diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:28:33 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:31:28 +0300 |
commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /meta-openembedded/meta-oe/recipes-extended | |
parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
download | openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-extended')
42 files changed, 1693 insertions, 753 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch index b12690b32..13510cdea 100644 --- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch @@ -1,4 +1,4 @@ -From d65e48b68076d5b304e6d865967003ae1fea0e6c Mon Sep 17 00:00:00 2001 +From f82f8faf9942f51e9c3c773b56574652695bef5a Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 9 May 2018 21:45:38 -0700 Subject: [PATCH] Disable new gcc8 warnings @@ -7,17 +7,17 @@ GCC seems to be not able to detect the checks for size are already in place Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- -Upstream-Status: Submitted [https://github.com/collectd/collectd/pull/2768] src/libcollectdclient/network_parse.c | 7 +++++++ src/write_sensu.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c -index 2365ab0a..79e6ed96 100644 +index aa753ce..fef43a9 100644 --- a/src/libcollectdclient/network_parse.c +++ b/src/libcollectdclient/network_parse.c -@@ -163,6 +163,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) { +@@ -148,6 +148,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) { return 0; } @@ -29,7 +29,7 @@ index 2365ab0a..79e6ed96 100644 static int parse_string(void *payload, size_t payload_size, char *out, size_t out_size) { char *in = payload; -@@ -175,6 +180,8 @@ static int parse_string(void *payload, size_t payload_size, char *out, +@@ -160,6 +165,8 @@ static int parse_string(void *payload, size_t payload_size, char *out, return 0; } @@ -39,22 +39,22 @@ index 2365ab0a..79e6ed96 100644 lcc_value_list_t *state) { char buf[LCC_NAME_LEN]; diff --git a/src/write_sensu.c b/src/write_sensu.c -index ce23e654..63e1f599 100644 +index bd7a56d..6cb59d5 100644 --- a/src/write_sensu.c +++ b/src/write_sensu.c -@@ -569,6 +569,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */ +@@ -570,6 +570,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */ return ret_str; } /* }}} char *sensu_value_to_json */ +#pragma GCC diagnostic push -+#if __GNUC__ == 8 ++#if __GNUC__ > 7 +#pragma GCC diagnostic ignored "-Wstringop-overflow" +#pragma GCC diagnostic ignored "-Wstringop-truncation" +#endif /* * Uses replace_str2() implementation from * http://creativeandcritical.net/str-replace-c/ -@@ -631,6 +636,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */ +@@ -632,6 +637,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */ return ret; } /* }}} char *replace_str */ diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch new file mode 100644 index 000000000..3ed652f71 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch @@ -0,0 +1,31 @@ +From 98719ea7f717750c790a1f9384ea8d0117e7f52d Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 17 Dec 2018 18:15:05 -0800 +Subject: [PATCH] libcollectdclient: Fix string overflow errors + +Ensure that string has a space for ending null char + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/libcollectdclient/network_parse.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c +index fef43a9..6d65266 100644 +--- a/src/libcollectdclient/network_parse.c ++++ b/src/libcollectdclient/network_parse.c +@@ -169,9 +169,9 @@ static int parse_string(void *payload, size_t payload_size, char *out, + + static int parse_identifier(uint16_t type, void *payload, size_t payload_size, + lcc_value_list_t *state) { +- char buf[LCC_NAME_LEN]; +- +- if (parse_string(payload, payload_size, buf, sizeof(buf)) != 0) ++ char buf[LCC_NAME_LEN+1]; ++ buf[LCC_NAME_LEN] = '\0'; ++ if (parse_string(payload, payload_size, buf, LCC_NAME_LEN) != 0) + return EINVAL; + + switch (type) { diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb index df9fa233c..6dff18c16 100644 --- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb @@ -13,9 +13,10 @@ SRC_URI = "http://collectd.org/files/collectd-${PV}.tar.bz2 \ file://0001-fix-to-build-with-glibc-2.25.patch \ file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ file://0005-Disable-new-gcc8-warnings.patch \ + file://0006-libcollectdclient-Fix-string-overflow-errors.patch \ " -SRC_URI[md5sum] = "a841159323624f18bf03198e9f5aa364" -SRC_URI[sha256sum] = "b06ff476bbf05533cb97ae6749262cc3c76c9969f032bd8496690084ddeb15c9" +SRC_URI[md5sum] = "bfce96c42cede5243028510bcc57c1e6" +SRC_URI[sha256sum] = "e796fda27ce06377f491ad91aa286962a68c2b54076aa77a29673d53204453da" inherit autotools pythonnative update-rc.d pkgconfig systemd diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch index 36fd57c9b..020ac2c3b 100644 --- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch +++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch @@ -3,13 +3,14 @@ From: Jackie Huang <jackie.huang@windriver.com> Date: Tue, 27 Mar 2018 10:21:09 +0800 Subject: [PATCH] init.d/Makefile.am: add missing dependency -install-data-hook should epend on install-exec-hook, or the +install-data-hook should depend on install-exec-hook, or the haveged.service might be installed incorrectly when build with -j option. -Upstream-Status: Inappropriate [no upstream mailing list] +Upstream-Status: Submitted [https://github.com/jirka-h/haveged/pull/13] Signed-off-by: Jackie Huang <jackie.huang@windriver.com> +Signed-off-by: Khem Raj raj.khem@gmail.com --- init.d/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -21,12 +22,11 @@ index 5940f78..07bcdf7 100644 @@ -33,7 +33,7 @@ if ENABLE_SYSTEMD install-exec-hook: $(do_subst) < $(srcdir)/$(src_tmpl) > haveged.service; - + -install-data-hook: +install-data-hook: install-exec-hook if ENABLE_SYSTEMD_LOOKUP install -p -D -m644 haveged.service $(DESTDIR)`pkg-config --variable=systemdsystemunitdir systemd`/haveged.service; else --- +-- 2.11.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb index bf1367391..32aab59f1 100644 --- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb +++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb @@ -5,14 +5,14 @@ HOMEPAGE = "http://www.issihosts.com/haveged/index.html" LICENSE = "GPLv3" LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "http://www.issihosts.com/haveged/haveged-${PV}.tar.gz \ +# v1.9.4 +SRCREV = "faa40ff345af194d3253f5fb030403e3c9831c36" +SRC_URI = "git://github.com/jirka-h/haveged.git \ file://haveged-init.d-Makefile.am-add-missing-dependency.patch \ " +S = "${WORKDIR}/git" -SRC_URI[md5sum] = "fb1d8b3dcbb9d06b30eccd8aa500fd31" -SRC_URI[sha256sum] = "f77d9adbdf421b61601fa29faa9ce3b479d910f73c66b9e364ba8642ccbfbe70" - -UPSTREAM_CHECK_URI = "http://www.issihosts.com/haveged/downloads.html" +UPSTREAM_CHECK_URI = "https://github.com/jirka-h/haveged/releases" inherit autotools update-rc.d systemd diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb deleted file mode 100644 index 370fa2248..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb +++ /dev/null @@ -1,12 +0,0 @@ -SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data" -HOMEPAGE = "http://www.digip.org/jansson/" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8b70213ec164c7bd876ec2120ba52f61" - -SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "7af071db9970441e1eaaf25662310e33" -SRC_URI[sha256sum] = "6e85f42dabe49a7831dbdd6d30dca8a966956b51a9a50ed534b82afc3fa5b2f4" - -inherit autotools pkgconfig - diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb new file mode 100644 index 000000000..3cc353ee7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb @@ -0,0 +1,13 @@ +SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data" +HOMEPAGE = "http://www.digip.org/jansson/" +BUGTRACKER = "https://github.com/akheron/jansson/issues" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fc2548c0eb83800f29330040e18b5a05" + +SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "0ed1f3a924604aae68067c214b0010ef" +SRC_URI[sha256sum] = "5f8dec765048efac5d919aded51b26a32a05397ea207aa769ff6b53c7027d2c9" + +inherit autotools pkgconfig + diff --git a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb index 93a09f28a..135499789 100644 --- a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb @@ -19,9 +19,10 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig update-rc.d -COMPATIBLE_HOST_arm_libc-musl = "null" - LCD_DRIVERS ?= "all,!irman,!svga" +LCD_DRIVERS_append_aarch64 = ",!serialVFD" +LCD_DRIVERS_append_arm = ",!serialVFD" + LCD_DEFAULT_DRIVER ?= "curses" PACKAGECONFIG ??= "usb" diff --git a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb index 35f0cc060..54a188dc8 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c" inherit autotools python3native gobject-introspection -SRCREV = "0debeb45562ac3d8f6f43f6f942b238abab55be9" +SRCREV = "cb308566c3c5222b8422f78997a1742713b265a9" SRC_URI = " \ git://github.com/rhinstaller/libblockdev;branch=master \ " @@ -19,7 +19,7 @@ S = "${WORKDIR}/git" FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" -PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath" +PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath nvdimm" PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3" PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python2" PACKAGECONFIG[lvm] = "--with-lvm, --without-lvm, multipath-tools, lvm2" @@ -30,7 +30,7 @@ PACKAGECONFIG[kmod] = "--with-kbd, --without-kbd, kmod" PACKAGECONFIG[parted] = "--with-part, --without-part, parted" PACKAGECONFIG[fs] = "--with-fs, --without-fs, util-linux" PACKAGECONFIG[doc] = "--with-gtk-doc, --without-gtk-doc, gtk-doc-native" -PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm" +PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm, ndctl util-linux" PACKAGECONFIG[vdo] = "--with-vdo, --without-vdo" PACKAGECONFIG[escrow] = "--with-escrow, --without-escrow, nss volume-key" PACKAGECONFIG[btrfs] = "--with-btrfs,--without-btrfs,libbytesize btrfs-tools" diff --git a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb index 542956cf6..da22836a2 100644 --- a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb +++ b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb @@ -17,7 +17,7 @@ SRC_URI += "file://0001-Makefile.am-remove-doc-and-apidoc.patch \ file://0003-without-build-plugins.patch \ file://0004-configure.ac-remove-prog-test-of-augparse.patch \ " -SRCREV = "15f92bcaf73e5eb8958fbde655a57dcd111757a7" +SRCREV = "1d5cc00e44af4800fcae9761625dd4230681e82a" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb new file mode 100644 index 000000000..192d4bce6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb @@ -0,0 +1,12 @@ +DESCRIPTION = "libserialport is a minimal, cross-platform shared library written in C that is intended to take care of the OS-specific details when writing software that uses serial ports." +HOMEPAGE = "https://sigrok.org/wiki/Libserialport" + +LICENSE = "LGPL-3.0+" +LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02" + +inherit autotools + +SRC_URI = "http://sigrok.org/download/source/libserialport/libserialport-${PV}.tar.gz" + +SRC_URI[md5sum] = "b93f0325a6157198152b5bd7e8182b51" +SRC_URI[sha256sum] = "4a2af9d9c3ff488e92fb75b4ba38b35bcf9b8a66df04773eba2a7bbf1fa7529d" diff --git a/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb new file mode 100644 index 000000000..ce73700d7 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "libzip is a C library for reading, creating, and modifying zip archives." +HOMEPAGE = "https://libzip.org/" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=01f8b1b8da6403739094396e15b1e722" + +DEPENDS = "zlib bzip2" + +PACKAGECONFIG[ssl] = "-DENABLE_OPENSSL=ON,-DENABLE_OPENSSL=OFF,openssl" + +PACKAGECONFIG ?= "ssl" + +inherit cmake + +SRC_URI = "https://libzip.org/download/libzip-${PV}.tar.xz" + +SRC_URI[md5sum] = "6fe665aa6d6bf3a99eb6fa9c553283fd" +SRC_URI[sha256sum] = "04ea35b6956c7b3453f1ed3f3fe40e3ddae1f43931089124579e8384e79ed372" diff --git a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb index aea539ef0..275a8f238 100644 --- a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb @@ -20,9 +20,9 @@ do_install() { install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/logfiles install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/services install -m 0755 -d ${D}${localstatedir}/cache/logwatch - mv conf/ ${D}${datadir}/logwatch/default.conf - mv scripts/ ${D}${datadir}/logwatch/scripts - mv lib ${D}${datadir}/logwatch/lib + cp -r -f conf/ ${D}${datadir}/logwatch/default.conf + cp -r -f scripts/ ${D}${datadir}/logwatch/scripts + cp -r -f lib ${D}${datadir}/logwatch/lib chown -R root:root ${D}${datadir}/logwatch install -m 0755 -d ${D}${mandir}/man1 diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch new file mode 100644 index 000000000..29c6a7b69 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch @@ -0,0 +1,21 @@ +Drop enable format string warnings to help gcc9 + +Fixes +| /mnt/a/yoe/build/tmp/work/core2-64-yoe-linux-musl/mozjs/52.9.1-r0/mozjs-52.9.1/js/src/jit/x64/BaseAssembler-x64.h:596:13: error: '%s' directive argument is null [-Werror=format-overflow=] +| 596 | spew("movq " MEM_obs ", %s", ADDR_obs(offset, base, index, scale), GPReg64Name(dst)); +| | ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Upstream-Status: Inappropriate [Workaround for gcc9] +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/js/src/moz.build ++++ b/js/src/moz.build +@@ -785,7 +785,7 @@ if CONFIG['JS_HAS_CTYPES']: + DEFINES['FFI_BUILDING'] = True + + if CONFIG['GNU_CXX']: +- CXXFLAGS += ['-Wno-shadow', '-Werror=format'] ++ CXXFLAGS += ['-Wno-shadow'] + + # Suppress warnings in third-party code. + if CONFIG['CLANG_CXX']: diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb index 7c8a7aee1..92d15724f 100644 --- a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb @@ -14,6 +14,7 @@ SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/main/m/mozjs52/mozjs52_52.9.1.o file://disable-mozglue-in-stand-alone-builds.patch \ file://add-riscv-support.patch \ file://0001-mozjs-fix-coredump-caused-by-getenv.patch \ + file://format-overflow.patch \ file://JS_PUBLIC_API.patch \ " SRC_URI_append_libc-musl = " \ @@ -44,7 +45,7 @@ EXTRA_OECONF = " \ --host=${BUILD_SYS} \ --prefix=${prefix} \ --libdir=${libdir} \ - --disable-tests \ + --disable-tests --disable-strip --disable-optimize \ --with-nspr-libs='-lplds4 -lplc4 -lnspr4' \ ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', "--enable-gold", '--disable-gold', d)} \ " @@ -52,9 +53,15 @@ EXTRA_OECONF = " \ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" PACKAGECONFIG[x11] = "--x-includes=${STAGING_INCDIR} --x-libraries=${STAGING_LIBDIR},--x-includes=no --x-libraries=no,virtual/libx11" -EXTRA_OEMAKE_task-compile += "OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'" +EXTRA_OEMAKE_task-compile += "BUILD_OPT=1 OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'" EXTRA_OEMAKE_task-install += "STATIC_LIBRARY_NAME=js_static" +export HOST_CC = "${BUILD_CC}" +export HOST_CXX = "${BUILD_CXX}" +export HOST_CFLAGS = "${BUILD_CFLAGS}" +export HOST_CPPFLAGS = "${BUILD_CPPFLAGS}" +export HOST_CXXFLAGS = "${BUILD_CXXFLAGS}" + do_configure() { export SHELL="/bin/sh" export TMP="${B}" diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch new file mode 100644 index 000000000..4dcd10800 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch @@ -0,0 +1,42 @@ +From f2c37fab5dbaffa06c1268ee1309596306c9a4df Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 20 Nov 2018 12:23:47 -0800 +Subject: [PATCH] Adjust for CURLE_SSL_CACERT deprecation in curl >= 7.62 + +Use CURLE_PEER_FAILED_VERIFICATION instead + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/lib/wsman-curl-client-transport.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c +index d0a3829b..92727f4f 100644 +--- a/src/lib/wsman-curl-client-transport.c ++++ b/src/lib/wsman-curl-client-transport.c +@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r) + return WS_LASTERR_SSL_CONNECT_ERROR; + case CURLE_BAD_FUNCTION_ARGUMENT: + return WS_LASTERR_CURL_BAD_FUNCTION_ARG; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_PEER_CERTIFICATE: + return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + case CURLE_SSL_ENGINE_NOTFOUND: + return WS_LASTERR_SSL_ENGINE_NOTFOUND; + case CURLE_SSL_ENGINE_SETFAILED: + return WS_LASTERR_SSL_ENGINE_SETFAILED; + case CURLE_SSL_CERTPROBLEM: + return WS_LASTERR_SSL_CERTPROBLEM; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_CACERT: + return WS_LASTERR_SSL_CACERT; ++#else ++ case CURLE_PEER_FAILED_VERIFICATION: ++ return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + #if LIBCURL_VERSION_NUM > 0x70C01 + case CURLE_SSL_ENGINE_INITFAILED: + return WS_LASTERR_SSL_ENGINE_INITFAILED; diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch deleted file mode 100644 index 49afa56f5..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch +++ /dev/null @@ -1,162 +0,0 @@ -From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001 -From: Vitezslav Crhonek <vcrhonek@redhat.com> -Date: Wed, 5 Sep 2018 11:23:46 -0700 -Subject: [PATCH 1/2] Port to OpenSSL 1.1.0 - -Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/lib/wsman-curl-client-transport.c | 6 +++- - src/server/shttpd/io_ssl.c | 17 ---------- - src/server/shttpd/shttpd.c | 20 ++++-------- - src/server/shttpd/ssl.h | 46 --------------------------- - 4 files changed, 12 insertions(+), 77 deletions(-) - -diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c -index cd7f517a..e64ad097 100644 ---- a/src/lib/wsman-curl-client-transport.c -+++ b/src/lib/wsman-curl-client-transport.c -@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data) - static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg) - { - unsigned char *thumbprint = (unsigned char *)arg; -- X509 *cert = ctx->cert; - EVP_MD *tempDigest; - - unsigned char tempFingerprint[EVP_MAX_MD_SIZE]; - unsigned int tempFingerprintLen; - tempDigest = (EVP_MD*)EVP_sha1( ); -+ -+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx); -+ if(!cert) -+ return 0; -+ - if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0) - return 0; - if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen)) -diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c -index 6de0db2a..7ac669e4 100644 ---- a/src/server/shttpd/io_ssl.c -+++ b/src/server/shttpd/io_ssl.c -@@ -11,23 +11,6 @@ - #include "defs.h" - - #if !defined(NO_SSL) --struct ssl_func ssl_sw[] = { -- {"SSL_free", {0}}, -- {"SSL_accept", {0}}, -- {"SSL_connect", {0}}, -- {"SSL_read", {0}}, -- {"SSL_write", {0}}, -- {"SSL_get_error", {0}}, -- {"SSL_set_fd", {0}}, -- {"SSL_new", {0}}, -- {"SSL_CTX_new", {0}}, -- {"SSLv23_server_method", {0}}, -- {"SSL_library_init", {0}}, -- {"SSL_CTX_use_PrivateKey_file", {0}}, -- {"SSL_CTX_use_certificate_file",{0}}, -- {NULL, {0}} --}; -- - void - _shttpd_ssl_handshake(struct stream *stream) - { -diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c -index 5876392e..4c1dbf32 100644 ---- a/src/server/shttpd/shttpd.c -+++ b/src/server/shttpd/shttpd.c -@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - int retval = FALSE; - EC_KEY* key; - -- /* Load SSL library dynamically */ -- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { -- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB); -- return (FALSE); -- } -- -- for (fp = ssl_sw; fp->name != NULL; fp++) -- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { -- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name); -- return (FALSE); -- } -- - /* Initialize SSL crap */ -+ debug("Initialize SSL"); -+ SSL_load_error_strings(); -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); -+ #else -+ OPENSSL_init_ssl(0, NULL); -+ #endif - - if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) - _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); -@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { - //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); - debug("SSL: disable %s protocol", protocols[idx].name); -- SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); -+ SSL_CTX_set_options(CTX, protocols[idx].opt); - break; - } - } -diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h -index a863f2c7..8dad0109 100644 ---- a/src/server/shttpd/ssl.h -+++ b/src/server/shttpd/ssl.h -@@ -12,50 +12,4 @@ - - #include <openssl/ssl.h> - --#else -- --/* -- * Snatched from OpenSSL includes. I put the prototypes here to be independent -- * from the OpenSSL source installation. Having this, shttpd + SSL can be -- * built on any system with binary SSL libraries installed. -- */ -- --typedef struct ssl_st SSL; --typedef struct ssl_method_st SSL_METHOD; --typedef struct ssl_ctx_st SSL_CTX; -- --#define SSL_ERROR_WANT_READ 2 --#define SSL_ERROR_WANT_WRITE 3 --#define SSL_ERROR_SYSCALL 5 --#define SSL_FILETYPE_PEM 1 -- - #endif -- --/* -- * Dynamically loaded SSL functionality -- */ --struct ssl_func { -- const char *name; /* SSL function name */ -- union variant ptr; /* Function pointer */ --}; -- --extern struct ssl_func ssl_sw[]; -- --#define FUNC(x) ssl_sw[x].ptr.v_func -- --#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x) --#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x) --#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x) --#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z)) --#define SSL_write(x,y,z) \ -- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z)) --#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) --#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) --#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) --#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x) --#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() --#define SSL_library_init() (* (int (*)(void)) FUNC(10))() --#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ -- const char *, int)) FUNC(11))((x), (y), (z)) --#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ -- const char *, int)) FUNC(12))((x), (y), (z)) --- -2.18.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch new file mode 100644 index 000000000..8d230ba6d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch @@ -0,0 +1,77 @@ +From 634b95157e1823672a2c95fac0cecf079b5967e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Mon, 19 Nov 2018 15:31:27 +0100 +Subject: [PATCH] openSSL 1.1.0 API fixes + +--- + src/server/shttpd/io_ssl.c | 5 +++++ + src/server/shttpd/shttpd.c | 11 ++++++++++- + src/server/shttpd/ssl.h | 3 +++ + 3 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c +index 6de0db2a..ece610ef 100644 +--- a/src/server/shttpd/io_ssl.c ++++ b/src/server/shttpd/io_ssl.c +@@ -21,8 +21,13 @@ struct ssl_func ssl_sw[] = { + {"SSL_set_fd", {0}}, + {"SSL_new", {0}}, + {"SSL_CTX_new", {0}}, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + {"SSLv23_server_method", {0}}, + {"SSL_library_init", {0}}, ++#else ++ {"TLS_server_method", {0}}, ++ {"OPENSSL_init_ssl", {0}}, ++#endif + {"SSL_CTX_use_PrivateKey_file", {0}}, + {"SSL_CTX_use_certificate_file",{0}}, + {NULL, {0}} +diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c +index f0f3fbd8..652aea17 100644 +--- a/src/server/shttpd/shttpd.c ++++ b/src/server/shttpd/shttpd.c +@@ -1489,9 +1489,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) + } + + /* Initialize SSL crap */ +- SSL_library_init(); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_library_init(); + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) ++#else ++ OPENSSL_init_ssl(); ++ if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL) ++#endif + _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); + else if (SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(), SSL_FILETYPE_PEM) != 1) + _shttpd_elog(E_LOG, NULL, "cannot open certificate file %s", pem); +@@ -1552,6 +1557,10 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) + if (rc != 1) { + _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list); + } ++ else if ((*ssl_cipher_list == 0) || (*ssl_cipher_list == ' ')) { ++ _shttpd_elog(E_LOG, NULL, "Empty 'ssl_cipher_list' defaults to 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'."); ++ _shttpd_elog(E_LOG, NULL, "Check openSSL documentation."); ++ } + } + ctx->ssl_ctx = CTX; + +diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h +index 2304b70a..89a73c49 100644 +--- a/src/server/shttpd/ssl.h ++++ b/src/server/shttpd/ssl.h +@@ -56,6 +56,9 @@ extern struct ssl_func ssl_sw[]; + #if OPENSSL_VERSION_NUMBER < 0x10100000L + #define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() + #define SSL_library_init() (* (int (*)(void)) FUNC(10))() ++#else ++#define TLS_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() ++#define OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))() + #endif + #define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ + const char *, int)) FUNC(11))((x), (y), (z)) +-- +2.19.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch deleted file mode 100644 index 5ae2e0006..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001 -From: Vitezslav Crhonek <vcrhonek@redhat.com> -Date: Mon, 24 Apr 2017 11:28:39 +0200 -Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older - version - -Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/lib/wsman-curl-client-transport.c | 4 ++++ - src/server/shttpd/shttpd.c | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c -index e64ad097..4fc047e8 100644 ---- a/src/lib/wsman-curl-client-transport.c -+++ b/src/lib/wsman-curl-client-transport.c -@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void - unsigned int tempFingerprintLen; - tempDigest = (EVP_MD*)EVP_sha1( ); - -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L -+ X509 *cert = ctx->cert; -+ #else - X509 *cert = X509_STORE_CTX_get_current_cert(ctx); -+ #endif - if(!cert) - return 0; - -diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c -index 4c1dbf32..161720c8 100644 ---- a/src/server/shttpd/shttpd.c -+++ b/src/server/shttpd/shttpd.c -@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { - //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); - debug("SSL: disable %s protocol", protocols[idx].name); -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L -+ SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); -+ #else - SSL_CTX_set_options(CTX, protocols[idx].opt); -+ #endif - break; - } - } --- -2.18.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb index 5fba3855c..f04ff01d9 100644 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb @@ -15,15 +15,15 @@ DEPENDS = "curl libxml2 openssl libpam" inherit distro_features_check REQUIRED_DISTRO_FEATURES = "pam" -SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6" -PV = "2.6.5" +# v2.6.8 +SRCREV = "b9cd0b72534854abb6dd834c8c11e02111b4c8d7" SRC_URI = "git://github.com/Openwsman/openwsman.git \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ - file://0001-Port-to-OpenSSL-1.1.0.patch \ - file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \ + file://0001-openSSL-1.1.0-API-fixes.patch \ + file://0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch \ " S = "${WORKDIR}/git" @@ -31,7 +31,7 @@ S = "${WORKDIR}/git" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba" -inherit systemd cmake pkgconfig pythonnative perlnative +inherit systemd cmake pkgconfig python3native perlnative SYSTEMD_SERVICE_${PN} = "openwsmand.service" SYSTEMD_AUTO_ENABLE = "disable" @@ -41,6 +41,8 @@ LDFLAGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', " -fuse- EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \ -DBUILD_LIBCIM=NO \ -DBUILD_PERL=YES \ + -DBUILD_PYTHON3=YES \ + -DBUILD_PYTHON=NO \ -DCMAKE_INSTALL_PREFIX=${prefix} \ -DLIB=${baselib} \ " diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch new file mode 100644 index 000000000..2d75a18f1 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch @@ -0,0 +1,879 @@ +From 37e233307a79a9250962dcf77b7c7e27a02a1a35 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 1 Feb 2019 22:44:10 -0800 +Subject: [PATCH] Adapt to OpenSSL 1.1.1 + +From: Guido Falsi <mad@madpilot.net> +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + authfd.c | 50 ++++++++++++++++++++ + bufbn.c | 4 ++ + cipher.h | 6 ++- + kex.h | 9 +++- + key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + ssh-dss.c | 51 ++++++++++++++++---- + ssh-ecdsa.c | 40 ++++++++++++---- + ssh-rsa.c | 22 +++++++-- + 8 files changed, 287 insertions(+), 28 deletions(-) + +diff --git a/authfd.c b/authfd.c +index 212e06b..f91514d 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,6 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -374,6 +375,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + if (keybits < 0 || bits != (u_int)keybits) + pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", + BN_num_bits(key->rsa->n), bits); ++#else ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa)); ++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); ++ keybits = BN_num_bits(RSA_get0_n(key->rsa)); ++ if (keybits < 0 || bits != (u_int)keybits) ++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", ++ BN_num_bits(RSA_get0_n(key->rsa)), bits); ++#endif + break; + case 2: + blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen); +@@ -417,9 +427,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa)); ++#endif + pamsshagentauth_buffer_put_bignum(&buffer, challenge); + pamsshagentauth_buffer_append(&buffer, session_id, 16); + pamsshagentauth_buffer_put_int(&buffer, response_type); +@@ -496,6 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -504,6 +521,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */ + pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ + pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ ++#else ++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key))); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key)); ++ /* To keep within the protocol: p < q for ssh. in SSL p > q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */ ++#endif + pamsshagentauth_buffer_put_cstring(b, comment); + } + +@@ -513,19 +540,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->q); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa)); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa)); ++#endif + break; + } + pamsshagentauth_buffer_put_cstring(b, comment); +@@ -605,9 +649,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa)); ++#endif + } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + pamsshagentauth_key_to_blob(key, &blob, &blen); + pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); +diff --git a/bufbn.c b/bufbn.c +index 6a49c73..4ecedc1 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (value->neg) { ++#else ++ if (BN_is_negative(value)) { ++#endif + pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); + } +diff --git a/cipher.h b/cipher.h +index 49bbc16..64f59ca 100644 +--- a/cipher.h ++++ b/cipher.h +@@ -59,15 +59,18 @@ + #define CIPHER_DECRYPT 0 + + typedef struct Cipher Cipher; +-typedef struct CipherContext CipherContext; ++// typedef struct CipherContext CipherContext; + + struct Cipher; ++/* + struct CipherContext { + int plaintext; + EVP_CIPHER_CTX evp; + Cipher *cipher; + }; ++*/ + ++/* + u_int cipher_mask_ssh1(int); + Cipher *cipher_by_name(const char *); + Cipher *cipher_by_number(int); +@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *); + int cipher_get_keyiv_len(const CipherContext *); + int cipher_get_keycontext(const CipherContext *, u_char *); + void cipher_set_keycontext(CipherContext *, u_char *); ++*/ + #endif /* CIPHER_H */ +diff --git a/kex.h b/kex.h +index 8e29c90..81ca57d 100644 +--- a/kex.h ++++ b/kex.h +@@ -70,7 +70,7 @@ enum kex_exchange { + #define KEX_INIT_SENT 0x0001 + + typedef struct Kex Kex; +-typedef struct Mac Mac; ++// typedef struct Mac Mac; + typedef struct Comp Comp; + typedef struct Enc Enc; + typedef struct Newkeys Newkeys; +@@ -84,6 +84,7 @@ struct Enc { + u_char *key; + u_char *iv; + }; ++/* + struct Mac { + char *name; + int enabled; +@@ -95,11 +96,13 @@ struct Mac { + HMAC_CTX evp_ctx; + struct umac_ctx *umac_ctx; + }; ++*/ + struct Comp { + int type; + int enabled; + char *name; + }; ++/* + struct Newkeys { + Enc enc; + Mac mac; +@@ -126,7 +129,9 @@ struct Kex { + int (*host_key_index)(Key *); + void (*kex[KEX_MAX])(Kex *); + }; ++*/ + ++/* + Kex *kex_setup(char *[PROPOSAL_MAX]); + void kex_finish(Kex *); + +@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + void + derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); + ++*/ ++ + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) + void dump_digest(char *, u_char *, int); + #endif +diff --git a/key.c b/key.c +index 107a442..aedbbb5 100644 +--- a/key.c ++++ b/key.c +@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++#endif + k->rsa = rsa; + break; + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->pub_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed"); ++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_key failed"); ++#endif + k->dsa = dsa; + break; + case KEY_ECDSA: +@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->dmp1 = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed"); ++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed"); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); ++#else ++#endif + break; + case KEY_ED25519: + RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk)); +@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; ++#else ++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 && ++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0; ++#endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && + BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; ++#else ++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0; ++#endif + case KEY_ECDSA: + return a->ecdsa != NULL && b->ecdsa != NULL && + EC_KEY_check_key(a->ecdsa) == 1 && +@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) + { + const EVP_MD *md = NULL; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + u_char *blob = NULL; + u_char *retval = NULL; + u_int len = 0; +@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; + blob = pamsshagentauth_xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); ++#else ++ nlen = BN_num_bytes(RSA_get0_n(k->rsa)); ++ elen = BN_num_bytes(RSA_get0_e(k->rsa)); ++ len = nlen + elen; ++ blob = pamsshagentauth_xmalloc(len); ++ BN_bn2bin(RSA_get0_n(k->rsa), blob); ++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen); ++#endif + break; + case KEY_DSA: + case KEY_ECDSA: +@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + if (blob != NULL) { + retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE); +- EVP_DigestInit(&ctx, md); +- EVP_DigestUpdate(&ctx, blob, len); +- EVP_DigestFinal(&ctx, retval, dgst_raw_length); ++ /* XXX Errors from EVP_* functions are not hadled */ ++ ctx = EVP_MD_CTX_create(); ++ EVP_DigestInit(ctx, md); ++ EVP_DigestUpdate(ctx, blob, len); ++ EVP_DigestFinal(ctx, retval, dgst_raw_length); + memset(blob, 0, len); + pamsshagentauth_xfree(blob); ++ EVP_MD_CTX_destroy(ctx); + } else { + pamsshagentauth_fatal("key_fingerprint_raw: blob is null"); + } +@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) + return -1; ++#else ++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa))) ++ return -1; ++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa))) ++ return -1; ++#endif + success = 1; + break; + case KEY_UNSPEC: +@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && + write_bignum(f, key->rsa->n)) { ++#else ++ bits = BN_num_bits(RSA_get0_n(key->rsa)); ++ fprintf(f, "%u", bits); ++ if (write_bignum(f, RSA_get0_e(key->rsa)) && ++ write_bignum(f, RSA_get0_n(key->rsa))) { ++#endif + success = 1; + } else { + pamsshagentauth_logerror("key_write: failed for RSA key"); +@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: + return BN_num_bits(k->dsa->p); ++#else ++ case KEY_RSA: ++ return BN_num_bits(RSA_get0_n(k->rsa)); ++ case KEY_DSA: ++ return BN_num_bits(DSA_get0_p(k->dsa)); ++#endif + case KEY_ECDSA: + { + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa)); +@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) ++#else ++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) ++#else ++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) || ++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_ECDSA: +@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read rsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read dsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n); + break; ++#else ++ case KEY_DSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa)); ++ break; ++ case KEY_RSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa)); ++ break; ++#endif + case KEY_ECDSA: + { + size_t l = 0; +@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed"); ++#endif + break; + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed"); ++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: + pamsshagentauth_fatal("key_demote: implement me"); +diff --git a/ssh-dss.c b/ssh-dss.c +index 9fdaa5d..1051ae2 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: no DSA key"); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = DSA_do_sign(digest, dlen, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: sign failed"); + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); ++#else ++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s); ++ rlen = BN_num_bytes(r); ++ slen = BN_num_bytes(s); ++#endif + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + pamsshagentauth_logerror("bad sig size %u %u", rlen, slen); + DSA_SIG_free(sig); + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); ++#else ++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); ++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen); ++#endif + DSA_SIG_free(sig); + + if (datafellows & SSH_BUG_SIGBLOB) { +@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_verify: no DSA key"); +@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) + pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++#else ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || ++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); + pamsshagentauth_xfree(sigblob); + + /* sha1 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = DSA_do_verify(digest, dlen, sig, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + DSA_SIG_free(sig); + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index efa0f3d..c213959 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); + return -1; + } + +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = ECDSA_do_sign(digest, dlen, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed"); +@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) { ++#endif + pamsshagentauth_logerror("couldn't serialize signature"); + ECDSA_SIG_free(sig); + return -1; +@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); +@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || ++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) ++#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); + +@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + + /* sha256 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + ECDSA_SIG_free(sig); + + pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; +-} +\ No newline at end of file ++} +diff --git a/ssh-rsa.c b/ssh-rsa.c +index d05844b..9d74eb6 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) + { + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sig; + u_int slen, dlen, len; + int ok, nid; +@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); + return -1; + } ++ md = EVP_MD_CTX_create(); + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); +@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + + ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (ok != 1) { + int ecode = ERR_get_error(); +@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + Buffer b; + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + char *ktype; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen, modlen; +@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#else ++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#else ++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#endif + return -1; + } + pamsshagentauth_buffer_init(&b); +@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + memset(sigblob, 's', len); + pamsshagentauth_xfree(sigblob); + pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch new file mode 100644 index 000000000..b03b43fb1 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch @@ -0,0 +1,365 @@ +From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Fri, 1 Feb 2019 22:45:19 -0800 +Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER + +From: Guido Falsi <mad@madpilot.net> +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + authfd.c | 12 ++++++------ + bufbn.c | 2 +- + key.c | 36 ++++++++++++++++++------------------ + ssh-dss.c | 10 +++++----- + ssh-ecdsa.c | 8 ++++---- + ssh-rsa.c | 4 ++-- + 6 files changed, 36 insertions(+), 36 deletions(-) + +diff --git a/authfd.c b/authfd.c +index f91514d..4c6cec8 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); +@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); +@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); +@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); +diff --git a/bufbn.c b/bufbn.c +index 4ecedc1..b4754cc 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (value->neg) { + #else + if (BN_is_negative(value)) { +diff --git a/key.c b/key.c +index aedbbb5..dcc5fc8 100644 +--- a/key.c ++++ b/key.c +@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) +@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + #else +@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_ECDSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); + #else +@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + #else +@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + #endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && +@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; +@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) +@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && +@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: +@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || +@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + #else +@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + #else +@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || +@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) +@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +diff --git a/ssh-dss.c b/ssh-dss.c +index 1051ae2..9b96274 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + const BIGNUM *r, *s; + #endif + +@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); + #else +@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); + #else +@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index c213959..5b13b30 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { + #else +@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) + #else +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 9d74eb6..35f2e36 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #else + if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); + #else + BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb index 2a461fc11..ac7fa4bbf 100644 --- a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb @@ -7,11 +7,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.OpenSSL;md5=8ab01146141ded59b75f8ba7811ed05a file://OPENSSH_LICENSE;md5=7ae09218173be1643c998a4b71027f9b \ " -SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2" +SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2 \ + file://0001-Adapt-to-OpenSSL-1.1.1.patch \ + file://0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch \ + " SRC_URI[md5sum] = "8dbe90ab3625e545036333e6f51ccf1d" SRC_URI[sha256sum] = "3c53d358d6eaed1b211239df017c27c6f9970995d14102ae67bae16d4f47a763" -DEPENDS += "libpam openssl10" +DEPENDS += "libpam openssl" inherit distro_features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc index 40e400542..06ab10642 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc @@ -1,6 +1,9 @@ # polkit must prepare polkitd group DEPENDS += "polkit" +inherit distro_features_check +REQUIRED_DISTRO_FEATURES = "polkit" + inherit useradd do_install_prepend() { diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch deleted file mode 100644 index 6fd20dc75..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@verbum.org> -Date: Fri, 4 Jan 2019 14:24:48 -0500 -Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary - authorizations - -It turns out that the combination of `(pid, start time)` is not -enough to be unique. For temporary authorizations, we can avoid -separate users racing on pid reuse by simply comparing the uid. - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 - -And the above original email report is included in full in a new comment. - -Reported-by: Jann Horn <jannh@google.com> - -Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 - -CVE: CVE-2019-6133 -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - src/polkit/polkitsubject.c | 2 + - src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++- - .../polkitbackendinteractiveauthority.c | 39 +++++++++- - 3 files changed, 110 insertions(+), 2 deletions(-) - -diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c -index d4c1182..ccabd0a 100644 ---- a/src/polkit/polkitsubject.c -+++ b/src/polkit/polkitsubject.c -@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) - * @b: A #PolkitSubject. - * - * Checks if @a and @b are equal, ie. represent the same subject. -+ * However, avoid calling polkit_subject_equal() to compare two processes; -+ * for more information see the `PolkitUnixProcess` documentation. - * - * This function can be used in e.g. g_hash_table_new(). - * -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index b02b258..78d7251 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -51,7 +51,10 @@ - * @title: PolkitUnixProcess - * @short_description: Unix processs - * -- * An object for representing a UNIX process. -+ * An object for representing a UNIX process. NOTE: This object as -+ * designed is now known broken; a mechanism to exploit a delay in -+ * start time in the Linux kernel was identified. Avoid -+ * calling polkit_subject_equal() to compare two processes. - * - * To uniquely identify processes, both the process id and the start - * time of the process (a monotonic increasing value representing the -@@ -66,6 +69,72 @@ - * polkit_unix_process_new_for_owner() with trusted data. - */ - -+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 -+ -+ But quoting the original email in full here to ensure it's preserved: -+ -+ From: Jann Horn <jannh@google.com> -+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork -+ Date: Wednesday, October 10, 2018 5:34 PM -+ -+When a (non-root) user attempts to e.g. control systemd units in the system -+instance from an active session over DBus, the access is gated by a polkit -+policy that requires "auth_admin_keep" auth. This results in an auth prompt -+being shown to the user, asking the user to confirm the action by entering the -+password of an administrator account. -+ -+After the action has been confirmed, the auth decision for "auth_admin_keep" is -+cached for up to five minutes. Subject to some restrictions, similar actions can -+then be performed in this timespan without requiring re-auth: -+ -+ - The PID of the DBus client requesting the new action must match the PID of -+ the DBus client requesting the old action (based on SO_PEERCRED information -+ forwarded by the DBus daemon). -+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) -+ must not have changed. The granularity of this timestamp is in the -+ millisecond range. -+ - polkit polls every two seconds whether a process with the expected start time -+ still exists. If not, the temporary auth entry is purged. -+ -+Without the start time check, this would obviously be buggy because an attacker -+could simply wait for the legitimate client to disappear, then create a new -+client with the same PID. -+ -+Unfortunately, the start time check is bypassable because fork() is not atomic. -+Looking at the source code of copy_process() in the kernel: -+ -+ p->start_time = ktime_get_ns(); -+ p->real_start_time = ktime_get_boot_ns(); -+ [...] -+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); -+ if (retval) -+ goto bad_fork_cleanup_io; -+ -+ if (pid != &init_struct_pid) { -+ pid = alloc_pid(p->nsproxy->pid_ns_for_children); -+ if (IS_ERR(pid)) { -+ retval = PTR_ERR(pid); -+ goto bad_fork_cleanup_thread; -+ } -+ } -+ -+The ktime_get_boot_ns() call is where the "start time" of the process is -+recorded. The alloc_pid() call is where a free PID is allocated. In between -+these, some time passes; and because the copy_thread_tls() call between them can -+access userspace memory when sys_clone() is invoked through the 32-bit syscall -+entry point, an attacker can even stall the kernel arbitrarily long at this -+point (by supplying a pointer into userspace memory that is associated with a -+userfaultfd or is backed by a custom FUSE filesystem). -+ -+This means that an attacker can immediately call sys_clone() when the victim -+process is created, often resulting in a process that has the exact same start -+time reported in procfs; and then the attacker can delay the alloc_pid() call -+until after the victim process has died and the PID assignment has cycled -+around. This results in an attacker process that polkit can't distinguish from -+the victim process. -+*/ -+ -+ - /** - * PolkitUnixProcess: - * -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index a1630b9..80e8141 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) - g_free (store); - } - -+/* See the comment at the top of polkitunixprocess.c */ -+static gboolean -+subject_equal_for_authz (PolkitSubject *a, -+ PolkitSubject *b) -+{ -+ if (!polkit_subject_equal (a, b)) -+ return FALSE; -+ -+ /* Now special case unix processes, as we want to protect against -+ * pid reuse by including the UID. -+ */ -+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { -+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; -+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); -+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; -+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); -+ -+ if (uid_a != -1 && uid_b != -1) -+ { -+ if (uid_a == uid_b) -+ { -+ return TRUE; -+ } -+ else -+ { -+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", -+ polkit_unix_process_get_pid (ap), -+ uid_a, uid_b); -+ return FALSE; -+ } -+ } -+ /* Fall through; one of the uids is unset so we can't reliably compare */ -+ } -+ -+ return TRUE; -+} -+ - static gboolean - temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, - PolkitSubject *subject, -@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st - TemporaryAuthorization *authorization = l->data; - - if (strcmp (action_id, authorization->action_id) == 0 && -- polkit_subject_equal (subject_to_use, authorization->subject)) -+ subject_equal_for_authz (subject_to_use, authorization->subject)) - { - ret = TRUE; - if (out_tmp_authz_id != NULL) --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb index 8d592054f..13c4b0259 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \ DEPENDS = "expat glib-2.0 intltool-native mozjs" -inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection +inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection distro_features_check + +REQUIRED_DISTRO_FEATURES = "polkit" PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \ @@ -23,7 +25,6 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ file://0001-make-netgroup-support-configurable.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://CVE-2019-6133.patch \ " SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082" SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb index 80d36d2ba..af99537f5 100644 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb @@ -17,9 +17,10 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ SRC_URI_append_mips = " file://remove-atomics.patch" SRC_URI_append_arm = " file://remove-atomics.patch" +SRC_URI_append_powerpc = " file://remove-atomics.patch" -SRC_URI[md5sum] = "c75b11e4177e153e4dc1d8dd3a6174e4" -SRC_URI[sha256sum] = "ff0c38b8c156319249fec61e5018cf5b5fe63a65b61690bec798f4c998c232ad" +SRC_URI[md5sum] = "48f240fd2d96b1b579300b866398edbc" +SRC_URI[sha256sum] = "6447259d2eed426a949c9c13f8fdb2d91fb66d9dc915dd50db13b87f46d93162" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch deleted file mode 100644 index 68b686346..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 3e5a0cb440c788e2383e40ab23ac1cf01d96961b Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Tue, 24 Jul 2018 01:30:25 -0700 -Subject: [PATCH] src/tcp.c: fix jump-misses-init error - -Fix below jump-misses-init error - -| In file included from ../../git/src/tcp.c:51: -| ../../git/src/tcp.c: In function 'relpTcpConnect': -| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init] -| goto finalize_it; \ -| ^~~~ -| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE' -| ABORT_FINALIZE(RELP_RET_IO_ERR); -| ^~~~~~~~~~~~~~ -| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here -| finalize_it: -| ^~~~~~~~~~~ -| ../../git/src/tcp.c:1991:6: note: 'r' declared here -| int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); -| ^ -| In file included from ../../git/src/tcp.c:51: -| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init] -| goto finalize_it; \ -| ^~~~ -| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE' -| ABORT_FINALIZE(RELP_RET_IO_ERR); -| ^~~~~~~~~~~~~~ -| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here -| finalize_it: -| ^~~~~~~~~~~ -| ../../git/src/tcp.c:1989:12: note: 'len' declared here -| socklen_t len = sizeof so_error; -| ^~~ - -Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/117] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - src/tcp.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/tcp.c b/src/tcp.c -index f35eb84..fb34dc7 100644 ---- a/src/tcp.c -+++ b/src/tcp.c -@@ -1936,6 +1936,9 @@ relpTcpConnect(relpTcp_t *const pThis, - struct addrinfo hints; - struct addrinfo *reslocal = NULL; - struct pollfd pfd; -+ int so_error; -+ socklen_t len = sizeof so_error; -+ int r; - - ENTER_RELPFUNC; - RELPOBJ_assert(pThis, Tcp); -@@ -1985,10 +1988,8 @@ relpTcpConnect(relpTcp_t *const pThis, - ABORT_FINALIZE(RELP_RET_TIMED_OUT); - } - -- int so_error; -- socklen_t len = sizeof so_error; - -- int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); -+ r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); - if (r == -1 || so_error != 0) { - pThis->pEngine->dbgprint("socket has an error %d\n", so_error); - ABORT_FINALIZE(RELP_RET_IO_ERR); --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch deleted file mode 100644 index 5a62e1584..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d8950ad273d79ec516468289adbd427e681dbc66 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Mon, 30 Jul 2018 01:22:56 -0700 -Subject: [PATCH] src/tcp.c: increase the size of szHname - -Increase the size of szHname to fix below -error: -| ../../git/src/tcp.c: In function 'relpTcpSetRemHost': -| ../../git/src/tcp.c:352:57: error: '%s' directive output may be truncated writing up to 1024 bytes into a region of size 1011 [-Werror=format-truncation=] -| snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); -| ^~ ~~~~ -| In file included from /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/stdio.h:862, -| from ../../git/src/tcp.c:38: -| /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 16 and 1040 bytes into a destination of size 1025 -| return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, -| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -| __bos (__s), __fmt, __va_arg_pack ()); -| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -| cc1: all warnings being treated as errors -| Makefile:536: recipe for target 'librelp_la-tcp.lo' failed - -Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/118] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - src/tcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tcp.c b/src/tcp.c -index fb34dc7..2c38b0b 100644 ---- a/src/tcp.c -+++ b/src/tcp.c -@@ -319,7 +319,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr) - relpEngine_t *pEngine; - int error; - unsigned char szIP[NI_MAXHOST] = ""; -- unsigned char szHname[NI_MAXHOST] = ""; -+ unsigned char szHname[1045] = ""; - struct addrinfo hints, *res; - size_t len; - -@@ -349,7 +349,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr) - if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { - freeaddrinfo (res); - /* OK, we know we have evil, so let's indicate this to our caller */ -- snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); -+ snprintf((char*)szHname, sizeof(szHname), "[MALICIOUS:IP=%s]", szIP); - pEngine->dbgprint("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); - iRet = RELP_RET_MALICIOUS_HNAME; - } --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb deleted file mode 100644 index 17478efe4..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "A reliable logging library" -HOMEPAGE = "https://github.com/rsyslog/libfastjson" - -LICENSE = "GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" - -DEPENDS = "gmp nettle libidn zlib gnutls" - -SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ - file://0001-src-tcp.c-fix-jump-misses-init-error.patch \ - file://0001-src-tcp.c-increase-the-size-of-szHname.patch \ -" - -SRCREV = "5e849ff060be0c7dce972e194c54fdacfee0adc2" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb new file mode 100644 index 000000000..9e57dd520 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb @@ -0,0 +1,16 @@ +SUMMARY = "A reliable logging library" +HOMEPAGE = "https://github.com/rsyslog/librelp" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" + +DEPENDS = "gmp nettle libidn zlib gnutls openssl" + +SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ +" + +SRCREV = "e96443dda3c080fa991decec26bc4ac98d24b9a2" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch deleted file mode 100644 index a248f75e5..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 07ad2a1905089b9124623324a9969e4522317110 Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Fri, 12 Sep 2014 03:41:11 -0400 -Subject: [PATCH] rsyslog: update configure to fix ptest - -$MaxMessageSize doesn't work if before $IncludeConfig diag-common.conf, then -test cases fall into infinite loop with error message: - -8062.511110729:4902c480: error: message received is larger than max msg size, we split it -8062.511152265:4902c480: discarding zero-sized message - -Update configure to fix it. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - ---- - tests/testsuites/complex1.conf | 2 +- - tests/testsuites/gzipwr_large.conf | 2 +- - tests/testsuites/gzipwr_large_dynfile.conf | 2 +- - tests/testsuites/imptcp_conndrop.conf | 2 +- - tests/testsuites/imptcp_large.conf | 2 +- - tests/testsuites/imtcp_conndrop.conf | 2 +- - tests/testsuites/wr_large.conf | 2 +- - 7 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/tests/testsuites/complex1.conf b/tests/testsuites/complex1.conf -index 9b6a9f3..e00caa4 100644 ---- a/tests/testsuites/complex1.conf -+++ b/tests/testsuites/complex1.conf -@@ -1,7 +1,7 @@ - # complex test case with multiple actions in gzip mode - # rgerhards, 2009-05-22 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $MainMsgQueueTimeoutEnqueue 5000 - -diff --git a/tests/testsuites/gzipwr_large.conf b/tests/testsuites/gzipwr_large.conf -index 54ad3bb..e8247a9 100644 ---- a/tests/testsuites/gzipwr_large.conf -+++ b/tests/testsuites/gzipwr_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/gzipwr_large_dynfile.conf b/tests/testsuites/gzipwr_large_dynfile.conf -index 3a1b255..297cb70 100644 ---- a/tests/testsuites/gzipwr_large_dynfile.conf -+++ b/tests/testsuites/gzipwr_large_dynfile.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imptcp_conndrop.conf b/tests/testsuites/imptcp_conndrop.conf -index 77a5d79..d9a14a8 100644 ---- a/tests/testsuites/imptcp_conndrop.conf -+++ b/tests/testsuites/imptcp_conndrop.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imptcp/.libs/imptcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imptcp_large.conf b/tests/testsuites/imptcp_large.conf -index 77a5d79..d9a14a8 100644 ---- a/tests/testsuites/imptcp_large.conf -+++ b/tests/testsuites/imptcp_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imptcp/.libs/imptcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imtcp_conndrop.conf b/tests/testsuites/imtcp_conndrop.conf -index de41bc4..7844dc7 100644 ---- a/tests/testsuites/imtcp_conndrop.conf -+++ b/tests/testsuites/imtcp_conndrop.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/wr_large.conf b/tests/testsuites/wr_large.conf -index b64f132..b0ae264 100644 ---- a/tests/testsuites/wr_large.conf -+++ b/tests/testsuites/wr_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb index 1fb439015..e06141e81 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb @@ -23,15 +23,15 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t file://rsyslog.logrotate \ file://use-pkgconfig-to-check-libgcrypt.patch \ file://run-ptest \ - file://rsyslog-fix-ptest-not-finish.patch \ " SRC_URI_append_libc-musl = " \ file://0001-Include-sys-time-h.patch \ " -SRC_URI[md5sum] = "e0942b4b88a13602a6b6352bf9f05091" -SRC_URI[sha256sum] = "295c289b4c8abd8f8f3fe35a83249b739cedabe82721702b910255f9faf147e7" +SRC_URI[md5sum] = "f0d454c79d4040e3f25fcd12f8f33fe2" +SRC_URI[sha256sum] = "d0d23a493dcec64c7b6807a1bb8ee864ed0f3760c2ff3088008bb661d304056f" + UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" @@ -162,5 +162,8 @@ VALGRIND_mips64n32 = "" VALGRIND_arm = "" VALGRIND_aarch64 = "" VALGRIND_riscv64 = "" -RDEPENDS_${PN}-ptest += "make diffutils gzip bash gawk coreutils procps" +RDEPENDS_${PN}-ptest += "\ + make diffutils gzip bash gawk coreutils procps \ + libgcc python-core python-io \ + " RRECOMMENDS_${PN}-ptest += "${TCLIBC}-dbg ${VALGRIND}" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb new file mode 100644 index 000000000..8152ca7ca --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "libsigrok is a shared library written in C, which provides the basic hardware access drivers for logic analyzers and other supported devices, as well as input/output file format support." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "glib-2.0 libzip" + +PACKAGECONFIG[serialport] = "--with-libserialport,--without-libserialport,libserialport" +PACKAGECONFIG[ftdi] = "--with-libftdi,--without-libftdi,libftdi" +PACKAGECONFIG[usb] = "--with-libusb,--without-libusb,libusb" +PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,glibmm doxygen-native" + +PACKAGECONFIG ??= "serialport ftdi usb" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/libsigrok/libsigrok-${PV}.tar.gz" + +SRC_URI[md5sum] = "a3de9e52a660e51d27a6aca025d204a7" +SRC_URI[sha256sum] = "e40fde7af98d29e922e9d3cbe0a6c0569889153fc31e47b8b1afe4d846292b9c" + +FILES_${PN} += "${datadir}/*" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb new file mode 100644 index 000000000..b8e1e4705 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "libsigrokdecode is a shared library written in C, which provides (streaming) protocol decoding functionality." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "glib-2.0 python3" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/libsigrokdecode/libsigrokdecode-${PV}.tar.gz" + +SRC_URI[md5sum] = "b9033bc7e68bc17fffffd4fdd793f5a1" +SRC_URI[sha256sum] = "e08d9e797c54eccf3144da631b6e5f1498ac531e51520428df537a1da82583f0" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb new file mode 100644 index 000000000..d31bcd282 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "sigrok-cli is a command-line frontend for sigrok." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "libsigrok" + +PACKAGECONFIG[decode] = "--with-libsigrokdecode,--without-libsigrokdecode,libsigrokdecode" + +PACKAGECONFIG ??= "decode" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/sigrok-cli/sigrok-cli-${PV}.tar.gz" + +SRC_URI[md5sum] = "77cb745e2fa239c7bd1ea81e2d67ede9" +SRC_URI[sha256sum] = "5669d968c2de3dfc6adfda76e83789b6ba76368407c832438cef5e7099a65e1c" diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch b/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch deleted file mode 100644 index 91e64d217..000000000 --- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f28aa188e5b0ea85369febe657b8807b8025038b Mon Sep 17 00:00:00 2001 -From: chrfranke <authors@smartmontools.org> -Date: Wed, 8 Nov 2017 06:15:50 +0000 -Subject: [PATCH] os_linux.cpp: Use 'realpath()' (BSD, POSIX) instead of - 'canonicalize_file_name()' (GNU extension). This fixes build on systems with - musl libc (#921). - -git-svn-id: http://svn.code.sf.net/p/smartmontools/code/trunk@4603 4ea69e1a-61f1-4043-bf83-b5c94c648137 - -Upstream-Status: Backport [https://www.smartmontools.org/ticket/921] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - os_linux.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/os_linux.cpp b/os_linux.cpp -index 134d5bc..935f9c7 100644 ---- a/os_linux.cpp -+++ b/os_linux.cpp -@@ -3176,7 +3176,7 @@ static bool is_hpsa(const char * name) - { - char path[128]; - snprintf(path, sizeof(path), "/sys/block/%s/device", name); -- char * syshostpath = canonicalize_file_name(path); -+ char * syshostpath = realpath(name, (char *)0); - if (!syshostpath) - return false; - diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb index c77c10551..d98456654 100644 --- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb +++ b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb @@ -16,15 +16,14 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/smartmontools/smartmontools-${PV}.tar.gz \ file://initd.smartd \ file://smartmontools.default \ file://smartd.service \ - file://0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch \ " PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'libcap-ng selinux', d)}" PACKAGECONFIG[libcap-ng] = "--with-libcap-ng=yes,--with-libcap-ng=no,libcap-ng" PACKAGECONFIG[selinux] = "--with-selinux=yes,--with-selinux=no,libselinux" -SRC_URI[md5sum] = "9ae2c6e7131cd2813edcc65cbe5f223f" -SRC_URI[sha256sum] = "51f43d0fb064fccaf823bbe68cf0d317d0895ff895aa353b3339a3b316a53054" +SRC_URI[md5sum] = "b2a80e4789af23d67dfe1e88a997abbf" +SRC_URI[sha256sum] = "e5e1ac2786bc87fdbd6f92d0ee751b799fbb3e1a09c0a6a379f9eb64b3e8f61c" inherit autotools update-rc.d systemd diff --git a/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb new file mode 100644 index 000000000..037ce063e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb @@ -0,0 +1,47 @@ +SUMMARY = "A lightweight hotkey daemon" +HOMEPAGE = "https://github.com/wertarbyte/triggerhappy" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRC_URI = "https://github.com/wertarbyte/triggerhappy/archive/debian/0.5.0-1.tar.gz" + +SRC_URI[md5sum] = "77f90a18c775e47c4c5e9e08987ca32f" +SRC_URI[sha256sum] = "9150bafbf7f2de7d57e6cc154676c33da98dc11ac6442e1ca57e5dce82bd4292" + +S = "${WORKDIR}/${PN}-debian-${PV}-1" + +inherit autotools-brokensep pkgconfig update-rc.d systemd + +PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','',d)}" +PACKAGECONFIG[systemd] = ",,systemd" + +INITSCRIPT_NAME = "triggerhappy" +INITSCRIPT_PARAMS = "defaults" +SYSTEMD_SERVICE_${PN} = "triggerhappy.service triggerhappy.socket" + +FILES_${PN} = "\ +${sbindir}/thd \ +${sbindir}/th-cmd \ +${sysconfdir}/triggerhappy/triggers.d \ +${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules \ +${sysconfdir}/init.d/triggerhappy \ +${systemd_unitdir}/system \ +" +CONFFILES_${PN} = "${sysconfdir}/udev/rules.d/80-triggerhappy.rules" + +do_install_append() { + install -d ${D}${sysconfdir}/triggerhappy/triggers.d + + install -d ${D}${nonarch_base_libdir}/udev/rules.d + install -m 0644 ${S}/udev/triggerhappy-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${S}/debian/init.d ${D}${sysconfdir}/init.d/triggerhappy + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 0644 ${S}/systemd/triggerhappy.socket ${D}${systemd_unitdir}/system + install -m 0644 ${S}/systemd/triggerhappy.service ${D}${systemd_unitdir}/system + fi +} diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch new file mode 100644 index 000000000..4b9a195e0 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch @@ -0,0 +1,38 @@ +From 3707f467f9a26a7df3d41385023b43c3d08911d2 Mon Sep 17 00:00:00 2001 +From: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> +Date: Tue, 12 Feb 2019 17:46:52 -0800 +Subject: [PATCH][v3] CMakeLists.txt: Use SWIG_SUPPORT_FILES to find the list + of generated files for cmake version 3.12 or higher + +Use SWIG_SUPPORT_FILES to find the list of python files generated by +CMake Swig module and install those files. This should be applicable to +cmake version 3.12 or higher + +Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> +--- + src/CMakeLists.txt | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index e19cda2..b565814 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -337,8 +337,14 @@ macro(_upm_swig_python) + OUTPUT_NAME _pyupm_${libname} + LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_PYTHON_BINARY_DIR}) + ++ if (CMAKE_VERSION VERSION_LESS "3.12") ++ set(support_files ${swig_extra_generated_files}) ++ else() ++ get_property(support_files TARGET _${python_wrapper_name} PROPERTY SWIG_SUPPORT_FILES) ++ endif() ++ + # Install .py's to python packages directory/upm +- install (FILES ${swig_extra_generated_files} ++ install (FILES ${support_files} + DESTINATION ${PYTHON_PACKAGES_PATH}/upm + COMPONENT ${CMAKE_PROJECT_NAME}-python${PYTHON_VERSION_MAJOR}) + +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb index babe5f489..8854a33bc 100644 --- a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb @@ -13,6 +13,7 @@ PV = "1.6.0-git${SRCPV}" SRC_URI = "git://github.com/intel-iot-devkit/${BPN}.git;protocol=http \ file://0001-Replace-strncpy-with-memcpy.patch \ file://0001-include-sys-types.h-for-uint-definition.patch \ + file://0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch \ " S = "${WORKDIR}/git" @@ -20,7 +21,7 @@ S = "${WORKDIR}/git" # Depends on mraa which only supports x86 and ARM for now COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux" -inherit distutils3-base cmake +inherit distutils3-base cmake pkgconfig # override this in local.conf to get needed bindings. # BINDINGS_pn-upm="python" diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb index c41b20c45..398ca5c21 100644 --- a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb +++ b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb @@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "https://releases.pagure.org/volume_key/volume_key-${PV}.tar.xz \ " -SRC_URI[md5sum] = "30df56c7743eb7c965293b3d61194232" -SRC_URI[sha256sum] = "e6b279c25ae477b555f938db2e41818f90c8cde942b0eec92f70b6c772095f6d" +SRC_URI[md5sum] = "200591290173c3ea71528411838f9080" +SRC_URI[sha256sum] = "6ca3748fc1dad22c450bbf6601d4e706cb11c5e662d11bb4aeb473a9cd77309b" SRCNAME = "volume_key" S = "${WORKDIR}/${SRCNAME}-${PV}" @@ -27,6 +27,10 @@ DEPENDS += " \ swig-native \ " +PACKAGECONFIG ??= "python3" +PACKAGECONFIG[python] = "--with-python,--without-python,python,python" +PACKAGECONFIG[python3] = "--with-python3,--without-python3,python3,python3" + RDEPENDS_python3-${PN} += "${PN}" PACKAGES += "python3-${PN}" |