diff options
Diffstat (limited to 'poky/meta/recipes-connectivity')
19 files changed, 222 insertions, 31 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 430231088..79ce669a3 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -25,6 +25,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://initscript.patch \ file://0001-Fix-opening-etc-resolv.conf-error.patch \ file://handle-hup.patch \ + file://local-ping.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/poky/meta/recipes-connectivity/avahi/files/local-ping.patch b/poky/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 000000000..94116ad1f --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/local-ping.patch @@ -0,0 +1,152 @@ +CVE: CVE-2021-36217 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/0001-avoid-start-failure-with-bind-user.patch index 8db96ec04..8db96ec04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 5bcc16c9b..5bcc16c9b 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/bind-ensure-searching-for-json-headers-searches-sysr.patch index f9cdc7ca4..f9cdc7ca4 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.16.18/bind9 index 968679ff7..968679ff7 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/conf.patch index aad345f9f..aad345f9f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.16.18/generate-rndc-key.sh index 633e29c0e..633e29c0e 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/init.d-add-support-for-read-only-rootfs.patch index 11db95ede..11db95ede 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.16.18/make-etc-initd-bind-stop-work.patch index 146f3e35d..146f3e35d 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.16.16/named.service b/poky/meta/recipes-connectivity/bind/bind-9.16.18/named.service index cda56ef01..cda56ef01 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.16.16/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.16.18/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.16.16.bb b/poky/meta/recipes-connectivity/bind/bind_9.16.18.bb index b15259840..e7a1c5d9e 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.16.16.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.16.18.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "6c913902adf878e7dc5e229cea94faefc9d40f44775a30213edd08860f761d7b" +SRC_URI[sha256sum] = "3c6263a4364eb5dce233f9f22b90acfa1ec2488d534f91d21663d0ac25ce5e65" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.16 follow the ESV versions divisible by 4 @@ -62,8 +62,6 @@ SYSTEMD_SERVICE_${PN} = "named.service" do_install_append() { - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" install -d -o bind "${D}${localstatedir}/cache/bind" install -d "${D}${sysconfdir}/bind" install -d "${D}${sysconfdir}/init.d" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 635cad813..f2d9a4f93 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -45,6 +45,7 @@ PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" +PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://init \ @@ -53,7 +54,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0001-audio-Rename-pause-funciton-to-avoid-shadowing-glibc.patch \ - file://0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch deleted file mode 100644 index 03b42f73c..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-add-missing-mkdir-for-ell-shared.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d341ba650af1b7068d9ad034732b4f41b91bb2c1 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Sun, 25 Apr 2021 18:56:41 +0200 -Subject: [PATCH] Makefile.am: add missing mkdir for ell/shared - -This addresses build errors out of source tree. - -Upstream-Status: Backport -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index be5d5c7..72ad425 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -623,6 +623,7 @@ lib/bluetooth/%.h: lib/%.h - $(AM_V_GEN)$(LN_S) -f $(abspath $<) $@ - - ell/shared: Makefile -+ $(AM_V_at)$(MKDIR_P) ell - $(AM_V_GEN)for f in $(ell_shared) ; do \ - if [ ! -f $$f ] ; then \ - $(LN_S) -t ell -f $(abs_srcdir)/../ell/$$f ; \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.58.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.60.bb index eb8475ec1..defa0c15c 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.58.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.60.bb @@ -1,6 +1,6 @@ require bluez5.inc -SRC_URI[sha256sum] = "c8065e75a5eb67236849ef68a354b1700540305a8c88ef0a0fd6288f19daf1f1" +SRC_URI[sha256sum] = "710999580d01ee59ec585e5e7c07fd94eddedc001aa26fe7464c546f9d945304" # These issues have kernel fixes rather than bluez fixes so exclude here CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb index 56fcf5cc0..5be480eb0 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb @@ -13,6 +13,7 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0002-src-privsep-linux.c-add-support-for-arc-28.patch \ file://dhcpcd.service \ file://dhcpcd@.service \ " diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0002-src-privsep-linux.c-add-support-for-arc-28.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0002-src-privsep-linux.c-add-support-for-arc-28.patch new file mode 100644 index 000000000..045f06a9a --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcpcd/files/0002-src-privsep-linux.c-add-support-for-arc-28.patch @@ -0,0 +1,63 @@ +From 82386110e67cf75c224e9817fce55e6b0f143266 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine <fontaine.fabrice@gmail.com> +Date: Mon, 8 Feb 2021 07:23:54 +0100 +Subject: [PATCH] src/privsep-linux.c: add support for arc (#28) + +Fix the following build failure: + +privsep-linux.c:206:4: error: #error "Platform does not support seccomp filter yet" + # error "Platform does not support seccomp filter yet" + ^~~~~ +In file included from privsep-linux.c:36: +privsep-linux.c:213:38: error: 'SECCOMP_AUDIT_ARCH' undeclared here (not in a function); did you mean 'SECCOMP_ALLOW_ARG'? + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, SECCOMP_AUDIT_ARCH, 1, 0), + ^~~~~~~~~~~~~~~~~~ + +It should be noted that AUDIT_ARCH_{ARCOMPACT,ARCV2} is only defined +since kernel 5.2 and +https://github.com/torvalds/linux/commit/67f2a8a29311841ba6ab9b0e2d1b8f1e9978cd84 + +Detection of arc compact and arc v2 have been "copy/pasted" from +https://github.com/wbx-github/uclibc-ng/commit/afab56958f1cbb47b831ee3ebff231dfbae74af2 + +Fixes: + - http://autobuild.buildroot.org/results/d29083700a80dd647621eed06faeeae03f0587d3 + +Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/82386110e67cf75c224e9817fce55e6b0f143266] + +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> +Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> +--- + src/privsep-linux.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/privsep-linux.c b/src/privsep-linux.c +index 402667af..21d41a9a 100644 +--- a/src/privsep-linux.c ++++ b/src/privsep-linux.c +@@ -149,6 +149,22 @@ ps_root_sendnetlink(struct dhcpcd_ctx *ctx, int protocol, struct msghdr *msg) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_I386 + #elif defined(__x86_64__) + # define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64 ++#elif defined(__arc__) ++# if defined(__A7__) ++# if (BYTE_ORDER == LITTLE_ENDIAN) ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARCOMPACT ++# else ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARCOMPACTBE ++# endif ++# elif defined(__HS__) ++# if (BYTE_ORDER == LITTLE_ENDIAN) ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARCV2 ++# else ++# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARCV2BE ++# endif ++# else ++# error "Platform does not support seccomp filter yet" ++# endif + #elif defined(__arm__) + # ifndef EM_ARM + # define EM_ARM 40 +-- +2.16.2 + diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.12.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.13.0.bb index 363112337..b117637e3 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.12.0.bb +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.13.0.bb @@ -4,7 +4,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://0001-libc-compat.h-add-musl-workaround.patch \ " -SRC_URI[sha256sum] = "9d268db98a36ee2a0e3ff3b92b2efff66fc1138a51e409bdef6ab3cfe15f326f" +SRC_URI[sha256sum] = "72a2e53774cac9e65f7b617deebb2059f87e8960d6e9713e4d788cea966f1b36" # CFLAGS are computed in Makefile and reference CCOPTS # diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc715..ef117de89 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key |