diff options
Diffstat (limited to 'poky/meta/recipes-connectivity')
63 files changed, 509 insertions, 4854 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb deleted file mode 100644 index 1510a0ef4..000000000 --- a/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb +++ /dev/null @@ -1,54 +0,0 @@ -require avahi.inc - -inherit features_check -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" - -DEPENDS += "avahi" - -AVAHI_GTK = "gtk3" - -S = "${WORKDIR}/avahi-${PV}" - -PACKAGES += "${PN}-utils avahi-discover" - -FILES_${PN} = "${libdir}/libavahi-ui*.so.*" -FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" -FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ - ${datadir}/avahi/interfaces/avahi-discover.ui \ - ${bindir}/avahi-discover-standalone \ - " - -do_install_append () { - rm ${D}${sysconfdir} -rf - if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then - if [ "${nonarch_base_libdir}" != "${base_libdir}" ];then - rm ${D}${nonarch_base_libdir} -rf - fi - else - rm ${D}${base_libdir} -rf - fi - rm ${D}${systemd_unitdir} -rf - # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib, - # but not ${base_libdir} here. And the /lib may not exist - # whithout systemd. - [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty - rm ${D}${bindir}/avahi-b* - rm ${D}${bindir}/avahi-p* - rm ${D}${bindir}/avahi-r* - rm ${D}${bindir}/avahi-s* - rm ${D}${includedir}/avahi-c* -rf - rm ${D}${includedir}/avahi-g* -rf - rm ${D}${libdir}/libavahi-c* - rm ${D}${libdir}/libavahi-g* - rm ${D}${libdir}/pkgconfig/avahi-c* - rm ${D}${libdir}/pkgconfig/avahi-g* - rm ${D}${sbindir} -rf - rm ${D}${datadir}/avahi/a* - rm ${D}${datadir}/locale/ -rf - rm ${D}${datadir}/dbus* -rf - rm ${D}${mandir}/man1/a* - rm ${D}${mandir}/man5 -rf - rm ${D}${mandir}/man8 -rf - rm ${D}${libdir}/girepository-1.0/ -rf - rm ${D}${datadir}/gir-1.0/ -rf -} diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc deleted file mode 100644 index 94fe6a16b..000000000 --- a/poky/meta/recipes-connectivity/avahi/avahi.inc +++ /dev/null @@ -1,86 +0,0 @@ -SUMMARY = "Avahi IPv4LL network address configuration daemon" -DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ -allows programs to publish and discover services and hosts running on a local network \ -with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ -IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ -configuration from the link-local 169.254.0.0/16 range without the need for a central \ -server.' -AUTHOR = "Lennart Poettering <lennart@poettering.net>" -HOMEPAGE = "http://avahi.org" -BUGTRACKER = "https://github.com/lathiat/avahi/issues" -SECTION = "network" - -# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and -# python scripts are under GPLv2+ -LICENSE = "GPLv2+ & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ - file://fix-CVE-2017-6519.patch \ - " - -UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" -SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" -SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804" - -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" - -# For gtk related PACKAGECONFIGs: gtk, gtk3 -AVAHI_GTK ?= "" - -PACKAGECONFIG ??= "dbus ${AVAHI_GTK}" -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" -PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" -PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" - -inherit autotools pkgconfig gettext gobject-introspection - -EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ - --disable-stack-protector \ - --disable-gdbm \ - --disable-mono \ - --disable-monodoc \ - --disable-qt3 \ - --disable-qt4 \ - --disable-python \ - --disable-doxygen-doc \ - --enable-manpages \ - ${EXTRA_OECONF_SYSVINIT} \ - ${EXTRA_OECONF_SYSTEMD} \ - " - -# The distro choice determines what init scripts are installed -EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" - -do_configure_prepend() { - sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac - - # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes - rm "${S}/common/introspection.m4" || true -} - -do_compile_prepend() { - export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" -} - -RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" - -do_install() { - autotools_do_install - rm -rf ${D}/run - rm -rf ${D}${datadir}/dbus-1/interfaces - test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 - rm -rf ${D}${libdir}/avahi -} - -PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" - -FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" - -RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb deleted file mode 100644 index 2e04d304c..000000000 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ /dev/null @@ -1,81 +0,0 @@ -require avahi.inc - -SRC_URI += "file://00avahi-autoipd \ - file://99avahi-autoipd \ - file://initscript.patch \ - file://0001-Fix-opening-etc-resolv.conf-error.patch \ - " - -inherit update-rc.d systemd useradd - -PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils" - -# As avahi doesn't put any files into PN, clear the files list to avoid problems -# if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ - ${sysconfdir}/avahi/avahi-autoipd.action \ - ${sysconfdir}/dhcp/*/avahi-autoipd \ - ${sysconfdir}/udhcpc.d/00avahi-autoipd \ - ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ - ${sysconfdir}/avahi/avahi-daemon.conf \ - ${sysconfdir}/avahi/hosts \ - ${sysconfdir}/avahi/services \ - ${sysconfdir}/dbus-1 \ - ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ - ${datadir}/avahi/avahi-service.dtd \ - ${datadir}/avahi/service-types \ - ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ - ${sysconfdir}/avahi/avahi-dnsconfd.action \ - ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-*" - -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" -RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" - -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" - -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" - -USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ - --no-create-home --shell /bin/false \ - --user-group avahi" - -USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ - --no-create-home --shell /bin/false \ - --user-group \ - -c \"Avahi autoip daemon\" \ - avahi-autoipd" - -INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" - -SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" - -do_install_append() { - install -d ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d -} - -# At the time the postinst runs, dbus might not be setup so only restart if running -# Don't exit early, because update-rc.d needs to run subsequently. -pkg_postinst_avahi-daemon () { -if [ -z "$D" ]; then - killall -q -HUP dbus-daemon || true -fi -} diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb new file mode 100644 index 000000000..2b0c71159 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -0,0 +1,186 @@ +SUMMARY = "Avahi IPv4LL network address configuration daemon" +DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ +allows programs to publish and discover services and hosts running on a local network \ +with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ +IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ +configuration from the link-local 169.254.0.0/16 range without the need for a central \ +server.' +AUTHOR = "Lennart Poettering <lennart@poettering.net>" +HOMEPAGE = "http://avahi.org" +BUGTRACKER = "https://github.com/lathiat/avahi/issues" +SECTION = "network" + +# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and +# python scripts are under GPLv2+ +LICENSE = "GPLv2+ & LGPLv2.1+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" + +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ + file://00avahi-autoipd \ + file://99avahi-autoipd \ + file://initscript.patch \ + file://0001-Fix-opening-etc-resolv.conf-error.patch \ + " + +UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" +SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" +SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" + +DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" + +# For gtk related PACKAGECONFIGs: gtk, gtk3 +AVAHI_GTK ?= "gtk3" + +PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" +PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" +PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" +PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" +PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" +PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" + +inherit autotools pkgconfig gettext gobject-introspection + +EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ + --disable-stack-protector \ + --disable-gdbm \ + --disable-dbm \ + --disable-mono \ + --disable-monodoc \ + --disable-qt3 \ + --disable-qt4 \ + --disable-python \ + --disable-doxygen-doc \ + --enable-manpages \ + ${EXTRA_OECONF_SYSVINIT} \ + ${EXTRA_OECONF_SYSTEMD} \ + " + +# The distro choice determines what init scripts are installed +EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" + +do_configure_prepend() { + # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes + rm "${S}/common/introspection.m4" || true +} + +do_compile_prepend() { + export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" +} + +RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" + +do_install() { + autotools_do_install + rm -rf ${D}/run + rm -rf ${D}${datadir}/dbus-1/interfaces + test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 + rm -rf ${D}${libdir}/avahi + + # Move example service files out of /etc/avahi/services so we don't + # advertise ssh & sftp-ssh by default + install -d ${D}${docdir}/avahi + mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi +} + +PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" + +FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" + +RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" + +inherit update-rc.d systemd useradd + +PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" + +FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*" +FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ + ${datadir}/avahi/interfaces/avahi-discover.ui \ + ${bindir}/avahi-discover-standalone \ + " + +LICENSE_libavahi-gobject = "LGPLv2.1+" +LICENSE_avahi-daemon = "LGPLv2.1+" +LICENSE_libavahi-common = "LGPLv2.1+" +LICENSE_libavahi-core = "LGPLv2.1+" +LICENSE_avahi-client = "LGPLv2.1+" +LICENSE_avahi-dnsconfd = "LGPLv2.1+" +LICENSE_libavahi-glib = "LGPLv2.1+" +LICENSE_avahi-autoipd = "LGPLv2.1+" +LICENSE_avahi-utils = "LGPLv2.1+" + +# As avahi doesn't put any files into PN, clear the files list to avoid problems +# if extra libraries appear. +FILES_${PN} = "" +FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ + ${sysconfdir}/avahi/avahi-autoipd.action \ + ${sysconfdir}/dhcp/*/avahi-autoipd \ + ${sysconfdir}/udhcpc.d/00avahi-autoipd \ + ${sysconfdir}/udhcpc.d/99avahi-autoipd" +FILES_libavahi-common = "${libdir}/libavahi-common.so.*" +FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES_avahi-daemon = "${sbindir}/avahi-daemon \ + ${sysconfdir}/avahi/avahi-daemon.conf \ + ${sysconfdir}/avahi/hosts \ + ${sysconfdir}/avahi/services \ + ${sysconfdir}/dbus-1 \ + ${sysconfdir}/init.d/avahi-daemon \ + ${datadir}/avahi/introspection/*.introspect \ + ${datadir}/avahi/avahi-service.dtd \ + ${datadir}/avahi/service-types \ + ${datadir}/dbus-1/system-services" +FILES_libavahi-client = "${libdir}/libavahi-client.so.*" +FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ + ${sysconfdir}/avahi/avahi-dnsconfd.action \ + ${sysconfdir}/init.d/avahi-dnsconfd" +FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" + +RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" +RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" + +RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" + +CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" + +USERADD_PACKAGES = "avahi-daemon avahi-autoipd" +USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ + --no-create-home --shell /bin/false \ + --user-group avahi" + +USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ + --no-create-home --shell /bin/false \ + --user-group \ + -c \"Avahi autoip daemon\" \ + avahi-autoipd" + +INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" +INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" + +SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" +SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" + +do_install_append() { + install -d ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d +} + +# At the time the postinst runs, dbus might not be setup so only restart if running +# Don't exit early, because update-rc.d needs to run subsequently. +pkg_postinst_avahi-daemon () { +if [ -z "$D" ]; then + killall -q -HUP dbus-daemon || true +fi +} + diff --git a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch deleted file mode 100644 index 7461fe193..000000000 --- a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch +++ /dev/null @@ -1,48 +0,0 @@ -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def] - -CVE: CVE-2017-6519 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 -From: Trent Lloyd <trent@lloyd.id.au> -Date: Sat, 22 Dec 2018 09:06:07 +0800 -Subject: [PATCH] Drop legacy unicast queries from address not on local link - -When handling legacy unicast queries, ensure that the source IP is -inside a subnet on the local link, otherwise drop the packet. - -Fixes #145 -Fixes #203 -CVE-2017-6519 -CVE-2018-1000845 ---- - avahi-core/server.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/avahi-core/server.c b/avahi-core/server.c -index a2cb19a8..a2580e38 100644 ---- a/avahi-core/server.c -+++ b/avahi-core/server.c -@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - - if (avahi_dns_packet_is_query(p)) { - int legacy_unicast = 0; -+ char t[AVAHI_ADDRESS_STR_MAX]; - - /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the - * AR section completely here, so far. Until the day we add -@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - legacy_unicast = 1; - } - -+ if (!is_mdns_mcast_address(dst_address) && -+ !avahi_interface_address_on_link(i, src_address)) { -+ -+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); -+ return; -+ } -+ - if (legacy_unicast) - reflect_legacy_unicast_query_packet(s, p, i, src_address, port); - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch deleted file mode 100644 index 2fed99e1b..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch +++ /dev/null @@ -1,64 +0,0 @@ -Backport patch to fix CVE-2019-6471. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2019-6471 - -CVE: CVE-2019-6471 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Tue, 19 Mar 2019 14:14:21 +1100 -Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext() - -(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712) ---- - lib/dns/dispatch.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c -index 408beda367..3278db4a07 100644 ---- a/lib/dns/dispatch.c -+++ b/lib/dns/dispatch.c -@@ -134,7 +134,7 @@ struct dns_dispentry { - isc_task_t *task; - isc_taskaction_t action; - void *arg; -- bool item_out; -+ bool item_out; - dispsocket_t *dispsocket; - ISC_LIST(dns_dispatchevent_t) items; - ISC_LINK(dns_dispentry_t) link; -@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) { - disp = resp->disp; - REQUIRE(VALID_DISPATCH(disp)); - -- REQUIRE(resp->item_out == true); -- resp->item_out = false; -- - ev = *sockevent; - *sockevent = NULL; - - LOCK(&disp->lock); -+ -+ REQUIRE(resp->item_out == true); -+ resp->item_out = false; -+ - if (ev->buffer.base != NULL) - free_buffer(disp, ev->buffer.base, ev->buffer.length); - free_devent(disp, ev); -@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, - isc_task_send(disp->task[0], &disp->ctlevent); - } - -+/* -+ * disp must be locked. -+ */ - static void - do_cancel(dns_dispatch_t *disp) { - dns_dispatchevent_t *ev; --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch index 871bb2a5f..9d31b9808 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch @@ -1,4 +1,4 @@ -From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 +From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Mon, 27 Aug 2018 15:00:51 +0800 Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' @@ -10,15 +10,16 @@ and helpful for clean up host build path in isc-config.sh Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index 54efc55..76ac0eb 100644 ---- a/configure.in -+++ b/configure.in -@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) +diff --git a/configure.ac b/configure.ac +index e85a5c6..2bbfc58 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl]) fi ;; *) @@ -27,6 +28,3 @@ index 54efc55..76ac0eb 100644 ;; esac fi --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch deleted file mode 100644 index 48ae125f8..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch +++ /dev/null @@ -1,60 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> -Date: Thu, 3 Jan 2019 14:17:43 +0100 -Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1) - -tcp-clients settings could be exceeded in some cases by -creating more and more active TCP clients that are over -the set quota limit, which in the end could lead to a -DoS attack by e.g. exhaustion of file descriptors. - -If TCP client we're closing went over the quota (so it's -not attached to a quota) mark it as mortal - so that it -will be destroyed and not set up to listen for new -connections - unless it's the last client for a specific -interface. - -(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) -(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776) ---- - bin/named/client.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d482da7121..0739dd48af 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) { - isc_socket_detach(&client->tcpsocket); - } - -- if (client->tcpquota != NULL) -+ if (client->tcpquota != NULL) { - isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * We went over quota with this client, we don't -+ * want to restart listening unless this is the -+ * last client on this interface, which is -+ * checked later. -+ */ -+ if (TCP_CLIENT(client)) { -+ client->mortal = true; -+ } -+ } - - if (client->timerset) { - (void)isc_timer_reset(client->timer, --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch deleted file mode 100644 index a8d601dca..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Pending - -Subject: gen.c: extend DIRNAMESIZE from 256 to 512 - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - lib/dns/gen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,7 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 --#define DIRNAMESIZE 256 -+#define DIRNAMESIZE 512 - - static struct cc { - struct cc *next; diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch deleted file mode 100644 index 01874a440..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Wed, 16 Sep 2015 20:23:47 -0700 -Subject: [PATCH] lib/dns/gen.c: fix too long error - -The 512 is a little short when build in deep dir, and cause "too long" -error, use PATH_MAX if defined. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - lib/dns/gen.c | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,11 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 -+#ifdef PATH_MAX -+#define DIRNAMESIZE PATH_MAX -+#else - #define DIRNAMESIZE 512 -+#endif - - static struct cc { - struct cc *next; diff --git a/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch b/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch deleted file mode 100644 index ca4e8b1a6..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch +++ /dev/null @@ -1,670 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> -Date: Fri, 4 Jan 2019 12:50:51 +0100 -Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2) - -the TCP client quota could still be ineffective under some -circumstances. this change: - -- improves quota accounting to ensure that TCP clients are - properly limited, while still guaranteeing that at least one client - is always available to serve TCP connections on each interface. -- uses more descriptive names and removes one (ntcptarget) that - was no longer needed -- adds comments - -(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2) -(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396) ---- - bin/named/client.c | 311 ++++++++++++++++++++----- - bin/named/include/named/client.h | 14 +- - bin/named/include/named/interfacemgr.h | 11 +- - bin/named/interfacemgr.c | 8 +- - 4 files changed, 267 insertions(+), 77 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 0739dd48af..a7b49a0f71 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, -- isc_socket_t *sock); -+ isc_socket_t *sock, ns_client_t *oldclient); - static inline bool --allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr, -- uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl); -+allowed(isc_netaddr_t *addr, dns_name_t *signer, -+ isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -+ uint8_t *ecs_scope, dns_acl_t *acl) - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) { - */ - INSIST(client->recursionquota == NULL); - INSIST(client->newstate <= NS_CLIENTSTATE_READY); -- if (client->nreads > 0) -+ -+ if (client->nreads > 0) { - dns_tcpmsg_cancelread(&client->tcpmsg); -+ } -+ - if (client->nreads != 0) { - /* Still waiting for read cancel completion. */ - return (true); -@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_invalidate(&client->tcpmsg); - client->tcpmsg_valid = false; - } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } - } - - if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } else { - /* -- * We went over quota with this client, we don't -- * want to restart listening unless this is the -- * last client on this interface, which is -- * checked later. -+ * If we are not in a pipeline group, or -+ * we are the last client in the group, detach from -+ * tcpquota; otherwise, transfer the quota to -+ * another client in the same group. - */ -- if (TCP_CLIENT(client)) { -- client->mortal = true; -+ if (!ISC_LINK_LINKED(client, glink) || -+ (client->glink.next == NULL && -+ client->glink.prev == NULL)) -+ { -+ isc_quota_detach(&client->tcpquota); -+ } else if (client->glink.next != NULL) { -+ INSIST(client->glink.next->tcpquota == NULL); -+ client->glink.next->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; -+ } else { -+ INSIST(client->glink.prev->tcpquota == NULL); -+ client->glink.prev->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; - } - } - -+ /* -+ * Unlink from pipeline group. -+ */ -+ if (ISC_LINK_LINKED(client, glink)) { -+ if (client->glink.next != NULL) { -+ client->glink.next->glink.prev = -+ client->glink.prev; -+ } -+ if (client->glink.prev != NULL) { -+ client->glink.prev->glink.next = -+ client->glink.next; -+ } -+ ISC_LINK_INIT(client, glink); -+ } -+ - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) { - * that already. Check whether this client needs to remain - * active and force it to go inactive if not. - * -- * UDP clients go inactive at this point, but TCP clients -- * may remain active if we have fewer active TCP client -- * objects than desired due to an earlier quota exhaustion. -+ * UDP clients go inactive at this point, but a TCP client -+ * will needs to remain active if no other clients are -+ * listening for TCP requests on this interface, to -+ * prevent this interface from going nonresponsive. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpcurrent < -- client->interface->ntcptarget) -+ if (client->interface->ntcpaccepting == 0) { - client->mortal = false; -+ } - UNLOCK(&client->interface->lock); - } - -@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) { - * queue for recycling. - */ - if (client->mortal) { -- if (client->newstate > NS_CLIENTSTATE_INACTIVE) -+ if (client->newstate > NS_CLIENTSTATE_INACTIVE) { - client->newstate = NS_CLIENTSTATE_INACTIVE; -+ } - } - - if (NS_CLIENTSTATE_READY == client->newstate) { - if (TCP_CLIENT(client)) { - client_accept(client); -- } else -+ } else { - client_udprecv(client); -+ } - client->newstate = NS_CLIENTSTATE_MAX; - return (true); - } -@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) { - /* - * We are trying to enter the inactive state. - */ -- if (client->naccepts > 0) -+ if (client->naccepts > 0) { - isc_socket_cancel(client->tcplistener, client->task, - ISC_SOCKCANCEL_ACCEPT); -+ } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) -+ if (! (client->naccepts == 0)) { - return (true); -+ } - - /* Accept cancel is complete. */ -- if (client->nrecvs > 0) -+ if (client->nrecvs > 0) { - isc_socket_cancel(client->udpsocket, client->task, - ISC_SOCKCANCEL_RECV); -+ } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) -+ if (! (client->nrecvs == 0)) { - return (true); -+ } - - /* Still waiting for control event to be delivered */ -- if (client->nctls > 0) -+ if (client->nctls > 0) { - return (true); -- -- /* Deactivate the client. */ -- if (client->interface) -- ns_interface_detach(&client->interface); -+ } - - INSIST(client->naccepts == 0); - INSIST(client->recursionquota == NULL); -- if (client->tcplistener != NULL) -+ if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); - -- if (client->udpsocket != NULL) -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } -+ } -+ if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -+ } - -- if (client->dispatch != NULL) -+ /* Deactivate the client. */ -+ if (client->interface != NULL) { -+ ns_interface_detach(&client->interface); -+ } -+ -+ if (client->dispatch != NULL) { - dns_dispatch_detach(&client->dispatch); -+ } - - client->attributes = 0; - client->mortal = false; -@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) { - client->newstate = NS_CLIENTSTATE_MAX; - if (!ns_g_clienttest && manager != NULL && - !manager->exiting) -+ { - ISC_QUEUE_PUSH(manager->inactive, client, - ilink); -- if (client->needshutdown) -+ } -+ if (client->needshutdown) { - isc_task_shutdown(client->task); -+ } - return (true); - } - } -@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) { - } - } - -- - /*% - * The client's task has received a shutdown event. - */ -@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) -+ if (client->message->opcode != dns_opcode_query) { - client->pipelined = false; -+ } - if (TCP_CLIENT(client) && client->pipelined) { -- result = isc_quota_reserve(&ns_g_server->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -+ result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(read): %s", -- isc_result_totext(result)); - client->pipelined = false; - } - } -@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->filter_aaaa = dns_aaaa_ok; - #endif - client->needshutdown = ns_g_clienttest; -+ client->tcpactive = false; - - ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, - NS_EVENT_CLIENTCONTROL, client_start, client, client, -@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -+ ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - - INSIST(client->state == NS_CLIENTSTATE_READY); - -+ /* -+ * The accept() was successful and we're now establishing a new -+ * connection. We need to make note of it in the client and -+ * interface objects so client objects can do the right thing -+ * when going inactive in exit_check() (see comments in -+ * client_accept() for details). -+ */ - INSIST(client->naccepts == 1); - client->naccepts--; - - LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpcurrent > 0); -- client->interface->ntcpcurrent--; -+ INSIST(client->interface->ntcpaccepting > 0); -+ client->interface->ntcpaccepting--; - UNLOCK(&client->interface->lock); - - /* -@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - } - - if (exit_check(client)) -@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * deny service to legitimate TCP clients. - */ - client->pipelined = false; -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -- if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(accept): %s", -- isc_result_totext(result)); -- } else if (ns_g_server->keepresporder == NULL || -- !allowed(&netaddr, NULL, NULL, 0, NULL, -- ns_g_server->keepresporder)) { -+ result = ns_client_replace(client); -+ if (result == ISC_R_SUCCESS && -+ (client->sctx->keepresporder == NULL || -+ !allowed(&netaddr, NULL, NULL, 0, NULL, -+ ns_g_server->keepresporder))) -+ { - client->pipelined = true; - } - -@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) { - - CTRACE("accept"); - -+ /* -+ * The tcpquota object can only be simultaneously referenced a -+ * pre-defined number of times; this is configured by 'tcp-clients' -+ * in named.conf. If we can't attach to it here, that means the TCP -+ * client quota has been exceeded. -+ */ -+ result = isc_quota_attach(&client->sctx->tcpquota, -+ &client->tcpquota); -+ if (result != ISC_R_SUCCESS) { -+ bool exit; -+ -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -+ "no more TCP clients: %s", -+ isc_result_totext(result)); -+ -+ /* -+ * We have exceeded the system-wide TCP client -+ * quota. But, we can't just block this accept -+ * in all cases, because if we did, a heavy TCP -+ * load on other interfaces might cause this -+ * interface to be starved, with no clients able -+ * to accept new connections. -+ * -+ * So, we check here to see if any other client -+ * is already servicing TCP queries on this -+ * interface (whether accepting, reading, or -+ * processing). -+ * -+ * If so, then it's okay *not* to call -+ * accept - we can let this client to go inactive -+ * and the other one handle the next connection -+ * when it's ready. -+ * -+ * But if not, then we need to be a little bit -+ * flexible about the quota. We allow *one* extra -+ * TCP client through, to ensure we're listening on -+ * every interface. -+ * -+ * (Note: In practice this means that the *real* -+ * TCP client quota is tcp-clients plus the number -+ * of interfaces.) -+ */ -+ LOCK(&client->interface->lock); -+ exit = (client->interface->ntcpactive > 0); -+ UNLOCK(&client->interface->lock); -+ -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } -+ } -+ -+ /* -+ * By incrementing the interface's ntcpactive counter we signal -+ * that there is at least one client servicing TCP queries for the -+ * interface. -+ * -+ * We also make note of the fact in the client itself with the -+ * tcpactive flag. This ensures proper accounting by preventing -+ * us from accidentally incrementing or decrementing ntcpactive -+ * more than once per client object. -+ */ -+ if (!client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ } -+ - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); - if (result != ISC_R_SUCCESS) { -- UNEXPECTED_ERROR(__FILE__, __LINE__, -- "isc_socket_accept() failed: %s", -- isc_result_totext(result)); - /* - * XXXRTH What should we do? We're trying to accept but - * it didn't work. If we just give up, then TCP -@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) { - * - * For now, we just go idle. - */ -+ UNEXPECTED_ERROR(__FILE__, __LINE__, -+ "isc_socket_accept() failed: %s", -+ isc_result_totext(result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - return; - } -+ -+ /* -+ * The client's 'naccepts' counter indicates that this client has -+ * called accept() and is waiting for a new connection. It should -+ * never exceed 1. -+ */ - INSIST(client->naccepts == 0); - client->naccepts++; -+ -+ /* -+ * The interface's 'ntcpaccepting' counter is incremented when -+ * any client calls accept(), and decremented in client_newconn() -+ * once the connection is established. -+ * -+ * When the client object is shutting down after handling a TCP -+ * request (see exit_check()), it looks to see whether this value is -+ * non-zero. If so, that means another client has already called -+ * accept() and is waiting to establish the next connection, which -+ * means the first client is free to go inactive. Otherwise, -+ * the first client must come back and call accept() again; this -+ * guarantees there will always be at least one client listening -+ * for new TCP connections on each interface. -+ */ - LOCK(&client->interface->lock); -- client->interface->ntcpcurrent++; -+ client->interface->ntcpaccepting++; - UNLOCK(&client->interface->lock); - } - -@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) { - tcp = TCP_CLIENT(client); - if (tcp && client->pipelined) { - result = get_worker(client->manager, client->interface, -- client->tcpsocket); -+ client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, - client->dispatch, tcp); - } -- if (result != ISC_R_SUCCESS) -+ if (result != ISC_R_SUCCESS) { - return (result); -+ } - - /* - * The responsibility for listening for new requests is hereby -@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -+ - } else { - isc_socket_t *sock; - -@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - } - - static isc_result_t --get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) -+get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, -+ ns_client_t *oldclient) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - MTRACE("get worker"); - - REQUIRE(manager != NULL); -+ REQUIRE(oldclient != NULL); - - if (manager->exiting) - return (ISC_R_SHUTTINGDOWN); -@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -+ -+ /* -+ * Transfer TCP quota to the new client. -+ */ -+ INSIST(client->tcpquota == NULL); -+ INSIST(oldclient->tcpquota != NULL); -+ client->tcpquota = oldclient->tcpquota; -+ oldclient->tcpquota = NULL; -+ -+ /* -+ * Link to a pipeline group, creating it if needed. -+ */ -+ if (!ISC_LINK_LINKED(oldclient, glink)) { -+ oldclient->glink.next = NULL; -+ oldclient->glink.prev = NULL; -+ } -+ client->glink.next = oldclient->glink.next; -+ client->glink.prev = oldclient; -+ if (oldclient->glink.next != NULL) { -+ oldclient->glink.next->glink.prev = client; -+ } -+ oldclient->glink.next = client; - - client->dscp = ifp->dscp; - -@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ -+ client->tcpactive = true; -+ - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index b23a7b191d..1f7973f9c5 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -94,7 +94,8 @@ struct ns_client { - int nupdates; - int nctls; - int references; -- bool needshutdown; /* -+ bool tcpactive; -+ bool needshutdown; /* - * Used by clienttest to get - * the client to go from - * inactive to free state -@@ -130,9 +131,9 @@ struct ns_client { - isc_stdtime_t now; - isc_time_t tnow; - dns_name_t signername; /*%< [T]SIG key name */ -- dns_name_t * signer; /*%< NULL if not valid sig */ -- bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -+ dns_name_t *signer; /*%< NULL if not valid sig */ -+ bool mortal; /*%< Die after handling request */ -+ bool pipelined; /*%< TCP queries not in sequence */ - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -143,8 +144,8 @@ struct ns_client { - isc_sockaddr_t destsockaddr; - - isc_netaddr_t ecs_addr; /*%< EDNS client subnet */ -- uint8_t ecs_addrlen; -- uint8_t ecs_scope; -+ uint8_t ecs_addrlen; -+ uint8_t ecs_scope; - - struct in6_pktinfo pktinfo; - isc_dscp_t dscp; -@@ -166,6 +167,7 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -+ ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 7d1883e1e8..61b08826a6 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -77,9 +77,14 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcptarget; /*%< Desired number of concurrent -- TCP accepts */ -- int ntcpcurrent; /*%< Current ditto, locked */ -+ int ntcpaccepting; /*%< Number of clients -+ ready to accept new -+ TCP connections on this -+ interface */ -+ int ntcpactive; /*%< Number of clients -+ servicing TCP queries -+ (whether accepting or -+ connected) */ - int nudpdispatch; /*%< Number of UDP dispatches */ - ns_clientmgr_t * clientmgr; /*%< Client manager. */ - ISC_LINK(ns_interface_t) link; -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 419927bf54..955096ef47 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcptarget = 1; -- ifp->ntcpcurrent = 0; -+ ifp->ntcpaccepting = 0; -+ ifp->ntcpactive = 0; - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) { - */ - (void)isc_socket_filter(ifp->tcpsocket, "dataready"); - -- result = ns_clientmgr_createclients(ifp->clientmgr, -- ifp->ntcptarget, ifp, -- true); -+ result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "TCP ns_clientmgr_createclients(): %s", --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch deleted file mode 100644 index 032cfb8c4..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch +++ /dev/null @@ -1,278 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org> -Date: Thu, 17 Jan 2019 15:53:38 +0100 -Subject: [PATCH 3/6] use reference counter for pipeline groups (v3) - -Track pipeline groups using a shared reference counter -instead of a linked list. - -(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91) -(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb) ---- - bin/named/client.c | 171 ++++++++++++++++++++----------- - bin/named/include/named/client.h | 2 +- - 2 files changed, 110 insertions(+), 63 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index a7b49a0f71..277656cef0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - } - -+/*% -+ * Allocate a reference counter that will track the number of client structures -+ * using the TCP connection that 'client' called accept() for. This counter -+ * will be shared between all client structures associated with this TCP -+ * connection. -+ */ -+static void -+pipeline_init(ns_client_t *client) { -+ isc_refcount_t *refs; -+ -+ REQUIRE(client->pipeline_refs == NULL); -+ -+ /* -+ * A global memory context is used for the allocation as different -+ * client structures may have different memory contexts assigned and a -+ * reference counter allocated here might need to be freed by a -+ * different client. The performance impact caused by memory context -+ * contention here is expected to be negligible, given that this code -+ * is only executed for TCP connections. -+ */ -+ refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ isc_refcount_init(refs, 1); -+ client->pipeline_refs = refs; -+} -+ -+/*% -+ * Increase the count of client structures using the TCP connection that -+ * 'source' is associated with and put a pointer to that count in 'target', -+ * thus associating it with the same TCP connection. -+ */ -+static void -+pipeline_attach(ns_client_t *source, ns_client_t *target) { -+ int old_refs; -+ -+ REQUIRE(source->pipeline_refs != NULL); -+ REQUIRE(target->pipeline_refs == NULL); -+ -+ old_refs = isc_refcount_increment(source->pipeline_refs); -+ INSIST(old_refs > 0); -+ target->pipeline_refs = source->pipeline_refs; -+} -+ -+/*% -+ * Decrease the count of client structures using the TCP connection that -+ * 'client' is associated with. If this is the last client using this TCP -+ * connection, free the reference counter and return true; otherwise, return -+ * false. -+ */ -+static bool -+pipeline_detach(ns_client_t *client) { -+ isc_refcount_t *refs; -+ int old_refs; -+ -+ REQUIRE(client->pipeline_refs != NULL); -+ -+ refs = client->pipeline_refs; -+ client->pipeline_refs = NULL; -+ -+ old_refs = isc_refcount_decrement(refs); -+ INSIST(old_refs > 0); -+ -+ if (old_refs == 1) { -+ isc_mem_free(client->sctx->mctx, refs); -+ return (true); -+ } -+ -+ return (false); -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -+ if (client->tcpquota != NULL) { -+ if (client->pipeline_refs == NULL || -+ pipeline_detach(client)) -+ { -+ /* -+ * Only detach from the TCP client quota if -+ * there are no more client structures using -+ * this TCP connection. -+ * -+ * Note that we check 'pipeline_refs' and not -+ * 'pipelined' because in some cases (e.g. -+ * after receiving a request with an opcode -+ * different than QUERY) 'pipelined' is set to -+ * false after the reference counter gets -+ * allocated in pipeline_init() and we must -+ * still drop our reference as failing to do so -+ * would prevent the reference counter itself -+ * from being freed. -+ */ -+ isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * There are other client structures using this -+ * TCP connection, so we cannot detach from the -+ * TCP client quota to prevent excess TCP -+ * connections from being accepted. However, -+ * this client structure might later be reused -+ * for accepting new connections and thus must -+ * have its 'tcpquota' field set to NULL. -+ */ -+ client->tcpquota = NULL; -+ } -+ } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) { - } - } - -- if (client->tcpquota != NULL) { -- /* -- * If we are not in a pipeline group, or -- * we are the last client in the group, detach from -- * tcpquota; otherwise, transfer the quota to -- * another client in the same group. -- */ -- if (!ISC_LINK_LINKED(client, glink) || -- (client->glink.next == NULL && -- client->glink.prev == NULL)) -- { -- isc_quota_detach(&client->tcpquota); -- } else if (client->glink.next != NULL) { -- INSIST(client->glink.next->tcpquota == NULL); -- client->glink.next->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } else { -- INSIST(client->glink.prev->tcpquota == NULL); -- client->glink.prev->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } -- } -- -- /* -- * Unlink from pipeline group. -- */ -- if (ISC_LINK_LINKED(client, glink)) { -- if (client->glink.next != NULL) { -- client->glink.next->glink.prev = -- client->glink.prev; -- } -- if (client->glink.prev != NULL) { -- client->glink.prev->glink.next = -- client->glink.next; -- } -- ISC_LINK_INIT(client, glink); -- } -- - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - dns_name_init(&client->signername, NULL); - client->mortal = false; - client->pipelined = false; -+ client->pipeline_refs = NULL; - client->tcpquota = NULL; - client->recursionquota = NULL; - client->interface = NULL; -@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -- ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -+ pipeline_init(client); - client->pipelined = true; - } - -@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- -- /* -- * Transfer TCP quota to the new client. -- */ -- INSIST(client->tcpquota == NULL); -- INSIST(oldclient->tcpquota != NULL); -- client->tcpquota = oldclient->tcpquota; -- oldclient->tcpquota = NULL; -- -- /* -- * Link to a pipeline group, creating it if needed. -- */ -- if (!ISC_LINK_LINKED(oldclient, glink)) { -- oldclient->glink.next = NULL; -- oldclient->glink.prev = NULL; -- } -- client->glink.next = oldclient->glink.next; -- client->glink.prev = oldclient; -- if (oldclient->glink.next != NULL) { -- oldclient->glink.next->glink.prev = client; -- } -- oldclient->glink.next = client; -+ client->tcpquota = &client->sctx->tcpquota; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; -- client->pipelined = true; - client->mortal = true; - -+ pipeline_attach(oldclient, client); -+ client->pipelined = true; -+ - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); - isc_socket_setname(client->tcpsocket, "worker-tcp", NULL); -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index 1f7973f9c5..aeed9ccdda 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -134,6 +134,7 @@ struct ns_client { - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ - bool pipelined; /*%< TCP queries not in sequence */ -+ isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -167,7 +168,6 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -- ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch b/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch deleted file mode 100644 index 034ab1330..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch +++ /dev/null @@ -1,512 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:12:18 -0700 -Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks - -- ensure that tcpactive is cleaned up correctly when accept() fails. -- set 'client->tcpattached' when the client is attached to the tcpquota. - carry this value on to new clients sharing the same pipeline group. - don't call isc_quota_detach() on the tcpquota unless tcpattached is - set. this way clients that were allowed to accept TCP connections - despite being over quota (and therefore, were never attached to the - quota) will not inadvertently detach from it and mess up the - accounting. -- simplify the code for tcpquota disconnection by using a new function - tcpquota_disconnect(). -- before deciding whether to reject a new connection due to quota - exhaustion, check to see whether there are at least two active - clients. previously, this was "at least one", but that could be - insufficient if there was one other client in READING state (waiting - for messages on an open connection) but none in READY (listening - for new connections). -- before deciding whether a TCP client object can to go inactive, we - must ensure there are enough other clients to maintain service - afterward -- both accepting new connections and reading/processing new - queries. A TCP client can't shut down unless at least one - client is accepting new connections and (in the case of pipelined - clients) at least one additional client is waiting to read. - -(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900) -(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856) -(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3) ---- - bin/named/client.c | 244 +++++++++++++++++++------------ - bin/named/include/named/client.h | 3 +- - 2 files changed, 152 insertions(+), 95 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 277656cef0..61e96dd28c 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp); -+ dns_dispatch_t *disp, ns_client_t *oldclient, -+ bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool - allowed(isc_netaddr_t *addr, dns_name_t *signer, - isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -- uint8_t *ecs_scope, dns_acl_t *acl) -+ uint8_t *ecs_scope, dns_acl_t *acl); - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); - isc_refcount_init(refs, 1); - client->pipeline_refs = refs; - } -@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) { - */ - static void - pipeline_attach(ns_client_t *source, ns_client_t *target) { -- int old_refs; -+ int refs; - - REQUIRE(source->pipeline_refs != NULL); - REQUIRE(target->pipeline_refs == NULL); - -- old_refs = isc_refcount_increment(source->pipeline_refs); -- INSIST(old_refs > 0); -+ isc_refcount_increment(source->pipeline_refs, &refs); -+ INSIST(refs > 1); - target->pipeline_refs = source->pipeline_refs; - } - -@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) { - */ - static bool - pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refs; -- int old_refs; -+ isc_refcount_t *refcount; -+ int refs; - - REQUIRE(client->pipeline_refs != NULL); - -- refs = client->pipeline_refs; -+ refcount = client->pipeline_refs; - client->pipeline_refs = NULL; - -- old_refs = isc_refcount_decrement(refs); -- INSIST(old_refs > 0); -+ isc_refcount_decrement(refcount, refs); - -- if (old_refs == 1) { -- isc_mem_free(client->sctx->mctx, refs); -+ if (refs == 0) { -+ isc_mem_free(ns_g_mctx, refs); - return (true); - } - - return (false); - } - -+/* -+ * Detach a client from the TCP client quota if appropriate, and set -+ * the quota pointer to NULL. -+ * -+ * Sometimes when the TCP client quota is exhausted but there are no other -+ * clients servicing the interface, a client will be allowed to continue -+ * running despite not having been attached to the quota. In this event, -+ * the TCP quota was never attached to the client, so when the client (or -+ * associated pipeline group) shuts down, the quota must NOT be detached. -+ * -+ * Otherwise, if the quota pointer is set, it should be detached. If not -+ * set at all, we just return without doing anything. -+ */ -+static void -+tcpquota_disconnect(ns_client_t *client) { -+ if (client->tcpquota == NULL) { -+ return; -+ } -+ -+ if (client->tcpattached) { -+ isc_quota_detach(&client->tcpquota); -+ client->tcpattached = false; -+ } else { -+ client->tcpquota = NULL; -+ } -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -- if (client->tcpquota != NULL) { -- if (client->pipeline_refs == NULL || -- pipeline_detach(client)) -- { -- /* -- * Only detach from the TCP client quota if -- * there are no more client structures using -- * this TCP connection. -- * -- * Note that we check 'pipeline_refs' and not -- * 'pipelined' because in some cases (e.g. -- * after receiving a request with an opcode -- * different than QUERY) 'pipelined' is set to -- * false after the reference counter gets -- * allocated in pipeline_init() and we must -- * still drop our reference as failing to do so -- * would prevent the reference counter itself -- * from being freed. -- */ -- isc_quota_detach(&client->tcpquota); -- } else { -- /* -- * There are other client structures using this -- * TCP connection, so we cannot detach from the -- * TCP client quota to prevent excess TCP -- * connections from being accepted. However, -- * this client structure might later be reused -- * for accepting new connections and thus must -- * have its 'tcpquota' field set to NULL. -- */ -- client->tcpquota = NULL; -- } -+ /* -+ * Detach from pipeline group and from TCP client quota, -+ * if appropriate. -+ * -+ * - If no pipeline group is active, attempt to -+ * detach from the TCP client quota. -+ * -+ * - If a pipeline group is active, detach from it; -+ * if the return code indicates that there no more -+ * clients left if this pipeline group, we also detach -+ * from the TCP client quota. -+ * -+ * - Otherwise we don't try to detach, we just set the -+ * TCP quota pointer to NULL if it wasn't NULL already. -+ * -+ * tcpquota_disconnect() will set tcpquota to NULL, either -+ * by detaching it or by assignment, depending on the -+ * needs of the client. See the comments on that function -+ * for further information. -+ */ -+ if (client->pipeline_refs == NULL || pipeline_detach(client)) { -+ tcpquota_disconnect(client); -+ } else { -+ client->tcpquota = NULL; -+ client->tcpattached = false; - } - - if (client->tcpsocket != NULL) { -@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) { - client->timerset = false; - } - -- client->pipelined = false; -- - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) { - * active and force it to go inactive if not. - * - * UDP clients go inactive at this point, but a TCP client -- * will needs to remain active if no other clients are -- * listening for TCP requests on this interface, to -- * prevent this interface from going nonresponsive. -+ * may need to remain active and go into ready state if -+ * no other clients are available to listen for TCP -+ * requests on this interface or (in the case of pipelined -+ * clients) to read for additional messages on the current -+ * connection. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpaccepting == 0) { -+ if ((client->interface->ntcpaccepting == 0 || -+ (client->pipelined && -+ client->interface->ntcpactive < 2)) && -+ client->newstate != NS_CLIENTSTATE_FREED) -+ { - client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; - } - UNLOCK(&client->interface->lock); - } - -+ client->pipelined = false; -+ - /* - * We don't need the client; send it to the inactive - * queue for recycling. -@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - } - if (TCP_CLIENT(client) && client->pipelined) { -+ /* -+ * We're pipelining. Replace the client; the -+ * the replacement can read the TCP socket looking -+ * for new messages and this client can process the -+ * current message asynchronously. -+ * -+ * There are now at least three clients using this -+ * TCP socket - one accepting new connections, -+ * one reading an existing connection to get new -+ * messages, and one answering the message already -+ * received. -+ */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { - client->pipelined = false; -@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->pipelined = false; - client->pipeline_refs = NULL; - client->tcpquota = NULL; -+ client->tcpattached = false; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } -+ tcpquota_disconnect(client); - } - - if (exit_check(client)) -@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && -- (client->sctx->keepresporder == NULL || -+ (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) { - * in named.conf. If we can't attach to it here, that means the TCP - * client quota has been exceeded. - */ -- result = isc_quota_attach(&client->sctx->tcpquota, -+ result = isc_quota_attach(&ns_g_server->tcpquota, - &client->tcpquota); - if (result != ISC_R_SUCCESS) { - bool exit; -@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) { - * interface to be starved, with no clients able - * to accept new connections. - * -- * So, we check here to see if any other client -- * is already servicing TCP queries on this -+ * So, we check here to see if any other clients -+ * are already servicing TCP queries on this - * interface (whether accepting, reading, or -- * processing). -- * -- * If so, then it's okay *not* to call -- * accept - we can let this client to go inactive -- * and the other one handle the next connection -- * when it's ready. -+ * processing). If there are at least two -+ * (one reading and one processing a request) -+ * then it's okay *not* to call accept - we -+ * can let this client go inactive and another -+ * one will resume accepting when it's done. - * -- * But if not, then we need to be a little bit -- * flexible about the quota. We allow *one* extra -- * TCP client through, to ensure we're listening on -- * every interface. -+ * If there aren't enough active clients on the -+ * interface, then we can be a little bit -+ * flexible about the quota. We'll allow *one* -+ * extra client through to ensure we're listening -+ * on every interface. - * -- * (Note: In practice this means that the *real* -- * TCP client quota is tcp-clients plus the number -- * of interfaces.) -+ * (Note: In practice this means that the real -+ * TCP client quota is tcp-clients plus the -+ * number of listening interfaces plus 2.) - */ - LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 0); -+ exit = (client->interface->ntcpactive > 1); - UNLOCK(&client->interface->lock); - - if (exit) { -@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) { - (void)exit_check(client); - return; - } -+ -+ } else { -+ client->tcpattached = true; - } - - /* -@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_socket_accept() failed: %s", - isc_result_totext(result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -+ -+ tcpquota_disconnect(client); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; - } -+ - return; - } - -@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) { - * once the connection is established. - * - * When the client object is shutting down after handling a TCP -- * request (see exit_check()), it looks to see whether this value is -- * non-zero. If so, that means another client has already called -- * accept() and is waiting to establish the next connection, which -- * means the first client is free to go inactive. Otherwise, -- * the first client must come back and call accept() again; this -- * guarantees there will always be at least one client listening -- * for new TCP connections on each interface. -+ * request (see exit_check()), if this value is at least one, that -+ * means another client has called accept() and is waiting to -+ * establish the next connection. That means the client may be -+ * be free to become inactive; otherwise it may need to start -+ * listening for connections itself to prevent the interface -+ * going dead. - */ - LOCK(&client->interface->lock); - client->interface->ntcpaccepting++; -@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) { - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, tcp); -+ client->dispatch, client, tcp); -+ -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; -- - return (ISC_R_SUCCESS); - } - -@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp) -+ dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -+ client->tcpattached = false; -+ if (oldclient != NULL) { -+ client->tcpattached = oldclient->tcpattached; -+ } -+ -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &client->sctx->tcpquota; -+ client->tcpquota = &ns_g_server->tcpquota; -+ client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - -@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - LOCK(&client->interface->lock); - client->interface->ntcpactive++; - UNLOCK(&client->interface->lock); -- - client->tcpactive = true; - - INSIST(client->tcpmsg_valid == false); -@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], -+ NULL, tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index aeed9ccdda..e2c40acd28 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */ -- - #ifndef NAMED_CLIENT_H - #define NAMED_CLIENT_H 1 - -@@ -136,6 +134,7 @@ struct ns_client { - bool pipelined; /*%< TCP queries not in sequence */ - isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; -+ bool tcpattached; - isc_quota_t *recursionquota; - ns_interface_t *interface; - --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch b/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch deleted file mode 100644 index 987e75bc0..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch +++ /dev/null @@ -1,911 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:26:05 -0700 -Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case - overrun in isc_quota - -- if the TCP quota has been exceeded but there are no clients listening - for new connections on the interface, we can now force attachment to the - quota using isc_quota_force(), instead of carrying on with the quota not - attached. -- the TCP client quota is now referenced via a reference-counted - 'ns_tcpconn' object, one of which is created whenever a client begins - listening for new connections, and attached to by members of that - client's pipeline group. when the last reference to the tcpconn - object is detached, it is freed and the TCP quota slot is released. -- reduce code duplication by adding mark_tcp_active() function. -- convert counters to atomic. - -(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b) -(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46) -(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9) ---- - bin/named/client.c | 444 +++++++++++-------------- - bin/named/include/named/client.h | 12 +- - bin/named/include/named/interfacemgr.h | 6 +- - bin/named/interfacemgr.c | 1 + - lib/isc/include/isc/quota.h | 7 + - lib/isc/quota.c | 33 +- - lib/isc/win32/libisc.def.in | 1 + - 7 files changed, 236 insertions(+), 268 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 61e96dd28c..d826ab32bf 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, -- bool tcp); -+ dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool -@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - - /*% -- * Allocate a reference counter that will track the number of client structures -- * using the TCP connection that 'client' called accept() for. This counter -- * will be shared between all client structures associated with this TCP -- * connection. -+ * Allocate a reference-counted object that will maintain a single pointer to -+ * the (also reference-counted) TCP client quota, shared between all the -+ * clients processing queries on a single TCP connection, so that all -+ * clients sharing the one socket will together consume only one slot in -+ * the 'tcp-clients' quota. - */ --static void --pipeline_init(ns_client_t *client) { -- isc_refcount_t *refs; -+static isc_result_t -+tcpconn_init(ns_client_t *client, bool force) { -+ isc_result_t result; -+ isc_quota_t *quota = NULL; -+ ns_tcpconn_t *tconn = NULL; - -- REQUIRE(client->pipeline_refs == NULL); -+ REQUIRE(client->tcpconn == NULL); -+ -+ /* -+ * Try to attach to the quota first, so we won't pointlessly -+ * allocate memory for a tcpconn object if we can't get one. -+ */ -+ if (force) { -+ result = isc_quota_force(&ns_g_server->tcpquota, "a); -+ } else { -+ result = isc_quota_attach(&ns_g_server->tcpquota, "a); -+ } -+ if (result != ISC_R_SUCCESS) { -+ return (result); -+ } - - /* - * A global memory context is used for the allocation as different -@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); -- isc_refcount_init(refs, 1); -- client->pipeline_refs = refs; -+ tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn)); -+ -+ isc_refcount_init(&tconn->refs, 1); -+ tconn->tcpquota = quota; -+ quota = NULL; -+ tconn->pipelined = false; -+ -+ client->tcpconn = tconn; -+ -+ return (ISC_R_SUCCESS); - } - - /*% -- * Increase the count of client structures using the TCP connection that -- * 'source' is associated with and put a pointer to that count in 'target', -- * thus associating it with the same TCP connection. -+ * Increase the count of client structures sharing the TCP connection -+ * that 'source' is associated with; add a pointer to the same tcpconn -+ * to 'target', thus associating it with the same TCP connection. - */ - static void --pipeline_attach(ns_client_t *source, ns_client_t *target) { -+tcpconn_attach(ns_client_t *source, ns_client_t *target) { - int refs; - -- REQUIRE(source->pipeline_refs != NULL); -- REQUIRE(target->pipeline_refs == NULL); -+ REQUIRE(source->tcpconn != NULL); -+ REQUIRE(target->tcpconn == NULL); -+ REQUIRE(source->tcpconn->pipelined); - -- isc_refcount_increment(source->pipeline_refs, &refs); -+ isc_refcount_increment(&source->tcpconn->refs, &refs); - INSIST(refs > 1); -- target->pipeline_refs = source->pipeline_refs; -+ target->tcpconn = source->tcpconn; - } - - /*% -- * Decrease the count of client structures using the TCP connection that -+ * Decrease the count of client structures sharing the TCP connection that - * 'client' is associated with. If this is the last client using this TCP -- * connection, free the reference counter and return true; otherwise, return -- * false. -+ * connection, we detach from the TCP quota and free the tcpconn -+ * object. Either way, client->tcpconn is set to NULL. - */ --static bool --pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refcount; -+static void -+tcpconn_detach(ns_client_t *client) { -+ ns_tcpconn_t *tconn = NULL; - int refs; - -- REQUIRE(client->pipeline_refs != NULL); -- -- refcount = client->pipeline_refs; -- client->pipeline_refs = NULL; -+ REQUIRE(client->tcpconn != NULL); - -- isc_refcount_decrement(refcount, refs); -+ tconn = client->tcpconn; -+ client->tcpconn = NULL; - -+ isc_refcount_decrement(&tconn->refs, &refs); - if (refs == 0) { -- isc_mem_free(ns_g_mctx, refs); -- return (true); -+ isc_quota_detach(&tconn->tcpquota); -+ isc_mem_free(ns_g_mctx, tconn); - } -- -- return (false); - } - --/* -- * Detach a client from the TCP client quota if appropriate, and set -- * the quota pointer to NULL. -- * -- * Sometimes when the TCP client quota is exhausted but there are no other -- * clients servicing the interface, a client will be allowed to continue -- * running despite not having been attached to the quota. In this event, -- * the TCP quota was never attached to the client, so when the client (or -- * associated pipeline group) shuts down, the quota must NOT be detached. -+/*% -+ * Mark a client as active and increment the interface's 'ntcpactive' -+ * counter, as a signal that there is at least one client servicing -+ * TCP queries for the interface. If we reach the TCP client quota at -+ * some point, this will be used to determine whether a quota overrun -+ * should be permitted. - * -- * Otherwise, if the quota pointer is set, it should be detached. If not -- * set at all, we just return without doing anything. -+ * Marking the client active with the 'tcpactive' flag ensures proper -+ * accounting, by preventing us from incrementing or decrementing -+ * 'ntcpactive' more than once per client. - */ - static void --tcpquota_disconnect(ns_client_t *client) { -- if (client->tcpquota == NULL) { -- return; -- } -- -- if (client->tcpattached) { -- isc_quota_detach(&client->tcpquota); -- client->tcpattached = false; -- } else { -- client->tcpquota = NULL; -+mark_tcp_active(ns_client_t *client, bool active) { -+ if (active && !client->tcpactive) { -+ isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ client->tcpactive = active; -+ } else if (!active && client->tcpactive) { -+ uint32_t old = -+ isc_atomic_xadd(&client->interface->ntcpactive, -1); -+ INSIST(old > 0); -+ client->tcpactive = active; - } - } - -@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - - if (NS_CLIENTSTATE_READING == client->newstate) { -- if (!client->pipelined) { -+ INSIST(client->tcpconn != NULL); -+ if (!client->tcpconn->pipelined) { - client_read(client); - client->newstate = NS_CLIENTSTATE_MAX; - return (true); /* We're done. */ -@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_cancelread(&client->tcpmsg); - } - -- if (client->nreads != 0) { -- /* Still waiting for read cancel completion. */ -+ /* Still waiting for read cancel completion. */ -+ if (client->nreads > 0) { - return (true); - } - -@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) { - } - - /* -- * Detach from pipeline group and from TCP client quota, -- * if appropriate. -+ * Soon the client will be ready to accept a new TCP -+ * connection or UDP request, but we may have enough -+ * clients doing that already. Check whether this client -+ * needs to remain active and allow it go inactive if -+ * not. - * -- * - If no pipeline group is active, attempt to -- * detach from the TCP client quota. -+ * UDP clients always go inactive at this point, but a TCP -+ * client may need to stay active and return to READY -+ * state if no other clients are available to listen -+ * for TCP requests on this interface. - * -- * - If a pipeline group is active, detach from it; -- * if the return code indicates that there no more -- * clients left if this pipeline group, we also detach -- * from the TCP client quota. -- * -- * - Otherwise we don't try to detach, we just set the -- * TCP quota pointer to NULL if it wasn't NULL already. -- * -- * tcpquota_disconnect() will set tcpquota to NULL, either -- * by detaching it or by assignment, depending on the -- * needs of the client. See the comments on that function -- * for further information. -+ * Regardless, if we're going to FREED state, that means -+ * the system is shutting down and we don't need to -+ * retain clients. - */ -- if (client->pipeline_refs == NULL || pipeline_detach(client)) { -- tcpquota_disconnect(client); -- } else { -- client->tcpquota = NULL; -- client->tcpattached = false; -+ if (client->mortal && TCP_CLIENT(client) && -+ client->newstate != NS_CLIENTSTATE_FREED && -+ !ns_g_clienttest && -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ { -+ /* Nobody else is accepting */ -+ client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; -+ } -+ -+ /* -+ * Detach from TCP connection and TCP client quota, -+ * if appropriate. If this is the last reference to -+ * the TCP connection in our pipeline group, the -+ * TCP quota slot will be released. -+ */ -+ if (client->tcpconn) { -+ tcpconn_detach(client); - } - - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - - if (client->timerset) { -@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) { - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -- INSIST(client->recursionquota == NULL); -- -- /* -- * Now the client is ready to accept a new TCP connection -- * or UDP request, but we may have enough clients doing -- * that already. Check whether this client needs to remain -- * active and force it to go inactive if not. -- * -- * UDP clients go inactive at this point, but a TCP client -- * may need to remain active and go into ready state if -- * no other clients are available to listen for TCP -- * requests on this interface or (in the case of pipelined -- * clients) to read for additional messages on the current -- * connection. -- */ -- if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { -- LOCK(&client->interface->lock); -- if ((client->interface->ntcpaccepting == 0 || -- (client->pipelined && -- client->interface->ntcpactive < 2)) && -- client->newstate != NS_CLIENTSTATE_FREED) -- { -- client->mortal = false; -- client->newstate = NS_CLIENTSTATE_READY; -- } -- UNLOCK(&client->interface->lock); -- } -- -- client->pipelined = false; - - /* - * We don't need the client; send it to the inactive -@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) { -+ if (client->naccepts > 0) { - return (true); - } - -@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) { -+ if (client->nrecvs > 0) { - return (true); - } - -@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) { - return; - - if (TCP_CLIENT(client)) { -- if (client->pipelined) { -+ if (client->tcpconn != NULL) { - client_read(client); - } else { - client_accept(client); -@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->nrecvs--; - } else { - INSIST(TCP_CLIENT(client)); -+ INSIST(client->tcpconn != NULL); - REQUIRE(event->ev_type == DNS_EVENT_TCPMSG); - REQUIRE(event->ev_sender == &client->tcpmsg); - buffer = &client->tcpmsg.buffer; -@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) { -- client->pipelined = false; -+ if (TCP_CLIENT(client) && -+ client->message->opcode != dns_opcode_query) -+ { -+ client->tcpconn->pipelined = false; - } -- if (TCP_CLIENT(client) && client->pipelined) { -+ if (TCP_CLIENT(client) && client->tcpconn->pipelined) { - /* - * We're pipelining. Replace the client; the -- * the replacement can read the TCP socket looking -- * for new messages and this client can process the -+ * replacement can read the TCP socket looking -+ * for new messages and this one can process the - * current message asynchronously. - * -- * There are now at least three clients using this -+ * There will now be at least three clients using this - * TCP socket - one accepting new connections, - * one reading an existing connection to get new - * messages, and one answering the message already -@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- client->pipelined = false; -+ client->tcpconn->pipelined = false; - } - } - -@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->signer = NULL; - dns_name_init(&client->signername, NULL); - client->mortal = false; -- client->pipelined = false; -- client->pipeline_refs = NULL; -- client->tcpquota = NULL; -- client->tcpattached = false; -+ client->tcpconn = NULL; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) { - - static void - client_newconn(isc_task_t *task, isc_event_t *event) { -+ isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- isc_result_t result; -+ uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpaccepting > 0); -- client->interface->ntcpaccepting--; -- UNLOCK(&client->interface->lock); -+ old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -+ INSIST(old > 0); - - /* - * We must take ownership of the new socket before the exit -@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- tcpquota_disconnect(client); -+ tcpconn_detach(client); - } - - if (exit_check(client)) -@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * telnetting to port 53 (once per CPU) will - * deny service to legitimate TCP clients. - */ -- client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && - (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -- pipeline_init(client); -- client->pipelined = true; -+ client->tcpconn->pipelined = true; - } - - client_read(client); -@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) { - CTRACE("accept"); - - /* -- * The tcpquota object can only be simultaneously referenced a -- * pre-defined number of times; this is configured by 'tcp-clients' -- * in named.conf. If we can't attach to it here, that means the TCP -- * client quota has been exceeded. -+ * Set up a new TCP connection. This means try to attach to the -+ * TCP client quota (tcp-clients), but fail if we're over quota. - */ -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -+ result = tcpconn_init(client, false); - if (result != ISC_R_SUCCESS) { -- bool exit; -+ bool exit; - -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -- "no more TCP clients: %s", -- isc_result_totext(result)); -- -- /* -- * We have exceeded the system-wide TCP client -- * quota. But, we can't just block this accept -- * in all cases, because if we did, a heavy TCP -- * load on other interfaces might cause this -- * interface to be starved, with no clients able -- * to accept new connections. -- * -- * So, we check here to see if any other clients -- * are already servicing TCP queries on this -- * interface (whether accepting, reading, or -- * processing). If there are at least two -- * (one reading and one processing a request) -- * then it's okay *not* to call accept - we -- * can let this client go inactive and another -- * one will resume accepting when it's done. -- * -- * If there aren't enough active clients on the -- * interface, then we can be a little bit -- * flexible about the quota. We'll allow *one* -- * extra client through to ensure we're listening -- * on every interface. -- * -- * (Note: In practice this means that the real -- * TCP client quota is tcp-clients plus the -- * number of listening interfaces plus 2.) -- */ -- LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 1); -- UNLOCK(&client->interface->lock); -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -+ "TCP client quota reached: %s", -+ isc_result_totext(result)); - -- if (exit) { -- client->newstate = NS_CLIENTSTATE_INACTIVE; -- (void)exit_check(client); -- return; -- } -+ /* -+ * We have exceeded the system-wide TCP client quota. But, -+ * we can't just block this accept in all cases, because if -+ * we did, a heavy TCP load on other interfaces might cause -+ * this interface to be starved, with no clients able to -+ * accept new connections. -+ * -+ * So, we check here to see if any other clients are -+ * already servicing TCP queries on this interface (whether -+ * accepting, reading, or processing). If we find at least -+ * one, then it's okay *not* to call accept - we can let this -+ * client go inactive and another will take over when it's -+ * done. -+ * -+ * If there aren't enough active clients on the interface, -+ * then we can be a little bit flexible about the quota. -+ * We'll allow *one* extra client through to ensure we're -+ * listening on every interface; we do this by setting the -+ * 'force' option to tcpconn_init(). -+ * -+ * (Note: In practice this means that the real TCP client -+ * quota is tcp-clients plus the number of listening -+ * interfaces plus 1.) -+ */ -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } - -- } else { -- client->tcpattached = true; -+ result = tcpconn_init(client, true); -+ RUNTIME_CHECK(result == ISC_R_SUCCESS); - } - - /* -- * By incrementing the interface's ntcpactive counter we signal -- * that there is at least one client servicing TCP queries for the -- * interface. -- * -- * We also make note of the fact in the client itself with the -- * tcpactive flag. This ensures proper accounting by preventing -- * us from accidentally incrementing or decrementing ntcpactive -- * more than once per client object. -+ * If this client was set up using get_client() or get_worker(), -+ * then TCP is already marked active. However, if it was restarted -+ * from exit_check(), it might not be, so we take care of it now. - */ -- if (!client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- } -+ mark_tcp_active(client, true); - - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); -@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) { - "isc_socket_accept() failed: %s", - isc_result_totext(result)); - -- tcpquota_disconnect(client); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -- -+ tcpconn_detach(client); -+ mark_tcp_active(client, false); - return; - } - -@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- LOCK(&client->interface->lock); -- client->interface->ntcpaccepting++; -- UNLOCK(&client->interface->lock); -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 1); - } - - static void -@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) { - REQUIRE(client->manager != NULL); - - tcp = TCP_CLIENT(client); -- if (tcp && client->pipelined) { -+ if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) { - result = get_worker(client->manager, client->interface, - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, client, tcp); -+ client->dispatch, tcp); - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; -+ - return (ISC_R_SUCCESS); - } - -@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) -+ dns_dispatch_t *disp, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -- client->tcpattached = false; -- if (oldclient != NULL) { -- client->tcpattached = oldclient->tcpattached; -- } -- -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -+ mark_tcp_active(client, true); - - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, -@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -- client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; - client->mortal = true; - -- pipeline_attach(oldclient, client); -- client->pipelined = true; -+ tcpconn_attach(oldclient, client); -+ mark_tcp_active(client, true); - - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); -@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], -- NULL, tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index e2c40acd28..969ee4c08f 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -78,6 +78,13 @@ - *** Types - ***/ - -+/*% reference-counted TCP connection object */ -+typedef struct ns_tcpconn { -+ isc_refcount_t refs; -+ isc_quota_t *tcpquota; -+ bool pipelined; -+} ns_tcpconn_t; -+ - /*% nameserver client structure */ - struct ns_client { - unsigned int magic; -@@ -131,10 +138,7 @@ struct ns_client { - dns_name_t signername; /*%< [T]SIG key name */ - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -- isc_refcount_t *pipeline_refs; -- isc_quota_t *tcpquota; -- bool tcpattached; -+ ns_tcpconn_t *tcpconn; - isc_quota_t *recursionquota; - ns_interface_t *interface; - -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 61b08826a6..3535ef22a8 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */ -- - #ifndef NAMED_INTERFACEMGR_H - #define NAMED_INTERFACEMGR_H 1 - -@@ -77,11 +75,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcpaccepting; /*%< Number of clients -+ int32_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int ntcpactive; /*%< Number of clients -+ int32_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 955096ef47..d9f6df5802 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - */ - ifp->ntcpaccepting = 0; - ifp->ntcpactive = 0; -+ - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h -index b9bf59877a..36c5830242 100644 ---- a/lib/isc/include/isc/quota.h -+++ b/lib/isc/include/isc/quota.h -@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p); - * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA). - */ - -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p); -+/*%< -+ * Like isc_quota_attach, but will attach '*p' to the quota -+ * even if the hard quota has been exceeded. -+ */ -+ - void - isc_quota_detach(isc_quota_t **p); - /*%< -diff --git a/lib/isc/quota.c b/lib/isc/quota.c -index 3ddff0d875..556a61f21d 100644 ---- a/lib/isc/quota.c -+++ b/lib/isc/quota.c -@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) { - UNLOCK("a->lock); - } - --isc_result_t --isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) --{ -+static isc_result_t -+doattach(isc_quota_t *quota, isc_quota_t **p, bool force) { - isc_result_t result; -- INSIST(p != NULL && *p == NULL); -+ REQUIRE(p != NULL && *p == NULL); -+ - result = isc_quota_reserve(quota); -- if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) -+ if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) { -+ *p = quota; -+ } else if (result == ISC_R_QUOTA && force) { -+ /* attach anyway */ -+ LOCK("a->lock); -+ quota->used++; -+ UNLOCK("a->lock); -+ - *p = quota; -+ result = ISC_R_SUCCESS; -+ } -+ - return (result); - } - -+isc_result_t -+isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, false)); -+} -+ -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, true)); -+} -+ - void --isc_quota_detach(isc_quota_t **p) --{ -+isc_quota_detach(isc_quota_t **p) { - INSIST(p != NULL && *p != NULL); - isc_quota_release(*p); - *p = NULL; -diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in -index a82facec0f..7b9f23d776 100644 ---- a/lib/isc/win32/libisc.def.in -+++ b/lib/isc/win32/libisc.def.in -@@ -519,6 +519,7 @@ isc_portset_removerange - isc_quota_attach - isc_quota_destroy - isc_quota_detach -+isc_quota_force - isc_quota_init - isc_quota_max - isc_quota_release --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch deleted file mode 100644 index 3821d1850..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch +++ /dev/null @@ -1,80 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:26:19 -0700 -Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces - -in the "refactor tcpquota and pipeline refs" commit, the counting -of active interfaces was tightened in such a way that named could -fail to listen on an interface if there were more interfaces than -tcp-clients. when checking the quota to start accepting on an -interface, if the number of active clients was above zero, then -it was presumed that some other client was able to handle accepting -new connections. this, however, ignored the fact that the current client -could be included in that count, so if the quota was already exceeded -before all the interfaces were listening, some interfaces would never -listen. - -we now check whether the current client has been marked active; if so, -then the number of active clients on the interface must be greater -than 1, not 0. - -(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5) -(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41) ---- - bin/named/client.c | 8 +++++--- - doc/arm/Bv9ARM-book.xml | 3 ++- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d826ab32bf..845326abc0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) { - * - * So, we check here to see if any other clients are - * already servicing TCP queries on this interface (whether -- * accepting, reading, or processing). If we find at least -- * one, then it's okay *not* to call accept - we can let this -+ * accepting, reading, or processing). If we find that at -+ * least one client other than this one is active, then -+ * it's okay *not* to call accept - we can let this - * client go inactive and another will take over when it's - * done. - * -@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -+ (client->tcpactive ? 1 : 0)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 381768d540..9c76d3cd6f 100644 ---- a/doc/arm/Bv9ARM-book.xml -+++ b/doc/arm/Bv9ARM-book.xml -@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - <para> - The number of file descriptors reserved for TCP, stdio, - etc. This needs to be big enough to cover the number of -- interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as -+ interfaces <command>named</command> listens on plus -+ <command>tcp-clients</command>, as well as - to provide room for outgoing TCP queries and incoming zone - transfers. The default is <literal>512</literal>. - The minimum value is <literal>128</literal> and the --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch b/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch deleted file mode 100644 index 1a84eca58..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch +++ /dev/null @@ -1,140 +0,0 @@ -Backport commit to fix compile error on arm caused by commits which are -to fix CVE-2018-5743. - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include <isc/magic.h> - #include <isc/mem.h> - #include <isc/socket.h> -+#include <isc/refcount.h> - - #include <dns/result.h> - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 37e210e6d..84559e5f3 100644 --- a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 +From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001 From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -27,15 +27,16 @@ to make use of the combination some day. Upstream-Status: Inappropriate [OE Specific] Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: bind-9.11.3/configure.in -=================================================================== ---- bind-9.11.3.orig/configure.in -+++ bind-9.11.3/configure.in -@@ -2574,7 +2574,7 @@ case "$use_libjson" in +diff --git a/configure.ac b/configure.ac +index 17392fd..e85a5c6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2449,7 +2449,7 @@ case "$use_libjson" in libjson_libs="" ;; auto|yes) diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb index 089770634..4e64171cc 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb @@ -15,23 +15,13 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://make-etc-initd-bind-stop-work.patch \ file://init.d-add-support-for-read-only-rootfs.patch \ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ - file://0001-lib-dns-gen.c-fix-too-long-error.patch \ file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ file://0001-avoid-start-failure-with-bind-user.patch \ - file://0001-bind-fix-CVE-2019-6471.patch \ - file://0001-fix-enforcement-of-tcp-clients-v1.patch \ - file://0002-tcp-clients-could-still-be-exceeded-v2.patch \ - file://0003-use-reference-counter-for-pipeline-groups-v3.patch \ - file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \ - file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \ - file://0006-restore-allowance-for-tcp-clients-interfaces.patch \ - file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \ -" - -SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960" -SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434" + " + +SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057" +SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 @@ -41,7 +31,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" # don't report it here since dhcpd is already recent enough. CVE_CHECK_WHITELIST += "CVE-2019-6470" -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" @@ -115,6 +105,8 @@ do_install_append() { install -d ${D}${sysconfdir}/tmpfiles.d echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf fi + + oe_multilib_header isc/platform.h } CONFFILES_${PN} = " \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 484509350..150d909d7 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -46,20 +46,13 @@ PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ - file://out-of-tree.patch \ - file://init \ - file://run-ptest \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ - file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ - file://0001-test-gatt-Fix-hung-issue.patch \ - file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \ - file://CVE-2018-10910.patch \ - file://gcc9-fixes.patch \ - file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ - file://0001-tools-btpclient.c-include-signal.h.patch \ -" +SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ + file://init \ + file://run-ptest \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ + file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-test-gatt-Fix-hung-issue.patch \ + " S = "${WORKDIR}/bluez-${PV}" CVE_PRODUCT = "bluez" @@ -70,6 +63,7 @@ EXTRA_OECONF = "\ --enable-test \ --enable-datafiles \ --enable-library \ + --without-zsh-completion-dir \ " # bluez5 builds a large number of useful utilities but does not diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch index da7140922..618ed734a 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -1,4 +1,4 @@ -From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001 +From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> Date: Sat, 12 Oct 2013 17:45:25 +0200 Subject: [PATCH] Allow using obexd without systemd in the user session @@ -17,22 +17,22 @@ http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 Signed-off-by: Javier Viguera <javier.viguera@digi.com> --- - Makefile.obexd | 4 ++-- - obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- + Makefile.obexd | 4 ++-- + .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%) diff --git a/Makefile.obexd b/Makefile.obexd -index c462692..0325f66 100644 +index de59d29..73004a3 100644 --- a/Makefile.obexd +++ b/Makefile.obexd @@ -1,12 +1,12 @@ if SYSTEMD - systemduserunitdir = @SYSTEMD_USERUNITDIR@ + systemduserunitdir = $(SYSTEMD_USERUNITDIR) systemduserunit_DATA = obexd/src/obex.service +endif - dbussessionbusdir = @DBUS_SESSIONBUSDIR@ + dbussessionbusdir = $(DBUS_SESSIONBUSDIR) dbussessionbus_DATA = obexd/src/org.bluez.obex.service -endif diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch deleted file mode 100644 index b6cb97839..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 117c41242c01e057295aed80ed973c6dc7e35fe2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 8 Oct 2019 11:01:56 +0100 -Subject: [PATCH BlueZ] Makefile.am: add missing mkdir in rules generation - -In parallel out-of-tree builds it's possible that tools/*.rules are -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index 2ac28b23d..e7bcd2366 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -589,6 +589,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources) - $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ - - tools/%.rules: -+ $(AM_V_at)$(MKDIR_P) tools - $(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@ - - $(lib_libbluetooth_la_OBJECTS): $(local_headers) --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch deleted file mode 100644 index 9ca20ae53..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch +++ /dev/null @@ -1,68 +0,0 @@ -From f36f71f60b1e68c0f12e615b9b128d089ec3dd19 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera <hadess@hadess.net> -Date: Fri, 7 Jun 2019 09:51:33 +0200 -Subject: [PATCH] tools: Fix build after y2038 changes in glibc - -The 32-bit SIOCGSTAMP has been deprecated. Use the deprecated name -to fix the build. - -Upstream-Status: backport commit f36f71f60b1e68c0f12e615b9b128d089ec3dd19 - -Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> - ---- - tools/l2test.c | 6 +++++- - tools/rctest.c | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/tools/l2test.c b/tools/l2test.c -index e755ac881..e787c2ce2 100644 ---- a/tools/l2test.c -+++ b/tools/l2test.c -@@ -55,6 +55,10 @@ - #define BREDR_DEFAULT_PSM 0x1011 - #define LE_DEFAULT_PSM 0x0080 - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -907,7 +911,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { -diff --git a/tools/rctest.c b/tools/rctest.c -index 94490f462..bc8ed875d 100644 ---- a/tools/rctest.c -+++ b/tools/rctest.c -@@ -50,6 +50,10 @@ - - #include "src/shared/util.h" - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -505,7 +509,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { --- -2.19.1 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch deleted file mode 100644 index 620aaabc6..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0b1766514f6847c7367fce07f19a750ec74c11a6 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Thu, 26 Sep 2019 16:19:34 +0800 -Subject: [PATCH] tools/btpclient.c: include signal.h - -Fix compile failure when configure --enable-btpclient: -btpclient.c:2834:7: error: 'SIGINT' undeclared (first use in this function) - -Upstream-Status: Backport [A subset of the full fix that went upstream] - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - tools/btpclient.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/btpclient.c b/tools/btpclient.c -index b217df5..aece7fe 100644 ---- a/tools/btpclient.c -+++ b/tools/btpclient.c -@@ -29,6 +29,7 @@ - #include <stdlib.h> - #include <assert.h> - #include <getopt.h> -+#include <signal.h> - - #include <ell/ell.h> - --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch deleted file mode 100644 index 2a7807744..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch +++ /dev/null @@ -1,505 +0,0 @@ -From 977321f2c7f974ea68a3d90df296c66189a3f254 Mon Sep 17 00:00:00 2001 -From: Lei Maohui <leimaohui@cn.fujitsu.com> -Date: Fri, 21 Jun 2019 17:57:35 +0900 -Subject: [PATCH] CVE-2018-10910 - -A bug in Bluez may allow for the Bluetooth Discoverable state being set to on -when no Bluetooth agent is registered with the system. This situation could -lead to the unauthorized pairing of certain Bluetooth devices without any -form of authentication. - -CVE: CVE-2018-10910 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command -From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com> -Date: 2018-07-25 10:20:32 -Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com -[Download RAW message or body] - -From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> - -This adds discoverable-timeout command which can be used to get/set -DiscoverableTimeout property: - -[bluetooth]# discoverable-timeout 180 -Changing discoverable-timeout 180 succeeded ---- - client/main.c | 82 +++++++++++++++++++++++++++++++++- - doc/adapter-api.txt | 6 +++ - src/adapter.c | 125 ++++++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 198 insertions(+), 15 deletions(-) - -diff --git a/client/main.c b/client/main.c -index 87323d8..1a66a3a 100644 ---- a/client/main.c -+++ b/client/main.c -@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[]) - print_property(proxy, "Class"); - print_property(proxy, "Powered"); - print_property(proxy, "Discoverable"); -+ print_property(proxy, "DiscoverableTimeout"); - print_property(proxy, "Pairable"); - print_uuids(proxy); - print_property(proxy, "Modalias"); -@@ -1061,6 +1062,47 @@ static void cmd_discoverable(int argc, char *argv[]) - return bt_shell_noninteractive_quit(EXIT_FAILURE); - } - -+static void cmd_discoverable_timeout(int argc, char *argv[]) -+{ -+ uint32_t value; -+ char *endptr = NULL; -+ char *str; -+ -+ if (argc < 2) { -+ DBusMessageIter iter; -+ -+ if (!g_dbus_proxy_get_property(default_ctrl->proxy, -+ "DiscoverableTimeout", &iter)) { -+ bt_shell_printf("Unable to get DiscoverableTimeout\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ dbus_message_iter_get_basic(&iter, &value); -+ -+ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value); -+ -+ return; -+ } -+ -+ value = strtol(argv[1], &endptr, 0); -+ if (!endptr || *endptr != '\0' || value > UINT32_MAX) { -+ bt_shell_printf("Invalid argument\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ str = g_strdup_printf("discoverable-timeout %d", value); -+ -+ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy, -+ "DiscoverableTimeout", -+ DBUS_TYPE_UINT32, &value, -+ generic_callback, str, g_free)) -+ return; -+ -+ g_free(str); -+ -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+} -+ - static void cmd_agent(int argc, char *argv[]) - { - dbus_bool_t enable; -@@ -1124,6 +1166,7 @@ static struct set_discovery_filter_args { - char **uuids; - size_t uuids_len; - dbus_bool_t duplicate; -+ dbus_bool_t discoverable; - bool set; - } filter = { - .rssi = DISTANCE_VAL_INVALID, -@@ -1163,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data) - DBUS_TYPE_BOOLEAN, - &args->duplicate); - -+ if (args->discoverable) -+ g_dbus_dict_append_entry(&dict, "Discoverable", -+ DBUS_TYPE_BOOLEAN, -+ &args->discoverable); -+ - dbus_message_iter_close_container(iter, &dict); - } - -@@ -1320,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[]) - filter.set = false; - } - -+static void cmd_scan_filter_discoverable(int argc, char *argv[]) -+{ -+ if (argc < 2 || !strlen(argv[1])) { -+ bt_shell_printf("Discoverable: %s\n", -+ filter.discoverable ? "on" : "off"); -+ return bt_shell_noninteractive_quit(EXIT_SUCCESS); -+ } -+ -+ if (!strcmp(argv[1], "on")) -+ filter.discoverable = true; -+ else if (!strcmp(argv[1], "off")) -+ filter.discoverable = false; -+ else { -+ bt_shell_printf("Invalid option: %s\n", argv[1]); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ filter.set = false; -+} -+ - static void filter_clear_uuids(void) - { - g_strfreev(filter.uuids); -@@ -1348,6 +1416,11 @@ static void filter_clear_duplicate(void) - filter.duplicate = false; - } - -+static void filter_clear_discoverable(void) -+{ -+ filter.discoverable = false; -+} -+ - struct clear_entry { - const char *name; - void (*clear) (void); -@@ -1359,6 +1432,7 @@ static const struct clear_entry filter_clear[] = { - { "pathloss", filter_clear_pathloss }, - { "transport", filter_clear_transport }, - { "duplicate-data", filter_clear_duplicate }, -+ { "discoverable", filter_clear_discoverable }, - {} - }; - -@@ -2468,7 +2542,11 @@ static const struct bt_shell_menu scan_menu = { - { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data, - "Set/Get duplicate data filter", - NULL }, -- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]", -+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable, -+ "Set/Get discoverable filter", -+ NULL }, -+ { "clear", -+ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]", - cmd_scan_filter_clear, - "Clears discovery filter.", - filter_clear_generator }, -@@ -2549,6 +2627,8 @@ static const struct bt_shell_menu main_menu = { - { "discoverable", "<on/off>", cmd_discoverable, - "Set controller discoverable mode", - NULL }, -+ { "discoverable-timeout", "[value]", cmd_discoverable_timeout, -+ "Set discoverable timeout", NULL }, - { "agent", "<on/off/capability>", cmd_agent, - "Enable/disable agent with given capability", - capability_generator}, -diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt -index d14d0ca..4791af2 100644 ---- a/doc/adapter-api.txt -+++ b/doc/adapter-api.txt -@@ -113,6 +113,12 @@ Methods void StartDiscovery() - generated for either ManufacturerData and - ServiceData everytime they are discovered. - -+ bool Discoverable (Default: false) -+ -+ Make adapter discoverable while discovering, -+ if the adapter is already discoverable this -+ setting this filter won't do anything. -+ - When discovery filter is set, Device objects will be - created as new devices with matching criteria are - discovered regardless of they are connectable or -diff --git a/src/adapter.c b/src/adapter.c -index af340fd..822bd34 100644 ---- a/src/adapter.c -+++ b/src/adapter.c -@@ -157,6 +157,7 @@ struct discovery_filter { - int16_t rssi; - GSList *uuids; - bool duplicate; -+ bool discoverable; - }; - - struct watch_client { -@@ -196,6 +197,7 @@ struct btd_adapter { - char *name; /* controller device name */ - char *short_name; /* controller short name */ - uint32_t supported_settings; /* controller supported settings */ -+ uint32_t pending_settings; /* pending controller settings */ - uint32_t current_settings; /* current controller settings */ - - char *path; /* adapter object path */ -@@ -213,6 +215,7 @@ struct btd_adapter { - - bool discovering; /* discovering property state */ - bool filtered_discovery; /* we are doing filtered discovery */ -+ bool filtered_discoverable; /* we are doing filtered discovery */ - bool no_scan_restart_delay; /* when this flag is set, restart scan - * without delay */ - uint8_t discovery_type; /* current active discovery type */ -@@ -509,8 +512,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) - changed_mask = adapter->current_settings ^ settings; - - adapter->current_settings = settings; -+ adapter->pending_settings &= ~changed_mask; - - DBG("Changed settings: 0x%08x", changed_mask); -+ DBG("Pending settings: 0x%08x", adapter->pending_settings); - - if (changed_mask & MGMT_SETTING_POWERED) { - g_dbus_emit_property_changed(dbus_conn, adapter->path, -@@ -596,10 +601,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode, - uint8_t mode) - { - struct mgmt_mode cp; -+ uint32_t setting = 0; - - memset(&cp, 0, sizeof(cp)); - cp.val = mode; - -+ switch (mode) { -+ case MGMT_OP_SET_POWERED: -+ setting = MGMT_SETTING_POWERED; -+ break; -+ case MGMT_OP_SET_CONNECTABLE: -+ setting = MGMT_SETTING_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_FAST_CONNECTABLE: -+ setting = MGMT_SETTING_FAST_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_DISCOVERABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ case MGMT_OP_SET_BONDABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ } -+ -+ adapter->pending_settings |= setting; -+ - DBG("sending set mode command for index %u", adapter->dev_id); - - if (mgmt_send(adapter->mgmt, opcode, -@@ -1818,7 +1844,17 @@ static void discovery_free(void *user_data) - g_free(client); - } - --static void discovery_remove(struct watch_client *client) -+static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable) -+{ -+ if (adapter->filtered_discoverable == enable) -+ return true; -+ -+ adapter->filtered_discoverable = enable; -+ -+ return set_discoverable(adapter, enable, 0); -+} -+ -+static void discovery_remove(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - -@@ -1830,7 +1866,27 @@ static void discovery_remove(struct watch_client *client) - adapter->discovery_list = g_slist_remove(adapter->discovery_list, - client); - -- discovery_free(client); -+ if (adapter->filtered_discoverable && -+ client->discovery_filter->discoverable) { -+ GSList *l; -+ -+ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { -+ struct watch_client *client = l->data; -+ -+ if (client->discovery_filter->discoverable) -+ break; -+ } -+ -+ /* Disable filtered discoverable if there are no clients */ -+ if (!l) -+ set_filtered_discoverable(adapter, false); -+ } -+ -+ if (!exit && client->discovery_filter) -+ adapter->set_filter_list = g_slist_prepend( -+ adapter->set_filter_list, client); -+ else -+ discovery_free(client); - - /* - * If there are other client discoveries in progress, then leave -@@ -1859,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - goto done; - } - -- if (client->msg) -+ if (client->msg) { - g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); -+ dbus_message_unref(client->msg); -+ client->msg = NULL; -+ } - - adapter->discovery_type = 0x00; - adapter->discovery_enable = 0x00; -@@ -1873,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - trigger_passive_scanning(adapter); - - done: -- discovery_remove(client); -+ discovery_remove(client, false); - } - - static int compare_sender(gconstpointer a, gconstpointer b) -@@ -2094,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter) - return -EINPROGRESS; - } - --static int discovery_stop(struct watch_client *client) -+static int discovery_stop(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - struct mgmt_cp_stop_discovery cp; - - /* Check if there are more client discovering */ - if (g_slist_next(adapter->discovery_list)) { -- discovery_remove(client); -+ discovery_remove(client, exit); - update_discovery_filter(adapter); - return 0; - } -@@ -2111,7 +2170,7 @@ static int discovery_stop(struct watch_client *client) - * and so it is enough to send out the signal and just return. - */ - if (adapter->discovery_enable == 0x00) { -- discovery_remove(client); -+ discovery_remove(client, exit); - adapter->discovering = false; - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "Discovering"); -@@ -2136,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data) - - DBG("owner %s", client->owner); - -- discovery_stop(client); -+ discovery_stop(client, true); - } - - /* -@@ -2200,6 +2259,15 @@ static DBusMessage *start_discovery(DBusConnection *conn, - adapter->set_filter_list, client); - adapter->discovery_list = g_slist_prepend( - adapter->discovery_list, client); -+ -+ /* Reset discoverable filter if already set */ -+ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE) -+ goto done; -+ -+ /* Set discoverable if filter requires and it*/ -+ if (client->discovery_filter->discoverable) -+ set_filtered_discoverable(adapter, true); -+ - goto done; - } - -@@ -2324,6 +2392,17 @@ static bool parse_duplicate_data(DBusMessageIter *value, - return true; - } - -+static bool parse_discoverable(DBusMessageIter *value, -+ struct discovery_filter *filter) -+{ -+ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN) -+ return false; -+ -+ dbus_message_iter_get_basic(value, &filter->discoverable); -+ -+ return true; -+} -+ - struct filter_parser { - const char *name; - bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter); -@@ -2333,6 +2412,7 @@ struct filter_parser { - { "Pathloss", parse_pathloss }, - { "Transport", parse_transport }, - { "DuplicateData", parse_duplicate_data }, -+ { "Discoverable", parse_discoverable }, - { } - }; - -@@ -2372,6 +2452,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - (*filter)->rssi = DISTANCE_VAL_INVALID; - (*filter)->type = get_scan_type(adapter); - (*filter)->duplicate = false; -+ (*filter)->discoverable = false; - - dbus_message_iter_init(msg, &iter); - if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY || -@@ -2417,8 +2498,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - goto invalid_args; - - DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d " -- " duplicate data: %s ", (*filter)->type, (*filter)->rssi, -- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false"); -+ " duplicate data: %s discoverable %s", (*filter)->type, -+ (*filter)->rssi, (*filter)->pathloss, -+ (*filter)->duplicate ? "true" : "false", -+ (*filter)->discoverable ? "true" : "false"); - - return true; - -@@ -2510,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn, - if (client->msg) - return btd_error_busy(msg); - -- err = discovery_stop(client); -+ err = discovery_stop(client, false); - switch (err) { - case 0: - return dbus_message_new_method_return(msg); -@@ -2739,13 +2822,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - else - current_enable = FALSE; - -- if (enable == current_enable) { -+ if (enable == current_enable || adapter->pending_settings & setting) { - g_dbus_pending_property_success(id); - return; - } - - mode = (enable == TRUE) ? 0x01 : 0x00; - -+ adapter->pending_settings |= setting; -+ - switch (setting) { - case MGMT_SETTING_POWERED: - opcode = MGMT_OP_SET_POWERED; -@@ -2798,7 +2883,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - data->id = id; - - if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param, -- property_set_mode_complete, data, g_free) > 0) -+ property_set_mode_complete, data, g_free) > 0) - return; - - g_free(data); -@@ -2875,6 +2960,7 @@ static void property_set_discoverable_timeout( - GDBusPendingPropertySet id, void *user_data) - { - struct btd_adapter *adapter = user_data; -+ bool enabled; - dbus_uint32_t value; - - dbus_message_iter_get_basic(iter, &value); -@@ -2888,8 +2974,19 @@ static void property_set_discoverable_timeout( - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "DiscoverableTimeout"); - -+ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = false; -+ else -+ enabled = true; -+ } else { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = true; -+ else -+ enabled = false; -+ } - -- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ if (enabled) - set_discoverable(adapter, 0x01, adapter->discoverable_timeout); - } - --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch deleted file mode 100644 index ca678e601..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch +++ /dev/null @@ -1,301 +0,0 @@ -Backported commit from upstream master branch (post 5.50 release), which -resolves assertion failures in several unit tests. - -https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=0be5246170 - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/unit/test-avctp.c b/unit/test-avctp.c -index 3bc3569..24de663 100644 ---- a/unit/test-avctp.c -+++ b/unit/test-avctp.c -@@ -43,7 +43,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -66,7 +66,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -91,6 +91,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avdtp.c b/unit/test-avdtp.c -index dd8aed7..e2c951a 100644 ---- a/unit/test-avdtp.c -+++ b/unit/test-avdtp.c -@@ -47,7 +47,7 @@ - struct test_pdu { - bool valid; - bool fragmented; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -61,7 +61,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -69,7 +69,7 @@ struct test_data { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -81,7 +81,7 @@ struct test_data { - static struct test_data data; \ - data.test_name = g_strdup(name); \ - data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -- tester_add(name, &data, NULL, function, NULL); \ -+ tester_add(name, &data, NULL, function, NULL); \ - } while (0) - - struct context { -@@ -109,6 +109,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c -index 01307e6..f1aa353 100644 ---- a/unit/test-avrcp.c -+++ b/unit/test-avrcp.c -@@ -49,7 +49,7 @@ struct test_pdu { - bool fragmented; - bool continuing; - bool browse; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -74,7 +74,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -82,7 +82,7 @@ struct context { - { \ - .valid = true, \ - .browse = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -90,7 +90,7 @@ struct context { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -98,7 +98,7 @@ struct context { - { \ - .valid = true, \ - .continuing = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -123,6 +123,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index c7e28f8..d49f7a0 100644 ---- a/unit/test-gatt.c -+++ b/unit/test-gatt.c -@@ -48,7 +48,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -86,7 +86,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -306,6 +306,11 @@ static bt_uuid_t uuid_char_128 = { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -@@ -1911,6 +1916,8 @@ static void test_server(gconstpointer data) - g_assert_cmpint(len, ==, pdu.size); - - util_hexdump('<', pdu.data, len, test_debug, "GATT: "); -+ -+ g_free(pdu.data); - } - - static void test_search_primary(gconstpointer data) -diff --git a/unit/test-hfp.c b/unit/test-hfp.c -index f2b9622..890eee6 100644 ---- a/unit/test-hfp.c -+++ b/unit/test-hfp.c -@@ -43,7 +43,7 @@ struct context { - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - enum hfp_gw_cmd_type type; - bool fragmented; -@@ -63,7 +63,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -75,7 +75,7 @@ struct test_data { - #define type_pdu(cmd_type, args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .type = cmd_type, \ - } -@@ -83,7 +83,7 @@ struct test_data { - #define frg_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .fragmented = true, \ - } -@@ -119,6 +119,11 @@ struct test_data { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-hog.c b/unit/test-hog.c -index d117968..25bdb42 100644 ---- a/unit/test-hog.c -+++ b/unit/test-hog.c -@@ -68,11 +68,11 @@ struct context { - - #define data(args...) ((const unsigned char[]) { args }) - --#define raw_pdu(args...) \ --{ \ -- .valid = true, \ -- .data = data(args), \ -- .size = sizeof(data(args)),\ -+#define raw_pdu(args...) \ -+{ \ -+ .valid = true, \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ -+ .size = sizeof(data(args)), \ - } - - #define false_pdu() \ -diff --git a/unit/test-sdp.c b/unit/test-sdp.c -index ac921a9..c71ee1f 100644 ---- a/unit/test-sdp.c -+++ b/unit/test-sdp.c -@@ -59,14 +59,14 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - } - - #define raw_pdu_cont(cont, args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - .cont_len = cont, \ - } -@@ -103,7 +103,7 @@ struct test_data_de { - #define define_test_de_attr(name, input, exp) \ - do { \ - static struct test_data_de data; \ -- data.input_data = input; \ -+ data.input_data = g_memdup(input, sizeof(input)); \ - data.input_size = sizeof(input); \ - data.expected = exp; \ - tester_add("/sdp/DE/ATTR/" name, &data, NULL, \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch deleted file mode 100644 index 76ed77925..000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Fri, 22 Apr 2016 15:40:37 +0100 -Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation - -In parallel out-of-tree builds it's possible that obexd/src/builtin.h is -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - Makefile.obexd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc..c8286f0 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h - obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources) -+ $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@ --- -2.8.0.rc3 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest index 21df00c32..0335e68e4 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest @@ -6,7 +6,7 @@ failed=0 all=0 for f in test-*; do - "./$f" + "./$f" -q case "$?" in 0) echo "PASS: $f" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb index 4e443e5fb..260eee140 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb @@ -1,7 +1,7 @@ require bluez5.inc -SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178" -SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911" +SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c" +SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc index fb38ab4fc..776bbfbff 100644 --- a/poky/meta/recipes-connectivity/connman/connman.inc +++ b/poky/meta/recipes-connectivity/connman/connman.inc @@ -15,9 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ inherit autotools pkgconfig systemd update-rc.d update-alternatives -DEPENDS = "dbus glib-2.0 ppp readline" - -INC_PR = "r20" +DEPENDS = "dbus glib-2.0 ppp" EXTRA_OECONF += "\ ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ @@ -27,13 +25,11 @@ EXTRA_OECONF += "\ --enable-ethernet \ --enable-tools \ --disable-polkit \ - --enable-client \ " -PACKAGECONFIG ??= "wispr \ +PACKAGECONFIG ??= "wispr iptables client\ ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - iptables \ " # If you want ConnMan to support VPN, add following statement into @@ -51,9 +47,11 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" # WISPr support for logging into hotspots, requires TLS PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," -PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat" +PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat" PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables" PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" +PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" +PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl" INITSCRIPT_NAME = "connman" INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." @@ -87,7 +85,6 @@ do_install_append() { if [ -e ${B}/tools/wispr ]; then install -m 0755 ${B}/tools/wispr ${D}${bindir} fi - install -m 0755 ${B}/client/connmanctl ${D}${bindir} # We don't need to package an empty directory rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts @@ -196,7 +193,8 @@ SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ to create a VPN connection to Cisco3000 VPN Concentrator." FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ - ${libdir}/connman/plugins-vpn/vpnc.so" + ${libdir}/connman/plugins-vpn/vpnc.so \ + ${libdir}/connman/scripts/vpn-script" RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch b/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch deleted file mode 100644 index 30f1432cd..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f0a8c69971b30ea7ca255bb885fdd1179fa5d298 Mon Sep 17 00:00:00 2001 -From: Nicola Lunghi <nick83ola@gmail.com> -Date: Thu, 23 May 2019 07:55:25 +0100 -Subject: [PATCH] gweb: fix segfault with musl v1.1.21 - -In musl > v1.1.21 freeaddrinfo() implementation changed and -was causing a segmentation fault on recent Yocto using musl. - -See this commit: - - https://git.musl-libc.org/cgit/musl/commit/src/network/freeaddrinfo.c?id=d1395c43c019aec6b855cf3c656bf47c8a719e7f - -Upstream-Status: Submitted ---- - gweb/gweb.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/gweb/gweb.c b/gweb/gweb.c -index 393afe0a..12fcb1d8 100644 ---- a/gweb/gweb.c -+++ b/gweb/gweb.c -@@ -1274,7 +1274,8 @@ static bool is_ip_address(const char *host) - addr = NULL; - - result = getaddrinfo(host, NULL, &hints, &addr); -- freeaddrinfo(addr); -+ if(!result) -+ freeaddrinfo(addr); - - return result == 0; - } --- -2.19.1 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 639ccfa2a..942b9c97b 100644 --- a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,7 +1,7 @@ -From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001 +From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 -Subject: [PATCH 2/3] resolve: musl does not implement res_ninit +Subject: [PATCH] resolve: musl does not implement res_ninit ported from http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch @@ -9,12 +9,13 @@ http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - gweb/gresolv.c | 33 ++++++++++++--------------------- - 1 file changed, 12 insertions(+), 21 deletions(-) + gweb/gresolv.c | 34 +++++++++++++--------------------- + 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 5cf7a9a..3ad8e70 100644 +index 38a554e..a9e8740 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c @@ -36,6 +36,7 @@ @@ -25,7 +26,7 @@ index 5cf7a9a..3ad8e70 100644 #include "gresolv.h" -@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index) +@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; @@ -34,7 +35,7 @@ index 5cf7a9a..3ad8e70 100644 return resolv; } -@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); @@ -43,7 +44,7 @@ index 5cf7a9a..3ad8e70 100644 g_free(resolv); } -@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { @@ -80,6 +81,3 @@ index 5cf7a9a..3ad8e70 100644 } if (!resolv->nameserver_list) --- -2.5.1 - diff --git a/poky/meta/recipes-connectivity/connman/connman_1.37.bb b/poky/meta/recipes-connectivity/connman/connman_1.37.bb deleted file mode 100644 index 00852bf0d..000000000 --- a/poky/meta/recipes-connectivity/connman/connman_1.37.bb +++ /dev/null @@ -1,17 +0,0 @@ -require connman.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ - file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ - file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \ - file://connman \ - file://no-version-scripts.patch \ -" - -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" - -SRC_URI[md5sum] = "75012084f14fb63a84b116e66c6e94fb" -SRC_URI[sha256sum] = "6ce29b3eb0bb16a7387bc609c39455fd13064bdcde5a4d185fab3a0c71946e16" - -RRECOMMENDS_${PN} = "connman-conf" -RCONFLICTS_${PN} = "networkmanager" diff --git a/poky/meta/recipes-connectivity/connman/connman_1.38.bb b/poky/meta/recipes-connectivity/connman/connman_1.38.bb new file mode 100644 index 000000000..027c41e9a --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman_1.38.bb @@ -0,0 +1,16 @@ +require connman.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ + file://connman \ + file://no-version-scripts.patch \ + " + +SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" + +SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94" +SRC_URI[sha256sum] = "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b" + +RRECOMMENDS_${PN} = "connman-conf" +RCONFLICTS_${PN} = "networkmanager" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc index c4697beaf..d46130d49 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc +++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -100,6 +100,7 @@ do_install_append () { PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" PACKAGES_remove = "${PN}" +RDEPENDS_${PN}-client += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'iproute2', '', d)}" RDEPENDS_${PN}-dev = "" RDEPENDS_${PN}-staticdev = "" FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch deleted file mode 100644 index f12a112fc..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a59cb98a473caa2afd64d7ae368480b6e9f91b3f Mon Sep 17 00:00:00 2001 -From: Ming Liu <liu.ming50@gmail.com> -Date: Tue, 14 May 2019 11:07:15 +0200 -Subject: [PATCH] Fix a NSUPDATE compiling issue - -Upstream-Status: Pending [Patch sent to: https://gitlab.isc.org/isc-projects/dhcp/issues/16] - -A following error was observed when NSUPDATE is not defined: -| omapip/isclib.c: In function 'dns_client_init': -| omapip/isclib.c:356:18: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| if (dhcp_gbl_ctx.dnsclient == NULL) { -| ^ -| omapip/isclib.c:363:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| &dhcp_gbl_ctx.dnsclient, -| ^ -| omapip/isclib.c:364:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local4' -| (dhcp_gbl_ctx.use_local4 ? -| ^ -| omapip/isclib.c:365:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local4_sockaddr' -| &dhcp_gbl_ctx.local4_sockaddr -| ^ -| omapip/isclib.c:367:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local6' -| (dhcp_gbl_ctx.use_local6 ? -| ^ -| omapip/isclib.c:368:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local6_sockaddr' -| &dhcp_gbl_ctx.local6_sockaddr - -Fix it by adding NSUPDATE conditional checking. - -Signed-off-by: Ming Liu <liu.ming50@gmail.com> ---- - includes/omapip/isclib.h | 2 ++ - omapip/isclib.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 538b927..6c20584 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -141,6 +141,8 @@ void isclib_cleanup(void); - void dhcp_signal_handler(int signal); - extern int shutdown_signal; - -+#if defined (NSUPDATE) - isc_result_t dns_client_init(); -+#endif - - #endif /* ISCLIB_H */ -diff --git a/omapip/isclib.c b/omapip/isclib.c -index db3b895..ce4b4a1 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -351,6 +351,7 @@ void dhcp_signal_handler(int signal) { - } - } - -+#if defined (NSUPDATE) - isc_result_t dns_client_init() { - isc_result_t result; - if (dhcp_gbl_ctx.dnsclient == NULL) { -@@ -387,3 +388,4 @@ isc_result_t dns_client_init() { - - return ISC_R_SUCCESS; - } -+#endif --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch deleted file mode 100644 index 1bc142247..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder <tmark@isc.org> -Date: Fri, 14 Sep 2018 13:41:41 -0400 -Subject: [master] Added includes of new BIND9 compatibility headers - - Merges in rt48072. - -Upstream-Status: Backport -Signed-off-by: Adrian Bunk <bunk@stusta.de> - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 75a87ff6..538b927f 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -48,6 +48,9 @@ - #include <string.h> - #include <netdb.h> - -+#include <isc/boolean.h> -+#include <isc/int.h> -+ - #include <isc/buffer.h> - #include <isc/lex.h> - #include <isc/lib.h> -diff --git a/includes/omapip/result.h b/includes/omapip/result.h -index 91243e1b..860298f6 100644 ---- a/includes/omapip/result.h -+++ b/includes/omapip/result.h -@@ -26,6 +26,7 @@ - #ifndef DHCP_RESULT_H - #define DHCP_RESULT_H 1 - -+#include <isc/boolean.h> - #include <isc/lang.h> - #include <isc/resultclass.h> - #include <isc/types.h> -diff --git a/server/dhcpv6.c b/server/dhcpv6.c -index a7110f98..cde4f617 100644 ---- a/server/dhcpv6.c -+++ b/server/dhcpv6.c -@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply, - shared_name, - inet_ntop(AF_INET6, &lease->addr, - tmp_addr, sizeof(tmp_addr)), -- used, count); -+ (long long unsigned)(used), -+ (long long unsigned)(count)); - } - return; - } -@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply, - "address: %s; high threshold %d%% %llu/%llu.", - shared_name, - inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)), -- poolhigh, used, count); -+ poolhigh, (long long unsigned)(used), -+ (long long unsigned)(count)); - - /* handle the low threshold now, if we don't - * have one we default to 0. */ -@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply) - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - " 2^64-1 < total, %llu active, %llu abandoned", -- shared_name, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } else { - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - "%llu total, %llu active, %llu abandoned", -- shared_name, total, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(total), -+ (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } - - return ISC_R_NORESOURCES; - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch index b71c93dd6..7b57730ff 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch @@ -85,9 +85,11 @@ Index: dhcp-4.4.1/relay/Makefile.am =================================================================== --- dhcp-4.4.1.orig/relay/Makefile.am +++ dhcp-4.4.1/relay/Makefile.am -@@ -1,4 +1,4 @@ +@@ -1,6 +1,6 @@ + SUBDIRS = . tests + -AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' +AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - + sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb index 020777b8f..b56a20482 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb @@ -9,13 +9,11 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0009-remove-dhclient-script-bash-dependency.patch \ file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ file://0013-fixup_use_libbind.patch \ - file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ - file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ " -SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" -SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608" +SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" +SRC_URI[sha256sum] = "1a7ccd64a16e5e68f7b5e0f527fd07240a2892ea53fe245620f4f5f607004521" LDFLAGS_append = " -pthread" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index 684fbe09e..cc9410b94 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute" ALTERNATIVE_${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" ALTERNATIVE_${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc index fc31b8444..403d26430 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -15,12 +15,19 @@ inherit update-alternatives bash-completion pkgconfig CLEANBROKEN = "1" -PACKAGECONFIG ??= "tipc elf" +PACKAGECONFIG ??= "tipc elf devlink" PACKAGECONFIG[tipc] = ",,libmnl," PACKAGECONFIG[elf] = ",,elfutils," +PACKAGECONFIG[devlink] = ",,libmnl," -EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" +EXTRA_OEMAKE = "\ + CC='${CC}' \ + KERNEL_INCLUDE=${STAGING_INCDIR} \ + DOCDIR=${docdir}/iproute2 \ + SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \ + SBINDIR='${base_sbindir}' \ + LIBDIR='${libdir}' \ +" do_configure_append () { sh configure ${STAGING_INCDIR} @@ -39,14 +46,18 @@ do_install () { # The .so files in iproute2-tc are modules, not traditional libraries INSANE_SKIP_${PN}-tc = "dev-so" -PACKAGES =+ "${PN}-tc \ - ${PN}-lnstat \ - ${PN}-ifstat \ - ${PN}-genl \ - ${PN}-rtacct \ - ${PN}-nstat \ - ${PN}-ss \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}" +PACKAGES =+ "\ + ${PN}-devlink \ + ${PN}-genl \ + ${PN}-ifstat \ + ${PN}-lnstat \ + ${PN}-nstat \ + ${PN}-rtacct \ + ${PN}-ss \ + ${PN}-tc \ + ${PN}-tipc \ +" + FILES_${PN}-tc = "${base_sbindir}/tc* \ ${libdir}/tc/*.so" FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ @@ -58,6 +69,7 @@ FILES_${PN}-rtacct = "${base_sbindir}/rtacct" FILES_${PN}-nstat = "${base_sbindir}/nstat" FILES_${PN}-ss = "${base_sbindir}/ss" FILES_${PN}-tipc = "${base_sbindir}/tipc" +FILES_${PN}-devlink = "${base_sbindir}/devlink" ALTERNATIVE_${PN} = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.6.0.bb index 8a86cbf78..9ab905373 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.6.0.bb @@ -4,8 +4,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://0001-libc-compat.h-add-musl-workaround.patch \ " -SRC_URI[md5sum] = "227404413c8d6db649d6188ead1e5a6e" -SRC_URI[sha256sum] = "cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f" +SRC_URI[md5sum] = "9da0c352707c34b8b1fec3bf42fcfd09" +SRC_URI[sha256sum] = "1b5b0e25ce6e23da7526ea1da044e814ad85ba761b10dd29c2b027c056b04692" # CFLAGS are computed in Makefile and reference CCOPTS # diff --git a/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch index eb01a5a14..179fd9012 100644 --- a/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch @@ -1,3 +1,6 @@ +From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae <changhyeok.bae@gmail.com> +Date: Mon, 27 Jan 2020 22:48:03 +0100 Subject: [PATCH] Support separation of SRCDIR and OBJDIR Typical use of VPATH to locate the sources. @@ -11,12 +14,12 @@ Signed-off-by: Maxin B. John <maxin.john@intel.com> 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile -index 33aaf6a..9030796 100644 +index 90f2251..714cdb9 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,9 @@ MAKEFLAGS += --no-print-directory - + +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) +OBJDIR ?= $(PWD) +VPATH = $(SRCDIR) @@ -24,19 +27,24 @@ index 33aaf6a..9030796 100644 PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man -@@ -103,11 +107,11 @@ VERSION_OBJS := $(filter-out version.o, $(OBJS)) +@@ -92,7 +96,7 @@ all: $(ALL) version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ $(wildcard .git/index .git/refs/tags) @$(NQ) ' GEN ' $@ - $(Q)./version.sh $@ + $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ - - %.o: %.c iw.h nl80211.h + + nl80211-commands.inc: nl80211.h + @$(NQ) ' GEN ' $@ +@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h + + %.o: %.c iw.h nl80211.h nl80211-commands.inc @$(NQ) ' CC ' $@ - $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< + $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< - + ifeq ($(IW_ANDROID_BUILD),) iw: $(OBJS) --- -2.20.1 (Apple Git-117) +-- +2.23.0 + diff --git a/poky/meta/recipes-connectivity/iw/iw_5.3.bb b/poky/meta/recipes-connectivity/iw/iw_5.4.bb index f7f13f5a3..9f58e4970 100644 --- a/poky/meta/recipes-connectivity/iw/iw_5.3.bb +++ b/poky/meta/recipes-connectivity/iw/iw_5.4.bb @@ -14,8 +14,8 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://separate-objdir.patch \ " -SRC_URI[md5sum] = "6d4d1c0ee34f3a7bda0e6aafcd7aaf31" -SRC_URI[sha256sum] = "175abbfce86348c0b70e778c13a94c0bfc9abc7a506d2bd608261583aeedf64a" +SRC_URI[md5sum] = "08a4f581a39dc62fa85d3af796d844b6" +SRC_URI[sha256sum] = "943cd2446a6c7242fded3766d054ab2a214a3514b9a8b7e942fed8fb13c1370c" inherit pkgconfig diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb index 953505971..5e4460045 100644 --- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb +++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb @@ -1,32 +1,24 @@ SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" -HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/" +HOMEPAGE = "https://github.com/lathiat/nss-mdns" SECTION = "libs" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "avahi" -PR = "r7" -SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \ +SRC_URI = "git://github.com/lathiat/nss-mdns \ " -SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7" -SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d" +SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" -S = "${WORKDIR}/nss-mdns-${PV}" +S = "${WORKDIR}/git" -localstatedir = "/" - -inherit autotools +inherit autotools pkgconfig COMPATIBLE_HOST_libc-musl = 'null' -EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" - -# suppress warning, but don't bother with autonamer -LEAD_SONAME = "libnss_mdns.so" -DEBIANNAME_${PN} = "libnss-mdns" +EXTRA_OECONF = "--libdir=${base_libdir}" RDEPENDS_${PN} = "avahi-daemon" diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch deleted file mode 100644 index 23bc3eaf7..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001 -From: Pascal Bach <pascal.bach@siemens.com> -Date: Wed, 13 Feb 2019 09:28:07 +0100 -Subject: [PATCH] Don't build tools with CC_FOR_BUILD - -The tools are intended for the target not for the host. - -Upstream-Status: Pending - -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> ---- - tools/locktest/Makefile.am | 1 - - tools/rpcgen/Makefile.am | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index 3156815..87d0bac 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = testlk -diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am -index 8a9ec89..3e092c9 100644 ---- a/tools/rpcgen/Makefile.am -+++ b/tools/rpcgen/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = rpcgen --- -2.11.0 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch deleted file mode 100644 index 7b0f93535..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 2fbc62e2a13fc22b6ae4910e295a2c10fb790486 Mon Sep 17 00:00:00 2001 -From: Zoltan Karcagi <zkr7432@gmail.com> -Date: Mon, 12 Aug 2019 13:27:16 -0400 -Subject: [PATCH] Fix include order between config.h and stat.h - -At least on Arch linux ARM, the definition of struct stat in stat.h depends -on __USE_FILE_OFFSET64. This symbol comes from config.h when defined, -therefore config.h must always be included before stat.h. Fix all -occurrences where the order is wrong by moving config.h to the top. - -This fixes the client side error "Stale file handle" when mounting from -a server running Arch Linux ARM. - -Signed-off-by: Zoltan Karcagi <zkr7432@gmail.com> -Signed-off-by: Steve Dickson <steved@redhat.com> - -Upstream-Status: Backport -[http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=2fbc62e2a13fc22b6ae4910e295a2c10fb790486] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - support/misc/nfsd_path.c | 5 ++++- - support/misc/xstat.c | 5 ++++- - support/nfs/conffile.c | 8 +++++++- - utils/blkmapd/device-discovery.c | 8 ++++---- - utils/idmapd/idmapd.c | 8 ++++---- - 5 files changed, 23 insertions(+), 11 deletions(-) - -diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c -index 84e4802..f078a66 100644 ---- a/support/misc/nfsd_path.c -+++ b/support/misc/nfsd_path.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include <config.h> -+#endif -+ - #include <errno.h> - #include <sys/types.h> - #include <sys/stat.h> -@@ -5,7 +9,6 @@ - #include <stdlib.h> - #include <unistd.h> - --#include "config.h" - #include "conffile.h" - #include "xmalloc.h" - #include "xlog.h" -diff --git a/support/misc/xstat.c b/support/misc/xstat.c -index fa04788..4c997ee 100644 ---- a/support/misc/xstat.c -+++ b/support/misc/xstat.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include <config.h> -+#endif -+ - #include <errno.h> - #include <sys/types.h> - #include <fcntl.h> -@@ -5,7 +9,6 @@ - #include <sys/sysmacros.h> - #include <unistd.h> - --#include "config.h" - #include "xstat.h" - - #ifdef HAVE_FSTATAT -diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c -index b6400be..6ba8a35 100644 ---- a/support/nfs/conffile.c -+++ b/support/nfs/conffile.c -@@ -500,7 +500,7 @@ conf_readfile(const char *path) - - if ((stat (path, &sb) == 0) || (errno != ENOENT)) { - char *new_conf_addr = NULL; -- size_t sz = sb.st_size; -+ off_t sz; - int fd = open (path, O_RDONLY, 0); - - if (fd == -1) { -@@ -517,6 +517,11 @@ conf_readfile(const char *path) - - /* only after we have the lock, check the file size ready to read it */ - sz = lseek(fd, 0, SEEK_END); -+ if (sz < 0) { -+ xlog_warn("conf_readfile: unable to determine file size: %s", -+ strerror(errno)); -+ goto fail; -+ } - lseek(fd, 0, SEEK_SET); - - new_conf_addr = malloc(sz+1); -@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg, - ret = 0; - - cleanup: -+ flush_outqueue(&inqueue, NULL); - flush_outqueue(&outqueue, NULL); - - if (buff) -diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c -index e811703..f5f9b10 100644 ---- a/utils/blkmapd/device-discovery.c -+++ b/utils/blkmapd/device-discovery.c -@@ -26,6 +26,10 @@ - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include <sys/sysmacros.h> - #include <sys/types.h> - #include <sys/stat.h> -@@ -51,10 +55,6 @@ - #include <errno.h> - #include <libdevmapper.h> - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "device-discovery.h" - #include "xcommon.h" - #include "nfslib.h" -diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c -index 62e37b8..267acea 100644 ---- a/utils/idmapd/idmapd.c -+++ b/utils/idmapd/idmapd.c -@@ -34,6 +34,10 @@ - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include <sys/types.h> - #include <sys/time.h> - #include <sys/inotify.h> -@@ -62,10 +66,6 @@ - #include <libgen.h> - #include <nfsidmap.h> - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "xlog.h" - #include "conffile.h" - #include "queue.h" --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index fcb0e99b3..bd350144e 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -28,10 +28,10 @@ Rebase it. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- support/misc/Makefile.am | 2 +- - support/misc/file.c | 111 --------------------------------------------------------------------------------------------------------------- + support/misc/file.c | 115 --------------------------------------------------------------------------------------------------------------- support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ support/nsm/Makefile.am | 2 +- - 4 files changed, 113 insertions(+), 113 deletions(-) + 4 files changed, 113 insertions(+), 117 deletions(-) diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am index f9993e3..8b0e9db 100644 @@ -48,10 +48,10 @@ index f9993e3..8b0e9db 100644 MAINTAINERCLEANFILES = Makefile.in diff --git a/support/misc/file.c b/support/misc/file.c deleted file mode 100644 -index e7c3819..0000000 +index 06f6bb2..0000000 --- a/support/misc/file.c +++ /dev/null -@@ -1,111 +0,0 @@ +@@ -1,115 +0,0 @@ -/* - * Copyright 2009 Oracle. All rights reserved. - * Copyright 2017 Red Hat, Inc. All rights reserved. @@ -72,6 +72,10 @@ index e7c3819..0000000 - * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>. - */ - +-#ifdef HAVE_CONFIG_H +-#include <config.h> +-#endif +- -#include <sys/stat.h> - -#include <string.h> diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch deleted file mode 100644 index d14f0789f..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Mon, 17 Dec 2018 15:29:47 +0800 -Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes - -There comes below error when run "make -C tests/nsm_client nsm_client" -| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes] - -It is because rpcgen doesn't generate -Wmissing-prototypes -free code for nlm_sm_inter_svc.c with below logic -in tests/nsm_client/Makefile.am -[snip] -GENFILES_SVC = nlm_sm_inter_svc.c -[snip] -$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN) - test -f $@ && rm -rf $@ || true - $(RPCGEN) -m -o $@ $< - -So add the logic not to fatalize -Wmissing-prototypes. - -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2] - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..aebff01 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,7 +582,7 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -+ -Wmissing-prototypes \ - -Werror=missing-declarations \ - -Werror=format=2 \ - -Werror=undef \ diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch deleted file mode 100644 index 1d693e414..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch +++ /dev/null @@ -1,183 +0,0 @@ -Clang comes up with more printf format warnings -Correcting “format string is not a string literal” warning -requires us to declare that parameter is a printf style -format using the attribute flag - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: nfs-utils-2.3.3/support/include/xcommon.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xcommon.h -+++ nfs-utils-2.3.3/support/include/xcommon.h -@@ -27,7 +27,7 @@ - - /* Functions in sundries.c that are used in mount.c and umount.c */ - char *canonicalize (const char *path); --void nfs_error (const char *fmt, ...); -+void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); - void *xmalloc (size_t size); - void *xrealloc(void *p, size_t size); - void xfree(void *); -@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n); - char *xstrconcat2 (const char *, const char *); - char *xstrconcat3 (const char *, const char *, const char *); - char *xstrconcat4 (const char *, const char *, const char *, const char *); --void die (int errcode, const char *fmt, ...); -+void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - --extern void die(int err, const char *fmt, ...); -+extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - extern void (*at_die)(void); - - /* exit status - bits below are ORed */ -Index: nfs-utils-2.3.3/support/include/xlog.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xlog.h -+++ nfs-utils-2.3.3/support/include/xlog.h -@@ -43,10 +43,10 @@ void xlog_config(int fac, int on); - void xlog_sconfig(char *, int on); - void xlog_from_conffile(char *); - int xlog_enabled(int fac); --void xlog(int fac, const char *fmt, ...); --void xlog_warn(const char *fmt, ...); --void xlog_err(const char *fmt, ...); --void xlog_errno(int err, const char *fmt, ...); --void xlog_backend(int fac, const char *fmt, va_list args); -+void xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0))); - - #endif /* XLOG_H */ -Index: nfs-utils-2.3.3/support/nfs/xcommon.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/xcommon.c -+++ nfs-utils-2.3.3/support/nfs/xcommon.c -@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) { - - fmt2 = xstrconcat2 (fmt, "\n"); - va_start (args, fmt); -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wformat-nonliteral" - vfprintf (stderr, fmt2, args); -+#pragma clang diagnostic pop - va_end (args); - free (fmt2); - } -Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c -+++ nfs-utils-2.3.3/utils/exportfs/exportfs.c -@@ -644,6 +644,7 @@ out: - return result; - } - -+__attribute__((__format__ (__printf__, 2, 3))) - static char - dumpopt(char c, char *fmt, ...) - { -Index: nfs-utils-2.3.3/utils/statd/statd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/statd.c -+++ nfs-utils-2.3.3/utils/statd/statd.c -@@ -136,7 +136,7 @@ static void log_modes(void) - strcat(buf, "TI-RPC "); - #endif - -- xlog_warn(buf); -+ xlog_warn("%s", buf); - } - - /* -Index: nfs-utils-2.3.3/support/nfs/svc_create.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/svc_create.c -+++ nfs-utils-2.3.3/support/nfs/svc_create.c -@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s - type = SOCK_STREAM; - break; - default: -- xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u", -+ xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu", - __func__, nconf->nc_semantics); - return -1; - } -Index: nfs-utils-2.3.3/support/nsm/rpc.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nsm/rpc.c -+++ nfs-utils-2.3.3/support/nsm/rpc.c -@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s - uint32_t xid; - XDR xdr; - -- xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version); -+ xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version); - - nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr); - xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS, -Index: nfs-utils-2.3.3/utils/mountd/cache.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/cache.c -+++ nfs-utils-2.3.3/utils/mountd/cache.c -@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str - } else if (found_type == i && found->m_warned == 0) { - xlog(L_WARNING, "%s exported to both %s and %s, " - "arbitrarily choosing options from first", -- path, found->m_client->m_hostname, exp->m_client->m_hostname, -- dom); -+ path, found->m_client->m_hostname, exp->m_client->m_hostname); - found->m_warned = 1; - } - } -Index: nfs-utils-2.3.3/utils/mountd/mountd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/mountd.c -+++ nfs-utils-2.3.3/utils/mountd/mountd.c -@@ -213,7 +213,7 @@ static void - sig_hup (int sig) - { - /* don't exit on SIGHUP */ -- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig); -+ xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig); - return; - } - -Index: nfs-utils-2.3.3/utils/statd/rmtcall.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c -+++ nfs-utils-2.3.3/utils/statd/rmtcall.c -@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds) - xlog_warn("%s: service %d not registered on localhost", - __func__, NL_MY_PROG(lp)); - } else { -- xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded", -+ xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded", - __func__, NL_MY_NAME(lp), NL_MON_NAME(lp)); - } - nlist_free(¬ify, lp); -Index: nfs-utils-2.3.3/utils/statd/svc_run.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/svc_run.c -+++ nfs-utils-2.3.3/utils/statd/svc_run.c -@@ -53,6 +53,7 @@ - - #include <errno.h> - #include <time.h> -+#include <inttypes.h> - #include "statd.h" - #include "notlist.h" - -@@ -104,8 +105,8 @@ my_svc_run(int sockfd) - - tv.tv_sec = NL_WHEN(notify) - now; - tv.tv_usec = 0; -- xlog(D_GENERAL, "Waiting for reply... (timeo %d)", -- tv.tv_sec); -+ xlog(D_GENERAL, "Waiting for reply... (timeo %jd)", -+ (intmax_t)tv.tv_sec); - selret = select(FD_SETSIZE, &readfds, - (void *) 0, (void *) 0, &tv); - } else { diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch new file mode 100644 index 000000000..20400fef6 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch @@ -0,0 +1,61 @@ +Detect warning options during configure + +Certain options maybe compiler specific therefore its better +to detect them before use. + +nfs_error copies the format string and appends newline to it +but compiler can forget that it was format string since its not +same fmt string that was passed. Ignore the warning + +Wdiscarded-qualifiers is gcc specific and this is no longer needed + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/configure.ac ++++ b/configure.ac +@@ -599,7 +599,6 @@ my_am_cflags="\ + -Werror=parentheses \ + -Werror=aggregate-return \ + -Werror=unused-result \ +- -Wno-cast-function-type \ + -fno-strict-aliasing \ + " + +@@ -619,9 +618,10 @@ CHECK_CCSUPPORT([-Werror=format-overflow + CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) + CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) + CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) ++CHECK_CCSUPPORT([-Wno-cast-function-type], [flg5]) + AX_GCC_FUNC_ATTRIBUTE([format]) + +-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) ++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4 $flg5"]) + + # Make sure that $ACLOCAL_FLAGS are used during a rebuild + AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) +--- a/support/nfs/xcommon.c ++++ b/support/nfs/xcommon.c +@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) { + + fmt2 = xstrconcat2 (fmt, "\n"); + va_start (args, fmt); ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-nonliteral" + vfprintf (stderr, fmt2, args); ++#pragma GCC diagnostic pop + va_end (args); + free (fmt2); + } +--- a/utils/mount/stropts.c ++++ b/utils/mount/stropts.c +@@ -1094,9 +1094,7 @@ static int nfsmount_fg(struct nfsmount_i + if (nfs_try_mount(mi)) + return EX_SUCCESS; + +-#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers" + if (errno == EBUSY && is_mountpoint(mi->node)) { +-#pragma GCC diagnostic warning "-Wdiscarded-qualifiers" + /* + * EBUSY can happen when mounting a filesystem that + * is already mounted or when the context= are diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch deleted file mode 100644 index 921f5edc8..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch +++ /dev/null @@ -1,46 +0,0 @@ -From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Tue, 26 Jun 2018 15:59:00 +0800 -Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1 - -Fixed: -configure: error: res_querydomain needed - -Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch] - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - ---- - configure.ac | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..dcadb23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,10 +582,10 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -- -Werror=missing-declarations \ -+ -Wmissing-prototypes \ -+ -Wmissing-declarations \ - -Werror=format=2 \ -- -Werror=undef \ -+ -Wundef \ - -Werror=missing-include-dirs \ - -Werror=strict-aliasing=2 \ - -Werror=init-self \ -@@ -614,10 +614,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [ - - CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1]) - CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) --CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) - CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) - --AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) -+AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"]) - - # Make sure that $ACLOCAL_FLAGS are used during a rebuild - AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb index eb32bccb5..9bdb6f4ae 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb @@ -29,16 +29,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://nfs-utils-debianize-start-statd.patch \ file://bugfix-adjust-statd-service-name.patch \ file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \ - file://clang-format-string.patch \ file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ - file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ - file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ -" -SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" -SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" - -SRC_URI[md5sum] = "161efe469ec1b06f1c750bd87f8ba6dd" -SRC_URI[sha256sum] = "85274ada94479b1beba9f8eeffd19f477c53a6710b9998d1192c807854087736" + file://clang-warnings.patch \ + " +SRC_URI[md5sum] = "06020c76f531ed97f3145514901e0e7c" +SRC_URI[sha256sum] = "af65fce5dd8370cff9ead67baac5a6cd69c376dcadfef264dc2c78c904f26599" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -65,8 +60,6 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ --with-statdpath=/var/lib/nfs/statd \ " -CFLAGS += "-Wno-error=format-overflow" - PACKAGECONFIG ??= "tcp-wrappers \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " @@ -74,9 +67,9 @@ PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" -# keyutils is available in meta-security -PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" +PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" +# keyutils is available in meta-oe +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" @@ -101,7 +94,9 @@ FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" RDEPENDS_${PN}-stats = "python3-core" -FILES_${PN} += "${systemd_unitdir}" +FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" + +FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" do_configure_prepend() { sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch deleted file mode 100644 index 3265be348..000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2014fad3d28090b59d2f8a0971166c06e5fa6da6 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Fri, 18 Oct 2019 14:56:58 +0800 -Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing. - -Reported by Adam Zabrocki via SecuriTeam's SSH program. - -Note that this code is experimental and not compiled by default. - -ok markus@ - -OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 - -Signed-off-by: "djm@openbsd.org" <djm@openbsd.org> - -Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a] -CVE: CVE-2019-16905 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - sshkey-xmss.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/sshkey-xmss.c b/sshkey-xmss.c -index aaae702..c57681a 100644 ---- a/sshkey-xmss.c -+++ b/sshkey-xmss.c -@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, - goto out; - } - /* check that an appropriate amount of auth data is present */ -- if (sshbuf_len(encoded) < encrypted_len + authlen) { -+ if (sshbuf_len(encoded) < authlen || -+ sshbuf_len(encoded) - authlen < encrypted_len) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest index daf62cca5..ae03e929b 100755 --- a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -1,6 +1,7 @@ #!/bin/sh export TEST_SHELL=sh +export SKIP_UNIT=1 cd regress sed -i "/\t\tagent-ptrace /d" Makefile diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket index 12c39b26b..8d76d6230 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,5 +1,6 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service index 9d83dfb2b..422450c7a 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,13 +1,11 @@ [Unit] Description=OpenSSH Per-Connection Daemon -Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] Environment="SSHD_OPTS=" EnvironmentFile=-/etc/default/ssh ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket StandardError=syslog KillMode=process diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index 2ffbc9a95..d879efc20 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -6,7 +6,7 @@ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" LICENSE = "BSD & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" +LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" DEPENDS = "zlib openssl virtual/crypt" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -24,14 +24,13 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ - file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ " -SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" -SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" +SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" +SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" PAM_SRC_URI = "file://sshd" -inherit useradd update-rc.d update-alternatives systemd +inherit manpages useradd update-rc.d update-alternatives systemd USERADD_PACKAGES = "${PN}-sshd" USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" @@ -44,6 +43,12 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest +PACKAGECONFIG ??= "" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" + EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd diff --git a/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch new file mode 100644 index 000000000..a24260c95 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch @@ -0,0 +1,32 @@ +The value for perl_archname can vary depending on the host, e.g. +x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which +makes the ptest package non-reproducible. Its unused other than +these references so drop it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: openssl-1.1.1d/Configure +=================================================================== +--- openssl-1.1.1d.orig/Configure ++++ openssl-1.1.1d/Configure +@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) + # Save away perl command information + $config{perl_cmd} = $^X; + $config{perl_version} = $Config{version}; +-$config{perl_archname} = $Config{archname}; ++#$config{perl_archname} = $Config{archname}; + + $config{prefix}=""; + $config{openssldir}=""; +@@ -2517,7 +2517,7 @@ _____ + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; +- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; ++ print ' ',$config{perl_version},"\n"; + } + if ($dump || $options) { + my $longest = 0; diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb index 8819e19ec..66fa8f7d0 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb @@ -16,14 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ + file://reproducible.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" +SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -32,7 +32,7 @@ PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" @@ -101,6 +101,9 @@ do_configure () { linux-powerpc64) target=linux-ppc64 ;; + linux-powerpc64le) + target=linux-ppc64le + ;; linux-riscv32) target=linux-generic32 ;; @@ -118,7 +121,7 @@ do_configure () { fi # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. - PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -202,3 +205,7 @@ RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch new file mode 100644 index 000000000..b7ba7ba64 --- /dev/null +++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch @@ -0,0 +1,47 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] + +CVE: CVE-2020-8597 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde456..60c56dd0b 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb index 855017728..67959576e 100644 --- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb @@ -11,13 +11,14 @@ AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" RDEPENDS_${PN} = "bash" -SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ file://fix-path-for-busybox.patch \ file://99_resolvconf \ " -SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300" -SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0" +SRCREV = "cb19bbfbe7e52174332f68bf2f295b39d119fad3" + +S = "${WORKDIR}/git" # the package is taken from snapshots.debian.org; that source is static and goes stale # so we check the latest upstream from a directory that does get updated diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb index 1dbbe5cd5..9b0d4071a 100644 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb +++ b/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb @@ -14,8 +14,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ " -SRC_URI[md5sum] = "b2a032a47b8b89a18485697fa975154f" -SRC_URI[sha256sum] = "0dd63ffe498168a4aac41d307594c5076ff307aa0ac04b141f8f1cec6594d04a" +SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9" +SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc" inherit autotools @@ -44,6 +44,8 @@ PACKAGECONFIG ??= "readline" PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" +CFLAGS += "-fcommon" + do_install_prepend () { mkdir -p ${D}${bindir} install -d ${D}${bindir} ${D}${mandir}/man1 |