test_dsa: + @echo "Generate a set of DSA parameters" + ../util/shlib_wrap.sh ./$(DSATEST) + ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 + +-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf ++test_gen testreq.pem: + @echo "Generate and verify a certificate request" + @sh ./testgen + +@@ -288,13 +288,11 @@ + @cat certCA.ss certU.ss > intP1.ss + @cat certCA.ss certU.ss certP1.ss > intP2.ss + +-test_engine: $(ENGINETEST)$(EXE_EXT) ++test_engine: + @echo "Manipulate the ENGINE structures" + ../util/shlib_wrap.sh ./$(ENGINETEST) + +-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ +- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \ +- ../apps/server2.pem serverinfo.pem ++test_ssl: + @echo "test SSL protocol" + @if [ -n "$(FIPSCANLIB)" ]; then \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ +@@ -304,7 +302,7 @@ + @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss + @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss + +-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf ++test_ca: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping CA.sh test -- requires RSA"; \ + else \ +@@ -312,11 +310,11 @@ + sh ./testca; \ + fi + +-test_aes: #$(AESTEST) ++test_aes: + # @echo "test Rijndael" + # ../util/shlib_wrap.sh ./$(AESTEST) + +-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh ++test_tsa: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping testtsa test -- requires RSA"; \ + else \ +@@ -331,7 +329,7 @@ + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./$(JPAKETEST) + +-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt ++test_cms: + @echo "CMS consistency test" + $(PERL) cms-test.pl + +@@ -339,22 +337,22 @@ + @echo "Test SRP" + ../util/shlib_wrap.sh ./srptest + +-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp ++test_ocsp: + @echo "Test OCSP" + @sh ./tocsp + +-test_v3name: $(V3NAMETEST)$(EXE_EXT) ++test_v3name: + @echo "Test X509v3_check_*" + ../util/shlib_wrap.sh ./$(V3NAMETEST) + + test_heartbeat: + ../util/shlib_wrap.sh ./$(HEARTBEATTEST) + +-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) ++test_constant_time: + @echo "Test constant time utilites" + ../util/shlib_wrap.sh ./$(CONSTTIMETEST) + +-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) ++test_verify_extra: + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest new file mode 100755 index 000000000..3b20fce1e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +make -k runtest diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch new file mode 100644 index 000000000..a7ca0a307 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch @@ -0,0 +1,41 @@ +Upstream-Status: Inappropriate [configuration] + +Index: openssl-1.0.1e/crypto/Makefile +=================================================================== +--- openssl-1.0.1e.orig/crypto/Makefile ++++ openssl-1.0.1e/crypto/Makefile +@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ) + + shared: buildinf.h lib subdirs + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + libs: +Index: openssl-1.0.1e/Makefile.org +=================================================================== +--- openssl-1.0.1e.orig/Makefile.org ++++ openssl-1.0.1e/Makefile.org +@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ + + libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a + @if [ "$(SHLIB_TARGET)" != "" ]; then \ +- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ ++ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ +Index: openssl-1.0.1e/ssl/Makefile +=================================================================== +--- openssl-1.0.1e.orig/ssl/Makefile ++++ openssl-1.0.1e/ssl/Makefile +@@ -62,7 +62,7 @@ lib: $(LIBOBJ) + + shared: lib + if [ -n "$(SHARED_LIBS)" ]; then \ +- (cd ..; $(MAKE) $(SHARED_LIB)); \ ++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ + fi + + files: diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb new file mode 100644 index 000000000..290f129fc --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb @@ -0,0 +1,58 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=${BP}/util/ \ + file://run-ptest \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://crypto_use_bigint_in_x86-64_perl.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + " + +SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa" +SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc new file mode 100644 index 000000000..338af33a3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc @@ -0,0 +1,17 @@ +SUMMARY = "RPC program number mapper" +HOMEPAGE = "http://neil.brown.name/portmap/" +SECTION = "console/network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \ + file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1" + +INITSCRIPT_NAME = "portmap" +INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ." + +inherit update-rc.d systemd + +SYSTEMD_SERVICE_${PN} = "portmap.service" + +PACKAGES =+ "portmap-utils" +FILES_portmap-utils = "${base_sbindir}/pmap_set ${base_sbindir}/pmap_dump" +FILES_${PN}-doc += "${docdir}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch new file mode 100644 index 000000000..2fbf784b7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch @@ -0,0 +1,46 @@ +Upstream-Status: Backport + +From: Mike Frysinger <vapier@gentoo.org> +Date: Sun, 13 May 2007 21:15:12 +0000 (-0400) +Subject: respect DESTDIR and dont use -s with install +X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d + +respect DESTDIR and dont use -s with install + +$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ... +so I've converted the Makefile to use that. I've also left in $(BASEDIR) as a +default to support old installs; not sure if you'd just cut it. + +Stripping should be left to the person to handle, not automatically done by +the install step. Also, `install -s` always calls `strip` which is +wrong/undesired in cross-compiling scenarios. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +Signed-off-by: Neil Brown <neilb@suse.de> +--- + +diff --git a/Makefile b/Makefile +index 9e9a4b4..5343428 100644 +--- a/Makefile ++++ b/Makefile +@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST + portmap.man : portmap.8 + sed $(MAN_SED) < portmap.8 > portmap.man + ++DESTDIR = $(BASEDIR) + install: all +- install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin +- install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin +- install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin +- install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8 +- install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8 +- install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8 ++ install -o root -g root -m 0755 portmap $(DESTDIR)/sbin ++ install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin ++ install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin ++ install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8 ++ install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8 ++ install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8 + + clean: + rm -f *.o portmap pmap_dump pmap_set from_local \ diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init new file mode 100755 index 000000000..621aa171a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init @@ -0,0 +1,67 @@ +#!/bin/sh +# +### BEGIN INIT INFO +# Provides: portmap +# Required-Start: $network +# Required-Stop: $network +# Default-Start: S 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: The RPC portmapper +# Description: Portmap is a server that converts RPC (Remote +# Procedure Call) program numbers into DARPA +# protocol port numbers. It must be running in +# order to make RPC calls. Services that use +# RPC include NFS and NIS. +### END INIT INFO + +test -f /sbin/portmap || exit 0 + +case "$1" in + start) + echo "Starting portmap daemon..." + start-stop-daemon --start --quiet --exec /sbin/portmap + + if [ -f /var/run/portmap.upgrade-state ]; then + echo "Restoring old RPC service information..." + sleep 1 # needs a short pause or pmap_set won't work. :( + pmap_set </var/run/portmap.upgrade-state + rm -f /var/run/portmap.upgrade-state + echo "done." + fi + + ;; + stop) + echo "Stopping portmap daemon..." + start-stop-daemon --stop --quiet --exec /sbin/portmap + ;; + reload) + ;; + force-reload) + $0 restart + ;; + restart) + # pmap_dump and pmap_set may be in a different package and not installed... + if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then + do_state=1 + else + do_state=0 + fi + [ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state + $0 stop + $0 start + if [ $do_state -eq 1 ]; then + if [ ! -f /var/run/portmap.upgrade-state ]; then + sleep 1 + pmap_set </var/run/portmap.state + fi + rm -f /var/run/portmap.state + fi + ;; + *) + echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}" + exit 1 + ;; +esac + +exit 0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service new file mode 100644 index 000000000..7ef9d7b02 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service @@ -0,0 +1,10 @@ +[Unit] +Description=The RPC portmapper +After=network.target + +[Service] +Type=forking +ExecStart=@BASE_SBINDIR@/portmap + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch new file mode 100644 index 000000000..2f2505809 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch @@ -0,0 +1,30 @@ +Upstream-Status: Backport + +From: Mike Frysinger <vapier@gentoo.org> +Date: Sun, 13 May 2007 21:17:32 +0000 (-0400) +Subject: fix building with tcpd support disabled +X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5 + +fix building with tcpd support disabled + +Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined. + +Signed-off-by: Timothy Redaelli <drizzt@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +Signed-off-by: Neil Brown <neilb@suse.de> +--- + +diff --git a/pmap_check.c b/pmap_check.c +index 84f2c12..443a822 100644 +--- a/pmap_check.c ++++ b/pmap_check.c +@@ -44,7 +44,9 @@ + #include <netinet/in.h> + #include <rpc/rpcent.h> + #endif ++#ifdef HOSTS_ACCESS + #include <tcpd.h> ++#endif + #include <arpa/inet.h> + #include <grp.h> + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb new file mode 100644 index 000000000..999b4a937 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb @@ -0,0 +1,35 @@ +require portmap.inc + +DEPENDS_append_libc-musl = " libtirpc " + +PR = "r9" + +SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \ + file://destdir-no-strip.patch \ + file://tcpd-config.patch \ + file://portmap.init \ + file://portmap.service" + +SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff" +SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de" + +S = "${WORKDIR}/${BPN}_${PV}/" + +PACKAGECONFIG ??= "tcp-wrappers" +PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers" + +CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS" +CFLAGS += "-Wall -Wstrict-prototypes -fPIC" +EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'" +CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc " +LDFLAGS_append_libc-musl = " -ltirpc " + +do_install() { + install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap + oe_runmake install DESTDIR=${D} + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/host-peer b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/host-peer new file mode 100644 index 000000000..e7e2e11d4 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/host-peer @@ -0,0 +1,11 @@ +-detach +defaultroute +nocrtscts +lock +noauth +lcp-echo-interval 5 +lcp-echo-failure 3 +usepeerdns +115200 +local +asyncmap 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin new file mode 100644 index 000000000..ea2771311 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/sbin/pppd call host diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb new file mode 100644 index 000000000..51a76b429 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb @@ -0,0 +1,28 @@ +SUMMARY = "Enables PPP dial-in through a serial connection" +SECTION = "console/network" +DEPENDS = "ppp" +RDEPENDS_${PN} = "ppp" +PR = "r8" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +SRC_URI = "file://host-peer \ + file://ppp-dialin" + +inherit allarch useradd + +S = "${WORKDIR}" + +do_install() { + install -d ${D}${sysconfdir}/ppp/peers + install -m 0644 ${WORKDIR}/host-peer ${D}${sysconfdir}/ppp/peers/host + + install -d ${D}${sbindir} + install -m 0755 ${WORKDIR}/ppp-dialin ${D}${sbindir} +} + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home /dev/null \ + --no-create-home --shell ${sbindir}/ppp-dialin \ + --no-user-group --gid nogroup ppp" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch new file mode 100644 index 000000000..763e37448 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch @@ -0,0 +1,163 @@ +From 52a1e41d7541b2c936285844c59bd1be21797860 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 29 May 2015 14:57:05 -0700 +Subject: [PATCH] Fix build with musl + +There are several assumption about glibc + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + include/net/ppp_defs.h | 2 ++ + pppd/Makefile.linux | 2 +- + pppd/magic.h | 6 +++--- + pppd/plugins/rp-pppoe/config.h | 5 ++++- + pppd/plugins/rp-pppoe/plugin.c | 1 - + pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++---- + pppd/plugins/rp-pppoe/pppoe.h | 2 +- + pppd/sys-linux.c | 3 ++- + 8 files changed, 17 insertions(+), 12 deletions(-) + +diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h +index b06eda5..dafa36c 100644 +--- a/include/net/ppp_defs.h ++++ b/include/net/ppp_defs.h +@@ -38,6 +38,8 @@ + #ifndef _PPP_DEFS_H_ + #define _PPP_DEFS_H_ + ++#include <sys/time.h> ++ + /* + * The basic PPP frame. + */ +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 8ab2102..d7e2564 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -126,7 +126,7 @@ LIBS += -lcrypt + #endif + + ifdef USE_LIBUTIL +-CFLAGS += -DHAVE_LOGWTMP=1 ++#CFLAGS += -DHAVE_LOGWTMP=1 + LIBS += -lutil + endif + +diff --git a/pppd/magic.h b/pppd/magic.h +index c81213b..9d399e3 100644 +--- a/pppd/magic.h ++++ b/pppd/magic.h +@@ -42,8 +42,8 @@ + * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ + */ + +-void magic_init __P((void)); /* Initialize the magic number generator */ +-u_int32_t magic __P((void)); /* Returns the next magic number */ ++void magic_init (void); /* Initialize the magic number generator */ ++u_int32_t magic (void); /* Returns the next magic number */ + + /* Fill buffer with random bytes */ +-void random_bytes __P((unsigned char *buf, int len)); ++void random_bytes (unsigned char *buf, int len); +diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h +index 5703087..fff032e 100644 +--- a/pppd/plugins/rp-pppoe/config.h ++++ b/pppd/plugins/rp-pppoe/config.h +@@ -78,8 +78,9 @@ + #define HAVE_NET_IF_ARP_H 1 + + /* Define if you have the <net/ethernet.h> header file. */ ++#ifdef __GLIBC__ + #define HAVE_NET_ETHERNET_H 1 +- ++#endif + /* Define if you have the <net/if.h> header file. */ + #define HAVE_NET_IF_H 1 + +@@ -102,7 +103,9 @@ + #define HAVE_NETPACKET_PACKET_H 1 + + /* Define if you have the <sys/cdefs.h> header file. */ ++#ifdef __GLIBC__ + #define HAVE_SYS_CDEFS_H 1 ++#endif + + /* Define if you have the <sys/dlpi.h> header file. */ + /* #undef HAVE_SYS_DLPI_H */ +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c +index a8c2bb4..ca34d79 100644 +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -46,7 +46,6 @@ static char const RCSID[] = + #include <unistd.h> + #include <fcntl.h> + #include <signal.h> +-#include <net/ethernet.h> + #include <net/if_arp.h> + #include <linux/ppp_defs.h> + #include <linux/if_pppox.h> +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c +index 3d3bf4e..d42f619 100644 +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -27,10 +27,6 @@ + #include <linux/if_packet.h> + #endif + +-#ifdef HAVE_NET_ETHERNET_H +-#include <net/ethernet.h> +-#endif +- + #ifdef HAVE_ASM_TYPES_H + #include <asm/types.h> + #endif +@@ -47,6 +43,10 @@ + #include <net/if_arp.h> + #endif + ++#ifndef __GLIBC__ ++#define error(x...) fprintf(stderr, x) ++#endif ++ + char *xstrdup(const char *s); + void usage(void); + +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +index 9ab2eee..75b9004 100644 +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -92,7 +92,7 @@ typedef unsigned long UINT32_t; + #ifdef HAVE_SYS_SOCKET_H + #include <sys/socket.h> + #endif +-#ifndef HAVE_SYS_DLPI_H ++#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H + #include <netinet/if_ether.h> + #endif + #endif +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index a105505..49b0273 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -112,7 +112,7 @@ + #include <linux/types.h> + #include <linux/if.h> + #include <linux/if_arp.h> +-#include <linux/route.h> ++/* #include <linux/route.h> */ + #include <linux/if_ether.h> + #endif + #include <netinet/in.h> +@@ -145,6 +145,7 @@ + #endif + + #ifdef INET6 ++#include <net/route.h> + #ifndef _LINUX_IN6_H + /* + * This is in linux/include/net/ipv6.h. +-- +2.1.4 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch new file mode 100644 index 000000000..8aa2d2e67 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch @@ -0,0 +1,75 @@ +From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001 +From: Lu Chong <Chong.Lu@windriver.com> +Date: Tue, 5 Nov 2013 17:32:56 +0800 +Subject: [PATCH] ppp: Fix compilation errors in Makefile + +This patch fixes below issues: + +1. Make can't exit while compilation error occurs in subdir for plugins building. + +2. If build ppp with newer kernel (3.10.10), it will pick 'if_pppox.h' from sysroot-dir and + 'if_pppol2tp.h' from its own source dir, this cause below build errors: + + bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26: + error: field 'pppol2tp' has incomplete type + struct pppol2tpin6_addr pppol2tp; + ^ + bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28: + error: field 'pppol2tp' has incomplete type + struct pppol2tpv3in6_addr pppol2tp; + ^ + +The 'sysroot-dir/if_pppox.h' enabled ipv6 support but the 'source-dir/if_pppol2tp.h' lost +related structure definitions, we should use both header files from sysroots to fix this +build failure. + +Upstream-Status: Pending + +Signed-off-by: Lu Chong <Chong.Lu@windriver.com> +--- + pppd/plugins/Makefile.linux | 2 +- + pppd/plugins/pppol2tp/Makefile.linux | 2 +- + pppd/plugins/rp-pppoe/Makefile.linux | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index 0a7ec7b..2a2c15a 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -20,7 +20,7 @@ include .depend + endif + + all: $(PLUGINS) +- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done ++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done + + %.so: %.c + $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ +diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux +index 19eff67..feb2f52 100644 +--- a/pppd/plugins/pppol2tp/Makefile.linux ++++ b/pppd/plugins/pppol2tp/Makefile.linux +@@ -1,6 +1,6 @@ + #CC = gcc + COPTS = -O2 -g +-CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC ++CFLAGS = $(COPTS) -I. -I../.. -fPIC + LDFLAGS = -shared + INSTALL = install + +diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux +index f078991..15b9118 100644 +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -26,7 +26,7 @@ INSTALL = install + RP_VERSION=3.8p + + COPTS=-O2 -g +-CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' ++CFLAGS=$(COPTS) '-DRP_VERSION="$(RP_VERSION)"' + all: rp-pppoe.so pppoe-discovery + + pppoe-discovery: pppoe-discovery.o debug.o +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/08setupdns b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/08setupdns new file mode 100644 index 000000000..998219de9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/08setupdns @@ -0,0 +1,12 @@ +#!/bin/sh +ACTUALCONF=/var/run/resolv.conf +PPPCONF=/var/run/ppp/resolv.conf +if [ -f $PPPCONF ] ; then + if [ -f $ACTUALCONF ] ; then + if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then + mv $ACTUALCONF $ACTUALCONF.ppporig + fi + fi + + ln -sf $PPPCONF $ACTUALCONF +fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/92removedns b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/92removedns new file mode 100644 index 000000000..2eadec689 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/92removedns @@ -0,0 +1,5 @@ +#!/bin/sh +ACTUALCONF=/var/run/resolv.conf +if [ -f $ACTUALCONF.ppporig ] ; then + mv $ACTUALCONF.ppporig $ACTUALCONF +fi diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch new file mode 100644 index 000000000..db4dbc27a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch @@ -0,0 +1,292 @@ +This patch comes from OpenEmbedded. +The original patch is from Debian / SuSE to implement replacedefaultroute +Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> + +Upstream-Status: Inappropriate [debian/suse patches] + +diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c +--- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 ++++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 16:40:00.478716855 +0800 +@@ -198,6 +198,16 @@ + "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, + &ipcp_wantoptions[0].default_route }, + ++#ifdef __linux__ ++ { "replacedefaultroute", o_bool, ++ &ipcp_wantoptions[0].replace_default_route, ++ "Replace default route", 1 ++ }, ++ { "noreplacedefaultroute", o_bool, ++ &ipcp_allowoptions[0].replace_default_route, ++ "Never replace default route", OPT_A2COPY, ++ &ipcp_wantoptions[0].replace_default_route }, ++#endif + { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, + "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, + { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, +@@ -271,7 +281,7 @@ + ip_active_pkt + }; + +-static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); ++static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); + static void ipcp_script __P((char *, int)); /* Run an up/down script */ + static void ipcp_script_done __P((void *)); + +@@ -1742,7 +1752,12 @@ + if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) + return 0; + if (wo->default_route) ++#ifndef __linux__ + if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) ++#else ++ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[u] = 1; + if (wo->proxy_arp) + if (sifproxyarp(u, wo->hisaddr)) +@@ -1830,7 +1845,8 @@ + */ + if (demand) { + if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { +- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); ++ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route); + if (go->ouraddr != wo->ouraddr) { + warn("Local IP address changed to %I", go->ouraddr); + script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); +@@ -1855,7 +1871,12 @@ + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) ++#ifndef __linux__ + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++#else ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -1905,7 +1926,12 @@ + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) ++#ifndef __linux__ + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++#else ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -1983,7 +2009,7 @@ + sifnpmode(f->unit, PPP_IP, NPMODE_DROP); + sifdown(f->unit); + ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, +- ipcp_hisoptions[f->unit].hisaddr); ++ ipcp_hisoptions[f->unit].hisaddr, 0); + } + + /* Execute the ip-down script */ +@@ -1999,12 +2025,21 @@ + * proxy arp entries, etc. + */ + static void +-ipcp_clear_addrs(unit, ouraddr, hisaddr) ++ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) + int unit; + u_int32_t ouraddr; /* local address */ + u_int32_t hisaddr; /* remote address */ ++ bool replacedefaultroute; + { +- if (proxy_arp_set[unit]) { ++ /* If replacedefaultroute, sifdefaultroute will be called soon ++ * with replacedefaultroute set and that will overwrite the current ++ * default route. This is the case only when doing demand, otherwise ++ * during demand, this cifdefaultroute would restore the old default ++ * route which is not what we want in this case. In the non-demand ++ * case, we'll delete the default route and restore the old if there ++ * is one saved by an sifdefaultroute with replacedefaultroute. ++ */ ++ if (!replacedefaultroute && default_route_set[unit]) { + cifproxyarp(unit, hisaddr); + proxy_arp_set[unit] = 0; + } +diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h +--- ppp-2.4.5-orig/pppd/ipcp.h 2010-06-30 15:51:12.043682063 +0800 ++++ ppp-2.4.5/pppd/ipcp.h 2010-06-30 16:40:49.586203129 +0800 +@@ -70,6 +70,7 @@ + bool old_addrs; /* Use old (IP-Addresses) option? */ + bool req_addr; /* Ask peer to send IP address? */ + bool default_route; /* Assign default route through interface? */ ++ bool replace_default_route; /* Replace default route through interface? */ + bool proxy_arp; /* Make proxy ARP entry for peer? */ + bool neg_vj; /* Van Jacobson Compression? */ + bool old_vj; /* use old (short) form of VJ option? */ +diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8 +--- ppp-2.4.5-orig/pppd/pppd.8 2010-06-30 15:51:12.043682063 +0800 ++++ ppp-2.4.5/pppd/pppd.8 2010-06-30 16:42:47.102413859 +0800 +@@ -121,6 +121,13 @@ + This entry is removed when the PPP connection is broken. This option + is privileged if the \fInodefaultroute\fR option has been specified. + .TP ++.B replacedefaultroute ++This option is a flag to the defaultroute option. If defaultroute is ++set and this flag is also set, pppd replaces an existing default route ++with the new default route. ++ ++ ++.TP + .B disconnect \fIscript + Execute the command specified by \fIscript\fR, by passing it to a + shell, after +@@ -717,7 +724,12 @@ + .TP + .B nodefaultroute + Disable the \fIdefaultroute\fR option. The system administrator who +-wishes to prevent users from creating default routes with pppd ++wishes to prevent users from adding a default route with pppd ++can do so by placing this option in the /etc/ppp/options file. ++.TP ++.B noreplacedefaultroute ++Disable the \fIreplacedefaultroute\fR option. The system administrator who ++wishes to prevent users from replacing a default route with pppd + can do so by placing this option in the /etc/ppp/options file. + .TP + .B nodeflate +diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h +--- ppp-2.4.5-orig/pppd/pppd.h 2010-06-30 15:51:12.050166398 +0800 ++++ ppp-2.4.5/pppd/pppd.h 2010-06-30 16:43:36.514148327 +0800 +@@ -643,7 +643,11 @@ + int cif6addr __P((int, eui64_t, eui64_t)); + /* Remove an IPv6 address from i/f */ + #endif ++#ifndef __linux__ + int sifdefaultroute __P((int, u_int32_t, u_int32_t)); ++#else ++int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); ++#endif + /* Create default route through i/f */ + int cifdefaultroute __P((int, u_int32_t, u_int32_t)); + /* Delete default route through i/f */ +diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c +--- ppp-2.4.5-orig/pppd/sys-linux.c 2010-06-30 15:51:12.050166398 +0800 ++++ ppp-2.4.5/pppd/sys-linux.c 2010-06-30 16:54:00.362716231 +0800 +@@ -206,6 +206,8 @@ + + static int if_is_up; /* Interface has been marked up */ + static int have_default_route; /* Gateway for default route added */ ++static struct rtentry old_def_rt; /* Old default route */ ++static int default_rt_repl_rest; /* replace and restore old default rt */ + static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ + static char proxy_arp_dev[16]; /* Device for proxy arp entry */ + static u_int32_t our_old_addr; /* for detecting address changes */ +@@ -1537,6 +1539,9 @@ + p = NULL; + } + ++ SET_SA_FAMILY (rt->rt_dst, AF_INET); ++ SET_SA_FAMILY (rt->rt_gateway, AF_INET); ++ + SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); + SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); + SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); +@@ -1606,20 +1611,51 @@ + /******************************************************************** + * + * sifdefaultroute - assign a default route through the address given. +- */ +- +-int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) +-{ +- struct rtentry rt; +- +- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { +- if (rt.rt_flags & RTF_GATEWAY) +- error("not replacing existing default route via %I", +- SIN_ADDR(rt.rt_gateway)); +- else +- error("not replacing existing default route through %s", +- rt.rt_dev); +- return 0; ++ * ++ * If the global default_rt_repl_rest flag is set, then this function ++ * already replaced the original system defaultroute with some other ++ * route and it should just replace the current defaultroute with ++ * another one, without saving the current route. Use: demand mode, ++ * when pppd sets first a defaultroute it it's temporary ppp0 addresses ++ * and then changes the temporary addresses to the addresses for the real ++ * ppp connection when it has come up. ++ */ ++ ++int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) ++{ ++ struct rtentry rt, tmp_rt; ++ struct rtentry *del_rt = NULL; ++ ++ if (default_rt_repl_rest) { ++ /* We have already reclaced the original defaultroute, if we ++ * are called again, we will delete the current default route ++ * and set the new default route in this function. ++ * - this is normally only the case the doing demand: */ ++ if (defaultroute_exists( &tmp_rt )) ++ del_rt = &tmp_rt; ++ } else if ( defaultroute_exists( &old_def_rt ) && ++ strcmp( old_def_rt.rt_dev, ifname ) != 0) { ++ /* We did not yet replace an existing default route, let's ++ * check if we should save and replace a default route: ++ */ ++ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); ++ if (old_gateway != gateway) { ++ if (!replace) { ++ error("not replacing default route to %s [%I]", ++ old_def_rt.rt_dev, old_gateway); ++ return 0; ++ } else { ++ // we need to copy rt_dev because we need it permanent too: ++ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1); ++ strcpy(tmp_dev, old_def_rt.rt_dev); ++ old_def_rt.rt_dev = tmp_dev; ++ ++ notice("replacing old default route to %s [%I]", ++ old_def_rt.rt_dev, old_gateway); ++ default_rt_repl_rest = 1; ++ del_rt = &old_def_rt; ++ } ++ } + } + + memset (&rt, 0, sizeof (rt)); +@@ -1638,6 +1674,12 @@ + error("default route ioctl(SIOCADDRT): %m"); + return 0; + } ++ if (default_rt_repl_rest && del_rt) ++ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { ++ if ( ! ok_error ( errno )) ++ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno); ++ return 0; ++ } + + have_default_route = 1; + return 1; +@@ -1673,6 +1715,16 @@ + return 0; + } + } ++ if (default_rt_repl_rest) { ++ notice("restoring old default route to %s [%I]", ++ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); ++ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { ++ if ( ! ok_error ( errno )) ++ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno); ++ return 0; ++ } ++ default_rt_repl_rest = 0; ++ } + + return 1; + } diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/copts.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/copts.patch new file mode 100644 index 000000000..53ff06e03 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/copts.patch @@ -0,0 +1,21 @@ +ppp: use build system CFLAGS when compiling + +Upstream-Status: Pending + +Override the hard-coded COPTS make variables with +CFLAGS. Add COPTS into one Makefile that did not +use it. + +Signed-off-by: Joe Slater <jslater@windriver.com> + +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch new file mode 100644 index 000000000..c5a0be86f --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch @@ -0,0 +1,30 @@ +ppp: Buffer overflow in radius plugin + +From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 + +Upstream-Status: Backport +CVE: CVE-2015-3310 + +On systems with more than 65535 processes running, pppd aborts when +sending a "start" accounting message to the RADIUS server because of a +buffer overflow in rc_mksid. + +The process id is used in rc_mksid to generate a pseudo-unique string, +assuming that the hex representation of the pid will be at most 4 +characters (FFFF). __sprintf_chk(), used when compiling with +optimization levels greater than 0 and FORTIFY_SOURCE, detects the +buffer overflow and makes pppd crash. + +The following patch fixes the problem. + +--- ppp-2.4.6.orig/pppd/plugins/radius/util.c ++++ ppp-2.4.6/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () % 65535, + cnt & 0xFF); + cnt++; + return buf; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/init b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/init new file mode 100755 index 000000000..0c0136049 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/init @@ -0,0 +1,57 @@ +#!/bin/sh +# +# /etc/init.d/ppp: start or stop PPP link. +# +# If you want PPP started on boot time (most dialup systems won't need it) +# rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and +# follow the instructions in the comments in that file. + +# Source function library. +. /etc/init.d/functions + +test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0 +if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi + +case "$1" in + start) + echo -n "Starting up PPP link: pppd" + if [ "$RUNFILE" = "1" ]; then + /etc/ppp/ppp_on_boot + else + pppd call provider + fi + echo "." + ;; + stop) + echo -n "Shutting down PPP link: pppd" + if [ "$RUNFILE" = "1" ]; then + poff + else + poff provider + fi + echo "." + ;; + status) + status /usr/sbin/pppd; + exit $? + ;; + restart|force-reload) + echo -n "Restarting PPP link: pppd" + if [ "$RUNFILE" = "1" ]; then + poff + sleep 5 + /etc/ppp/ppp_on_boot + else + poff provider + sleep 5 + pppd call provider + fi + echo "." + ;; + *) + echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-down b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-down new file mode 100755 index 000000000..06d35487a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-down @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $ +# +# This script is run by the pppd _after_ the link is brought down. +# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete +# routes, unset IP addresses etc. you should create script(s) there. +# +# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named +# after that package), so choose local script names with that in mind. +# +# This script is called with the following arguments: +# Arg Name Example +# $1 Interface name ppp0 +# $2 The tty ttyS1 +# $3 The link speed 38400 +# $4 Local IP number 12.34.56.78 +# $5 Peer IP number 12.34.56.99 +# $6 Optional ``ipparam'' value foo + +# The environment is cleared before executing this script +# so the path must be reset +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH +# These variables are for the use of the scripts run by run-parts +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + +# as an additional convenience, $PPP_TTYNAME is set to the tty name, +# stripped of /dev/ (if present) for easier matching. +PPP_TTYNAME=`/usr/bin/basename "$2"` +export PPP_TTYNAME + +# Main Script starts here + +run-parts /etc/ppp/ip-down.d + +# last line diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-up b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-up new file mode 100755 index 000000000..fc2fae9fe --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ip-up @@ -0,0 +1,44 @@ +#!/bin/sh +# +# $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $ +# +# This script is run by the pppd after the link is established. +# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes, +# set IP address, run the mailq etc. you should create script(s) there. +# +# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named +# after that package), so choose local script names with that in mind. +# +# This script is called with the following arguments: +# Arg Name Example +# $1 Interface name ppp0 +# $2 The tty ttyS1 +# $3 The link speed 38400 +# $4 Local IP number 12.34.56.78 +# $5 Peer IP number 12.34.56.99 +# $6 Optional ``ipparam'' value foo + +# The environment is cleared before executing this script +# so the path must be reset +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH +# These variables are for the use of the scripts run by run-parts +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + + +# as an additional convenience, $PPP_TTYNAME is set to the tty name, +# stripped of /dev/ (if present) for easier matching. +PPP_TTYNAME=`/usr/bin/basename "$2"` +export PPP_TTYNAME + +# Main Script starts here + +run-parts /etc/ppp/ip-up.d + +# last line diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch new file mode 100644 index 000000000..d59717ebd --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch @@ -0,0 +1,37 @@ +The patch comes from OpenEmbedded. +Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> + +Updated from OE-Classic to include the pcap hunk. +Signed-off-by: Andreas Oberritter <obi@opendreambox.org> + +Upstream-Status: Inappropriate [configuration] + +diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux +--- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800 ++++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 17:08:21.806363042 +0800 +@@ -117,10 +117,10 @@ + #LIBS += -lshadow $(LIBS) + endif + +-ifneq ($(wildcard /usr/include/crypt.h),) ++#ifneq ($(wildcard /usr/include/crypt.h),) + CFLAGS += -DHAVE_CRYPT_H=1 + LIBS += -lcrypt +-endif ++#endif + + ifdef NEEDDES + ifndef USE_CRYPT +@@ -169,10 +169,10 @@ + endif + + ifdef FILTER +-ifneq ($(wildcard /usr/include/pcap-bpf.h),) ++#ifneq ($(wildcard /usr/include/pcap-bpf.h),) + LIBS += -lpcap + CFLAGS += -DPPP_FILTER +-endif ++#endif + endif + + ifdef HAVE_INET6 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile.patch new file mode 100644 index 000000000..2d09baf5d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/makefile.patch @@ -0,0 +1,95 @@ +The patch comes from OpenEmbedded +Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> + +Upstream-Status: Inappropriate [configuration] + +diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux +--- ppp-2.4.5-orig/chat/Makefile.linux 2010-06-30 15:51:12.050166398 +0800 ++++ ppp-2.4.5/chat/Makefile.linux 2010-06-30 15:51:30.450118446 +0800 +@@ -25,7 +25,7 @@ + + install: chat + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c chat $(BINDIR) ++ $(INSTALL) -c chat $(BINDIR) + $(INSTALL) -c -m 644 chat.8 $(MANDIR) + + clean: +diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux +--- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800 ++++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 15:52:11.214170607 +0800 +@@ -99,7 +99,7 @@ + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include + LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto + TARGETS += srp-entry +-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry ++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry + MANPAGES += srp-entry.8 + EXTRACLEAN += srp-entry.o + NEEDDES=y +@@ -200,7 +200,7 @@ + install: pppd + mkdir -p $(BINDIR) $(MANDIR) + $(EXTRAINSTALL) +- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd ++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd + if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ + chmod o-rx,u+s $(BINDIR)/pppd; fi + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) +diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux +--- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 ++++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux 2010-06-30 15:53:47.750182267 +0800 +@@ -36,11 +36,11 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) +- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) +- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) ++ $(INSTALL) -c -m 755 radius.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) ++ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR) ++ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR) + + radius.so: radius.o libradiusclient.a + $(CC) -o radius.so -shared radius.o libradiusclient.a +diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux +--- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 ++++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:53:15.454486877 +0800 +@@ -43,9 +43,9 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) ++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) + $(INSTALL) -d -m 755 $(BINDIR) +- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) + + clean: + rm -f *.o *.so pppoe-discovery +diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux +--- ppp-2.4.5-orig/pppdump/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 ++++ ppp-2.4.5/pppdump/Makefile.linux 2010-06-30 15:52:25.762183537 +0800 +@@ -17,5 +17,5 @@ + + install: + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c pppdump $(BINDIR) ++ $(INSTALL) -c pppdump $(BINDIR) + $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) +diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux +--- ppp-2.4.5-orig/pppstats/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 ++++ ppp-2.4.5/pppstats/Makefile.linux 2010-06-30 15:52:42.486341081 +0800 +@@ -22,7 +22,7 @@ + + install: pppstats + -mkdir -p $(MANDIR) +- $(INSTALL) -s -c pppstats $(BINDIR) ++ $(INSTALL) -c pppstats $(BINDIR) + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) + + pppstats: $(PPPSTATSRCS) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pap b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pap new file mode 100644 index 000000000..093c32607 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pap @@ -0,0 +1,22 @@ +# You can use this script unmodified to connect to sites which allow +# authentication via PAP, CHAP and similar protocols. +# This script can be shared among different pppd peer configurations. +# To use it, add something like this to your /etc/ppp/peers/ file: +# +# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER" +# user YOUR-USERNAME-IN-PAP-SECRETS +# noauth + +# Uncomment the following line to see the connect speed. +# It will be logged to stderr or to the file specified with the -r chat option. +#REPORT CONNECT + +ABORT BUSY +ABORT VOICE +ABORT "NO CARRIER" +ABORT "NO DIALTONE" +ABORT "NO DIAL TONE" +"" ATZ +OK ATDT\T +CONNECT "" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/poff b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/poff new file mode 100644 index 000000000..0521a9406 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/poff @@ -0,0 +1,26 @@ +#!/bin/sh + +# Lets see how many pppds are running.... +set -- `cat /var/run/ppp*.pid 2>/dev/null` + +case $# in + 0) # pppd only creates a pid file once ppp is up, so let's try killing pppd + # on the assumption that we've not got that far yet. + killall pppd + ;; + 1) # If only one was running then it can be killed (apparently killall + # caused problems for some, so lets try killing the pid from the file) + kill $1 + ;; + *) # More than one! Aieehh.. Dont know which one to kill. + echo "More than one pppd running. None stopped" + exit 1 + ;; +esac + +if [ -r /var/run/ppp-quick ] +then + rm -f /var/run/ppp-quick +fi + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pon b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pon new file mode 100644 index 000000000..91c059501 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pon @@ -0,0 +1,9 @@ +#!/bin/sh + +if [ "$1" = "quick" ] +then + touch /var/run/ppp-quick + shift +fi + +/usr/sbin/pppd call ${1:-provider} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp@.service b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp@.service new file mode 100644 index 000000000..2bf0b5e34 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp@.service @@ -0,0 +1,9 @@ +[Unit] +Description=PPP link to %I +Before=network.target + +[Service] +ExecStart=@SBINDIR@/pppd call %I nodetach nolog + +[Install] +WantedBy=multi-user.target diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot new file mode 100644 index 000000000..979376184 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot @@ -0,0 +1,21 @@ +###!/bin/sh +# +# Rename this file to ppp_on_boot and pppd will be fired up as +# soon as the system comes up, connecting to `provider'. +# +# If you also make this file executable, and replace the first line +# with just "#!/bin/sh", the commands below will be executed instead. +# + +# The location of the ppp daemon itself (shouldn't need to be changed) +PPPD=/usr/sbin/pppd + +# The default provider to connect to +$PPPD call provider + +# Additional connections, which would just use settings from +# /etc/ppp/options.<tty> +#$PPPD ttyS0 +#$PPPD ttyS1 +#$PPPD ttyS2 +#$PPPD ttyS3 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch new file mode 100644 index 000000000..a72414ff8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch @@ -0,0 +1,45 @@ +The patch comes from OpenEmbedded +Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> + +Upstream-Status: Inappropriate [embedded specific] + +diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c +--- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 ++++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800 +@@ -55,6 +55,8 @@ + #include <sys/socket.h> + #include <netinet/in.h> + #include <arpa/inet.h> ++#include <sys/stat.h> ++#include <unistd.h> + + #include "pppd.h" + #include "fsm.h" +@@ -2095,6 +2097,14 @@ + u_int32_t peerdns1, peerdns2; + { + FILE *f; ++ struct stat dirinfo; ++ ++ if(stat(_PATH_OUTDIR, &dirinfo)) { ++ if(mkdir(_PATH_OUTDIR, 0775)) { ++ error("Failed to create directory %s: %m", _PATH_OUTDIR); ++ return; ++ } ++ } + + f = fopen(_PATH_RESOLV, "w"); + if (f == NULL) { +diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h +--- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800 ++++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800 +@@ -30,7 +30,8 @@ + #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." + #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" + #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" +-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" ++#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp" ++#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf" + + #define _PATH_USEROPT ".ppprc" + #define _PATH_PSEUDONYM ".ppp_pseudonym" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/provider b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/provider new file mode 100644 index 000000000..e74d71a8e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/provider @@ -0,0 +1,35 @@ +# example configuration for a dialup connection authenticated with PAP or CHAP +# +# This is the default configuration used by pon(1) and poff(1). +# See the manual page pppd(8) for information on all the options. + +# MUST CHANGE: replace myusername@realm with the PPP login name given to +# your by your provider. +# There should be a matching entry with the password in /etc/ppp/pap-secrets +# and/or /etc/ppp/chap-secrets. +user "myusername@realm" + +# MUST CHANGE: replace ******** with the phone number of your provider. +# The /etc/chatscripts/pap chat script may be modified to change the +# modem initialization string. +connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********" + +# Serial device to which the modem is connected. +/dev/modem + +# Speed of the serial line. +115200 + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +defaultroute + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb new file mode 100644 index 000000000..4437b5c51 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -0,0 +1,99 @@ +SUMMARY = "Point-to-Point Protocol (PPP) support" +DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ +the Point-to-Point Protocol (PPP) on Linux and Solaris systems." +SECTION = "console/network" +HOMEPAGE = "http://samba.org/ppp/" +BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" +DEPENDS = "libpcap" +LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" +LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ + file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ + file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ + file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" + +SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \ + file://makefile.patch \ + file://cifdefroute.patch \ + file://pppd-resolv-varrun.patch \ + file://makefile-remove-hard-usr-reference.patch \ + file://pon \ + file://poff \ + file://init \ + file://ip-up \ + file://ip-down \ + file://08setupdns \ + file://92removedns \ + file://copts.patch \ + file://pap \ + file://ppp_on_boot \ + file://provider \ + file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \ + file://ppp@.service \ + file://fix-CVE-2015-3310.patch \ +" + +SRC_URI_append_libc-musl = "\ + file://0001-Fix-build-with-musl.patch \ +" +SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a" +SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30" + +inherit autotools-brokensep systemd + +TARGET_CC_ARCH += " ${LDFLAGS}" +EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" +EXTRA_OECONF = "--disable-strip" + +# Package Makefile computes CFLAGS, referencing COPTS. +# Typically hard-coded to '-O2 -g' in the Makefile's. +# +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' + +do_configure () { + oe_runconf +} + +do_install_append () { + make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp + mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d + mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ + mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ + install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon + install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp + install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ + install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ + mkdir -p ${D}${sysconfdir}/chatscripts + mkdir -p ${D}${sysconfdir}/ppp/peers + install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts + install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot + install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/ppp@.service + rm -rf ${D}/${mandir}/man8/man8 + chmod u+s ${D}${sbindir}/pppd +} + +CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" +PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" +FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" +FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" +FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so" +FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" +FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" +FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" +FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" +FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" +FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" +SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" +SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" +SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" +SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" +SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" +SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" +SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" +SUMMARY_${PN}-tools = "Additional tools for the PPP package" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf new file mode 100644 index 000000000..3790d774a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf @@ -0,0 +1,4 @@ +d root root 0755 /var/run/resolvconf/interface none +f root root 0644 /etc/resolvconf/run/resolv.conf none +f root root 0644 /etc/resolvconf/run/enable-updates none +l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch new file mode 100644 index 000000000..1aead0786 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch @@ -0,0 +1,20 @@ + +busybox installs readlink into /usr/bin, so ensure /usr/bin +is in the path. + +Upstream-Status: Submitted +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +Index: resolvconf-1.76/etc/resolvconf/update.d/libc +=================================================================== +--- resolvconf-1.76.orig/etc/resolvconf/update.d/libc ++++ resolvconf-1.76/etc/resolvconf/update.d/libc +@@ -16,7 +16,7 @@ + # + + set -e +-PATH=/sbin:/bin ++PATH=/sbin:/bin:/usr/bin + + [ -x /lib/resolvconf/list-records ] || exit 1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb new file mode 100644 index 000000000..f4c58514a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb @@ -0,0 +1,67 @@ +SUMMARY = "name server information handler" +DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \ +information about currently available nameservers. It sets \ +itself up as the intermediary between programs that supply \ +nameserver information and programs that need nameserver \ +information." +SECTION = "console/network" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" +AUTHOR = "Thomas Hood" +HOMEPAGE = "http://packages.debian.org/resolvconf" +RDEPENDS_${PN} = "bash" + +SRC_URI = "http://snapshot.debian.org/archive/debian/20150828T220730Z/pool/main/r/${BPN}/${BPN}_1.78.tar.xz \ + file://fix-path-for-busybox.patch \ + file://99_resolvconf \ + " + +SRC_URI[md5sum] = "373a9f9544c84aa477a7425ae773b8b5" +SRC_URI[sha256sum] = "961b22e8fcf0c7de7e90a050323e6fa221bc8b25a5348c160be3506f7e73a7a3" + +# the package is taken from snapshots.debian.org; that source is static and goes stale +# so we check the latest upstream from a directory that does get updated +UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" + +inherit allarch + +do_compile () { + : +} + +do_install () { + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/${BPN}/interface - - - -" \ + > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf + fi + install -d ${D}${base_libdir}/${BPN} + install -d ${D}${sysconfdir}/${BPN} + ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run + install -d ${D}${sysconfdir} ${D}${base_sbindir} + install -d ${D}${mandir}/man8 ${D}${docdir}/${P} + cp -pPR etc/* ${D}${sysconfdir}/ + chown -R root:root ${D}${sysconfdir}/ + install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} + install -d ${D}/${sysconfdir}/network/if-up.d + install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf + install -d ${D}/${sysconfdir}/network/if-down.d + install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf + install -m 0644 README ${D}${docdir}/${P}/ + install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ +} + +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} + +FILES_${PN} += "${base_libdir}/${BPN}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch new file mode 100644 index 000000000..c0e27f3d7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch @@ -0,0 +1,52 @@ +From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 15 Mar 2016 21:36:02 +0000 +Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl + +Original intention of these asserts is to find if termios structure +is mapped correctly to locally define union, the get* APIs for +baudrate would not do the right thing since they do not return the +value from c_ospeed/c_ispeed but the value which is stored in iflag +for baudrate. + +So we check if we are on Linux but not using glibc then we use +__c_ispeed and __c_ospeed as defined in musl, however these are +internal elements of structs it should not have been used this +way. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- +Upstream-Status: Pending + + xioinitialize.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/xioinitialize.c b/xioinitialize.c +index 9f50155..8fb2e4c 100644 +--- a/xioinitialize.c ++++ b/xioinitialize.c +@@ -65,6 +65,12 @@ int xioinitialize(void) { + #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1) + #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1) + #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1) ++#if defined(__linux__) && !defined(__GLIBC__) ++ tdata.termarg.__c_ispeed = 0x56789abc; ++ tdata.termarg.__c_ospeed = 0x6789abcd; ++ assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]); ++ assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]); ++#else + tdata.termarg.c_ispeed = 0x56789abc; + tdata.termarg.c_ospeed = 0x6789abcd; + assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]); +@@ -72,6 +78,7 @@ int xioinitialize(void) { + #endif + #endif + #endif ++#endif + } + #endif + +-- +2.8.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch new file mode 100644 index 000000000..4bbd36766 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch @@ -0,0 +1,32 @@ +From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 15 Feb 2016 20:25:34 +0000 +Subject: [PATCH] define NETDB_INTERNAL to -1 if not available + +helps build with musl + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + compat.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/compat.h b/compat.h +index c8bee4d..bfb013a 100644 +--- a/compat.h ++++ b/compat.h +@@ -666,6 +666,10 @@ typedef int sig_atomic_t; + # define NETDB_INTERNAL h_NETDB_INTERNAL + #endif + ++#if !defined(NETDB_INTERNAL) ++# define NETDB_INTERNAL (-1) ++#endif ++ + #ifndef INET_ADDRSTRLEN + # define INET_ADDRSTRLEN sizeof(struct sockaddr_in) + #endif +-- +2.7.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch new file mode 100644 index 000000000..aa4db65a7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch @@ -0,0 +1,35 @@ +From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Mon, 4 May 2015 00:58:47 -0700 +Subject: [PATCH] Makefile.in: fix for parallel build + +Fixed: +vsnprintf_r.o: file not recognized: File truncated +collect2: error: ld returned 3 exit status +Makefile:122: recipe for target 'filan' failed + +Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue. + +Upstream-Status: Pending + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index f2a6edb..88b784b 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut + procan: $(PROCAN_OBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS) + +-filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o ++filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS) + + libxio.a: $(XIOOBJS) $(UTLOBJS) +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb new file mode 100644 index 000000000..6da9a17b3 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb @@ -0,0 +1,40 @@ +SUMMARY = "Multipurpose relay for bidirectional data transfer" +DESCRIPTION = "Socat is a relay for bidirectional data \ +transfer between two independent data channels." +HOMEPAGE = "http://www.dest-unreach.org/socat/" + +SECTION = "console/network" + +DEPENDS = "openssl readline" + +LICENSE = "GPL-2.0+-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" + + +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ + file://Makefile.in-fix-for-parallel-build.patch \ + file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \ + file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \ +" + +SRC_URI[md5sum] = "334e46924f2b386299c9db2ac22bcd36" +SRC_URI[sha256sum] = "d2da659540c38139f388e9437bfaae16bb458d174d056cb3228432a8f489fbaa" + +inherit autotools + +EXTRA_AUTORECONF += "--exclude=autoheader" + +EXTRA_OECONF += "ac_cv_have_z_modifier=yes sc_cv_sys_crdly_shift=9 \ + sc_cv_sys_tabdly_shift=11 sc_cv_sys_csize_shift=4 \ + ac_cv_ispeed_offset=13 \ + ac_cv_header_bsd_libutil_h=no \ +" + +PACKAGECONFIG ??= "tcp-wrappers" +PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" + +do_install_prepend () { + mkdir -p ${D}${bindir} + install -d ${D}${bindir} ${D}${mandir}/man1 +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch new file mode 100644 index 000000000..f34e243de --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch @@ -0,0 +1,21 @@ +wireless_tools: Avoid stripping iwmulticall + +Upstream-Status: Inappropriate [other] + The removed code was from upstream. + +Signed-off-by: Mark Hatle <mark.hatle@windriver.com> + +diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile +--- wireless_tools.29.orig/Makefile 2011-06-18 11:35:12.183907453 -0500 ++++ wireless_tools.29/Makefile 2011-06-18 11:38:09.995907985 -0500 +@@ -135,9 +135,8 @@ + + macaddr: macaddr.o $(IWLIB) + +-# Always do symbol stripping here + iwmulticall: iwmulticall.o +- $(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS) ++ $(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS) + + # It's a kind of magic... + wireless.h: diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch new file mode 100644 index 000000000..6c0d8cbd2 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch @@ -0,0 +1,22 @@ +wireless-tools: Remove QA warning: No GNU_HASH in the elf binary + +Upstream-Status: Inappropriate [other] + Useful within bitbake environment only. + +Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- wireless_tools.29.orig/Makefile ++++ wireless_tools.29/Makefile +@@ -144,7 +144,7 @@ wireless.h: + + # Compilation of the dynamic library + $(DYNAMIC): $(OBJS:.o=.so) +- $(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^ ++ $(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^ + + # Compilation of the static library + $(STATIC): $(OBJS:.o=.so) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch new file mode 100644 index 000000000..6a757dae7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch @@ -0,0 +1,15 @@ +Upstream-Status: Inappropriate [configuration] + +Index: wireless_tools.30/Makefile +=================================================================== +--- wireless_tools.30.orig/Makefile 2014-02-01 00:21:04.148463382 -0800 ++++ wireless_tools.30/Makefile 2014-02-01 00:23:35.448072279 -0800 +@@ -76,7 +76,7 @@ + INSTALL_DIR= $(PREFIX)/sbin + INSTALL_LIB= $(PREFIX)/lib + INSTALL_INC= $(PREFIX)/include +-INSTALL_MAN= $(PREFIX)/man ++INSTALL_MAN= $(PREFIX)/share/man + + # Various commands + RM = rm -f diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch new file mode 100644 index 000000000..3a22c3f1e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch @@ -0,0 +1,19 @@ +When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache +(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call +touch */libstdc++.so && /sbin/ldconfig to fix it. + +So remove ldconfig call from make install-libs + +Upstream-Status: Inappropriate [disable feature] + +diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile +--- wireless_tools.29.orig/Makefile 2007-09-18 01:56:46.000000000 +0200 ++++ wireless_tools.29/Makefile 2012-02-15 20:46:41.780763514 +0100 +@@ -163,7 +163,6 @@ + install -m 755 $(DYNAMIC) $(INSTALL_LIB) + ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK) + @echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***" +- @$(LDCONFIG) || echo "*** Could not run ldconfig ! ***" + + # Install the static library + install-static:: $(STATIC) diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb new file mode 100644 index 000000000..c3b8f665b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb @@ -0,0 +1,50 @@ +SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem" +HOMEPAGE = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html" +LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)" +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ + file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \ + file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \ + file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6" +SECTION = "base" +PE = "1" + +SRC_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/wireless_tools.${PV}.tar.gz \ + file://remove.ldconfig.call.patch \ + file://man.patch \ + file://avoid_strip.patch \ + file://ldflags.patch \ + " +SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d" +SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63" + +UPSTREAM_CHECK_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html" +UPSTREAM_CHECK_REGEX = "wireless_tools\.(?P<pver>(\d+)(\..*|))\.tar\.gz" + +S = "${WORKDIR}/wireless_tools.30" + +CFLAGS =+ "-I${S}" +EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \ + 'INSTALL_DIR=${D}${base_sbindir}' \ + 'INSTALL_LIB=${D}${libdir}' \ + 'INSTALL_INC=${D}${includedir}' \ + 'INSTALL_MAN=${D}${mandir}'" + +do_compile() { + oe_runmake all libiw.a +} + +do_install() { + oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr + install -d ${D}${sbindir} + install -m 0755 ifrename ${D}${sbindir}/ifrename +} + +PACKAGES = "libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc ${PN}-dbg" + +FILES_libiw = "${libdir}/*.so.*" +FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}" +FILES_libiw-doc = "${mandir}/man7" +FILES_ifrename = "${sbindir}/ifrename" +FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5" +FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network" +FILES_${PN}-doc = "${mandir}" diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant new file mode 100644 index 000000000..6ff4dd882 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant @@ -0,0 +1 @@ +d root root 0700 /var/run/wpa_supplicant none diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig new file mode 100644 index 000000000..f04e398fd --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig @@ -0,0 +1,552 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for madwifi driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_MADWIFI=y +# Set include directory to the madwifi source tree +#CFLAGS += -I../../madwifi + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +# CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# EAP-EKE +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +#CONFIG_VHT_OVERRIDES=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +#CONFIG_ELOOP=eloop + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection), also known as PMF +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +CONFIG_TLS = %ssl% +CONFIG_CTRL_IFACE_DBUS=y +CONFIG_CTRL_IFACE_DBUS_NEW=y + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +#CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +CONFIG_BGSCAN_SIMPLE=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +#CONFIG_P2P=y + +# Enable TDLS support +#CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +#CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh new file mode 100644 index 000000000..5c9e5d33a --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh @@ -0,0 +1,85 @@ +#!/bin/sh + + +WPA_SUP_BIN="/usr/sbin/wpa_supplicant" +WPA_SUP_PNAME="wpa_supplicant" +WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid" +WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE" + +VERBOSITY=0 + + +if [ -s "$IF_WPA_CONF" ]; then + WPA_SUP_CONF="-c $IF_WPA_CONF" +else + exit 0 +fi + +if [ ! -x "$WPA_SUP_BIN" ]; then + + if [ "$VERBOSITY" = "1" ]; then + echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN" + fi + + exit 1 +fi + +if [ "$MODE" = "start" ] ; then + # driver type of interface, defaults to wext when undefined + if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then + IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE") + elif [ -z "$IF_WPA_DRIVER" ]; then + + if [ "$VERBOSITY" = "1" ]; then + echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\"" + fi + + IF_WPA_DRIVER="wext" + fi + + # if we have passed the criteria, start wpa_supplicant + if [ -n "$WPA_SUP_CONF" ]; then + + if [ "$VERBOSITY" = "1" ]; then + echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER" + fi + + start-stop-daemon --start --quiet \ + --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \ + -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER + fi + + # if the interface socket exists, then wpa_supplicant was invoked successfully + if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then + + if [ "$VERBOSITY" = "1" ]; then + echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE" + fi + + exit 0 + + fi + +elif [ "$MODE" = "stop" ]; then + + if [ -f "$WPA_SUP_PIDFILE" ]; then + + if [ "$VERBOSITY" = "1" ]; then + echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon" + fi + + start-stop-daemon --stop --quiet \ + --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE + + if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then + rm -f $WPA_COMMON_CTRL_IFACE/$IFACE + fi + + if [ -f "$WPA_SUP_PIDFILE" ]; then + rm -f $WPA_SUP_PIDFILE + fi + fi + +fi + +exit 0 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf new file mode 100644 index 000000000..68258f5ee --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf @@ -0,0 +1,690 @@ +##### Example wpa_supplicant configuration file ############################### +# +# This file describes configuration file format and lists all available option. +# Please also take a look at simpler configuration examples in 'examples' +# subdirectory. +# +# Empty lines and lines starting with # are ignored + +# NOTE! This file may contain password information and should probably be made +# readable only by root user on multiuser systems. + +# Note: All file paths in this configuration file should use full (absolute, +# not relative to working directory) path in order to allow working directory +# to be changed. This can happen if wpa_supplicant is run in the background. + +# Whether to allow wpa_supplicant to update (overwrite) configuration +# +# This option can be used to allow wpa_supplicant to overwrite configuration +# file whenever configuration is changed (e.g., new network block is added with +# wpa_cli or wpa_gui, or a password is changed). This is required for +# wpa_cli/wpa_gui to be able to store the configuration changes permanently. +# Please note that overwriting configuration file will remove the comments from +# it. +#update_config=1 + +# global configuration (shared by all network blocks) +# +# Parameters for the control interface. If this is specified, wpa_supplicant +# will open a control interface that is available for external programs to +# manage wpa_supplicant. The meaning of this string depends on which control +# interface mechanism is used. For all cases, the existence of this parameter +# in configuration is used to determine whether the control interface is +# enabled. +# +# For UNIX domain sockets (default on Linux and BSD): This is a directory that +# will be created for UNIX domain sockets for listening to requests from +# external programs (CLI/GUI, etc.) for status information and configuration. +# The socket file will be named based on the interface name, so multiple +# wpa_supplicant processes can be run at the same time if more than one +# interface is used. +# /var/run/wpa_supplicant is the recommended directory for sockets and by +# default, wpa_cli will use it when trying to connect with wpa_supplicant. +# +# Access control for the control interface can be configured by setting the +# directory to allow only members of a group to use sockets. This way, it is +# possible to run wpa_supplicant as root (since it needs to change network +# configuration and open raw sockets) and still allow GUI/CLI components to be +# run as non-root users. However, since the control interface can be used to +# change the network configuration, this access needs to be protected in many +# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you +# want to allow non-root users to use the control interface, add a new group +# and change this value to match with that group. Add users that should have +# control interface access to this group. If this variable is commented out or +# not included in the configuration file, group will not be changed from the +# value it got by default when the directory or socket was created. +# +# When configuring both the directory and group, use following format: +# DIR=/var/run/wpa_supplicant GROUP=wheel +# DIR=/var/run/wpa_supplicant GROUP=0 +# (group can be either group name or gid) +# +# For UDP connections (default on Windows): The value will be ignored. This +# variable is just used to select that the control interface is to be created. +# The value can be set to, e.g., udp (ctrl_interface=udp) +# +# For Windows Named Pipe: This value can be used to set the security descriptor +# for controlling access to the control interface. Security descriptor can be +# set using Security Descriptor String Format (see http://msdn.microsoft.com/ +# library/default.asp?url=/library/en-us/secauthz/security/ +# security_descriptor_string_format.asp). The descriptor string needs to be +# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty +# DACL (which will reject all connections). See README-Windows.txt for more +# information about SDDL string format. +# +ctrl_interface=/var/run/wpa_supplicant + +# IEEE 802.1X/EAPOL version +# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines +# EAPOL version 2. However, there are many APs that do not handle the new +# version number correctly (they seem to drop the frames completely). In order +# to make wpa_supplicant interoperate with these APs, the version number is set +# to 1 by default. This configuration value can be used to set it to the new +# version (2). +eapol_version=1 + +# AP scanning/selection +# By default, wpa_supplicant requests driver to perform AP scanning and then +# uses the scan results to select a suitable AP. Another alternative is to +# allow the driver to take care of AP scanning and selection and use +# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association +# information from the driver. +# 1: wpa_supplicant initiates scanning and AP selection +# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association +# parameters (e.g., WPA IE generation); this mode can also be used with +# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with +# APs (i.e., external program needs to control association). This mode must +# also be used when using wired Ethernet drivers. +# 2: like 0, but associate with APs using security policy and SSID (but not +# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to +# enable operation with hidden SSIDs and optimized roaming; in this mode, +# the network blocks in the configuration file are tried one by one until +# the driver reports successful association; each network block should have +# explicit security policy (i.e., only one option in the lists) for +# key_mgmt, pairwise, group, proto variables +ap_scan=1 + +# EAP fast re-authentication +# By default, fast re-authentication is enabled for all EAP methods that +# support it. This variable can be used to disable fast re-authentication. +# Normally, there is no need to disable this. +fast_reauth=1 + +# OpenSSL Engine support +# These options can be used to load OpenSSL engines. +# The two engines that are supported currently are shown below: +# They are both from the opensc project (http://www.opensc.org/) +# By default no engines are loaded. +# make the opensc engine available +#opensc_engine_path=/usr/lib/opensc/engine_opensc.so +# make the pkcs11 engine available +#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so +# configure the path to the pkcs11 module required by the pkcs11 engine +#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so + +# Dynamic EAP methods +# If EAP methods were built dynamically as shared object files, they need to be +# loaded here before being used in the network blocks. By default, EAP methods +# are included statically in the build, so these lines are not needed +#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so +#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so + +# Driver interface parameters +# This field can be used to configure arbitrary driver interace parameters. The +# format is specific to the selected driver interface. This field is not used +# in most cases. +#driver_param="field=value" + +# Maximum lifetime for PMKSA in seconds; default 43200 +#dot11RSNAConfigPMKLifetime=43200 +# Threshold for reauthentication (percentage of PMK lifetime); default 70 +#dot11RSNAConfigPMKReauthThreshold=70 +# Timeout for security association negotiation in seconds; default 60 +#dot11RSNAConfigSATimeout=60 + +# network block +# +# Each network (usually AP's sharing the same SSID) is configured as a separate +# block in this configuration file. The network blocks are in preference order +# (the first match is used). +# +# network block fields: +# +# disabled: +# 0 = this network can be used (default) +# 1 = this network block is disabled (can be enabled through ctrl_iface, +# e.g., with wpa_cli or wpa_gui) +# +# id_str: Network identifier string for external scripts. This value is passed +# to external action script through wpa_cli as WPA_ID_STR environment +# variable to make it easier to do network specific configuration. +# +# ssid: SSID (mandatory); either as an ASCII string with double quotation or +# as hex string; network name +# +# scan_ssid: +# 0 = do not scan this SSID with specific Probe Request frames (default) +# 1 = scan with SSID-specific Probe Request frames (this can be used to +# find APs that do not accept broadcast SSID or use multiple SSIDs; +# this will add latency to scanning, so enable this only when needed) +# +# bssid: BSSID (optional); if set, this network block is used only when +# associating with the AP using the configured BSSID +# +# priority: priority group (integer) +# By default, all networks will get same priority group (0). If some of the +# networks are more desirable, this field can be used to change the order in +# which wpa_supplicant goes through the networks when selecting a BSS. The +# priority groups will be iterated in decreasing priority (i.e., the larger the +# priority value, the sooner the network is matched against the scan results). +# Within each priority group, networks will be selected based on security +# policy, signal strength, etc. +# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not +# using this priority to select the order for scanning. Instead, they try the +# networks in the order that used in the configuration file. +# +# mode: IEEE 802.11 operation mode +# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) +# 1 = IBSS (ad-hoc, peer-to-peer) +# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) +# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has +# to be set to 2 for IBSS. WPA-None requires following network block options: +# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not +# both), and psk must also be set. +# +# proto: list of accepted protocols +# WPA = WPA/IEEE 802.11i/D3.0 +# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) +# If not set, this defaults to: WPA RSN +# +# key_mgmt: list of accepted authenticated key management protocols +# WPA-PSK = WPA pre-shared key (this requires 'psk' field) +# WPA-EAP = WPA using EAP authentication (this can use an external +# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication +# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically +# generated WEP keys +# NONE = WPA is not used; plaintext or static WEP could be used +# If not set, this defaults to: WPA-PSK WPA-EAP +# +# auth_alg: list of allowed IEEE 802.11 authentication algorithms +# OPEN = Open System authentication (required for WPA/WPA2) +# SHARED = Shared Key authentication (requires static WEP keys) +# LEAP = LEAP/Network EAP (only used with LEAP) +# If not set, automatic selection is used (Open System with LEAP enabled if +# LEAP is allowed as one of the EAP methods). +# +# pairwise: list of accepted pairwise (unicast) ciphers for WPA +# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] +# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] +# NONE = Use only Group Keys (deprecated, should not be included if APs support +# pairwise keys) +# If not set, this defaults to: CCMP TKIP +# +# group: list of accepted group (broadcast/multicast) ciphers for WPA +# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] +# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] +# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key +# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] +# If not set, this defaults to: CCMP TKIP WEP104 WEP40 +# +# psk: WPA preshared key; 256-bit pre-shared key +# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., +# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be +# generated using the passphrase and SSID). ASCII passphrase must be between +# 8 and 63 characters (inclusive). +# This field is not needed, if WPA-EAP is used. +# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys +# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant +# startup and reconfiguration time can be optimized by generating the PSK only +# only when the passphrase or SSID has actually changed. +# +# eapol_flags: IEEE 802.1X/EAPOL options (bit field) +# Dynamic WEP key required for non-WPA mode +# bit0 (1): require dynamically generated unicast WEP key +# bit1 (2): require dynamically generated broadcast WEP key +# (3 = require both keys; default) +# Note: When using wired authentication, eapol_flags must be set to 0 for the +# authentication to be completed successfully. +# +# proactive_key_caching: +# Enable/disable opportunistic PMKSA caching for WPA2. +# 0 = disabled (default) +# 1 = enabled +# +# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or +# hex without quotation, e.g., 0102030405) +# wep_tx_keyidx: Default WEP key index (TX) (0..3) +# +# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is +# allowed. This is only used with RSN/WPA2. +# 0 = disabled (default) +# 1 = enabled +#peerkey=1 +# +# Following fields are only used with internal EAP implementation. +# eap: space-separated list of accepted EAP methods +# MD5 = EAP-MD5 (unsecure and does not generate keying material -> +# cannot be used with WPA; to be used as a Phase 2 method +# with EAP-PEAP or EAP-TTLS) +# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used +# as a Phase 2 method with EAP-PEAP or EAP-TTLS) +# OTP = EAP-OTP (cannot be used separately with WPA; to be used +# as a Phase 2 method with EAP-PEAP or EAP-TTLS) +# GTC = EAP-GTC (cannot be used separately with WPA; to be used +# as a Phase 2 method with EAP-PEAP or EAP-TTLS) +# TLS = EAP-TLS (client and server certificate) +# PEAP = EAP-PEAP (with tunnelled EAP authentication) +# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 +# authentication) +# If not set, all compiled in methods are allowed. +# +# identity: Identity string for EAP +# anonymous_identity: Anonymous identity string for EAP (to be used as the +# unencrypted identity with EAP types that support different tunnelled +# identity, e.g., EAP-TTLS) +# password: Password string for EAP +# ca_cert: File path to CA certificate file (PEM/DER). This file can have one +# or more trusted CA certificates. If ca_cert and ca_path are not +# included, server certificate will not be verified. This is insecure and +# a trusted CA certificate should always be configured when using +# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may +# change when wpa_supplicant is run in the background. +# On Windows, trusted CA certificates can be loaded from the system +# certificate store by setting this to cert_store://<name>, e.g., +# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". +# Note that when running wpa_supplicant as an application, the user +# certificate store (My user account) is used, whereas computer store +# (Computer account) is used when running wpasvc as a service. +# ca_path: Directory path for CA certificate files (PEM). This path may +# contain multiple CA certificates in OpenSSL format. Common use for this +# is to point to system trusted CA list which is often installed into +# directory like /etc/ssl/certs. If configured, these certificates are +# added to the list of trusted CAs. ca_cert may also be included in that +# case, but it is not required. +# client_cert: File path to client certificate file (PEM/DER) +# Full path should be used since working directory may change when +# wpa_supplicant is run in the background. +# Alternatively, a named configuration blob can be used by setting this +# to blob://<blob name>. +# private_key: File path to client private key file (PEM/DER/PFX) +# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be +# commented out. Both the private key and certificate will be read from +# the PKCS#12 file in this case. Full path should be used since working +# directory may change when wpa_supplicant is run in the background. +# Windows certificate store can be used by leaving client_cert out and +# configuring private_key in one of the following formats: +# cert://substring_to_match +# hash://certificate_thumbprint_in_hex +# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4" +# Note that when running wpa_supplicant as an application, the user +# certificate store (My user account) is used, whereas computer store +# (Computer account) is used when running wpasvc as a service. +# Alternatively, a named configuration blob can be used by setting this +# to blob://<blob name>. +# private_key_passwd: Password for private key file (if left out, this will be +# asked through control interface) +# dh_file: File path to DH/DSA parameters file (in PEM format) +# This is an optional configuration file for setting parameters for an +# ephemeral DH key exchange. In most cases, the default RSA +# authentication does not use this configuration. However, it is possible +# setup RSA to use ephemeral DH key exchange. In addition, ciphers with +# DSA keys always use ephemeral DH keys. This can be used to achieve +# forward secrecy. If the file is in DSA parameters format, it will be +# automatically converted into DH params. +# subject_match: Substring to be matched against the subject of the +# authentication server certificate. If this string is set, the server +# sertificate is only accepted if it contains this string in the subject. +# The subject string is in following format: +# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com +# altsubject_match: Semicolon separated string of entries to be matched against +# the alternative subject name of the authentication server certificate. +# If this string is set, the server sertificate is only accepted if it +# contains one of the entries in an alternative subject name extension. +# altSubjectName string is in following format: TYPE:VALUE +# Example: EMAIL:server@example.com +# Example: DNS:server.example.com;DNS:server2.example.com +# Following types are supported: EMAIL, DNS, URI +# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters +# (string with field-value pairs, e.g., "peapver=0" or +# "peapver=1 peaplabel=1") +# 'peapver' can be used to force which PEAP version (0 or 1) is used. +# 'peaplabel=1' can be used to force new label, "client PEAP encryption", +# to be used during key derivation when PEAPv1 or newer. Most existing +# PEAPv1 implementation seem to be using the old label, "client EAP +# encryption", and wpa_supplicant is now using that as the default value. +# Some servers, e.g., Radiator, may require peaplabel=1 configuration to +# interoperate with PEAPv1; see eap_testing.txt for more details. +# 'peap_outer_success=0' can be used to terminate PEAP authentication on +# tunneled EAP-Success. This is required with some RADIUS servers that +# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., +# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode) +# include_tls_length=1 can be used to force wpa_supplicant to include +# TLS Message Length field in all TLS messages even if they are not +# fragmented. +# sim_min_num_chal=3 can be used to configure EAP-SIM to require three +# challenges (by default, it accepts 2 or 3) +# phase2: Phase2 (inner authentication with TLS tunnel) parameters +# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or +# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS) +# Following certificate/private key fields are used in inner Phase2 +# authentication when using EAP-TTLS or EAP-PEAP. +# ca_cert2: File path to CA certificate file. This file can have one or more +# trusted CA certificates. If ca_cert2 and ca_path2 are not included, +# server certificate will not be verified. This is insecure and a trusted +# CA certificate should always be configured. +# ca_path2: Directory path for CA certificate files (PEM) +# client_cert2: File path to client certificate file +# private_key2: File path to client private key file +# private_key2_passwd: Password for private key file +# dh_file2: File path to DH/DSA parameters file (in PEM format) +# subject_match2: Substring to be matched against the subject of the +# authentication server certificate. +# altsubject_match2: Substring to be matched against the alternative subject +# name of the authentication server certificate. +# +# fragment_size: Maximum EAP fragment size in bytes (default 1398). +# This value limits the fragment size for EAP methods that support +# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set +# small enough to make the EAP messages fit in MTU of the network +# interface used for EAPOL. The default value is suitable for most +# cases. +# +# EAP-PSK variables: +# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format +# nai: user NAI +# +# EAP-PAX variables: +# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format +# +# EAP-SAKE variables: +# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format +# (this is concatenation of Root-Secret-A and Root-Secret-B) +# nai: user NAI (PEERID) +# +# EAP-GPSK variables: +# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits) +# nai: user NAI (ID_Client) +# +# EAP-FAST variables: +# pac_file: File path for the PAC entries. wpa_supplicant will need to be able +# to create this file and write updates to it when PAC is being +# provisioned or refreshed. Full path to the file should be used since +# working directory may change when wpa_supplicant is run in the +# background. Alternatively, a named configuration blob can be used by +# setting this to blob://<blob name> +# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST +# credentials (PAC) +# +# wpa_supplicant supports number of "EAP workarounds" to work around +# interoperability issues with incorrectly behaving authentication servers. +# These are enabled by default because some of the issues are present in large +# number of authentication servers. Strict EAP conformance mode can be +# configured by disabling workarounds with eap_workaround=0. + +# Example blocks: + +# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers +network={ + ssid="simple" + psk="very secret passphrase" + priority=5 +} + +# Same as previous, but request SSID-specific scanning (for APs that reject +# broadcast SSID) +network={ + ssid="second ssid" + scan_ssid=1 + psk="very secret passphrase" + priority=2 +} + +# Only WPA-PSK is used. Any valid cipher combination is accepted. +network={ + ssid="example" + proto=WPA + key_mgmt=WPA-PSK + pairwise=CCMP TKIP + group=CCMP TKIP WEP104 WEP40 + psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb + priority=2 +} + +# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 +# or WEP40 as the group cipher will not be accepted. +network={ + ssid="example" + proto=RSN + key_mgmt=WPA-EAP + pairwise=CCMP TKIP + group=CCMP TKIP + eap=TLS + identity="user@example.com" + ca_cert="/etc/cert/ca.pem" + client_cert="/etc/cert/user.pem" + private_key="/etc/cert/user.prv" + private_key_passwd="password" + priority=1 +} + +# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel +# (e.g., Radiator) +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=PEAP + identity="user@example.com" + password="foobar" + ca_cert="/etc/cert/ca.pem" + phase1="peaplabel=1" + phase2="auth=MSCHAPV2" + priority=10 +} + +# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the +# unencrypted use. Real identity is sent only within an encrypted TLS tunnel. +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=TTLS + identity="user@example.com" + anonymous_identity="anonymous@example.com" + password="foobar" + ca_cert="/etc/cert/ca.pem" + priority=2 +} + +# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted +# use. Real identity is sent only within an encrypted TLS tunnel. +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=TTLS + identity="user@example.com" + anonymous_identity="anonymous@example.com" + password="foobar" + ca_cert="/etc/cert/ca.pem" + phase2="auth=MSCHAPV2" +} + +# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner +# authentication. +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=TTLS + # Phase1 / outer authentication + anonymous_identity="anonymous@example.com" + ca_cert="/etc/cert/ca.pem" + # Phase 2 / inner authentication + phase2="autheap=TLS" + ca_cert2="/etc/cert/ca2.pem" + client_cert2="/etc/cer/user.pem" + private_key2="/etc/cer/user.prv" + private_key2_passwd="password" + priority=2 +} + +# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and +# group cipher. +network={ + ssid="example" + bssid=00:11:22:33:44:55 + proto=WPA RSN + key_mgmt=WPA-PSK WPA-EAP + pairwise=CCMP + group=CCMP + psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb +} + +# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP +# and all valid ciphers. +network={ + ssid=00010203 + psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +} + + +# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using +# EAP-TLS for authentication and key generation; require both unicast and +# broadcast WEP keys. +network={ + ssid="1x-test" + key_mgmt=IEEE8021X + eap=TLS + identity="user@example.com" + ca_cert="/etc/cert/ca.pem" + client_cert="/etc/cert/user.pem" + private_key="/etc/cert/user.prv" + private_key_passwd="password" + eapol_flags=3 +} + + +# LEAP with dynamic WEP keys +network={ + ssid="leap-example" + key_mgmt=IEEE8021X + eap=LEAP + identity="user" + password="foobar" +} + +# Plaintext connection (no WPA, no IEEE 802.1X) +network={ + ssid="plaintext-test" + key_mgmt=NONE +} + + +# Shared WEP key connection (no WPA, no IEEE 802.1X) +network={ + ssid="static-wep-test" + key_mgmt=NONE + wep_key0="abcde" + wep_key1=0102030405 + wep_key2="1234567890123" + wep_tx_keyidx=0 + priority=5 +} + + +# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key +# IEEE 802.11 authentication +network={ + ssid="static-wep-test2" + key_mgmt=NONE + wep_key0="abcde" + wep_key1=0102030405 + wep_key2="1234567890123" + wep_tx_keyidx=0 + priority=5 + auth_alg=SHARED +} + + +# IBSS/ad-hoc network with WPA-None/TKIP. +network={ + ssid="test adhoc" + mode=1 + proto=WPA + key_mgmt=WPA-NONE + pairwise=NONE + group=TKIP + psk="secret passphrase" +} + + +# Catch all example that allows more or less all configuration modes +network={ + ssid="example" + scan_ssid=1 + key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE + pairwise=CCMP TKIP + group=CCMP TKIP WEP104 WEP40 + psk="very secret passphrase" + eap=TTLS PEAP TLS + identity="user@example.com" + password="foobar" + ca_cert="/etc/cert/ca.pem" + client_cert="/etc/cert/user.pem" + private_key="/etc/cert/user.prv" + private_key_passwd="password" + phase1="peaplabel=0" +} + +# Example of EAP-TLS with smartcard (openssl engine) +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=TLS + proto=RSN + pairwise=CCMP TKIP + group=CCMP TKIP + identity="user@example.com" + ca_cert="/etc/cert/ca.pem" + client_cert="/etc/cert/user.pem" + + engine=1 + + # The engine configured here must be available. Look at + # OpenSSL engine support in the global section. + # The key available through the engine must be the private key + # matching the client certificate configured above. + + # use the opensc engine + #engine_id="opensc" + #key_id="45" + + # use the pkcs11 engine + engine_id="pkcs11" + key_id="id_45" + + # Optional PIN configuration; this can be left out and PIN will be + # asked through the control interface + pin="1234" +} + +# Example configuration showing how to use an inlined blob as a CA certificate +# data instead of using external file +network={ + ssid="example" + key_mgmt=WPA-EAP + eap=TTLS + identity="user@example.com" + anonymous_identity="anonymous@example.com" + password="foobar" + ca_cert="blob://exampleblob" + priority=20 +} + +blob-base64-exampleblob={ +SGVsbG8gV29ybGQhCg== +} + + +# Wildcard match for SSID (plaintext APs only). This example select any +# open AP regardless of its SSID. +network={ + key_mgmt=NONE +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane new file mode 100644 index 000000000..c91ffe0c8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane @@ -0,0 +1,7 @@ +ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=0 +update_config=1 + +network={ + key_mgmt=NONE +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb new file mode 100644 index 000000000..935c8afc9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb @@ -0,0 +1,108 @@ +SUMMARY = "Client for Wi-Fi Protected Access (WPA)" +HOMEPAGE = "http://w1.fi/wpa_supplicant/" +BUGTRACKER = "http://w1.fi/security/" +SECTION = "network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=36b27801447e0662ee0138d17fe93880 \ + file://README;beginline=1;endline=56;md5=7f393579f8b109fe91f3b9765d26c7d3 \ + file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=3430fda79f2ba1dd545f0b3c4d6e4d24" +DEPENDS = "dbus libnl" +RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" + +PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" +PACKAGECONFIG[openssl] = ",,openssl" + +inherit systemd + +SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" +SYSTEMD_AUTO_ENABLE = "disable" + +SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ + file://defconfig \ + file://wpa-supplicant.sh \ + file://wpa_supplicant.conf \ + file://wpa_supplicant.conf-sane \ + file://99_wpa_supplicant \ + " +SRC_URI[md5sum] = "96ff75c3a514f1f324560a2376f13110" +SRC_URI[sha256sum] = "cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316" + +S = "${WORKDIR}/wpa_supplicant-${PV}" + +PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " +FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" +FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" +FILES_${PN} += "${datadir}/dbus-1/system-services/*" +CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" + +do_configure () { + ${MAKE} -C wpa_supplicant clean + install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config + echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config + echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config + + if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then + ssl=openssl + elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then + ssl=gnutls + fi + if [ -n "$ssl" ]; then + sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config + fi + + # For rebuild + rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d +} + +export EXTRA_CFLAGS = "${CFLAGS}" +export BINDIR = "${sbindir}" + +do_compile () { + unset CFLAGS CPPFLAGS CXXFLAGS + sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules + oe_runmake -C wpa_supplicant +} + +do_install () { + install -d ${D}${sbindir} + install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} + install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} + + install -d ${D}${bindir} + install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} + + install -d ${D}${docdir}/wpa_supplicant + install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant + + install -d ${D}${sysconfdir} + install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf + + install -d ${D}${sysconfdir}/network/if-pre-up.d/ + install -d ${D}${sysconfdir}/network/if-post-down.d/ + install -d ${D}${sysconfdir}/network/if-down.d/ + install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant + cd ${D}${sysconfdir}/network/ && \ + ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant + + install -d ${D}/${sysconfdir}/dbus-1/system.d + install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d + install -d ${D}/${datadir}/dbus-1/system-services + install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system + fi + + install -d ${D}/etc/default/volatiles + install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles +} + +pkg_postinst_wpa-supplicant () { + # If we're offline, we don't need to do this. + if [ "x$D" = "x" ]; then + killall -q -HUP dbus-daemon || true + fi + +} |
