From 193236933b0f4ab91b1625b64e2187e2db4e0e8f Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Fri, 5 Apr 2019 15:28:33 -0400 Subject: reset upstream subtrees to HEAD Reset the following subtrees on HEAD: poky: 8217b477a1(master) meta-xilinx: 64aa3d35ae(master) meta-openembedded: 0435c9e193(master) meta-raspberrypi: 490a4441ac(master) meta-security: cb6d1c85ee(master) Squashed patches: meta-phosphor: drop systemd 239 patches meta-phosphor: mrw-api: use correct install path Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d Signed-off-by: Brad Bishop --- poky/meta/recipes-connectivity/avahi/avahi.inc | 4 +- .../avahi/files/fix-CVE-2017-6519.patch | 48 + ...0001-build-use-pkg-config-to-find-libxml2.patch | 54 - .../bind/bind/CVE-2018-5740.patch | 72 - poky/meta/recipes-connectivity/bind/bind_9.11.4.bb | 137 - poky/meta/recipes-connectivity/bind/bind_9.11.5.bb | 139 + poky/meta/recipes-connectivity/bluez5/bluez5.inc | 3 +- .../bluez5/bluez5/CVE-2018-10910.patch | 705 +++++ poky/meta/recipes-connectivity/bluez5/bluez5/init | 12 +- poky/meta/recipes-connectivity/connman/connman.inc | 6 +- ...us-issues-which-cause-problems-under-musl.patch | 362 +++ ...iognutls-Fix-a-crash-using-wispr-over-TLS.patch | 41 - ...Add-prefixlen-to-iproute_default_function.patch | 63 - ...ion-Keep-track-of-addr-in-fw_snat-session.patch | 112 - ...ent-subnet-route-creation-deletion-in-ipr.patch | 69 - ...ent-APIs-for-creating-and-deleting-subnet.patch | 68 - ...e-subnet-route-creation-and-deletion-APIs.patch | 77 - .../connman/connman/includes.patch | 417 --- .../recipes-connectivity/connman/connman_1.35.bb | 22 - .../recipes-connectivity/connman/connman_1.36.bb | 16 + ...eplace-custom-isc_boolean_t-with-C-standa.patch | 2882 ++++++++++++++++++++ .../dhcp/0008-tweak-to-support-external-bind.patch | 117 - poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb | 1 + .../0001-rcp-fix-to-work-with-large-files.patch | 31 + .../inetutils/inetutils/fix-disable-ipv6.patch | 83 + ...tf-parse-pull-in-features.h-for-__GLIBC__.patch | 29 + .../inetutils/inetutils-1.8-0003-wchar.patch | 14 + .../inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch | 26 + ...ls-only-check-pam_appl.h-when-pam-enabled.patch | 40 + .../inetutils/inetutils/rexec.xinetd.inetutils | 20 + .../inetutils/inetutils/rlogin.xinetd.inetutils | 23 + .../inetutils/inetutils/rsh.xinetd.inetutils | 21 + .../inetutils/inetutils/telnet.xinetd.inetutils | 13 + .../inetutils/inetutils/tftpd.xinetd.inetutils | 19 + .../inetutils/inetutils/version.patch | 17 + .../inetutils/inetutils_1.9.4.bb | 209 ++ .../recipes-connectivity/iproute2/iproute2.inc | 4 + poky/meta/recipes-connectivity/libpcap/libpcap.inc | 42 - ...r_state_t.ai-usage-when-INET6-is-not-defi.patch | 41 - ...nux.c-add-missing-limits.h-for-musl-syste.patch | 29 + ...02-Add-missing-compiler_state_t-parameter.patch | 67 - .../libpcap/libpcap/disable-remote.patch | 36 - .../libpcap/libpcap/fix-grammar-deps.patch | 29 - .../libpcap/libpcap-pkgconfig-support.patch | 73 - .../recipes-connectivity/libpcap/libpcap_1.8.1.bb | 31 - .../recipes-connectivity/libpcap/libpcap_1.9.0.bb | 45 + .../multilibfix.patch | 18 - .../mobile-broadband-provider-info_git.bb | 8 +- ...-Do-not-pass-null-pointer-to-freeaddrinfo.patch | 32 + .../0001-Don-t-build-tools-with-CC_FOR_BUILD.patch | 40 + ...le.am-fix-undefined-function-for-libnsm.a.patch | 295 ++ ...1-Makefile.am-update-the-path-of-libnfs.a.patch | 50 + ...001-cacheio-use-intmax_t-for-formatted-IO.patch | 38 + ...re.ac-Do-not-fatalize-Wmissing-prototypes.patch | 43 + .../nfs-utils/nfs-utils/clang-format-string.patch | 183 ++ ...-Do-not-pass-CFLAGS-to-gcc-while-building.patch | 42 - .../nfs-utils/nfs-utils-musl-res_querydomain.patch | 43 +- .../nfs-utils/nfs-utils_2.3.1.bb | 151 - .../nfs-utils/nfs-utils_2.3.3.bb | 153 ++ poky/meta/recipes-connectivity/ofono/ofono_1.24.bb | 9 - poky/meta/recipes-connectivity/ofono/ofono_1.25.bb | 9 + .../openssh/openssh_7.8p1+git.bb | 164 -- .../recipes-connectivity/openssh/openssh_7.9p1.bb | 162 ++ ...trip-sysroot-and-debug-prefix-map-from-co.patch | 8 +- .../openssl/openssl/CVE-2019-1543.patch | 69 + .../openssl/openssl/afalg.patch | 31 + .../openssl/openssl/openssl-c_rehash.sh | 222 -- .../recipes-connectivity/openssl/openssl/run-ptest | 2 +- .../openssl/openssl10_1.0.2q.bb | 363 --- .../openssl/openssl10_1.0.2r.bb | 360 +++ .../recipes-connectivity/openssl/openssl_1.1.1a.bb | 210 -- .../recipes-connectivity/openssl/openssl_1.1.1b.bb | 206 ++ ...place-systemd-install-Alias-with-WantedBy.patch | 52 + .../wpa-supplicant/key-replay-cve-multiple1.patch | 191 -- .../wpa-supplicant/key-replay-cve-multiple2.patch | 267 -- .../wpa-supplicant/key-replay-cve-multiple3.patch | 201 -- .../wpa-supplicant/key-replay-cve-multiple4.patch | 96 - .../wpa-supplicant/key-replay-cve-multiple5.patch | 81 - .../wpa-supplicant/key-replay-cve-multiple6.patch | 149 - .../wpa-supplicant/key-replay-cve-multiple7.patch | 60 - .../wpa-supplicant/key-replay-cve-multiple8.patch | 99 - .../wpa_supplicant-CVE-2018-14526.patch | 44 - .../wpa-supplicant/wpa-supplicant_2.6.bb | 119 - .../wpa-supplicant/wpa-supplicant_2.7.bb | 109 + 84 files changed, 6670 insertions(+), 4078 deletions(-) create mode 100644 poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.4.bb create mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.5.bb create mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch create mode 100644 poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman/includes.patch delete mode 100644 poky/meta/recipes-connectivity/connman/connman_1.35.bb create mode 100644 poky/meta/recipes-connectivity/connman/connman_1.36.bb create mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch delete mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils/version.patch create mode 100644 poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap.inc delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch create mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch delete mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb create mode 100644 poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb delete mode 100644 poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb delete mode 100644 poky/meta/recipes-connectivity/ofono/ofono_1.24.bb create mode 100644 poky/meta/recipes-connectivity/ofono/ofono_1.25.bb delete mode 100644 poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb create mode 100644 poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/afalg.patch delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb create mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch delete mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb create mode 100644 poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb (limited to 'poky/meta/recipes-connectivity') diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc index 11846849f..8339e451f 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi.inc +++ b/poky/meta/recipes-connectivity/avahi/avahi.inc @@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz" +SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ + file://fix-CVE-2017-6519.patch \ + " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" diff --git a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch new file mode 100644 index 000000000..7461fe193 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch @@ -0,0 +1,48 @@ +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def] + +CVE: CVE-2017-6519 + +Signed-off-by: Kai Kang + +From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 +From: Trent Lloyd +Date: Sat, 22 Dec 2018 09:06:07 +0800 +Subject: [PATCH] Drop legacy unicast queries from address not on local link + +When handling legacy unicast queries, ensure that the source IP is +inside a subnet on the local link, otherwise drop the packet. + +Fixes #145 +Fixes #203 +CVE-2017-6519 +CVE-2018-1000845 +--- + avahi-core/server.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index a2cb19a8..a2580e38 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + + if (avahi_dns_packet_is_query(p)) { + int legacy_unicast = 0; ++ char t[AVAHI_ADDRESS_STR_MAX]; + + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the + * AR section completely here, so far. Until the day we add +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + legacy_unicast = 1; + } + ++ if (!is_mdns_mcast_address(dst_address) && ++ !avahi_interface_address_on_link(i, src_address)) { ++ ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); ++ return; ++ } ++ + if (legacy_unicast) + reflect_legacy_unicast_query_packet(s, p, i, src_address, port); + diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch deleted file mode 100644 index 1e23c0f56..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch +++ /dev/null @@ -1,54 +0,0 @@ -xml2-config is disabled, so change the configure script to use pkgconfig to find -libxml2. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton - -Update context for version 9.10.3-P2. - -Signed-off-by: Kai Kang - -Update context for version 9.10.5-P3. - -Signed-off-by: Kai Kang ---- - configure.in | 23 +++-------------------- - 1 file changed, 3 insertions(+), 20 deletions(-) - -diff --git a/configure.in b/configure.in -index 4da73a4..6f2a754 100644 ---- a/configure.in -+++ b/configure.in -@@ -2282,26 +2282,9 @@ case "$use_libxml2" in - DST_LIBXML2_INC="" - ;; - auto|yes) -- case X`(xml2-config --version) 2>/dev/null` in -- X2.[[6789]].*) -- libxml2_libs=`xml2-config --libs` -- libxml2_cflags=`xml2-config --cflags` -- ;; -- *) -- if test "yes" = "$use_libxml2" ; then -- AC_MSG_RESULT(no) -- AC_MSG_ERROR(required libxml2 version not available) -- else -- libxml2_libs= -- libxml2_cflags= -- fi -- ;; -- esac -- ;; -- *) -- if test -f "$use_libxml2/bin/xml2-config" ; then -- libxml2_libs=`$use_libxml2/bin/xml2-config --libs` -- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags` -+ if pkg-config --exists libxml-2.0 ; then -+ libxml2_libs=`pkg-config libxml-2.0 --libs` -+ libxml2_cflags=`pkg-config libxml-2.0 --cflags` - fi - ;; - esac --- -2.1.4 - diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch deleted file mode 100644 index 7a2ba7eab..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch +++ /dev/null @@ -1,72 +0,0 @@ -Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740] - -CVE: CVE-2018-5740 - -Signed-off-by: Changqing Li - -diff --git a/CHANGES b/CHANGES -index 750b600..3d8d655 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,9 @@ -+ --- 9.11.4-P1 released --- -+ -+4997. [security] named could crash during recursive processing -+ of DNAME records when "deny-answer-aliases" was -+ in use. (CVE-2018-5740) [GL #387] -+ - --- 9.11.4 released --- - - --- 9.11.4rc2 released --- -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 8f674a2..41d1385 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, - unsigned int nlabels; - dns_fixedname_t fixed; - dns_name_t prefix; -+ int order; - - REQUIRE(rdataset != NULL); - REQUIRE(rdataset->type == dns_rdatatype_cname || -@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname, - tname = &cname.cname; - break; - case dns_rdatatype_dname: -+ if (dns_name_fullcompare(qname, rname, &order, &nlabels) != -+ dns_namereln_subdomain) -+ { -+ return (ISC_TRUE); -+ } - result = dns_rdata_tostruct(&rdata, &dname, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - dns_name_init(&prefix, NULL); - tname = dns_fixedname_initname(&fixed); -- nlabels = dns_name_countlabels(qname) - -- dns_name_countlabels(rname); -+ nlabels = dns_name_countlabels(rname); - dns_name_split(qname, nlabels, &prefix, NULL); - result = dns_name_concatenate(&prefix, &dname.dname, tname, - NULL); -- if (result == DNS_R_NAMETOOLONG) -+ if (result == DNS_R_NAMETOOLONG) { -+ if (chainingp != NULL) { -+ *chainingp = ISC_TRUE; -+ } - return (ISC_TRUE); -+ } - RUNTIME_CHECK(result == ISC_R_SUCCESS); - break; - default: -@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) { - } - if ((ardataset->type == dns_rdatatype_cname || - ardataset->type == dns_rdatatype_dname) && -- !is_answertarget_allowed(fctx, qname, aname, ardataset, -+ type != ardataset->type && -+ type != dns_rdatatype_any && -+ !is_answertarget_allowed(fctx, qname, aname, ardataset, - NULL)) - { - return (DNS_R_SERVFAIL); diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb deleted file mode 100644 index cb4a21a9a..000000000 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb +++ /dev/null @@ -1,137 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb" - -DEPENDS = "openssl libcap zlib" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ - file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - file://CVE-2018-5740.patch \ -" - -SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36" -SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -UPSTREAM_CHECK_REGEX = "(?P9(\.\d+)+(-P\d+)*)/" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script - -MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," -PACKAGECONFIG[python3] = "--with-python=${PYTHON} --with-python-install-dir=${D}/${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ - --with-lmdb=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - - rm "${D}${bindir}/nslookup" - rm "${D}${mandir}/man1/nslookup.1" - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN} = "bash" -RDEPENDS_${PN}-utils = "bash" -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb new file mode 100644 index 000000000..67672792b --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb @@ -0,0 +1,139 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "http://www.isc.org/sw/bind/" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb" + +DEPENDS = "openssl libcap zlib" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ + file://0001-lib-dns-gen.c-fix-too-long-error.patch \ + file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ +" + +SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157" +SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +UPSTREAM_CHECK_REGEX = "(?P9(\.\d+)+(-P\d+)*)/" +RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021" + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script + +MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +PACKAGECONFIG[python3] = "--with-python=${PYTHON} --with-python-install-dir=${D}/${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," + +ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ + --disable-devpoll --enable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ + --with-lmdb=no \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "named.service" + +do_install_prepend() { + # clean host path in isc-config.sh before the hardlink created + # by "make install": + # bind9-config -> isc-config.sh + sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh +} + +do_install_append() { + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ + ${D}${sbindir}/dnssec-coverage \ + ${D}${sbindir}/dnssec-checkds \ + ${D}${sbindir}/dnssec-keymgr + fi + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +FILES_${PN}-libs = "${libdir}/*.so*" +FILES_${PN}-staticdev += "${libdir}/*.la" + +PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" +FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ + ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} = "bash" +RDEPENDS_${PN}-utils = "bash" +RDEPENDS_${PN}-dev = "" +RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index edb44b22a..aaf2af975 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -41,7 +41,7 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" -PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c" +PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" SRC_URI = "\ @@ -53,6 +53,7 @@ SRC_URI = "\ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \ + file://CVE-2018-10910.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch new file mode 100644 index 000000000..b4b1846c4 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch @@ -0,0 +1,705 @@ +A bug in Bluez may allow for the Bluetooth Discoverable state being set to on +when no Bluetooth agent is registered with the system. This situation could +lead to the unauthorized pairing of certain Bluetooth devices without any +form of authentication. + +CVE: CVE-2018-10910 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command +From: Luiz Augusto von Dentz +Date: 2018-07-25 10:20:32 +Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This adds discoverable-timeout command which can be used to get/set +DiscoverableTimeout property: + +[bluetooth]# discoverable-timeout 180 +Changing discoverable-timeout 180 succeeded +--- + client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 43 insertions(+) + +diff --git a/client/main.c b/client/main.c +index 87323d8f7..59820c6d9 100644 +--- a/client/main.c ++++ b/client/main.c +@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[]) + return bt_shell_noninteractive_quit(EXIT_FAILURE); + } + ++static void cmd_discoverable_timeout(int argc, char *argv[]) ++{ ++ uint32_t value; ++ char *endptr = NULL; ++ char *str; ++ ++ if (argc < 2) { ++ DBusMessageIter iter; ++ ++ if (!g_dbus_proxy_get_property(default_ctrl->proxy, ++ "DiscoverableTimeout", &iter)) { ++ bt_shell_printf("Unable to get DiscoverableTimeout\n"); ++ return bt_shell_noninteractive_quit(EXIT_FAILURE); ++ } ++ ++ dbus_message_iter_get_basic(&iter, &value); ++ ++ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value); ++ ++ return; ++ } ++ ++ value = strtol(argv[1], &endptr, 0); ++ if (!endptr || *endptr != '\0' || value > UINT32_MAX) { ++ bt_shell_printf("Invalid argument\n"); ++ return bt_shell_noninteractive_quit(EXIT_FAILURE); ++ } ++ ++ str = g_strdup_printf("discoverable-timeout %d", value); ++ ++ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy, ++ "DiscoverableTimeout", ++ DBUS_TYPE_UINT32, &value, ++ generic_callback, str, g_free)) ++ return; ++ ++ g_free(str); ++ ++ return bt_shell_noninteractive_quit(EXIT_FAILURE); ++} ++ + static void cmd_agent(int argc, char *argv[]) + { + dbus_bool_t enable; +@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = { + { "discoverable", "", cmd_discoverable, + "Set controller discoverable mode", + NULL }, ++ { "discoverable-timeout", "[value]", cmd_discoverable_timeout, ++ "Set discoverable timeout", NULL }, + { "agent", "", cmd_agent, + "Enable/disable agent with given capability", + capability_generator}, +-- +2.17.1 + +Subject: [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout +From: Luiz Augusto von Dentz +Date: 2018-07-25 10:20:33 +Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +Controller XX:XX:XX:XX:XX:XX (public) + Name: Vudentz's T460s + Alias: Intel-1 + Class: 0x004c010c + Powered: yes + Discoverable: no + DiscoverableTimeout: 0x00000000 + Pairable: yes + UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb) + UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb) + UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb) + UUID: SIM Access (0000112d-0000-1000-8000-00805f9b34fb) + UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb) + UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb) + UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb) + UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb) + UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb) + UUID: Headset (00001108-0000-1000-8000-00805f9b34fb) + Modalias: usb:v1D6Bp0246d0532 + Discovering: no +--- + client/main.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/client/main.c b/client/main.c +index 59820c6d9..6f472d050 100644 +--- a/client/main.c ++++ b/client/main.c +@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[]) + print_property(proxy, "Class"); + print_property(proxy, "Powered"); + print_property(proxy, "Discoverable"); ++ print_property(proxy, "DiscoverableTimeout"); + print_property(proxy, "Pairable"); + print_uuids(proxy); + print_property(proxy, "Modalias"); +-- +2.17.1 +Subject: [PATCH BlueZ 3/4] adapter: Track pending settings +From: Luiz Augusto von Dentz +Date: 2018-07-25 10:20:34 +Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This tracks settings being changed and in case the settings is already +pending considered it to be done. +--- + src/adapter.c | 30 ++++++++++++++++++++++++++++-- + 1 file changed, 28 insertions(+), 2 deletions(-) + +diff --git a/src/adapter.c b/src/adapter.c +index af340fd6e..20c20f9e9 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -196,6 +196,7 @@ struct btd_adapter { + char *name; /* controller device name */ + char *short_name; /* controller short name */ + uint32_t supported_settings; /* controller supported settings */ ++ uint32_t pending_settings; /* pending controller settings */ + uint32_t current_settings; /* current controller settings */ + + char *path; /* adapter object path */ +@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) + changed_mask = adapter->current_settings ^ settings; + + adapter->current_settings = settings; ++ adapter->pending_settings &= ~changed_mask; + + DBG("Changed settings: 0x%08x", changed_mask); ++ DBG("Pending settings: 0x%08x", adapter->pending_settings); + + if (changed_mask & MGMT_SETTING_POWERED) { + g_dbus_emit_property_changed(dbus_conn, adapter->path, +@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode, + uint8_t mode) + { + struct mgmt_mode cp; ++ uint32_t setting = 0; + + memset(&cp, 0, sizeof(cp)); + cp.val = mode; + ++ switch (mode) { ++ case MGMT_OP_SET_POWERED: ++ setting = MGMT_SETTING_POWERED; ++ break; ++ case MGMT_OP_SET_CONNECTABLE: ++ setting = MGMT_SETTING_CONNECTABLE; ++ break; ++ case MGMT_OP_SET_FAST_CONNECTABLE: ++ setting = MGMT_SETTING_FAST_CONNECTABLE; ++ break; ++ case MGMT_OP_SET_DISCOVERABLE: ++ setting = MGMT_SETTING_DISCOVERABLE; ++ break; ++ case MGMT_OP_SET_BONDABLE: ++ setting = MGMT_SETTING_DISCOVERABLE; ++ break; ++ } ++ ++ adapter->pending_settings |= setting; ++ + DBG("sending set mode command for index %u", adapter->dev_id); + + if (mgmt_send(adapter->mgmt, opcode, +@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, + else + current_enable = FALSE; + +- if (enable == current_enable) { ++ if (enable == current_enable || adapter->pending_settings & setting) { + g_dbus_pending_property_success(id); + return; + } + + mode = (enable == TRUE) ? 0x01 : 0x00; + ++ adapter->pending_settings |= setting; ++ + switch (setting) { + case MGMT_SETTING_POWERED: + opcode = MGMT_OP_SET_POWERED; +@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, + data->id = id; + + if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param, +- property_set_mode_complete, data, g_free) > 0) ++ property_set_mode_complete, data, g_free) > 0) + return; + + g_free(data); +-- +2.17.1 +Subject: [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout +From: Luiz Augusto von Dentz +Date: 2018-07-25 10:20:35 +Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This makes DiscoverableTimeout check if discoverable is already pending +and don't attempt to set it once again which may cause discoverable to +be re-enabled when in fact the application just want to set the timeout +alone. +--- + src/adapter.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/adapter.c b/src/adapter.c +index 20c20f9e9..f92c897c7 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout( + GDBusPendingPropertySet id, void *user_data) + { + struct btd_adapter *adapter = user_data; ++ bool enabled; + dbus_uint32_t value; + + dbus_message_iter_get_basic(iter, &value); +@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout( + g_dbus_emit_property_changed(dbus_conn, adapter->path, + ADAPTER_INTERFACE, "DiscoverableTimeout"); + ++ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) { ++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) ++ enabled = false; ++ else ++ enabled = true; ++ } else { ++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) ++ enabled = true; ++ else ++ enabled = false; ++ } + +- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) ++ if (enabled) + set_discoverable(adapter, 0x01, adapter->discoverable_timeout); + } + +-- +2.17.1 +Subject: [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter +From: Luiz Augusto von Dentz +Date: 2018-07-26 14:17:19 +Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This enables the client to set its discoverable setting while +discovering which is very typical situation as usually the setings +application would allow incoming pairing request while scanning, so +this would reduce the number of calls setting Discoverable and +DiscoverableTimeout and restoring after done with discovery. +--- + doc/adapter-api.txt | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt +index d14d0ca50..4791af2c7 100644 +--- a/doc/adapter-api.txt ++++ b/doc/adapter-api.txt +@@ -113,6 +113,12 @@ Methods void StartDiscovery() + generated for either ManufacturerData and + ServiceData everytime they are discovered. + ++ bool Discoverable (Default: false) ++ ++ Make adapter discoverable while discovering, ++ if the adapter is already discoverable this ++ setting this filter won't do anything. ++ + When discovery filter is set, Device objects will be + created as new devices with matching criteria are + discovered regardless of they are connectable or +-- +2.17.1 +Subject: [PATCH BlueZ 2/5] adapter: Discovery filter discoverable +From: Luiz Augusto von Dentz +Date: 2018-07-26 14:17:20 +Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This implements the discovery filter discoverable and tracks which +clients had enabled it and restores the settings when the last client +enabling it exits. +--- + src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 54 insertions(+), 2 deletions(-) + +diff --git a/src/adapter.c b/src/adapter.c +index f92c897c7..bd9edddc6 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -157,6 +157,7 @@ struct discovery_filter { + int16_t rssi; + GSList *uuids; + bool duplicate; ++ bool discoverable; + }; + + struct watch_client { +@@ -214,6 +215,7 @@ struct btd_adapter { + + bool discovering; /* discovering property state */ + bool filtered_discovery; /* we are doing filtered discovery */ ++ bool filtered_discoverable; /* we are doing filtered discovery */ + bool no_scan_restart_delay; /* when this flag is set, restart scan + * without delay */ + uint8_t discovery_type; /* current active discovery type */ +@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data) + g_free(client); + } + ++static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable) ++{ ++ if (adapter->filtered_discoverable == enable) ++ return true; ++ ++ adapter->filtered_discoverable = enable; ++ ++ return set_discoverable(adapter, enable, 0); ++} ++ + static void discovery_remove(struct watch_client *client) + { + struct btd_adapter *adapter = client->adapter; +@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client) + adapter->discovery_list = g_slist_remove(adapter->discovery_list, + client); + ++ if (adapter->filtered_discoverable && ++ client->discovery_filter->discoverable) { ++ GSList *l; ++ ++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { ++ struct watch_client *client = l->data; ++ ++ if (client->discovery_filter->discoverable) ++ break; ++ } ++ ++ /* Disable filtered discoverable if there are no clients */ ++ if (!l) ++ set_filtered_discoverable(adapter, false); ++ } ++ + discovery_free(client); + + /* +@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn, + adapter->set_filter_list, client); + adapter->discovery_list = g_slist_prepend( + adapter->discovery_list, client); ++ ++ /* Reset discoverable filter if already set */ ++ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE) ++ goto done; ++ ++ /* Set discoverable if filter requires and it*/ ++ if (client->discovery_filter->discoverable) ++ set_filtered_discoverable(adapter, true); ++ + goto done; + } + +@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value, + return true; + } + ++static bool parse_discoverable(DBusMessageIter *value, ++ struct discovery_filter *filter) ++{ ++ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN) ++ return false; ++ ++ dbus_message_iter_get_basic(value, &filter->discoverable); ++ ++ return true; ++} ++ + struct filter_parser { + const char *name; + bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter); +@@ -2357,6 +2405,7 @@ struct filter_parser { + { "Pathloss", parse_pathloss }, + { "Transport", parse_transport }, + { "DuplicateData", parse_duplicate_data }, ++ { "Discoverable", parse_discoverable }, + { } + }; + +@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, + (*filter)->rssi = DISTANCE_VAL_INVALID; + (*filter)->type = get_scan_type(adapter); + (*filter)->duplicate = false; ++ (*filter)->discoverable = false; + + dbus_message_iter_init(msg, &iter); + if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY || +@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, + goto invalid_args; + + DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d " +- " duplicate data: %s ", (*filter)->type, (*filter)->rssi, +- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false"); ++ " duplicate data: %s discoverable %s", (*filter)->type, ++ (*filter)->rssi, (*filter)->pathloss, ++ (*filter)->duplicate ? "true" : "false", ++ (*filter)->discoverable ? "true" : "false"); + + return true; + +-- +2.17.1 +Subject: [PATCH BlueZ 3/5] client: Add scan.discoverable command +From: Luiz Augusto von Dentz +Date: 2018-07-26 14:17:21 +Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This adds discoverable command to scan menu which can be used to set +if adapter should become discoverable while scanning: + +[bluetooth]# scan.discoverable on +[bluetooth]# scan on +SetDiscoveryFilter success +[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes +Discovery started +[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes +[bluetooth]# scan off +Discovery stopped +[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no +--- + client/main.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/client/main.c b/client/main.c +index 6f472d050..6e6f6d2fb 100644 +--- a/client/main.c ++++ b/client/main.c +@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args { + char **uuids; + size_t uuids_len; + dbus_bool_t duplicate; ++ dbus_bool_t discoverable; + bool set; + } filter = { + .rssi = DISTANCE_VAL_INVALID, +@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data) + DBUS_TYPE_BOOLEAN, + &args->duplicate); + ++ if (args->discoverable) ++ g_dbus_dict_append_entry(&dict, "Discoverable", ++ DBUS_TYPE_BOOLEAN, ++ &args->discoverable); ++ + dbus_message_iter_close_container(iter, &dict); + } + +@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[]) + filter.set = false; + } + ++static void cmd_scan_filter_discoverable(int argc, char *argv[]) ++{ ++ if (argc < 2 || !strlen(argv[1])) { ++ bt_shell_printf("Discoverable: %s\n", ++ filter.discoverable ? "on" : "off"); ++ return bt_shell_noninteractive_quit(EXIT_SUCCESS); ++ } ++ ++ if (!strcmp(argv[1], "on")) ++ filter.discoverable = true; ++ else if (!strcmp(argv[1], "off")) ++ filter.discoverable = false; ++ else { ++ bt_shell_printf("Invalid option: %s\n", argv[1]); ++ return bt_shell_noninteractive_quit(EXIT_FAILURE); ++ } ++ ++ filter.set = false; ++} ++ + static void filter_clear_uuids(void) + { + g_strfreev(filter.uuids); +@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = { + { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data, + "Set/Get duplicate data filter", + NULL }, ++ { "discoverable", "[on/off]", cmd_scan_filter_discoverable, ++ "Set/Get discoverable filter", ++ NULL }, + { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]", + cmd_scan_filter_clear, + "Clears discovery filter.", +-- +2.17.1 +Subject: [PATCH BlueZ 4/5] client: Add scan.clear discoverable +From: Luiz Augusto von Dentz +Date: 2018-07-26 14:17:22 +Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +This implements scan.clear for discoverable filter. +--- + client/main.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/client/main.c b/client/main.c +index 6e6f6d2fb..1a66a3ab4 100644 +--- a/client/main.c ++++ b/client/main.c +@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void) + filter.duplicate = false; + } + ++static void filter_clear_discoverable(void) ++{ ++ filter.discoverable = false; ++} ++ + struct clear_entry { + const char *name; + void (*clear) (void); +@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = { + { "pathloss", filter_clear_pathloss }, + { "transport", filter_clear_transport }, + { "duplicate-data", filter_clear_duplicate }, ++ { "discoverable", filter_clear_discoverable }, + {} + }; + +@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = { + { "discoverable", "[on/off]", cmd_scan_filter_discoverable, + "Set/Get discoverable filter", + NULL }, +- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]", ++ { "clear", ++ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]", + cmd_scan_filter_clear, + "Clears discovery filter.", + filter_clear_generator }, +-- +2.17.1 +Subject: [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters +From: Luiz Augusto von Dentz +Date: 2018-07-26 14:17:23 +Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com +[Download RAW message or body] + +From: Luiz Augusto von Dentz + +If the discovery has been stopped and the client has set filters those +should be put back into filter list since the client may still be +interested in using them the next time it start a scanning. +--- + src/adapter.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git a/src/adapter.c b/src/adapter.c +index bd9edddc6..822bd3472 100644 +--- a/src/adapter.c ++++ b/src/adapter.c +@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable) + return set_discoverable(adapter, enable, 0); + } + +-static void discovery_remove(struct watch_client *client) ++static void discovery_remove(struct watch_client *client, bool exit) + { + struct btd_adapter *adapter = client->adapter; + +@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client) + set_filtered_discoverable(adapter, false); + } + +- discovery_free(client); ++ if (!exit && client->discovery_filter) ++ adapter->set_filter_list = g_slist_prepend( ++ adapter->set_filter_list, client); ++ else ++ discovery_free(client); + + /* + * If there are other client discoveries in progress, then leave +@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, + goto done; + } + +- if (client->msg) ++ if (client->msg) { + g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); ++ dbus_message_unref(client->msg); ++ client->msg = NULL; ++ } + + adapter->discovery_type = 0x00; + adapter->discovery_enable = 0x00; +@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, + trigger_passive_scanning(adapter); + + done: +- discovery_remove(client); ++ discovery_remove(client, false); + } + + static int compare_sender(gconstpointer a, gconstpointer b) +@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter) + return -EINPROGRESS; + } + +-static int discovery_stop(struct watch_client *client) ++static int discovery_stop(struct watch_client *client, bool exit) + { + struct btd_adapter *adapter = client->adapter; + struct mgmt_cp_stop_discovery cp; + + /* Check if there are more client discovering */ + if (g_slist_next(adapter->discovery_list)) { +- discovery_remove(client); ++ discovery_remove(client, exit); + update_discovery_filter(adapter); + return 0; + } +@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client) + * and so it is enough to send out the signal and just return. + */ + if (adapter->discovery_enable == 0x00) { +- discovery_remove(client); ++ discovery_remove(client, exit); + adapter->discovering = false; + g_dbus_emit_property_changed(dbus_conn, adapter->path, + ADAPTER_INTERFACE, "Discovering"); +@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data) + + DBG("owner %s", client->owner); + +- discovery_stop(client); ++ discovery_stop(client, true); + } + + /* +@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn, + if (client->msg) + return btd_error_busy(msg); + +- err = discovery_stop(client); ++ err = discovery_stop(client, false); + switch (err) { + case 0: + return dbus_message_new_method_return(msg); +-- +2.17.1 diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/init b/poky/meta/recipes-connectivity/bluez5/bluez5/init index d7972f2d9..ca9fa1854 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/init +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/init @@ -1,5 +1,8 @@ #!/bin/sh +# Source function library +. /etc/init.d/functions + PATH=/sbin:/bin:/usr/sbin:/usr/bin DESC=bluetooth @@ -44,14 +47,7 @@ case $1 in $0 start ;; status) - pidof ${DAEMON} >/dev/null - status=$? - if [ $status -eq 0 ]; then - echo "bluetooth is running." - else - echo "bluetooth is not running" - fi - exit $status + status ${DAEMON} || exit $? ;; *) N=/etc/init.d/bluetooth diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc index 2b03f9cb0..0a117e44a 100644 --- a/poky/meta/recipes-connectivity/connman/connman.inc +++ b/poky/meta/recipes-connectivity/connman/connman.inc @@ -133,14 +133,14 @@ python populate_packages_prepend() { add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False) plugin_dir = d.expand('${libdir}/connman/plugins/') plugin_name = d.expand('${PN}-plugin-%s') - do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True ) hook = lambda file,pkg,x,y,z: \ add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True) plugin_dir = d.expand('${libdir}/connman/plugins-vpn/') plugin_name = d.expand('${PN}-plugin-vpn-%s') - do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True ) } @@ -156,7 +156,7 @@ RDEPENDS_${PN}-client ="${PN}" FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ ${libdir}/connman/plugins \ - ${sysconfdir} ${sharedstatedir} ${localstatedir} \ + ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ ${datadir}/dbus-1/system-services/* \ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch new file mode 100644 index 000000000..f344fea10 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch @@ -0,0 +1,362 @@ +From 181ff3439783c6920f5211730672685a210c318f Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Mon, 8 Oct 2018 22:12:56 +0200 +Subject: [PATCH] Fix various issues which cause problems under musl + +Instead of using #define _GNU_SOURCE in some source files which causes +problems when building with musl as more files need the define, simply +use AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally. + +Signed-off-by: Ross Burton +Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b] +--- + configure.ac | 3 +++ + gdhcp/client.c | 1 - + gdhcp/common.h | 5 +++-- + gweb/gresolv.c | 1 + + plugins/tist.c | 1 - + plugins/wifi.c | 3 +-- + src/backtrace.c | 1 - + src/inet.c | 1 - + src/ippool.c | 1 - + src/iptables.c | 2 +- + src/log.c | 1 - + src/ntp.c | 1 - + src/resolver.c | 1 - + src/rfkill.c | 1 - + src/stats.c | 1 - + src/tethering.c | 2 -- + src/timezone.c | 1 - + tools/dhcp-test.c | 1 - + tools/dnsproxy-test.c | 1 + + tools/private-network-test.c | 2 +- + tools/stats-tool.c | 1 - + tools/tap-test.c | 3 +-- + tools/wispr.c | 1 - + vpn/plugins/vpn.c | 1 - + 24 files changed, 12 insertions(+), 25 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 39745f76..984126c2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir) + AC_SUBST(abs_top_builddir) + + AC_LANG_C ++AC_USE_SYSTEM_EXTENSIONS + + AC_PROG_CC + AM_PROG_CC_C_O +@@ -185,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [ + AC_CHECK_HEADERS([execinfo.h]) + AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"]) + ++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include ]]) ++ + AC_CHECK_FUNC(signalfd, dummy=yes, + AC_MSG_ERROR(signalfd support is required)) + +diff --git a/gdhcp/client.c b/gdhcp/client.c +index 67357782..c7db76f0 100644 +--- a/gdhcp/client.c ++++ b/gdhcp/client.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/gdhcp/common.h b/gdhcp/common.h +index 75abc183..6899499e 100644 +--- a/gdhcp/common.h ++++ b/gdhcp/common.h +@@ -19,6 +19,7 @@ + * + */ + ++#include + #include + #include + +@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = { + [OPTION_U32] = 4, + }; + +-/* already defined within netinet/in.h if using GNU compiler */ +-#ifndef __USE_GNU ++/* already defined within netinet/in.h if using glibc or musl */ ++#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR + struct in6_pktinfo { + struct in6_addr ipi6_addr; /* src/dst IPv6 address */ + unsigned int ipi6_ifindex; /* send/recv interface index */ +diff --git a/gweb/gresolv.c b/gweb/gresolv.c +index 81c79b6c..b06f8932 100644 +--- a/gweb/gresolv.c ++++ b/gweb/gresolv.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff --git a/plugins/tist.c b/plugins/tist.c +index ad5ef79e..cc2800a1 100644 +--- a/plugins/tist.c ++++ b/plugins/tist.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/plugins/wifi.c b/plugins/wifi.c +index dc08c6af..46e4cca4 100644 +--- a/plugins/wifi.c ++++ b/plugins/wifi.c +@@ -30,9 +30,8 @@ + #include + #include + #include +-#include +-#include + #include ++#include + + #ifndef IFF_LOWER_UP + #define IFF_LOWER_UP 0x10000 +diff --git a/src/backtrace.c b/src/backtrace.c +index e8d7f432..bede6698 100644 +--- a/src/backtrace.c ++++ b/src/backtrace.c +@@ -24,7 +24,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/inet.c b/src/inet.c +index a31372b5..a58ce7c1 100644 +--- a/src/inet.c ++++ b/src/inet.c +@@ -25,7 +25,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/ippool.c b/src/ippool.c +index cea1dccd..8a645da2 100644 +--- a/src/ippool.c ++++ b/src/ippool.c +@@ -28,7 +28,6 @@ + #include + #include + #include +-#include + #include + + #include "connman.h" +diff --git a/src/iptables.c b/src/iptables.c +index f3670e77..469effed 100644 +--- a/src/iptables.c ++++ b/src/iptables.c +@@ -28,7 +28,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +diff --git a/src/log.c b/src/log.c +index 9bae4a3d..f7e82e5d 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/ntp.c b/src/ntp.c +index 51ba9aac..724ca188 100644 +--- a/src/ntp.c ++++ b/src/ntp.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/resolver.c b/src/resolver.c +index 76f0a8e1..10121aa5 100644 +--- a/src/resolver.c ++++ b/src/resolver.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/rfkill.c b/src/rfkill.c +index d9bed4d2..b2514c41 100644 +--- a/src/rfkill.c ++++ b/src/rfkill.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/stats.c b/src/stats.c +index 663bc382..c9ddc2e8 100644 +--- a/src/stats.c ++++ b/src/stats.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/src/tethering.c b/src/tethering.c +index 4b202369..f3cb36f4 100644 +--- a/src/tethering.c ++++ b/src/tethering.c +@@ -34,8 +34,6 @@ + #include + #include + #include +-#include +-#include + #include + + #include "connman.h" +diff --git a/src/timezone.c b/src/timezone.c +index e346b11a..8e912670 100644 +--- a/src/timezone.c ++++ b/src/timezone.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c +index c34e10a8..eae66fc2 100644 +--- a/tools/dhcp-test.c ++++ b/tools/dhcp-test.c +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + + #include + +diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c +index 551cae91..371e2e23 100644 +--- a/tools/dnsproxy-test.c ++++ b/tools/dnsproxy-test.c +@@ -24,6 +24,7 @@ + #endif + + #include ++#include + #include + #include + #include +diff --git a/tools/private-network-test.c b/tools/private-network-test.c +index 3dd115ba..2828bb30 100644 +--- a/tools/private-network-test.c ++++ b/tools/private-network-test.c +@@ -32,7 +32,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + +diff --git a/tools/stats-tool.c b/tools/stats-tool.c +index efa39de2..5695048f 100644 +--- a/tools/stats-tool.c ++++ b/tools/stats-tool.c +@@ -22,7 +22,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/tools/tap-test.c b/tools/tap-test.c +index fdc098aa..cb3ee622 100644 +--- a/tools/tap-test.c ++++ b/tools/tap-test.c +@@ -23,13 +23,12 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include + #include + #include +-#include ++#include + #include + + #include +diff --git a/tools/wispr.c b/tools/wispr.c +index d5f9341f..e56dfc16 100644 +--- a/tools/wispr.c ++++ b/tools/wispr.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c +index 10548aaf..6e3f640c 100644 +--- a/vpn/plugins/vpn.c ++++ b/vpn/plugins/vpn.c +@@ -23,7 +23,6 @@ + #include + #endif + +-#define _GNU_SOURCE + #include + #include + #include +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch b/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch deleted file mode 100644 index f9080d4ba..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 929fc9b7068100444e0ffcccd25841f78791e619 Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Fri, 15 Sep 2017 06:40:08 -0400 -Subject: [PATCH] gweb: Fix a crash using wispr over TLS -To: connman@lists.01.org -Cc: wagi@monom.org - -When gnutls_channel is instantiated, the gnutls_channel->established -has to be initiated as FALSE. Otherwise, check_handshake function -won't work. A random initial value 1 of gnutls_channel->established -will make check_handshake return G_IO_STATUS_NORMAL, when the channel -is actually not ready to be used. The observed behaviours are, - -- wispr is getting random errors in wispr_portal_web_result -- ConnMan crashes on exit after those random errors -- when wispr is luckly working, ConnMan doesn't crash on exit - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=73e53f3bd9e7debae86341f1eee7b97862a56a5e] -Signed-off-by: André Draszik - gweb/giognutls.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gweb/giognutls.c b/gweb/giognutls.c -index 09dc9e7..c029a8b 100644 ---- a/gweb/giognutls.c -+++ b/gweb/giognutls.c -@@ -421,7 +421,7 @@ GIOChannel *g_io_channel_gnutls_new(int fd) - - DBG(""); - -- gnutls_channel = g_new(GIOGnuTLSChannel, 1); -+ gnutls_channel = g_new0(GIOGnuTLSChannel, 1); - - channel = (GIOChannel *) gnutls_channel; - --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch b/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch deleted file mode 100644 index dd7b35674..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 508dc60a1f0758ebc586b6b086478a176d493086 Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Thu, 5 Oct 2017 09:34:41 +0100 -Subject: [PATCH 1/4] inet: Add prefixlen to iproute_default_function -To: connman@lists.01.org -Cc: wagi@monom.org - -Add prefixlen parameter to this function in preparation for using -it also in creating subnet route later, e.g. - -default via 192.168.100.1 dev eth0 -192.168.100.0/24 dev eth0 - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=edda5b695de2ee79f02314abc9b46fdd46b388e1] -Signed-off-by: André Draszik - src/inet.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/inet.c b/src/inet.c -index b887aa0..ab8aec8 100644 ---- a/src/inet.c -+++ b/src/inet.c -@@ -2796,7 +2796,7 @@ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmar - } - - static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex, -- const char *gateway) -+ const char *gateway, unsigned char prefixlen) - { - struct __connman_inet_rtnl_handle rth; - unsigned char buf[sizeof(struct in6_addr)]; -@@ -2829,6 +2829,7 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex, - rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT; - rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE; - rth.req.u.r.rt.rtm_type = RTN_UNICAST; -+ rth.req.u.r.rt.rtm_dst_len = prefixlen; - - __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY, - buf, len); -@@ -2860,7 +2861,7 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, - { - /* ip route add default via 1.2.3.4 dev wlan0 table 1234 */ - -- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway); -+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0); - } - - int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, -@@ -2868,7 +2869,7 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, - { - /* ip route del default via 1.2.3.4 dev wlan0 table 1234 */ - -- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway); -+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0); - } - - int __connman_inet_get_interface_ll_address(int index, int family, --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch b/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch deleted file mode 100644 index f1b4d0aaa..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch +++ /dev/null @@ -1,112 +0,0 @@ -From b5fd5945886fa1845db5c969424b63d894fe0376 Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Fri, 25 Aug 2017 10:02:16 -0400 -Subject: [PATCH 1/2] session: Keep track of addr in fw_snat & session -To: connman@lists.01.org -Cc: wagi@monom.org - -When there is more than one session in fw_snat's list of sessions, -fw_snat failed to be re-created when update-session-state is triggered -with new IP address. This is because index alone is not sufficient to -decide if fw_snat needs to be re-created. The solution here is to keep -a track of IP addr and use it to avoid false lookup of fw_snat. - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=f9e27d4abfcab5c80a38e0850b5ddb26277f97c1] -Signed-off-by: André Draszik - src/session.c | 19 +++++++++++++++---- - 1 file changed, 15 insertions(+), 4 deletions(-) - -diff --git a/src/session.c b/src/session.c -index 9e3c559..965ac06 100644 ---- a/src/session.c -+++ b/src/session.c -@@ -65,6 +65,7 @@ struct connman_session { - struct firewall_context *fw; - uint32_t mark; - int index; -+ char *addr; - char *gateway; - bool policy_routing; - bool snat_enabled; -@@ -79,6 +80,7 @@ struct fw_snat { - GSList *sessions; - int id; - int index; -+ char *addr; - struct firewall_context *fw; - }; - -@@ -200,7 +202,7 @@ static char *service2bearer(enum connman_service_type type) - return ""; - } - --static struct fw_snat *fw_snat_lookup(int index) -+static struct fw_snat *fw_snat_lookup(int index, const char *addr) - { - struct fw_snat *fw_snat; - GSList *list; -@@ -208,8 +210,11 @@ static struct fw_snat *fw_snat_lookup(int index) - for (list = fw_snat_list; list; list = list->next) { - fw_snat = list->data; - -- if (fw_snat->index == index) -+ if (fw_snat->index == index) { -+ if (g_strcmp0(addr, fw_snat->addr) != 0) -+ continue; - return fw_snat; -+ } - } - return NULL; - } -@@ -224,6 +229,7 @@ static int fw_snat_create(struct connman_session *session, - - fw_snat->fw = __connman_firewall_create(); - fw_snat->index = index; -+ fw_snat->addr = g_strdup(addr); - - fw_snat->id = __connman_firewall_enable_snat(fw_snat->fw, - index, ifname, addr); -@@ -238,6 +244,7 @@ static int fw_snat_create(struct connman_session *session, - return 0; - err: - __connman_firewall_destroy(fw_snat->fw); -+ g_free(fw_snat->addr); - g_free(fw_snat); - return err; - } -@@ -393,7 +400,7 @@ static void del_nat_rules(struct connman_session *session) - return; - - session->snat_enabled = false; -- fw_snat = fw_snat_lookup(session->index); -+ fw_snat = fw_snat_lookup(session->index, session->addr); - - if (!fw_snat) - return; -@@ -420,8 +427,11 @@ static void add_nat_rules(struct connman_session *session) - if (!addr) - return; - -+ g_free(session->addr); -+ session->addr = g_strdup(addr); -+ - session->snat_enabled = true; -- fw_snat = fw_snat_lookup(index); -+ fw_snat = fw_snat_lookup(index, session->addr); - if (fw_snat) { - fw_snat_ref(session, fw_snat); - return; -@@ -502,6 +512,7 @@ static void free_session(struct connman_session *session) - g_free(session->info); - g_free(session->info_last); - g_free(session->gateway); -+ g_free(session->addr); - - g_free(session); - } --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch b/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch deleted file mode 100644 index 9c953e5d5..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 08cda4004491d3971a8b9df937426c43800d15b1 Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Thu, 5 Oct 2017 09:37:06 +0100 -Subject: [PATCH 2/4] inet: Implement subnet route creation/deletion in - iproute_default_modify -To: connman@lists.01.org -Cc: wagi@monom.org - -- Calculate subnet address base on gateway address and prefixlen -- Differentiate creation of routes to gateway and subnet - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ff7dcf91f12a2a237feebc6e606d0a8e92975528] -Signed-off-by: André Draszik - src/inet.c | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/src/inet.c b/src/inet.c -index ab8aec8..0ddb030 100644 ---- a/src/inet.c -+++ b/src/inet.c -@@ -2802,6 +2802,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex, - unsigned char buf[sizeof(struct in6_addr)]; - int ret, len; - int family = connman_inet_check_ipaddress(gateway); -+ char *dst = NULL; -+ -+ DBG("gateway %s/%u table %u", gateway, prefixlen, table_id); - - switch (family) { - case AF_INET: -@@ -2814,7 +2817,19 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex, - return -EINVAL; - } - -- ret = inet_pton(family, gateway, buf); -+ if (prefixlen) { -+ struct in_addr ipv4_subnet_addr, ipv4_mask; -+ -+ memset(&ipv4_subnet_addr, 0, sizeof(ipv4_subnet_addr)); -+ ipv4_mask.s_addr = htonl((0xffffffff << (32 - prefixlen)) & 0xffffffff); -+ ipv4_subnet_addr.s_addr = inet_addr(gateway); -+ ipv4_subnet_addr.s_addr &= ipv4_mask.s_addr; -+ -+ dst = g_strdup(inet_ntoa(ipv4_subnet_addr)); -+ } -+ -+ ret = inet_pton(family, dst ? dst : gateway, buf); -+ g_free(dst); - if (ret <= 0) - return -EINVAL; - -@@ -2831,8 +2846,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex, - rth.req.u.r.rt.rtm_type = RTN_UNICAST; - rth.req.u.r.rt.rtm_dst_len = prefixlen; - -- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY, -- buf, len); -+ __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), -+ prefixlen > 0 ? RTA_DST : RTA_GATEWAY, buf, len); -+ - if (table_id < 256) { - rth.req.u.r.rt.rtm_table = table_id; - } else { --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch b/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch deleted file mode 100644 index 56ba5c3f4..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a9243f13d6e1aadd69bfcc27f75f69c38be51677 Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Wed, 4 Oct 2017 17:30:17 +0100 -Subject: [PATCH 3/4] inet: Implement APIs for creating and deleting subnet - route -To: connman@lists.01.org -Cc: wagi@monom.org - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=3a15b0b7fccd053aff91da2cc68585509d0c509b] -Signed-off-by: André Draszik - src/connman.h | 4 ++++ - src/inet.c | 14 ++++++++++++++ - 2 files changed, 18 insertions(+) - -diff --git a/src/connman.h b/src/connman.h -index 21b7080..da4446a 100644 ---- a/src/connman.h -+++ b/src/connman.h -@@ -240,7 +240,11 @@ int __connman_inet_rtnl_addattr32(struct nlmsghdr *n, size_t maxlen, - int __connman_inet_add_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark); - int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark); - int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, const char *gateway); -+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex, -+ const char *gateway, unsigned char prefixlen); - int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, const char *gateway); -+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex, -+ const char *gateway, unsigned char prefixlen); - int __connman_inet_get_address_netmask(int ifindex, - struct sockaddr_in *address, struct sockaddr_in *netmask); - -diff --git a/src/inet.c b/src/inet.c -index 0ddb030..dcd1ab2 100644 ---- a/src/inet.c -+++ b/src/inet.c -@@ -2880,6 +2880,13 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, - return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0); - } - -+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex, -+ const char *gateway, unsigned char prefixlen) -+{ -+ /* ip route add 1.2.3.4/24 dev eth0 table 1234 */ -+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, prefixlen); -+} -+ - int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, - const char *gateway) - { -@@ -2888,6 +2895,13 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, - return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0); - } - -+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex, -+ const char *gateway, unsigned char prefixlen) -+{ -+ /* ip route del 1.2.3.4/24 dev eth0 table 1234 */ -+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, prefixlen); -+} -+ - int __connman_inet_get_interface_ll_address(int index, int family, - void *address) - { --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch b/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch deleted file mode 100644 index ca213eb18..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch +++ /dev/null @@ -1,77 +0,0 @@ -From deb9372db8396da4f7cd20555ce7c9a8b3ad96bd Mon Sep 17 00:00:00 2001 -From: Jian Liang -Date: Fri, 6 Oct 2017 11:40:16 +0100 -Subject: [PATCH 4/4] session: Use subnet route creation and deletion APIs -To: connman@lists.01.org -Cc: wagi@monom.org - -As subnet route is address and session specific in this case, so add -prefixlen into struct connman_session, and update it along with ipconfig. -Then use it in subnet route related APIs. - -Signed-off-by: Jian Liang - ---- -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=285f25ef6cc9e4a43dab83523f3e2eab4365ac26] -Signed-off-by: André Draszik - src/session.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/src/session.c b/src/session.c -index 965ac06..7b7a14b 100644 ---- a/src/session.c -+++ b/src/session.c -@@ -67,6 +67,7 @@ struct connman_session { - int index; - char *addr; - char *gateway; -+ unsigned char prefixlen; - bool policy_routing; - bool snat_enabled; - }; -@@ -357,13 +358,17 @@ static void del_default_route(struct connman_session *session) - if (!session->gateway) - return; - -- DBG("index %d routing table %d default gateway %s", -- session->index, session->mark, session->gateway); -+ DBG("index %d routing table %d default gateway %s/%u", -+ session->index, session->mark, session->gateway, session->prefixlen); -+ -+ __connman_inet_del_subnet_from_table(session->mark, -+ session->index, session->gateway, session->prefixlen); - - __connman_inet_del_default_from_table(session->mark, - session->index, session->gateway); - g_free(session->gateway); - session->gateway = NULL; -+ session->prefixlen = 0; - session->index = -1; - } - -@@ -383,13 +388,20 @@ static void add_default_route(struct connman_session *session) - if (!session->gateway) - session->gateway = g_strdup(inet_ntoa(addr)); - -- DBG("index %d routing table %d default gateway %s", -- session->index, session->mark, session->gateway); -+ session->prefixlen = __connman_ipconfig_get_prefixlen(ipconfig); -+ -+ DBG("index %d routing table %d default gateway %s/%u", -+ session->index, session->mark, session->gateway, session->prefixlen); - - err = __connman_inet_add_default_to_table(session->mark, - session->index, session->gateway); - if (err < 0) - DBG("session %p %s", session, strerror(-err)); -+ -+ err = __connman_inet_add_subnet_to_table(session->mark, -+ session->index, session->gateway, session->prefixlen); -+ if (err < 0) -+ DBG("session add subnet route %p %s", session, strerror(-err)); - } - - static void del_nat_rules(struct connman_session *session) --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/connman/connman/includes.patch b/poky/meta/recipes-connectivity/connman/connman/includes.patch deleted file mode 100644 index 9f7395cbb..000000000 --- a/poky/meta/recipes-connectivity/connman/connman/includes.patch +++ /dev/null @@ -1,417 +0,0 @@ -Fix various issues which cause problems under musl. - -Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b] -Signed-off-by: Ross Burton - -From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 9 Aug 2016 16:22:36 +0100 -Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS - -Instead of using #define _GNU_SOURCE in some source files which causes problems -when building with musl as more files need the define, simply use -AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally. ---- - configure.ac | 1 + - gdhcp/client.c | 1 - - plugins/tist.c | 1 - - src/backtrace.c | 1 - - src/inet.c | 1 - - src/log.c | 1 - - src/ntp.c | 1 - - src/resolver.c | 1 - - src/rfkill.c | 1 - - src/stats.c | 1 - - src/timezone.c | 1 - - tools/stats-tool.c | 1 - - tools/tap-test.c | 1 - - tools/wispr.c | 1 - - vpn/plugins/vpn.c | 1 - - 15 files changed, 1 insertion(+), 14 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 6e66ab3..bacf5ec 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir) - AC_SUBST(abs_top_builddir) - - AC_LANG_C -+AC_USE_SYSTEM_EXTENSIONS - - AC_PROG_CC - AM_PROG_CC_C_O -diff --git a/gdhcp/client.c b/gdhcp/client.c -index fbb40ab..3aeb089 100644 ---- a/gdhcp/client.c -+++ b/gdhcp/client.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/plugins/tist.c b/plugins/tist.c -index ad5ef79..cc2800a 100644 ---- a/plugins/tist.c -+++ b/plugins/tist.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/backtrace.c b/src/backtrace.c -index 6a66c0a..4dbdda8 100644 ---- a/src/backtrace.c -+++ b/src/backtrace.c -@@ -24,7 +24,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/inet.c b/src/inet.c -index 69ded19..81d92c2 100644 ---- a/src/inet.c -+++ b/src/inet.c -@@ -25,7 +25,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/log.c b/src/log.c -index 9bae4a3..f7e82e5 100644 ---- a/src/log.c -+++ b/src/log.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/ntp.c b/src/ntp.c -index dd246eb..db8ae96 100644 ---- a/src/ntp.c -+++ b/src/ntp.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/resolver.c b/src/resolver.c -index fbe4be7..ef61f92 100644 ---- a/src/resolver.c -+++ b/src/resolver.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/rfkill.c b/src/rfkill.c -index 2bfb092..af49d12 100644 ---- a/src/rfkill.c -+++ b/src/rfkill.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/stats.c b/src/stats.c -index 26343b1..cfcdc94 100644 ---- a/src/stats.c -+++ b/src/stats.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/src/timezone.c b/src/timezone.c -index e346b11..8e91267 100644 ---- a/src/timezone.c -+++ b/src/timezone.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/tools/stats-tool.c b/tools/stats-tool.c -index b076478..428d94b 100644 ---- a/tools/stats-tool.c -+++ b/tools/stats-tool.c -@@ -22,7 +22,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/tools/tap-test.c b/tools/tap-test.c -index fdc098a..57917f5 100644 ---- a/tools/tap-test.c -+++ b/tools/tap-test.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/tools/wispr.c b/tools/wispr.c -index d5f9341..e56dfc1 100644 ---- a/tools/wispr.c -+++ b/tools/wispr.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include -diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c -index 9a42385..479c3a7 100644 ---- a/vpn/plugins/vpn.c -+++ b/vpn/plugins/vpn.c -@@ -23,7 +23,6 @@ - #include - #endif - --#define _GNU_SOURCE - #include - #include - #include --- -2.8.1 - - -From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 9 Aug 2016 15:37:50 +0100 -Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly - -Instead of assuming that just glibc has this structure, check for it at -configure as musl also has it. - -Based on work by Khem Raj . ---- - configure.ac | 2 ++ - gdhcp/common.h | 5 +++-- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index bacf5ec..ad00456 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [ - AC_CHECK_HEADERS([execinfo.h]) - AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"]) - -+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include ]]) -+ - AC_CHECK_FUNC(signalfd, dummy=yes, - AC_MSG_ERROR(signalfd support is required)) - -diff --git a/gdhcp/common.h b/gdhcp/common.h -index 75abc18..6899499 100644 ---- a/gdhcp/common.h -+++ b/gdhcp/common.h -@@ -19,6 +19,7 @@ - * - */ - -+#include - #include - #include - -@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = { - [OPTION_U32] = 4, - }; - --/* already defined within netinet/in.h if using GNU compiler */ --#ifndef __USE_GNU -+/* already defined within netinet/in.h if using glibc or musl */ -+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR - struct in6_pktinfo { - struct in6_addr ipi6_addr; /* src/dst IPv6 address */ - unsigned int ipi6_ifindex; /* send/recv interface index */ --- -2.8.1 - - -From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 9 Aug 2016 15:19:23 +0100 -Subject: [PATCH 3/3] Rationalise includes - -gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and -ctype.h. - -tools/dnsproxy-test uses functions from stdio.h. - -musl warns when sys/ headers are included when the non-sys form should be used, -so switch sys/errno.h and so on to errno.h. - -musl also causes redefinition errors when pieces of the networking headers are -included, so remove the redundant includes. - -Based on work by Khem Raj . ---- - gweb/gresolv.c | 2 ++ - plugins/wifi.c | 3 +-- - src/ippool.c | 1 - - src/iptables.c | 2 +- - src/tethering.c | 2 -- - tools/dhcp-test.c | 1 - - tools/dnsproxy-test.c | 1 + - tools/private-network-test.c | 2 +- - tools/tap-test.c | 2 +- - 9 files changed, 7 insertions(+), 9 deletions(-) - -diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 8a51a9f..d55027c 100644 ---- a/gweb/gresolv.c -+++ b/gweb/gresolv.c -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - #include - #include - #include -diff --git a/plugins/wifi.c b/plugins/wifi.c -index 9d56671..148131d 100644 ---- a/plugins/wifi.c -+++ b/plugins/wifi.c -@@ -30,9 +30,8 @@ - #include - #include - #include --#include --#include - #include -+#include - - #ifndef IFF_LOWER_UP - #define IFF_LOWER_UP 0x10000 -diff --git a/src/ippool.c b/src/ippool.c -index cea1dcc..8a645da 100644 ---- a/src/ippool.c -+++ b/src/ippool.c -@@ -28,7 +28,6 @@ - #include - #include - #include --#include - #include - - #include "connman.h" -diff --git a/src/iptables.c b/src/iptables.c -index 5ef757a..82e3ac4 100644 ---- a/src/iptables.c -+++ b/src/iptables.c -@@ -28,7 +28,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include -diff --git a/src/tethering.c b/src/tethering.c -index 3153349..ad062d5 100644 ---- a/src/tethering.c -+++ b/src/tethering.c -@@ -31,10 +31,8 @@ - #include - #include - #include --#include - #include - #include --#include - #include - #include - -diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c -index c34e10a..eae66fc 100644 ---- a/tools/dhcp-test.c -+++ b/tools/dhcp-test.c -@@ -33,7 +33,6 @@ - #include - #include - #include --#include - - #include - -diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c -index 551cae9..371e2e2 100644 ---- a/tools/dnsproxy-test.c -+++ b/tools/dnsproxy-test.c -@@ -24,6 +24,7 @@ - #endif - - #include -+#include - #include - #include - #include -diff --git a/tools/private-network-test.c b/tools/private-network-test.c -index 3dd115b..2828bb3 100644 ---- a/tools/private-network-test.c -+++ b/tools/private-network-test.c -@@ -32,7 +32,7 @@ - #include - #include - #include --#include -+#include - #include - #include - -diff --git a/tools/tap-test.c b/tools/tap-test.c -index 57917f5..cb3ee62 100644 ---- a/tools/tap-test.c -+++ b/tools/tap-test.c -@@ -28,7 +28,7 @@ - #include - #include - #include --#include -+#include - #include - - #include --- -2.8.1 diff --git a/poky/meta/recipes-connectivity/connman/connman_1.35.bb b/poky/meta/recipes-connectivity/connman/connman_1.35.bb deleted file mode 100644 index ff2118113..000000000 --- a/poky/meta/recipes-connectivity/connman/connman_1.35.bb +++ /dev/null @@ -1,22 +0,0 @@ -require connman.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ - file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ - file://connman \ - file://no-version-scripts.patch \ - file://includes.patch \ - file://0001-session-Keep-track-of-addr-in-fw_snat-session.patch \ - file://0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch \ - file://0001-inet-Add-prefixlen-to-iproute_default_function.patch \ - file://0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch \ - file://0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch \ - file://0004-session-Use-subnet-route-creation-and-deletion-APIs.patch \ - " -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - " - -SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652" -SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa" - -RRECOMMENDS_${PN} = "connman-conf" diff --git a/poky/meta/recipes-connectivity/connman/connman_1.36.bb b/poky/meta/recipes-connectivity/connman/connman_1.36.bb new file mode 100644 index 000000000..6e4dbdfda --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman_1.36.bb @@ -0,0 +1,16 @@ +require connman.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ + file://connman \ + file://no-version-scripts.patch \ + file://0001-Fix-various-issues-which-cause-problems-under-musl.patch \ +" + +SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" + +SRC_URI[md5sum] = "dae77d9c904d2c223ae849e32079d57e" +SRC_URI[sha256sum] = "c789db41cc443fa41e661217ea321492ad59a004bebcd1aa013f3bc10a6e0074" + +RRECOMMENDS_${PN} = "connman-conf" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch new file mode 100644 index 000000000..d2e57714c --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch @@ -0,0 +1,2882 @@ +From ffb1d1325bd6503df9a324befac5f5039ac77432 Mon Sep 17 00:00:00 2001 +From: Armin Kuster +Date: Tue, 23 Oct 2018 10:36:56 +0000 +Subject: [PATCH] dhcpd: fix Replace custom isc_boolean_t with C standard bool + type + + +Upstream-Status: Pending + +Fixes issues introduced by bind when they changed their headers. + +Signed-off-by: Armin Kuster +--- + includes/dhcpd.h | 34 +++++++++++++++++----------------- + includes/heap.h | 2 +- + includes/omapip/omapip.h | 2 +- + includes/omapip/omapip_p.h | 6 +++--- + includes/tree.h | 2 +- + 5 files changed, 23 insertions(+), 23 deletions(-) + +Index: dhcp-4.4.1/includes/dhcpd.h +=================================================================== +--- dhcp-4.4.1.orig/includes/dhcpd.h ++++ dhcp-4.4.1/includes/dhcpd.h +@@ -461,20 +461,20 @@ struct packet { + * options we got in a previous exchange were still there, we need + * to signal this in a reliable way. + */ +- isc_boolean_t agent_options_stashed; ++ bool agent_options_stashed; + + /* + * ISC_TRUE if packet received unicast (as opposed to multicast). + * Only used in DHCPv6. + */ +- isc_boolean_t unicast; ++ bool unicast; + + /* Propagates server value SV_ECHO_CLIENT_ID so it is available + * in cons_options() */ + int sv_echo_client_id; + + /* Relay port check */ +- isc_boolean_t relay_source_port; ++ bool relay_source_port; + }; + + /* +@@ -1174,7 +1174,7 @@ struct dhc6_lease { + struct dhc6_lease *next; + struct data_string server_id; + +- isc_boolean_t released; ++ bool released; + int score; + u_int8_t pref; + +@@ -1695,8 +1695,8 @@ struct ipv6_pool { + int bits; /* number of bits, CIDR style */ + int units; /* allocation unit in bits */ + iasubopt_hash_t *leases; /* non-free leases */ +- isc_uint64_t num_active; /* count of active leases */ +- isc_uint64_t num_abandoned; /* count of abandoned leases */ ++ uint64_t num_active; /* count of active leases */ ++ uint64_t num_abandoned; /* count of abandoned leases */ + isc_heap_t *active_timeouts; /* timeouts for active leases */ + int num_inactive; /* count of inactive leases */ + isc_heap_t *inactive_timeouts; /* timeouts for expired or +@@ -1732,11 +1732,11 @@ struct ipv6_pond { + struct ipv6_pool **ipv6_pools; /* NULL-terminated array */ + int last_ipv6_pool; /* offset of last IPv6 pool + used to issue a lease */ +- isc_uint64_t num_total; /* Total number of elements in the pond */ +- isc_uint64_t num_active; /* Number of elements in the pond in use */ +- isc_uint64_t num_abandoned; /* count of abandoned leases */ ++ uint64_t num_total; /* Total number of elements in the pond */ ++ uint64_t num_active; /* Number of elements in the pond in use */ ++ uint64_t num_abandoned; /* count of abandoned leases */ + int logged; /* already logged a message */ +- isc_uint64_t low_threshold; /* low threshold to restart logging */ ++ uint64_t low_threshold; /* low threshold to restart logging */ + int jumbo_range; + #ifdef EUI_64 + int use_eui_64; /* use EUI-64 address assignment when true */ +@@ -1745,9 +1745,9 @@ struct ipv6_pond { + + /* + * Max addresses in a pond that can be supported by log threshold +- * Currently based on max value supported by isc_uint64_t. ++ * Currently based on max value supported by uint64_t. + */ +-#define POND_TRACK_MAX ISC_UINT64_MAX ++#define POND_TRACK_MAX UINT64_MAX + + /* Flags for dhcp_ddns_cb_t */ + #define DDNS_UPDATE_ADDR 0x0001 +@@ -1868,7 +1868,7 @@ lookup_fqdn6_option(struct universe *uni + unsigned code); + void + save_fqdn6_option(struct universe *universe, struct option_state *options, +- struct option_cache *oc, isc_boolean_t appendp); ++ struct option_cache *oc, bool appendp); + void + delete_fqdn6_option(struct universe *universe, struct option_state *options, + int code); +@@ -1953,7 +1953,7 @@ void save_option(struct universe *, stru + void also_save_option(struct universe *, struct option_state *, + struct option_cache *); + void save_hashed_option(struct universe *, struct option_state *, +- struct option_cache *, isc_boolean_t appendp); ++ struct option_cache *, bool appendp); + void delete_option (struct universe *, struct option_state *, int); + void delete_hashed_option (struct universe *, + struct option_state *, int); +@@ -2041,7 +2041,7 @@ int linked_option_state_dereference (str + struct option_state *, + const char *, int); + void save_linked_option(struct universe *, struct option_state *, +- struct option_cache *, isc_boolean_t appendp); ++ struct option_cache *, bool appendp); + void linked_option_space_foreach (struct packet *, struct lease *, + struct client_state *, + struct option_state *, +@@ -2069,7 +2069,7 @@ void do_packet (struct interface_info *, + struct dhcp_packet *, unsigned, + unsigned int, struct iaddr, struct hardware *); + void do_packet6(struct interface_info *, const char *, +- int, int, const struct iaddr *, isc_boolean_t); ++ int, int, const struct iaddr *, bool); + int packet6_len_okay(const char *, int); + + int validate_packet(struct packet *); +@@ -2224,7 +2224,7 @@ uint32_t parse_byte_order_uint32(const v + int ddns_updates(struct packet *, struct lease *, struct lease *, + struct iasubopt *, struct iasubopt *, struct option_state *); + isc_result_t ddns_removals(struct lease *, struct iasubopt *, +- struct dhcp_ddns_cb *, isc_boolean_t); ++ struct dhcp_ddns_cb *, bool); + u_int16_t get_conflict_mask(struct option_state *input_options); + #if defined (TRACING) + void trace_ddns_init(void); +@@ -2450,7 +2450,7 @@ void dhcpleasequery (struct packet *, in + void dhcpv6_leasequery (struct data_string *, struct packet *); + + /* dhcpv6.c */ +-isc_boolean_t server_duid_isset(void); ++bool server_duid_isset(void); + void copy_server_duid(struct data_string *ds, const char *file, int line); + void set_server_duid(struct data_string *new_duid); + isc_result_t set_server_duid_from_option(void); +@@ -2852,7 +2852,7 @@ extern void (*bootp_packet_handler) (str + struct iaddr, struct hardware *); + extern void (*dhcpv6_packet_handler)(struct interface_info *, + const char *, int, +- int, const struct iaddr *, isc_boolean_t); ++ int, const struct iaddr *, bool); + extern struct timeout *timeouts; + extern omapi_object_type_t *dhcp_type_interface; + #if defined (TRACING) +@@ -2943,7 +2943,7 @@ int addr_or(struct iaddr *result, + const struct iaddr *a1, const struct iaddr *a2); + int addr_and(struct iaddr *result, + const struct iaddr *a1, const struct iaddr *a2); +-isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits); ++bool is_cidr_mask_valid(const struct iaddr *addr, int bits); + isc_result_t range2cidr(struct iaddrcidrnetlist **result, + const struct iaddr *lo, const struct iaddr *hi); + isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result); +@@ -3787,7 +3787,7 @@ isc_result_t ia_add_iasubopt(struct ia_x + const char *file, int line); + void ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt, + const char *file, int line); +-isc_boolean_t ia_equal(const struct ia_xx *a, const struct ia_xx *b); ++bool ia_equal(const struct ia_xx *a, const struct ia_xx *b); + + isc_result_t ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type, + const struct in6_addr *start_addr, +@@ -3820,9 +3820,9 @@ isc_result_t expire_lease6(struct iasubo + struct ipv6_pool *pool, time_t now); + isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease); + isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease); +-isc_boolean_t lease6_exists(const struct ipv6_pool *pool, ++bool lease6_exists(const struct ipv6_pool *pool, + const struct in6_addr *addr); +-isc_boolean_t lease6_usable(struct iasubopt *lease); ++bool lease6_usable(struct iasubopt *lease); + isc_result_t cleanup_lease6(ia_hash_t *ia_table, + struct ipv6_pool *pool, + struct iasubopt *lease, +@@ -3834,13 +3834,13 @@ isc_result_t create_prefix6(struct ipv6_ + unsigned int *attempts, + const struct data_string *uid, + time_t soft_lifetime_end_time); +-isc_boolean_t prefix6_exists(const struct ipv6_pool *pool, ++bool prefix6_exists(const struct ipv6_pool *pool, + const struct in6_addr *pref, u_int8_t plen); + + isc_result_t add_ipv6_pool(struct ipv6_pool *pool); + isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type, + const struct in6_addr *addr); +-isc_boolean_t ipv6_in_pool(const struct in6_addr *addr, ++bool ipv6_in_pool(const struct in6_addr *addr, + const struct ipv6_pool *pool); + isc_result_t ipv6_pond_allocate(struct ipv6_pond **pond, + const char *file, int line); +Index: dhcp-4.4.1/includes/heap.h +=================================================================== +--- dhcp-4.4.1.orig/includes/heap.h ++++ dhcp-4.4.1/includes/heap.h +@@ -26,7 +26,7 @@ + * The comparision function returns ISC_TRUE if the first argument has + * higher priority than the second argument, and ISC_FALSE otherwise. + */ +-typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *); ++typedef bool (*isc_heapcompare_t)(void *, void *); + + /*% + * The index function allows the client of the heap to receive a callback +Index: dhcp-4.4.1/includes/omapip/omapip.h +=================================================================== +--- dhcp-4.4.1.orig/includes/omapip/omapip.h ++++ dhcp-4.4.1/includes/omapip/omapip.h +@@ -264,7 +264,7 @@ isc_result_t omapi_protocol_connect (oma + isc_result_t omapi_connect_list (omapi_object_t *, omapi_addr_list_t *, + omapi_addr_t *); + isc_result_t omapi_protocol_listen (omapi_object_t *, unsigned, int); +-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *); ++bool omapi_protocol_authenticated (omapi_object_t *); + isc_result_t omapi_protocol_configure_security (omapi_object_t *, + isc_result_t (*) + (omapi_object_t *, +Index: dhcp-4.4.1/includes/omapip/omapip_p.h +=================================================================== +--- dhcp-4.4.1.orig/includes/omapip/omapip_p.h ++++ dhcp-4.4.1/includes/omapip/omapip_p.h +@@ -149,7 +149,7 @@ typedef struct __omapi_protocol_object { + omapi_remote_auth_t *remote_auth_list; /* Authenticators active on + this connection. */ + +- isc_boolean_t insecure; /* Set to allow unauthenticated ++ bool insecure; /* Set to allow unauthenticated + messages. */ + + isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *); +@@ -158,7 +158,7 @@ typedef struct __omapi_protocol_object { + typedef struct { + OMAPI_OBJECT_PREAMBLE; + +- isc_boolean_t insecure; /* Set to allow unauthenticated ++ bool insecure; /* Set to allow unauthenticated + messages. */ + + isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *); +@@ -208,7 +208,7 @@ typedef struct __omapi_io_object { + isc_result_t (*writer) (omapi_object_t *); + isc_result_t (*reaper) (omapi_object_t *); + isc_socket_t *fd; +- isc_boolean_t closed; /* ISC_TRUE = closed, do not use */ ++ bool closed; /* ISC_TRUE = closed, do not use */ + } omapi_io_object_t; + + typedef struct __omapi_generic_object { +Index: dhcp-4.4.1/includes/tree.h +=================================================================== +--- dhcp-4.4.1.orig/includes/tree.h ++++ dhcp-4.4.1/includes/tree.h +@@ -304,7 +304,7 @@ struct universe { + struct option_state *, + unsigned); + void (*save_func) (struct universe *, struct option_state *, +- struct option_cache *, isc_boolean_t); ++ struct option_cache *, bool ); + void (*foreach) (struct packet *, + struct lease *, struct client_state *, + struct option_state *, struct option_state *, +Index: dhcp-4.4.1/common/conflex.c +=================================================================== +--- dhcp-4.4.1.orig/common/conflex.c ++++ dhcp-4.4.1/common/conflex.c +@@ -322,7 +322,7 @@ get_raw_token(struct parse *cfile) { + + static enum dhcp_token + get_next_token(const char **rval, unsigned *rlen, +- struct parse *cfile, isc_boolean_t raw) { ++ struct parse *cfile, bool raw) { + int rv; + + if (cfile -> token) { +@@ -367,7 +367,7 @@ get_next_token(const char **rval, unsign + + enum dhcp_token + next_token(const char **rval, unsigned *rlen, struct parse *cfile) { +- return get_next_token(rval, rlen, cfile, ISC_FALSE); ++ return get_next_token(rval, rlen, cfile, false); + } + + +@@ -378,7 +378,7 @@ next_token(const char **rval, unsigned * + + enum dhcp_token + next_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) { +- return get_next_token(rval, rlen, cfile, ISC_TRUE); ++ return get_next_token(rval, rlen, cfile, true); + } + + +@@ -393,7 +393,7 @@ next_raw_token(const char **rval, unsign + + enum dhcp_token + do_peek_token(const char **rval, unsigned int *rlen, +- struct parse *cfile, isc_boolean_t raw) { ++ struct parse *cfile, bool raw) { + int x; + + if (!cfile->token || (!raw && (cfile->token == WHITESPACE))) { +@@ -441,7 +441,7 @@ do_peek_token(const char **rval, unsigne + + enum dhcp_token + peek_token(const char **rval, unsigned *rlen, struct parse *cfile) { +- return do_peek_token(rval, rlen, cfile, ISC_FALSE); ++ return do_peek_token(rval, rlen, cfile, false); + } + + +@@ -452,7 +452,7 @@ peek_token(const char **rval, unsigned * + + enum dhcp_token + peek_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) { +- return do_peek_token(rval, rlen, cfile, ISC_TRUE); ++ return do_peek_token(rval, rlen, cfile, true); + } + + static void skip_to_eol (cfile) +Index: dhcp-4.4.1/common/discover.c +=================================================================== +--- dhcp-4.4.1.orig/common/discover.c ++++ dhcp-4.4.1/common/discover.c +@@ -73,7 +73,7 @@ void (*bootp_packet_handler) (struct int + void (*dhcpv6_packet_handler)(struct interface_info *, + const char *, int, + int, const struct iaddr *, +- isc_boolean_t); ++ bool); + #endif /* DHCPv6 */ + + +@@ -236,7 +236,7 @@ struct iface_conf_list { + struct iface_info { + char name[IF_NAMESIZE+1]; /* name of the interface, e.g. "bge0" */ + struct sockaddr_storage addr; /* address information */ +- isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */ ++ uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */ + }; + + /* +@@ -312,14 +312,14 @@ int + next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) { + struct LIFREQ *p; + struct LIFREQ tmp; +- isc_boolean_t foundif; ++ bool foundif; + #if defined(sun) || defined(__linux) + /* Pointer used to remove interface aliases. */ + char *s; + #endif + + do { +- foundif = ISC_FALSE; ++ foundif = false; + + if (ifaces->next >= ifaces->num) { + *err = 0; +@@ -353,8 +353,8 @@ next_iface(struct iface_info *info, int + } + #endif /* defined(sun) || defined(__linux) */ + +- foundif = ISC_TRUE; +- } while ((foundif == ISC_FALSE) || ++ foundif = true; ++ } while ((foundif == false) || + (strncmp(info->name, "dummy", 5) == 0)); + + memset(&tmp, 0, sizeof(tmp)); +@@ -410,7 +410,7 @@ struct iface_conf_list { + struct iface_info { + char name[IFNAMSIZ]; /* name of the interface, e.g. "bge0" */ + struct sockaddr_storage addr; /* address information */ +- isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */ ++ uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */ + }; + + /* +@@ -1190,9 +1190,9 @@ got_one_v6(omapi_object_t *h) { + * If a packet is not multicast, we assume it is unicast. + */ + if (IN6_IS_ADDR_MULTICAST(&to)) { +- is_unicast = ISC_FALSE; ++ is_unicast = false; + } else { +- is_unicast = ISC_TRUE; ++ is_unicast = true; + } + + ifrom.len = 16; +Index: dhcp-4.4.1/omapip/iscprint.c +=================================================================== +--- dhcp-4.4.1.orig/omapip/iscprint.c ++++ dhcp-4.4.1/omapip/iscprint.c +@@ -59,8 +59,8 @@ isc_print_vsnprintf(char *str, size_t si + int plus; + int space; + int neg; +- isc_int64_t tmpi; +- isc_uint64_t tmpui; ++ int64_t tmpi; ++ uint64_t tmpui; + unsigned long width; + unsigned long precision; + unsigned int length; +@@ -234,7 +234,7 @@ isc_print_vsnprintf(char *str, size_t si + goto printint; + case 'o': + if (q) +- tmpui = va_arg(ap, isc_uint64_t); ++ tmpui = va_arg(ap, uint64_t); + else if (l) + tmpui = va_arg(ap, long int); + else +@@ -244,7 +244,7 @@ isc_print_vsnprintf(char *str, size_t si + goto printint; + case 'u': + if (q) +- tmpui = va_arg(ap, isc_uint64_t); ++ tmpui = va_arg(ap, uint64_t); + else if (l) + tmpui = va_arg(ap, unsigned long int); + else +@@ -253,7 +253,7 @@ isc_print_vsnprintf(char *str, size_t si + goto printint; + case 'x': + if (q) +- tmpui = va_arg(ap, isc_uint64_t); ++ tmpui = va_arg(ap, uint64_t); + else if (l) + tmpui = va_arg(ap, unsigned long int); + else +@@ -267,7 +267,7 @@ isc_print_vsnprintf(char *str, size_t si + goto printint; + case 'X': + if (q) +- tmpui = va_arg(ap, isc_uint64_t); ++ tmpui = va_arg(ap, uint64_t); + else if (l) + tmpui = va_arg(ap, unsigned long int); + else +Index: dhcp-4.4.1/server/confpars.c +=================================================================== +--- dhcp-4.4.1.orig/server/confpars.c ++++ dhcp-4.4.1/server/confpars.c +@@ -4005,15 +4005,15 @@ add_ipv6_pool_to_subnet(struct subnet *s + + /* Only bother if we aren't already flagged as jumbo */ + if (pond->jumbo_range == 0) { +- if ((units - bits) > (sizeof(isc_uint64_t) * 8)) { ++ if ((units - bits) > (sizeof(uint64_t) * 8)) { + pond->jumbo_range = 1; + pond->num_total = POND_TRACK_MAX; + } + else { +- isc_uint64_t space_left ++ uint64_t space_left + = POND_TRACK_MAX - pond->num_total; +- isc_uint64_t addon +- = (isc_uint64_t)(1) << (units - bits); ++ uint64_t addon ++ = (uint64_t)(1) << (units - bits); + + if (addon > space_left) { + pond->jumbo_range = 1; +@@ -4739,7 +4739,7 @@ parse_ia_na_declaration(struct parse *cf + struct iasubopt *iaaddr; + struct ipv6_pool *pool; + char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; +- isc_boolean_t newbinding; ++ bool newbinding; + struct binding_scope *scope = NULL; + struct binding *bnd; + struct binding_value *nv = NULL; +@@ -4959,9 +4959,9 @@ parse_ia_na_declaration(struct parse *cf + } + strcpy(bnd->name, val); + +- newbinding = ISC_TRUE; ++ newbinding = true; + } else { +- newbinding = ISC_FALSE; ++ newbinding = false; + } + + if (!binding_value_allocate(&nv, MDL)) { +@@ -5186,7 +5186,7 @@ parse_ia_ta_declaration(struct parse *cf + struct iasubopt *iaaddr; + struct ipv6_pool *pool; + char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; +- isc_boolean_t newbinding; ++ bool newbinding; + struct binding_scope *scope = NULL; + struct binding *bnd; + struct binding_value *nv = NULL; +@@ -5406,9 +5406,9 @@ parse_ia_ta_declaration(struct parse *cf + } + strcpy(bnd->name, val); + +- newbinding = ISC_TRUE; ++ newbinding = true; + } else { +- newbinding = ISC_FALSE; ++ newbinding = false; + } + + if (!binding_value_allocate(&nv, MDL)) { +@@ -5623,7 +5623,7 @@ parse_ia_pd_declaration(struct parse *cf + struct iasubopt *iapref; + struct ipv6_pool *pool; + char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; +- isc_boolean_t newbinding; ++ bool newbinding; + struct binding_scope *scope = NULL; + struct binding *bnd; + struct binding_value *nv = NULL; +@@ -5843,9 +5843,9 @@ parse_ia_pd_declaration(struct parse *cf + } + strcpy(bnd->name, val); + +- newbinding = ISC_TRUE; ++ newbinding = true; + } else { +- newbinding = ISC_FALSE; ++ newbinding = false; + } + + if (!binding_value_allocate(&nv, MDL)) { +Index: dhcp-4.4.1/server/dhcpv6.c +=================================================================== +--- dhcp-4.4.1.orig/server/dhcpv6.c ++++ dhcp-4.4.1/server/dhcpv6.c +@@ -71,8 +71,8 @@ struct reply_state { + unsigned ia_count; + unsigned pd_count; + unsigned client_resources; +- isc_boolean_t resources_included; +- isc_boolean_t static_lease; ++ bool resources_included; ++ bool static_lease; + unsigned static_prefixes; + struct ia_xx *ia; + struct ia_xx *old_ia; +@@ -123,7 +123,7 @@ static isc_result_t shared_network_from_ + struct packet *packet); + static void seek_shared_host(struct host_decl **hp, + struct shared_network *shared); +-static isc_boolean_t fixed_matches_shared(struct host_decl *host, ++static bool fixed_matches_shared(struct host_decl *host, + struct shared_network *shared); + static isc_result_t reply_process_ia_na(struct reply_state *reply, + struct option_cache *ia); +@@ -131,9 +131,9 @@ static isc_result_t reply_process_ia_ta( + struct option_cache *ia); + static isc_result_t reply_process_addr(struct reply_state *reply, + struct option_cache *addr); +-static isc_boolean_t address_is_owned(struct reply_state *reply, ++static bool address_is_owned(struct reply_state *reply, + struct iaddr *addr); +-static isc_boolean_t temporary_is_available(struct reply_state *reply, ++static bool temporary_is_available(struct reply_state *reply, + struct iaddr *addr); + static isc_result_t find_client_temporaries(struct reply_state *reply); + static isc_result_t reply_process_try_addr(struct reply_state *reply, +@@ -151,7 +151,7 @@ static isc_result_t reply_process_ia_pd( + static struct group *find_group_by_prefix(struct reply_state *reply); + static isc_result_t reply_process_prefix(struct reply_state *reply, + struct option_cache *pref); +-static isc_boolean_t prefix_is_owned(struct reply_state *reply, ++static bool prefix_is_owned(struct reply_state *reply, + struct iaddrcidrnet *pref); + static isc_result_t find_client_prefix(struct reply_state *reply); + static isc_result_t reply_process_try_prefix(struct reply_state *reply, +@@ -174,7 +174,7 @@ static void unicast_reject(struct data_s + const struct data_string *client_id, + const struct data_string *server_id); + +-static isc_boolean_t is_unicast_option_defined(struct packet *packet); ++static bool is_unicast_option_defined(struct packet *packet); + static isc_result_t shared_network_from_requested_addr (struct shared_network + **shared, + struct packet* packet); +@@ -363,7 +363,7 @@ static struct data_string server_duid; + /* + * Check if the server_duid has been set. + */ +-isc_boolean_t ++bool + server_duid_isset(void) { + return (server_duid.data != NULL); + } +@@ -992,7 +992,7 @@ void check_pool6_threshold(struct reply_ + struct iasubopt *lease) + { + struct ipv6_pond *pond; +- isc_uint64_t used, count, high_threshold; ++ uint64_t used, count, high_threshold; + int poolhigh = 0, poollow = 0; + char *shared_name = "no name"; + char tmp_addr[INET6_ADDRSTRLEN]; +@@ -1310,9 +1310,9 @@ pick_v6_address(struct reply_state *repl + unsigned int attempts; + char tmp_buf[INET6_ADDRSTRLEN]; + struct iasubopt **addr = &reply->lease; +- isc_uint64_t total = 0; +- isc_uint64_t active = 0; +- isc_uint64_t abandoned = 0; ++ uint64_t total = 0; ++ uint64_t active = 0; ++ uint64_t abandoned = 0; + int jumbo_range = 0; + char *shared_name = (reply->shared->name ? + reply->shared->name : "(no name)"); +@@ -1825,7 +1825,7 @@ lease_to_client(struct data_string *repl + + /* Start counting resources (addresses) offered. */ + reply.client_resources = 0; +- reply.resources_included = ISC_FALSE; ++ reply.resources_included = false; + + status = reply_process_ia_na(&reply, oc); + +@@ -1843,7 +1843,7 @@ lease_to_client(struct data_string *repl + + /* Start counting resources (addresses) offered. */ + reply.client_resources = 0; +- reply.resources_included = ISC_FALSE; ++ reply.resources_included = false; + + status = reply_process_ia_ta(&reply, oc); + +@@ -1864,7 +1864,7 @@ lease_to_client(struct data_string *repl + + /* Start counting resources (prefixes) offered. */ + reply.client_resources = 0; +- reply.resources_included = ISC_FALSE; ++ reply.resources_included = false; + + status = reply_process_ia_pd(&reply, oc); + +@@ -2077,9 +2077,9 @@ reply_process_ia_na(struct reply_state * + tmp_addr, MDL) == 0) + log_fatal("Impossible condition at %s:%d.", MDL); + +- reply->static_lease = ISC_TRUE; ++ reply->static_lease = true; + } else +- reply->static_lease = ISC_FALSE; ++ reply->static_lease = false; + + /* + * Save the cursor position at the start of the IA, so we can +@@ -2778,7 +2778,7 @@ reply_process_addr(struct reply_state *r + * (fault out all else). Otherwise it's a dynamic address, so lookup + * that address and make sure it belongs to this DUID:IAID pair. + */ +-static isc_boolean_t ++static bool + address_is_owned(struct reply_state *reply, struct iaddr *addr) { + int i; + struct ipv6_pond *pond; +@@ -2791,13 +2791,13 @@ address_is_owned(struct reply_state *rep + log_fatal("Impossible condition at %s:%d.", MDL); + + if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0) +- return (ISC_TRUE); ++ return (true); + +- return (ISC_FALSE); ++ return (false); + } + + if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0)) +- return (ISC_FALSE); ++ return (false); + + for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) { + struct iasubopt *tmp; +@@ -2805,8 +2805,8 @@ address_is_owned(struct reply_state *rep + tmp = reply->old_ia->iasubopt[i]; + + if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) { +- if (lease6_usable(tmp) == ISC_FALSE) { +- return (ISC_FALSE); ++ if (lease6_usable(tmp) == false) { ++ return (false); + } + + pond = tmp->ipv6_pool->ipv6_pond; +@@ -2814,15 +2814,15 @@ address_is_owned(struct reply_state *rep + (permitted(reply->packet, pond->prohibit_list))) || + ((pond->permit_list != NULL) && + (!permitted(reply->packet, pond->permit_list)))) +- return (ISC_FALSE); ++ return (false); + + iasubopt_reference(&reply->lease, tmp, MDL); + +- return (ISC_TRUE); ++ return (true); + } + } + +- return (ISC_FALSE); ++ return (false); + } + + /* Process a client-supplied IA_TA. This may append options to the tail of +@@ -2890,7 +2890,7 @@ reply_process_ia_ta(struct reply_state * + /* + * Temporary leases are dynamic by definition. + */ +- reply->static_lease = ISC_FALSE; ++ reply->static_lease = false; + + /* + * Save the cursor position at the start of the IA, so we can +@@ -2972,7 +2972,7 @@ reply_process_ia_ta(struct reply_state * + } + status = ISC_R_CANCELED; + reply->client_resources = 0; +- reply->resources_included = ISC_FALSE; ++ reply->resources_included = false; + if (reply->lease != NULL) + iasubopt_dereference(&reply->lease, MDL); + } +@@ -3364,7 +3364,7 @@ void shorten_lifetimes(struct reply_stat + /* + * Verify the temporary address is available. + */ +-static isc_boolean_t ++static bool + temporary_is_available(struct reply_state *reply, struct iaddr *addr) { + struct in6_addr tmp_addr; + struct subnet *subnet; +@@ -3379,7 +3379,7 @@ temporary_is_available(struct reply_stat + * So this is not a request for this address. + */ + if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr)) +- return ISC_FALSE; ++ return false; + + /* + * Verify that this address is on the client's network. +@@ -3393,13 +3393,13 @@ temporary_is_available(struct reply_stat + + /* Address not found on shared network. */ + if (subnet == NULL) +- return ISC_FALSE; ++ return false; + + /* + * Check if this address is owned (must be before next step). + */ + if (address_is_owned(reply, addr)) +- return ISC_TRUE; ++ return true; + + /* + * Verify that this address is in a temporary pool and try to get it. +@@ -3424,18 +3424,18 @@ temporary_is_available(struct reply_stat + } + + if (pool == NULL) +- return ISC_FALSE; ++ return false; + if (lease6_exists(pool, &tmp_addr)) +- return ISC_FALSE; ++ return false; + if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + reply->lease->addr = tmp_addr; + reply->lease->plen = 0; + /* Default is soft binding for 2 minutes. */ + if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + +- return ISC_TRUE; ++ return true; + } + + /* +@@ -3652,7 +3652,7 @@ find_client_address(struct reply_state * + */ + + if ((candidate_shared != reply->shared) || +- (lease6_usable(lease) != ISC_TRUE)) ++ (lease6_usable(lease) != true)) + continue; + + if (((pond->prohibit_list != NULL) && +@@ -3971,7 +3971,7 @@ reply_process_send_addr(struct reply_sta + goto cleanup; + } + +- reply->resources_included = ISC_TRUE; ++ reply->resources_included = true; + + cleanup: + if (data.data != NULL) +@@ -4722,7 +4722,7 @@ reply_process_prefix(struct reply_state + * (fault out all else). Otherwise it's a dynamic prefix, so lookup + * that prefix and make sure it belongs to this DUID:IAID pair. + */ +-static isc_boolean_t ++static bool + prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) { + struct iaddrcidrnetlist *l; + int i; +@@ -4736,14 +4736,14 @@ prefix_is_owned(struct reply_state *repl + if ((pref->bits == l->cidrnet.bits) && + (memcmp(pref->lo_addr.iabuf, + l->cidrnet.lo_addr.iabuf, 16) == 0)) +- return (ISC_TRUE); ++ return (true); + } +- return (ISC_FALSE); ++ return (false); + } + + if ((reply->old_ia == NULL) || + (reply->old_ia->num_iasubopt == 0)) +- return (ISC_FALSE); ++ return (false); + + for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) { + struct iasubopt *tmp; +@@ -4752,8 +4752,8 @@ prefix_is_owned(struct reply_state *repl + + if ((pref->bits == (int) tmp->plen) && + (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) { +- if (lease6_usable(tmp) == ISC_FALSE) { +- return (ISC_FALSE); ++ if (lease6_usable(tmp) == false) { ++ return (false); + } + + pond = tmp->ipv6_pool->ipv6_pond; +@@ -4761,14 +4761,14 @@ prefix_is_owned(struct reply_state *repl + (permitted(reply->packet, pond->prohibit_list))) || + ((pond->permit_list != NULL) && + (!permitted(reply->packet, pond->permit_list)))) +- return (ISC_FALSE); ++ return (false); + + iasubopt_reference(&reply->lease, tmp, MDL); +- return (ISC_TRUE); ++ return (true); + } + } + +- return (ISC_FALSE); ++ return (false); + } + + /* +@@ -4914,7 +4914,7 @@ find_client_prefix(struct reply_state *r + */ + if (((candidate_shared != NULL) && + (candidate_shared != reply->shared)) || +- (lease6_usable(prefix) != ISC_TRUE)) ++ (lease6_usable(prefix) != true)) + continue; + + /* +@@ -5233,7 +5233,7 @@ reply_process_send_prefix(struct reply_s + goto cleanup; + } + +- reply->resources_included = ISC_TRUE; ++ reply->resources_included = true; + + cleanup: + if (data.data != NULL) +@@ -5383,8 +5383,8 @@ dhcpv6_request(struct data_string *reply + + /* If the REQUEST arrived via unicast and unicast option isn't set, + * reject it per RFC 3315, Sec 18.2.1 */ +- if (packet->unicast == ISC_TRUE && +- is_unicast_option_defined(packet) == ISC_FALSE) { ++ if (packet->unicast == true && ++ is_unicast_option_defined(packet) == false) { + unicast_reject(reply_ret, packet, &client_id, &server_id); + } else { + /* +@@ -5505,7 +5505,7 @@ dhcpv6_confirm(struct data_string *reply + struct option_state *cli_enc_opt_state, *opt_state; + struct iaddr cli_addr; + int pass; +- isc_boolean_t inappropriate, has_addrs; ++ bool inappropriate, has_addrs; + char reply_data[65536]; + struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data; + int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options)); +@@ -5556,7 +5556,7 @@ dhcpv6_confirm(struct data_string *reply + goto exit; + + /* Are the addresses in all the IA's appropriate for that link? */ +- has_addrs = inappropriate = ISC_FALSE; ++ has_addrs = inappropriate = false; + pass = D6O_IA_NA; + while(!inappropriate) { + /* If we've reached the end of the IA_NA pass, move to the +@@ -5602,7 +5602,7 @@ dhcpv6_confirm(struct data_string *reply + data_string_forget(&iaaddr, MDL); + + /* Record that we've processed at least one address. */ +- has_addrs = ISC_TRUE; ++ has_addrs = true; + + /* Find out if any subnets cover this address. */ + for (subnet = shared->subnets ; subnet != NULL ; +@@ -5621,7 +5621,7 @@ dhcpv6_confirm(struct data_string *reply + * continue searching. + */ + if (subnet == NULL) { +- inappropriate = ISC_TRUE; ++ inappropriate = true; + break; + } + } +@@ -5719,8 +5719,8 @@ dhcpv6_renew(struct data_string *reply, + + /* If the RENEW arrived via unicast and unicast option isn't set, + * reject it per RFC 3315, Sec 18.2.3 */ +- if (packet->unicast == ISC_TRUE && +- is_unicast_option_defined(packet) == ISC_FALSE) { ++ if (packet->unicast == true && ++ is_unicast_option_defined(packet) == false) { + unicast_reject(reply, packet, &client_id, &server_id); + } else { + /* +@@ -6142,8 +6142,8 @@ dhcpv6_decline(struct data_string *reply + + /* If the DECLINE arrived via unicast and unicast option isn't set, + * reject it per RFC 3315, Sec 18.2.7 */ +- if (packet->unicast == ISC_TRUE && +- is_unicast_option_defined(packet) == ISC_FALSE) { ++ if (packet->unicast == true && ++ is_unicast_option_defined(packet) == false) { + unicast_reject(reply, packet, &client_id, &server_id); + } else { + /* +@@ -6597,8 +6597,8 @@ dhcpv6_release(struct data_string *reply + + /* If the RELEASE arrived via unicast and unicast option isn't set, + * reject it per RFC 3315, Sec 18.2.6 */ +- if (packet->unicast == ISC_TRUE && +- is_unicast_option_defined(packet) == ISC_FALSE) { ++ if (packet->unicast == true && ++ is_unicast_option_defined(packet) == false) { + unicast_reject(reply, packet, &client_id, &server_id); + } else { + /* +@@ -6897,7 +6897,7 @@ dhcpv6_relay_forw(struct data_string *re + } + data_string_forget(&a_opt, MDL); + +- packet->relay_source_port = ISC_TRUE; ++ packet->relay_source_port = true; + } + #endif + +@@ -7219,7 +7219,7 @@ dhcp4o6_relay_forw(struct data_string *r + } + data_string_forget(&a_opt, MDL); + +- packet->relay_source_port = ISC_TRUE; ++ packet->relay_source_port = true; + } + #endif + +@@ -8036,35 +8036,35 @@ seek_shared_host(struct host_decl **hp, + host_reference(hp, seek, MDL); + } + +-static isc_boolean_t ++static bool + fixed_matches_shared(struct host_decl *host, struct shared_network *shared) { + struct subnet *subnet; + struct data_string addr; +- isc_boolean_t matched; ++ bool matched; + struct iaddr fixed; + + if (host->fixed_addr == NULL) +- return ISC_FALSE; ++ return false; + + memset(&addr, 0, sizeof(addr)); + if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL, + &global_scope, host->fixed_addr, MDL)) +- return ISC_FALSE; ++ return false; + + if (addr.len < 16) { + data_string_forget(&addr, MDL); +- return ISC_FALSE; ++ return false; + } + + fixed.len = 16; + memcpy(fixed.iabuf, addr.data, 16); + +- matched = ISC_FALSE; ++ matched = false; + for (subnet = shared->subnets ; subnet != NULL ; + subnet = subnet->next_sibling) { + if (addr_eq(subnet_number(fixed, subnet->netmask), + subnet->net)) { +- matched = ISC_TRUE; ++ matched = true; + break; + } + } +@@ -8167,15 +8167,15 @@ unicast_reject(struct data_string *reply + * statements from the network's group outward into a local option cache. + * The option cache is then scanned for the presence of unicast option. If + * the packet cannot be mapped to a shared network, the function returns +- * ISC_FALSE. ++ * false. + * \param packet inbound packet from the client + * +- * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise. ++ * \return true if the dhcp6.unicast option is defined, false otherwise. + * + */ +-isc_boolean_t ++bool + is_unicast_option_defined(struct packet *packet) { +- isc_boolean_t is_defined = ISC_FALSE; ++ bool is_defined = false; + struct option_state *opt_state = NULL; + struct option_cache *oc = NULL; + struct shared_network *shared = NULL; +@@ -8195,7 +8195,7 @@ is_unicast_option_defined(struct packet + * logic will catch it */ + log_error("is_unicast_option_defined:" + "cannot attribute packet to a network."); +- return (ISC_FALSE); ++ return (false); + } + + /* Now that we've mapped it to a network, execute statments to that +@@ -8205,7 +8205,7 @@ is_unicast_option_defined(struct packet + &global_scope, shared->group, NULL, NULL); + + oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST); +- is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE); ++ is_defined = (oc != NULL ? true : false); + log_debug("is_unicast_option_defined: option found : %d", is_defined); + + if (shared != NULL) { +Index: dhcp-4.4.1/client/clparse.c +=================================================================== +--- dhcp-4.4.1.orig/client/clparse.c ++++ dhcp-4.4.1/client/clparse.c +@@ -1527,7 +1527,7 @@ parse_client6_lease_statement(struct par + + case TOKEN_RELEASED: + case TOKEN_ABANDONED: +- lease->released = ISC_TRUE; ++ lease->released = true; + break; + + default: +Index: dhcp-4.4.1/client/dhc6.c +=================================================================== +--- dhcp-4.4.1.orig/client/dhc6.c ++++ dhcp-4.4.1/client/dhc6.c +@@ -109,7 +109,7 @@ static isc_result_t dhc6_add_ia_pd(struc + u_int8_t message, + int wanted, + int *added); +-static isc_boolean_t stopping_finished(void); ++static bool stopping_finished(void); + static void dhc6_merge_lease(struct dhc6_lease *src, struct dhc6_lease *dst); + void do_select6(void *input); + void do_refresh6(void *input); +@@ -131,7 +131,7 @@ static void script_write_params6(struct + const char *prefix, + struct option_state *options); + static void script_write_requested6(struct client_state *client); +-static isc_boolean_t active_prefix(struct client_state *client); ++static bool active_prefix(struct client_state *client); + + static int check_timing6(struct client_state *client, u_int8_t msg_type, + char *msg_str, struct dhc6_lease *lease, +@@ -149,7 +149,7 @@ static isc_result_t dhc6_add_ia_na_decli + struct data_string *packet, + struct dhc6_lease *lease); + static int drop_declined_addrs(struct dhc6_lease *lease); +-static isc_boolean_t unexpired_address_in_lease(struct dhc6_lease *lease); ++static bool unexpired_address_in_lease(struct dhc6_lease *lease); + + extern int onetry; + extern int stateless; +@@ -418,14 +418,14 @@ valid_reply(struct packet *packet, struc + { + struct data_string sid, cid; + struct option_cache *oc; +- int rval = ISC_TRUE; ++ int rval = true; + + memset(&sid, 0, sizeof(sid)); + memset(&cid, 0, sizeof(cid)); + + if (!lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID)) { + log_error("Response without a server identifier received."); +- rval = ISC_FALSE; ++ rval = false; + } + + oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID); +@@ -434,7 +434,7 @@ valid_reply(struct packet *packet, struc + client->sent_options, &global_scope, oc, + MDL)) { + log_error("Response without a client identifier."); +- rval = ISC_FALSE; ++ rval = false; + } + + oc = lookup_option(&dhcpv6_universe, client->sent_options, +@@ -444,7 +444,7 @@ valid_reply(struct packet *packet, struc + client->sent_options, NULL, &global_scope, + oc, MDL)) { + log_error("Local client identifier is missing!"); +- rval = ISC_FALSE; ++ rval = false; + } + + if (sid.len == 0 || +@@ -452,7 +452,7 @@ valid_reply(struct packet *packet, struc + memcmp(sid.data, cid.data, sid.len)) { + log_error("Advertise with matching transaction ID, but " + "mismatching client id."); +- rval = ISC_FALSE; ++ rval = false; + } + + /* clean up pointers to the strings */ +@@ -2375,7 +2375,7 @@ start_release6(struct client_state *clie + /* Note this in the lease file. */ + if (client->active_lease == NULL) + return; +- client->active_lease->released = ISC_TRUE; ++ client->active_lease->released = true; + write_client6_lease(client, client->active_lease, 0, 1); + + /* Set timers per RFC3315 section 18.1.6. */ +@@ -2612,7 +2612,7 @@ dhc6_check_advertise(struct dhc6_lease * + { + struct dhc6_ia *ia; + isc_result_t rval = ISC_R_SUCCESS; +- int have_addrs = ISC_FALSE; ++ int have_addrs = false; + unsigned code; + const char *scope; + int got_na = 0, got_ta = 0, got_pd = 0; +@@ -2650,14 +2650,14 @@ dhc6_check_advertise(struct dhc6_lease * + * Should we check the addr itself for usability? + */ + if (ia->addrs != NULL) { +- have_addrs = ISC_TRUE; ++ have_addrs = true; + } + } + + /* If we didn't get some addrs or the user required us to + * get all of the requested IAs and we didn't return an error + */ +- if ((have_addrs != ISC_TRUE) || ++ if ((have_addrs != true) || + ((require_all_ias != 0) && + ((got_na < wanted_ia_na) || + (got_ta < wanted_ia_ta) || +@@ -2670,7 +2670,7 @@ dhc6_check_advertise(struct dhc6_lease * + /* status code <-> action matrix for the client in INIT state + * (rapid/commit). Returns always false as no action is defined. + */ +-static isc_boolean_t ++static bool + dhc6_init_action(struct client_state *client, isc_result_t *rvalp, + unsigned code) + { +@@ -2679,21 +2679,21 @@ dhc6_init_action(struct client_state *cl + + if (client == NULL) { + *rvalp = DHCP_R_INVALIDARG; +- return ISC_FALSE; ++ return false; + } + + if (*rvalp == ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + + /* No possible action in any case... */ +- return ISC_FALSE; ++ return false; + } + + /* status code <-> action matrix for the client in SELECT state + * (request/reply). Returns true if action was taken (and the + * packet should be ignored), or false if no action was taken. + */ +-static isc_boolean_t ++static bool + dhc6_select_action(struct client_state *client, isc_result_t *rvalp, + unsigned code) + { +@@ -2705,12 +2705,12 @@ dhc6_select_action(struct client_state * + + if (client == NULL) { + *rvalp = DHCP_R_INVALIDARG; +- return ISC_FALSE; ++ return false; + } + rval = *rvalp; + + if (rval == ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + + switch (code) { + /* We may have an earlier failure status code (so no +@@ -2723,7 +2723,7 @@ dhc6_select_action(struct client_state * + case STATUS_NoBinding: + case STATUS_UseMulticast: + /* Take no action. */ +- return ISC_FALSE; ++ return false; + + /* If the server can't deal with us, either try the + * next advertised server, or continue retrying if there +@@ -2739,7 +2739,7 @@ dhc6_select_action(struct client_state * + + break; + } else /* Take no action - continue to retry. */ +- return ISC_FALSE; ++ return false; + + /* If the server has no addresses, try other servers if + * we got some, otherwise go to INIT to hope for more +@@ -2748,7 +2748,7 @@ dhc6_select_action(struct client_state * + case STATUS_NoAddrsAvail: + case STATUS_NoPrefixAvail: + if (client->state == S_REBOOTING) +- return ISC_FALSE; ++ return false; + + if (client->selected_lease == NULL) + log_fatal("Impossible case at %s:%d.", MDL); +@@ -2794,7 +2794,7 @@ dhc6_select_action(struct client_state * + break; + } + +- return ISC_TRUE; ++ return true; + } + + static void +@@ -2821,7 +2821,7 @@ dhc6_withdraw_lease(struct client_state + * (request/reply). Returns true if action was taken (and the + * packet should be ignored), or false if no action was taken. + */ +-static isc_boolean_t ++static bool + dhc6_reply_action(struct client_state *client, isc_result_t *rvalp, + unsigned code) + { +@@ -2832,12 +2832,12 @@ dhc6_reply_action(struct client_state *c + + if (client == NULL) { + *rvalp = DHCP_R_INVALIDARG; +- return ISC_FALSE; ++ return false; + } + rval = *rvalp; + + if (rval == ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + + switch (code) { + /* It's possible an earlier status code set rval to a failure +@@ -2852,7 +2852,7 @@ dhc6_reply_action(struct client_state *c + case STATUS_UnspecFail: + /* For unknown codes...it's a soft (retryable) error. */ + default: +- return ISC_FALSE; ++ return false; + + /* The server is telling us to use a multicast address, so + * we have to delete the unicast option from the active +@@ -2865,7 +2865,7 @@ dhc6_reply_action(struct client_state *c + delete_option(&dhcp_universe, + client->active_lease->options, + D6O_UNICAST); +- return ISC_FALSE; ++ return false; + + /* "When the client receives a NotOnLink status from the + * server in response to a Request, the client can either +@@ -2914,7 +2914,7 @@ dhc6_reply_action(struct client_state *c + break; + } + +- return ISC_TRUE; ++ return true; + } + + /* status code <-> action matrix for the client in STOPPED state +@@ -2922,7 +2922,7 @@ dhc6_reply_action(struct client_state *c + * packet should be ignored), or false if no action was taken. + * NoBinding is translated into Success. + */ +-static isc_boolean_t ++static bool + dhc6_stop_action(struct client_state *client, isc_result_t *rvalp, + unsigned code) + { +@@ -2933,12 +2933,12 @@ dhc6_stop_action(struct client_state *cl + + if (client == NULL) { + *rvalp = DHCP_R_INVALIDARG; +- return ISC_FALSE; ++ return false; + } + rval = *rvalp; + + if (rval == ISC_R_SUCCESS) +- return ISC_FALSE; ++ return false; + + switch (code) { + /* It's possible an earlier status code set rval to a failure +@@ -2948,13 +2948,13 @@ dhc6_stop_action(struct client_state *cl + /* For unknown codes...it's a soft (retryable) error. */ + case STATUS_UnspecFail: + default: +- return ISC_FALSE; ++ return false; + + /* NoBinding is not an error */ + case STATUS_NoBinding: + if (rval == ISC_R_FAILURE) + *rvalp = ISC_R_SUCCESS; +- return ISC_FALSE; ++ return false; + + /* Should not happen */ + case STATUS_NoAddrsAvail: +@@ -2976,13 +2976,13 @@ dhc6_stop_action(struct client_state *cl + delete_option(&dhcp_universe, + client->active_lease->options, + D6O_UNICAST); +- return ISC_FALSE; ++ return false; + } + +- return ISC_TRUE; ++ return true; + } + +-static isc_boolean_t ++static bool + dhc6_decline_action(struct client_state *client, isc_result_t *rvalp, + unsigned code) + { +@@ -2993,12 +2993,12 @@ dhc6_decline_action(struct client_state + + if (client == NULL) { + *rvalp = DHCP_R_INVALIDARG; +- return ISC_FALSE; ++ return false; + } + rval = *rvalp; + + if (rval == ISC_R_SUCCESS) { +- return ISC_FALSE; ++ return false; + } + + switch (code) { +@@ -3013,13 +3013,13 @@ dhc6_decline_action(struct client_state + delete_option(&dhcp_universe, + client->active_lease->options, + D6O_UNICAST); +- return ISC_FALSE; ++ return false; + default: + /* Anything else is basically meaningless */ + break; + } + +- return ISC_TRUE; ++ return true; + } + + +@@ -3029,14 +3029,14 @@ dhc6_decline_action(struct client_state + static isc_result_t + dhc6_check_reply(struct client_state *client, struct dhc6_lease *new) + { +- isc_boolean_t (*action)(struct client_state *, ++ bool (*action)(struct client_state *, + isc_result_t *, unsigned); + struct dhc6_ia *ia; + isc_result_t rval = ISC_R_SUCCESS; + unsigned code; + const char *scope; + int nscore, sscore; +- int have_addrs = ISC_FALSE; ++ int have_addrs = false; + int got_na = 0, got_ta = 0, got_pd = 0; + + if ((client == NULL) || (new == NULL)) +@@ -3102,7 +3102,7 @@ dhc6_check_reply(struct client_state *cl + return ISC_R_CANCELED; + + if (ia->addrs != NULL) { +- have_addrs = ISC_TRUE; ++ have_addrs = true; + } + } + +@@ -3119,13 +3119,13 @@ dhc6_check_reply(struct client_state *cl + * check in and commented it as I eventually do want + * us to check for TAs as well. SAR + */ +- if ((have_addrs != ISC_TRUE) || ++ if ((have_addrs != true) || + ((require_all_ias != 0) && + ((got_na < wanted_ia_na) || + /*(got_ta < wanted_ia_ta) ||*/ + (got_pd < wanted_ia_pd)))) { + rval = ISC_R_FAILURE; +- if (action(client, &rval, STATUS_NoAddrsAvail) == ISC_TRUE) { ++ if (action(client, &rval, STATUS_NoAddrsAvail) == true) { + return ISC_R_CANCELED; + } + } +@@ -4256,7 +4256,7 @@ dhc6_add_ia_pd(struct client_state *clie + + /* stopping_finished() checks if there is a remaining work to do. + */ +-static isc_boolean_t ++static bool + stopping_finished(void) + { + struct interface_info *ip; +@@ -4265,12 +4265,12 @@ stopping_finished(void) + for (ip = interfaces; ip; ip = ip -> next) { + for (client = ip -> client; client; client = client -> next) { + if (client->state != S_STOPPED) +- return ISC_FALSE; ++ return false; + if (client->active_lease != NULL) +- return ISC_FALSE; ++ return false; + } + } +- return ISC_TRUE; ++ return true; + } + + /* reply_handler() accepts a Reply while we're attempting Select or Renew or +@@ -4474,8 +4474,8 @@ dhc6_check_times(struct client_state *cl + struct dhc6_addr *addr; + TIME renew=MAX_TIME, rebind=MAX_TIME, depref=MAX_TIME, + lo_expire=MAX_TIME, hi_expire=0, max_ia_starts = 0, tmp; +- int has_addrs = ISC_FALSE; +- int has_preferred_addrs = ISC_FALSE; ++ int has_addrs = false; ++ int has_preferred_addrs = false; + struct timeval tv; + + lease = client->active_lease; +@@ -4506,7 +4506,7 @@ dhc6_check_times(struct client_state *cl + depref = tmp; + + if (!(addr->flags & DHC6_ADDR_EXPIRED)) { +- has_preferred_addrs = ISC_TRUE; ++ has_preferred_addrs = true; + } + } + +@@ -4525,7 +4525,7 @@ dhc6_check_times(struct client_state *cl + if (tmp < this_ia_lo_expire) + this_ia_lo_expire = tmp; + +- has_addrs = ISC_TRUE; ++ has_addrs = true; + } + } + +@@ -4603,7 +4603,7 @@ dhc6_check_times(struct client_state *cl + * In the future, we may decide that we're done here, or to + * schedule a future request (using 4-pkt info-request model). + */ +- if (has_addrs == ISC_FALSE) { ++ if (has_addrs == false) { + dhc6_lease_destroy(&client->active_lease, MDL); + client->active_lease = NULL; + +@@ -4855,7 +4855,7 @@ start_bound(struct client_state *client) + "is selected."); + return; + } +- lease->released = ISC_FALSE; ++ lease->released = false; + old = client->old_lease; + + client->v6_handler = bound_handler; +@@ -5448,8 +5448,8 @@ do_expire(void *input) + struct dhc6_lease *lease; + struct dhc6_ia *ia, **tia; + struct dhc6_addr *addr; +- int has_addrs = ISC_FALSE; +- int ia_has_addrs = ISC_FALSE; ++ int has_addrs = false; ++ int ia_has_addrs = false; + + client = (struct client_state *)input; + +@@ -5458,7 +5458,7 @@ do_expire(void *input) + return; + + for (ia = lease->bindings, tia = &lease->bindings; ia != NULL ; ) { +- ia_has_addrs = ISC_FALSE; ++ ia_has_addrs = false; + for (addr = ia->addrs ; addr != NULL ; addr = addr->next) { + if (addr->flags & DHC6_ADDR_EXPIRED) + continue; +@@ -5495,14 +5495,14 @@ do_expire(void *input) + continue; + } + +- ia_has_addrs = ISC_TRUE; +- has_addrs = ISC_TRUE; ++ ia_has_addrs = true; ++ has_addrs = true; + } + + /* Update to the next ia and git rid of this ia + * if it doesn't have any leases. + */ +- if (ia_has_addrs == ISC_TRUE) { ++ if (ia_has_addrs == true) { + /* leases, just advance the list pointer */ + tia = &(*tia)->next; + } else { +@@ -5517,7 +5517,7 @@ do_expire(void *input) + } + + /* Clean up empty leases. */ +- if (has_addrs == ISC_FALSE) { ++ if (has_addrs == false) { + log_info("PRC: Bound lease is devoid of active addresses." + " Re-initializing."); + +@@ -5596,14 +5596,14 @@ dhc6_check_irt(struct client_state *clie + TIME expire = MAX_TIME; + struct timeval tv; + int i; +- isc_boolean_t found = ISC_FALSE; ++ bool found = false; + + cancel_timeout(refresh_info_request6, client); + + req = client->config->requested_options; + for (i = 0; req[i] != NULL; i++) { + if (req[i] == irt_option) { +- found = ISC_TRUE; ++ found = true; + break; + } + } +@@ -5924,7 +5924,7 @@ static void script_write_requested6(clie + /* + * Check if there is something not fully defined in the active lease. + */ +-static isc_boolean_t ++static bool + active_prefix(struct client_state *client) + { + struct dhc6_lease *lease; +@@ -5934,21 +5934,21 @@ active_prefix(struct client_state *clien + + lease = client->active_lease; + if (lease == NULL) +- return ISC_FALSE; ++ return false; + memset(zeros, 0, 16); + for (ia = lease->bindings; ia != NULL; ia = ia->next) { + if (ia->ia_type != D6O_IA_PD) + continue; + for (pref = ia->addrs; pref != NULL; pref = pref->next) { + if (pref->plen == 0) +- return ISC_FALSE; ++ return false; + if (pref->address.len != 16) +- return ISC_FALSE; ++ return false; + if (memcmp(pref->address.iabuf, zeros, 16) == 0) +- return ISC_FALSE; ++ return false; + } + } +- return ISC_TRUE; ++ return true; + } + + /* Adds a leases's declined addreses to the outbound packet +@@ -6111,26 +6111,26 @@ int drop_declined_addrs(struct dhc6_leas + /* Run through the addresses in lease and return true if there's any unexpired. + * Return false otherwise. + */ +-static isc_boolean_t ++static bool + unexpired_address_in_lease(struct dhc6_lease *lease) + { + struct dhc6_ia *ia; + struct dhc6_addr *addr; + + if (lease == NULL) { +- return ISC_FALSE; ++ return false; + } + + for (ia = lease->bindings ; ia != NULL ; ia = ia->next) { + for (addr = ia->addrs ; addr != NULL ; addr = addr->next) { + if (!(addr->flags & DHC6_ADDR_EXPIRED) && + (addr->starts + addr->max_life > cur_time)) { +- return ISC_TRUE; ++ return true; + } + } + } + + log_debug("PRC: Previous lease is devoid of active addresses."); +- return ISC_FALSE; ++ return false; + } + #endif /* DHCPv6 */ +Index: dhcp-4.4.1/client/dhclient.c +=================================================================== +--- dhcp-4.4.1.orig/client/dhclient.c ++++ dhcp-4.4.1/client/dhclient.c +@@ -52,7 +52,7 @@ char *path_dhclient_script = path_dhclie + const char *path_dhclient_duid = NULL; + + /* False (default) => we write and use a pid file */ +-isc_boolean_t no_pid_file = ISC_FALSE; ++bool no_pid_file = false; + + int dhcp_max_agent_option_packet_length = 0; + +@@ -397,7 +397,7 @@ main(int argc, char **argv) { + path_dhclient_pid = argv[i]; + no_dhclient_pid = 1; + } else if (!strcmp(argv[i], "--no-pid")) { +- no_pid_file = ISC_TRUE; ++ no_pid_file = true; + } else if (!strcmp(argv[i], "-cf")) { + if (++i == argc) + usage(use_noarg, argv[i-1]); +@@ -652,7 +652,7 @@ main(int argc, char **argv) { + * to write a pid file - we assume they are controlling + * the process in some other fashion. + */ +- if ((release_mode || exit_mode) && (no_pid_file == ISC_FALSE)) { ++ if ((release_mode || exit_mode) && (no_pid_file == false)) { + FILE *pidfd; + pid_t oldpid; + long temp; +@@ -4469,7 +4469,7 @@ void write_client_pid_file () + int pfdesc; + + /* nothing to do if the user doesn't want a pid file */ +- if (no_pid_file == ISC_TRUE) { ++ if (no_pid_file == true) { + return; + } + +@@ -4727,7 +4727,7 @@ unsigned cons_agent_information_options + static void shutdown_exit (void *foo) + { + /* get rid of the pid if we can */ +- if (no_pid_file == ISC_FALSE) ++ if (no_pid_file == false) + (void) unlink(path_dhclient_pid); + finish(0); + } +Index: dhcp-4.4.1/common/inet.c +=================================================================== +--- dhcp-4.4.1.orig/common/inet.c ++++ dhcp-4.4.1/common/inet.c +@@ -299,7 +299,7 @@ addr_and(struct iaddr *result, const str + * + * Because the final ".1" would get masked out by the /8. + */ +-isc_boolean_t ++bool + is_cidr_mask_valid(const struct iaddr *addr, int bits) { + int zero_bits; + int zero_bytes; +@@ -311,10 +311,10 @@ is_cidr_mask_valid(const struct iaddr *a + * Check our bit boundaries. + */ + if (bits < 0) { +- return ISC_FALSE; ++ return false; + } + if (bits > (addr->len * 8)) { +- return ISC_FALSE; ++ return false; + } + + /* +@@ -328,7 +328,7 @@ is_cidr_mask_valid(const struct iaddr *a + */ + for (i=1; i<=zero_bytes; i++) { + if (addr->iabuf[addr->len-i] != 0) { +- return ISC_FALSE; ++ return false; + } + } + +@@ -340,7 +340,7 @@ is_cidr_mask_valid(const struct iaddr *a + * happy. + */ + shift_bits = zero_bits % 8; +- if (shift_bits == 0) return ISC_TRUE; ++ if (shift_bits == 0) return true; + byte = addr->iabuf[addr->len-zero_bytes-1]; + return (((byte >> shift_bits) << shift_bits) == byte); + } +Index: dhcp-4.4.1/common/options.c +=================================================================== +--- dhcp-4.4.1.orig/common/options.c ++++ dhcp-4.4.1/common/options.c +@@ -676,7 +676,7 @@ cons_options(struct packet *inpacket, st + * the priority_list. This way we'll send it whether or not it + * is in the PRL. */ + if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) && +- (inpacket->sv_echo_client_id == ISC_TRUE)) { ++ (inpacket->sv_echo_client_id == true)) { + priority_list[priority_len++] = + DHO_DHCP_CLIENT_IDENTIFIER; + } +@@ -1802,7 +1802,7 @@ const char *pretty_print_option (option, + const unsigned char *dp = data; + char comma; + unsigned long tval; +- isc_boolean_t a_array = ISC_FALSE; ++ bool a_array = false; + int len_used; + + if (emit_commas) +@@ -1828,7 +1828,7 @@ const char *pretty_print_option (option, + fmtbuf [l] = option -> format [i]; + switch (option -> format [i]) { + case 'a': +- a_array = ISC_TRUE; ++ a_array = true; + /* Fall through */ + case 'A': + --numelem; +@@ -1858,7 +1858,7 @@ const char *pretty_print_option (option, + hunksize++; + comma = ':'; + numhunk = 0; +- a_array = ISC_TRUE; ++ a_array = true; + hunkinc = 1; + } + fmtbuf [l + 1] = 0; +@@ -1954,7 +1954,7 @@ const char *pretty_print_option (option, + + /* If this is an array, compute its size. */ + if (numhunk == 0) { +- if (a_array == ISC_TRUE) { ++ if (a_array == true) { + /* + * It is an 'a' type array - we repeat the + * last format type. A binary string for 'X' +@@ -2006,7 +2006,7 @@ const char *pretty_print_option (option, + + /* Cycle through the array (or hunk) printing the data. */ + for (i = 0; i < numhunk; i++) { +- if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) { ++ if ((a_array == true) && (i != 0) && (numelem > 0)) { + /* + * For 'a' type of arrays we repeat + * only the last format character +@@ -2734,7 +2734,7 @@ save_option(struct universe *universe, s + struct option_cache *oc) + { + if (universe->save_func) +- (*universe->save_func)(universe, options, oc, ISC_FALSE); ++ (*universe->save_func)(universe, options, oc, true); + else + log_error("can't store options in %s space.", universe->name); + } +@@ -2745,14 +2745,14 @@ also_save_option(struct universe *univer + struct option_cache *oc) + { + if (universe->save_func) +- (*universe->save_func)(universe, options, oc, ISC_TRUE); ++ (*universe->save_func)(universe, options, oc, true); + else + log_error("can't store options in %s space.", universe->name); + } + + void + save_hashed_option(struct universe *universe, struct option_state *options, +- struct option_cache *oc, isc_boolean_t appendp) ++ struct option_cache *oc, bool appendp) + { + int hashix; + pair bptr; +@@ -3062,7 +3062,7 @@ store_option(struct data_string *result, + cfg_options, scope, subu); + subu = NULL; + } +- } while (ISC_FALSE); ++ } while (false); + + status = append_option(result, universe, oc->option, &tmp); + data_string_forget(&tmp, MDL); +@@ -3459,7 +3459,7 @@ lookup_fqdn6_option(struct universe *uni + */ + void + save_fqdn6_option(struct universe *universe, struct option_state *options, +- struct option_cache *oc, isc_boolean_t appendp) ++ struct option_cache *oc, bool appendp) + { + log_fatal("Impossible condition at %s:%d.", MDL); + } +@@ -3784,7 +3784,7 @@ void hashed_option_space_foreach (struct + + void + save_linked_option(struct universe *universe, struct option_state *options, +- struct option_cache *oc, isc_boolean_t appendp) ++ struct option_cache *oc, bool appendp) + { + pair *tail; + struct option_chain_head *head; +@@ -4073,7 +4073,7 @@ packet6_len_okay(const char *packet, int + void + do_packet6(struct interface_info *interface, const char *packet, + int len, int from_port, const struct iaddr *from, +- isc_boolean_t was_unicast) { ++ bool was_unicast) { + unsigned char msg_type; + const struct dhcpv6_packet *msg; + const struct dhcpv6_relay_packet *relay; +Index: dhcp-4.4.1/common/parse.c +=================================================================== +--- dhcp-4.4.1.orig/common/parse.c ++++ dhcp-4.4.1/common/parse.c +@@ -4952,7 +4952,7 @@ int parse_option_token (rv, cfile, fmt, + unsigned len; + struct iaddr addr; + int compress; +- isc_boolean_t freeval = ISC_FALSE; ++ bool freeval = false; + const char *f, *g; + struct enumeration_value *e; + +@@ -5038,7 +5038,7 @@ int parse_option_token (rv, cfile, fmt, + return 0; + } + len = strlen (val); +- freeval = ISC_TRUE; ++ freeval = true; + goto make_string; + + case 't': /* Text string... */ +@@ -5055,9 +5055,9 @@ int parse_option_token (rv, cfile, fmt, + if (!make_const_data (&t, (const unsigned char *)val, + len, 1, 1, MDL)) + log_fatal ("No memory for concatenation"); +- if (freeval == ISC_TRUE) { ++ if (freeval == true) { + dfree((char *)val, MDL); +- freeval = ISC_FALSE; ++ freeval = false; + POST(freeval); + } + break; +Index: dhcp-4.4.1/omapip/dispatch.c +=================================================================== +--- dhcp-4.4.1.orig/omapip/dispatch.c ++++ dhcp-4.4.1/omapip/dispatch.c +@@ -156,7 +156,7 @@ omapi_iscsock_cb(isc_task_t *task, + * This should be a temporary fix until we arrange to properly + * close the socket. + */ +- if (obj->closed == ISC_TRUE) { ++ if (obj->closed == true) { + return(0); + } + #endif +@@ -223,7 +223,7 @@ isc_result_t omapi_register_io_object (o + status = omapi_io_allocate (&obj, MDL); + if (status != ISC_R_SUCCESS) + return status; +- obj->closed = ISC_FALSE; /* mark as open */ ++ obj->closed = false; /* mark as open */ + + status = omapi_object_reference (&obj -> inner, h, MDL); + if (status != ISC_R_SUCCESS) { +@@ -404,7 +404,7 @@ isc_result_t omapi_unregister_io_object + isc_socket_detach(&obj->fd); + } + #else +- obj->closed = ISC_TRUE; ++ obj->closed = true; + #endif + + omapi_io_dereference (&ph, MDL); +Index: dhcp-4.4.1/omapip/isclib.c +=================================================================== +--- dhcp-4.4.1.orig/omapip/isclib.c ++++ dhcp-4.4.1/omapip/isclib.c +@@ -106,9 +106,9 @@ isclib_cleanup(void) + if (dhcp_gbl_ctx.taskmgr != NULL) + isc_taskmgr_destroy(&dhcp_gbl_ctx.taskmgr); + +- if (dhcp_gbl_ctx.actx_started != ISC_FALSE) { ++ if (dhcp_gbl_ctx.actx_started != false) { + isc_app_ctxfinish(dhcp_gbl_ctx.actx); +- dhcp_gbl_ctx.actx_started = ISC_FALSE; ++ dhcp_gbl_ctx.actx_started = false; + } + + if (dhcp_gbl_ctx.actx != NULL) +@@ -211,7 +211,7 @@ dhcp_context_create(int flags, + result = isc_app_ctxstart(dhcp_gbl_ctx.actx); + if (result != ISC_R_SUCCESS) + return (result); +- dhcp_gbl_ctx.actx_started = ISC_TRUE; ++ dhcp_gbl_ctx.actx_started = true; + + /* Not all OSs support suppressing SIGPIPE through socket + * options, so set the sigal action to be ignore. This allows +Index: dhcp-4.4.1/omapip/protocol.c +=================================================================== +--- dhcp-4.4.1.orig/omapip/protocol.c ++++ dhcp-4.4.1/omapip/protocol.c +@@ -950,14 +950,14 @@ isc_result_t omapi_protocol_stuff_values + /* Returns a boolean indicating whether this protocol requires that + messages be authenticated or not. */ + +-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *h) ++bool omapi_protocol_authenticated (omapi_object_t *h) + { + if (h -> type != omapi_type_protocol) +- return isc_boolean_false; ++ return false; + if (((omapi_protocol_object_t *)h) -> insecure) +- return isc_boolean_false; ++ return false; + else +- return isc_boolean_true; ++ return true; + } + + /* Sets the address and authenticator verification callbacks. The handle +Index: dhcp-4.4.1/relay/dhcrelay.c +=================================================================== +--- dhcp-4.4.1.orig/relay/dhcrelay.c ++++ dhcp-4.4.1/relay/dhcrelay.c +@@ -45,9 +45,9 @@ char *token_line; + char *tlname; + + const char *path_dhcrelay_pid = _PATH_DHCRELAY_PID; +-isc_boolean_t no_dhcrelay_pid = ISC_FALSE; ++bool no_dhcrelay_pid = false; + /* False (default) => we write and use a pid file */ +-isc_boolean_t no_pid_file = ISC_FALSE; ++bool no_pid_file = false; + + int bogus_agent_drops = 0; /* Packets dropped because agent option + field was specified and we're not relaying +@@ -82,7 +82,7 @@ int dfd[2] = { -1, -1 }; + + #ifdef DHCPv6 + /* Force use of DHCPv6 interface-id option. */ +-isc_boolean_t use_if_id = ISC_FALSE; ++bool use_if_id = false; + #endif + + /* Maximum size of a packet with agent options added. */ +@@ -556,7 +556,7 @@ main(int argc, char **argv) { + } + local_family_set = 1; + local_family = AF_INET6; +- use_if_id = ISC_TRUE; ++ use_if_id = true; + } else if (!strcmp(argv[i], "-l")) { + if (local_family_set && (local_family == AF_INET)) { + usage(use_v6command, argv[i]); +@@ -564,7 +564,7 @@ main(int argc, char **argv) { + local_family_set = 1; + local_family = AF_INET6; + if (downstreams != NULL) +- use_if_id = ISC_TRUE; ++ use_if_id = true; + if (++i == argc) + usage(use_noarg, argv[i-1]); + sl = parse_downstream(argv[i]); +@@ -595,9 +595,9 @@ main(int argc, char **argv) { + if (++i == argc) + usage(use_noarg, argv[i-1]); + path_dhcrelay_pid = argv[i]; +- no_dhcrelay_pid = ISC_TRUE; ++ no_dhcrelay_pid = true; + } else if (!strcmp(argv[i], "--no-pid")) { +- no_pid_file = ISC_TRUE; ++ no_pid_file = true; + } else if (argv[i][0] == '-') { + usage("Unknown command: %s", argv[i]); + } else { +@@ -645,7 +645,7 @@ main(int argc, char **argv) { + * If the user didn't specify a pid file directly + * find one from environment variables or defaults + */ +- if (no_dhcrelay_pid == ISC_FALSE) { ++ if (no_dhcrelay_pid == false) { + if (local_family == AF_INET) { + path_dhcrelay_pid = getenv("PATH_DHCRELAY_PID"); + if (path_dhcrelay_pid == NULL) +@@ -774,7 +774,7 @@ main(int argc, char **argv) { + } + + /* Create the pid file. */ +- if (no_pid_file == ISC_FALSE) { ++ if (no_pid_file == false) { + pfdesc = open(path_dhcrelay_pid, + O_CREAT | O_TRUNC | O_WRONLY, 0644); + +@@ -1569,7 +1569,7 @@ static void + setup_streams(void) { + struct stream_list *dp, *up; + int i; +- isc_boolean_t link_is_set; ++ bool link_is_set; + + for (dp = downstreams; dp; dp = dp->next) { + /* Check interface */ +@@ -1579,9 +1579,9 @@ setup_streams(void) { + + /* Check/set link. */ + if (IN6_IS_ADDR_UNSPECIFIED(&dp->link.sin6_addr)) +- link_is_set = ISC_FALSE; ++ link_is_set = false; + else +- link_is_set = ISC_TRUE; ++ link_is_set = true; + for (i = 0; i < dp->ifp->v6address_count; i++) { + if (IN6_IS_ADDR_LINKLOCAL(&dp->ifp->v6addresses[i])) + continue; +@@ -2076,7 +2076,7 @@ dhcp_set_control_state(control_object_st + if (newstate != server_shutdown) + return ISC_R_SUCCESS; + +- if (no_pid_file == ISC_FALSE) ++ if (no_pid_file == false) + (void) unlink(path_dhcrelay_pid); + + if (!no_daemon && dfd[0] != -1 && dfd[1] != -1) { +Index: dhcp-4.4.1/server/dhcp.c +=================================================================== +--- dhcp-4.4.1.orig/server/dhcp.c ++++ dhcp-4.4.1/server/dhcp.c +@@ -225,7 +225,7 @@ dhcp (struct packet *packet) { + packet->options->universe_count = + agent_universe.index + 1; + +- packet->agent_options_stashed = ISC_TRUE; ++ packet->agent_options_stashed = true; + } + nolease: + +@@ -1094,7 +1094,7 @@ void dhcpinform (packet, ms_nulltp) + int nulltp; + struct sockaddr_in to; + struct in_addr from; +- isc_boolean_t zeroed_ciaddr; ++ bool zeroed_ciaddr; + struct interface_info *interface; + int result, h_m_client_ip = 0; + struct host_decl *host = NULL, *hp = NULL, *h; +@@ -1109,7 +1109,7 @@ void dhcpinform (packet, ms_nulltp) + it's common for clients not to do this, so we'll use their IP + source address if they didn't set ciaddr. */ + if (!packet->raw->ciaddr.s_addr) { +- zeroed_ciaddr = ISC_TRUE; ++ zeroed_ciaddr = true; + /* With DHCPv4-over-DHCPv6 it can be an IPv6 address + so we check its length. */ + if (packet->client_addr.len == 4) { +@@ -1122,7 +1122,7 @@ void dhcpinform (packet, ms_nulltp) + addr_type = "v4o6"; + } + } else { +- zeroed_ciaddr = ISC_FALSE; ++ zeroed_ciaddr = false; + cip.len = 4; + memcpy(cip.iabuf, &packet->raw->ciaddr, 4); + addr_type = "client"; +@@ -1133,7 +1133,7 @@ void dhcpinform (packet, ms_nulltp) + if (packet->raw->giaddr.s_addr) { + gip.len = 4; + memcpy(gip.iabuf, &packet->raw->giaddr, 4); +- if (zeroed_ciaddr == ISC_TRUE) { ++ if (zeroed_ciaddr == true) { + addr_type = "relay"; + memcpy(sip.iabuf, gip.iabuf, 4); + } +@@ -1207,7 +1207,7 @@ void dhcpinform (packet, ms_nulltp) + save_option(&dhcp_universe, options, noc); + option_cache_dereference(&noc, MDL); + +- if ((zeroed_ciaddr == ISC_TRUE) && (gip.len != 0)) ++ if ((zeroed_ciaddr == true) && (gip.len != 0)) + addr_type = "relay link select"; + else + addr_type = "selected"; +@@ -1261,7 +1261,7 @@ void dhcpinform (packet, ms_nulltp) + NULL, NULL); + + /* If we have ciaddr, find its lease so we can find its pool. */ +- if (zeroed_ciaddr == ISC_FALSE) { ++ if (zeroed_ciaddr == false) { + struct lease* cip_lease = NULL; + + find_lease_by_ip_addr (&cip_lease, cip, MDL); +@@ -2036,7 +2036,7 @@ void echo_client_id(packet, lease, in_op + unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER; + + /* Save knowledge that echo is enabled to the packet */ +- packet->sv_echo_client_id = ISC_TRUE; ++ packet->sv_echo_client_id = true; + + /* Now see if inbound packet contains client-id */ + oc = lookup_option(&dhcp_universe, packet->options, opcode); +@@ -2187,7 +2187,7 @@ void ack_lease (packet, lease, offer, wh + struct iaddr cip; + #if defined(DELAYED_ACK) + /* By default we don't do the enqueue */ +- isc_boolean_t enqueue = ISC_FALSE; ++ bool enqueue = false; + #endif + int use_old_lease = 0; + +@@ -3217,7 +3217,7 @@ void ack_lease (packet, lease, offer, wh + * can just answer right away, set a flag to indicate this. + */ + if (commit) +- enqueue = ISC_TRUE; ++ enqueue = true; + + /* Install the new information on 'lt' onto the lease at + * 'lease'. We will not 'commit' this information to disk +@@ -4234,7 +4234,7 @@ int find_lease (struct lease **lp, + * preference, so the first one is the best one. + */ + while (uid_lease) { +- isc_boolean_t do_release = !packet->raw->ciaddr.s_addr; ++ bool do_release = !packet->raw->ciaddr.s_addr; + #if defined (DEBUG_FIND_LEASE) + log_info ("trying next lease matching client id: %s", + piaddr (uid_lease -> ip_addr)); +@@ -4267,7 +4267,7 @@ int find_lease (struct lease **lp, + #endif + /* Allow multiple leases using the same UID + on different subnetworks. */ +- do_release = ISC_FALSE; ++ do_release = false; + goto n_uid; + } + +@@ -5331,7 +5331,7 @@ get_server_source_address(struct in_addr + struct option_cache *oc = NULL; + struct data_string d; + struct in_addr *a = NULL; +- isc_boolean_t found = ISC_FALSE; ++ bool found = false; + int allocate = 0; + + memset(&d, 0, sizeof(d)); +@@ -5344,7 +5344,7 @@ get_server_source_address(struct in_addr + packet->options, options, + &global_scope, oc, MDL)) { + if (d.len == sizeof(*from)) { +- found = ISC_TRUE; ++ found = true; + memcpy(from, d.data, sizeof(*from)); + + /* +@@ -5362,7 +5362,7 @@ get_server_source_address(struct in_addr + oc = NULL; + } + +- if ((found == ISC_FALSE) && ++ if ((found == false) && + (packet->interface->address_count > 0)) { + *from = packet->interface->addresses[0]; + +Index: dhcp-4.4.1/server/failover.c +=================================================================== +--- dhcp-4.4.1.orig/server/failover.c ++++ dhcp-4.4.1/server/failover.c +@@ -45,7 +45,7 @@ static isc_result_t failover_message_der + static void dhcp_failover_pool_balance(dhcp_failover_state_t *state); + static void dhcp_failover_pool_reqbalance(dhcp_failover_state_t *state); + static int dhcp_failover_pool_dobalance(dhcp_failover_state_t *state, +- isc_boolean_t *sendreq); ++ bool *sendreq); + static inline int secondary_not_hoarding(dhcp_failover_state_t *state, + struct pool *p); + static void scrub_lease(struct lease* lease, const char *file, int line); +@@ -2464,7 +2464,7 @@ void + dhcp_failover_pool_rebalance(void *failover_state) + { + dhcp_failover_state_t *state; +- isc_boolean_t sendreq = ISC_FALSE; ++ bool sendreq = false; + + state = (dhcp_failover_state_t *)failover_state; + +@@ -2512,7 +2512,7 @@ dhcp_failover_pool_reqbalance(dhcp_failo + */ + static int + dhcp_failover_pool_dobalance(dhcp_failover_state_t *state, +- isc_boolean_t *sendreq) ++ bool *sendreq) + { + int lts, total, thresh, hold, panic, pass; + int leases_queued = 0; +@@ -2581,7 +2581,7 @@ dhcp_failover_pool_dobalance(dhcp_failov + + if ((sendreq != NULL) && (lts < panic)) { + reqlog = " (requesting peer rebalance!)"; +- *sendreq = ISC_TRUE; ++ *sendreq = true; + } else + reqlog = ""; + +@@ -5111,7 +5111,7 @@ isc_result_t dhcp_failover_send_update_d + * a more detailed system of preferences is required, so this is something we + * should monitor as we gain experience with these dueling events. + */ +-static isc_boolean_t ++static bool + failover_lease_is_better(dhcp_failover_state_t *state, struct lease *lease, + failover_message_t *msg) + { +@@ -5132,15 +5132,15 @@ failover_lease_is_better(dhcp_failover_s + case FTS_ACTIVE: + if (msg->binding_status == FTS_ACTIVE) { + if (msg_cltt < lease->cltt) +- return ISC_TRUE; ++ return true; + else if (msg_cltt > lease->cltt) +- return ISC_FALSE; ++ return false; + else if (state->i_am == primary) +- return ISC_TRUE; ++ return true; + else +- return ISC_FALSE; ++ return false; + } else if (msg->binding_status == FTS_EXPIRED) { +- return ISC_FALSE; ++ return false; + } + /* FALL THROUGH */ + +@@ -5151,11 +5151,11 @@ failover_lease_is_better(dhcp_failover_s + case FTS_ABANDONED: + case FTS_RESET: + if (msg->binding_status == FTS_ACTIVE) +- return ISC_FALSE; ++ return false; + else if (state->i_am == primary) +- return ISC_TRUE; ++ return true; + else +- return ISC_FALSE; ++ return false; + /* FALL THROUGH to impossible condition */ + + default: +@@ -5164,7 +5164,7 @@ failover_lease_is_better(dhcp_failover_s + + log_fatal("Impossible condition at %s:%d.", MDL); + /* Silence compiler warning. */ +- return ISC_FALSE; ++ return false; + } + + isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state, +@@ -5177,8 +5177,8 @@ isc_result_t dhcp_failover_process_bind_ + int new_binding_state; + int send_to_backup = 0; + int required_options; +- isc_boolean_t chaddr_changed = ISC_FALSE; +- isc_boolean_t ident_changed = ISC_FALSE; ++ bool chaddr_changed = false; ++ bool ident_changed = false; + + /* Validate the binding update. */ + required_options = FTB_ASSIGNED_IP_ADDRESS | FTB_BINDING_STATUS; +@@ -5250,7 +5250,7 @@ isc_result_t dhcp_failover_process_bind_ + if ((lt->hardware_addr.hlen != msg->chaddr.count) || + (memcmp(lt->hardware_addr.hbuf, msg->chaddr.data, + msg->chaddr.count) != 0)) +- chaddr_changed = ISC_TRUE; ++ chaddr_changed = true; + + lt -> hardware_addr.hlen = msg -> chaddr.count; + memcpy (lt -> hardware_addr.hbuf, msg -> chaddr.data, +@@ -5262,7 +5262,7 @@ isc_result_t dhcp_failover_process_bind_ + reason = FTR_MISSING_BINDINFO; + goto bad; + } else if (msg->binding_status == FTS_ABANDONED) { +- chaddr_changed = ISC_TRUE; ++ chaddr_changed = true; + lt->hardware_addr.hlen = 0; + if (lt->scope) + binding_scope_dereference(<->scope, MDL); +@@ -5282,7 +5282,7 @@ isc_result_t dhcp_failover_process_bind_ + (lt->uid == NULL) || /* Sanity; should never happen. */ + (memcmp(lt->uid, msg->client_identifier.data, + lt->uid_len) != 0)) +- ident_changed = ISC_TRUE; ++ ident_changed = true; + + lt->uid_len = msg->client_identifier.count; + +@@ -5312,7 +5312,7 @@ isc_result_t dhcp_failover_process_bind_ + } else if (lt->uid && msg->binding_status != FTS_RESET && + msg->binding_status != FTS_FREE && + msg->binding_status != FTS_BACKUP) { +- ident_changed = ISC_TRUE; ++ ident_changed = true; + if (lt->uid != lt->uid_buf) + dfree (lt->uid, MDL); + lt->uid = NULL; +@@ -5347,7 +5347,7 @@ isc_result_t dhcp_failover_process_bind_ + if (msg->binding_status == FTS_ACTIVE && + (chaddr_changed || ident_changed)) { + #if defined (NSUPDATE) +- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); ++ (void) ddns_removals(lease, NULL, NULL, false); + #endif /* NSUPDATE */ + + if (lease->scope != NULL) +@@ -5534,7 +5534,7 @@ isc_result_t dhcp_failover_process_bind_ + struct iaddr ia; + const char *message = "no memory"; + u_int32_t pot_expire; +- int send_to_backup = ISC_FALSE; ++ int send_to_backup = false; + struct timeval tv; + + ia.len = sizeof msg -> assigned_addr; +@@ -5621,7 +5621,7 @@ isc_result_t dhcp_failover_process_bind_ + if (state->i_am == primary && + !(lease->flags & (RESERVED_LEASE | BOOTP_LEASE)) && + peer_wants_lease(lease)) +- send_to_backup = ISC_TRUE; ++ send_to_backup = true; + + if (!send_to_backup && state->me.state == normal) + commit_leases(); +Index: dhcp-4.4.1/server/dhcpd.c +=================================================================== +--- dhcp-4.4.1.orig/server/dhcpd.c ++++ dhcp-4.4.1/server/dhcpd.c +@@ -98,7 +98,7 @@ const char *path_dhcpd_conf = _PATH_DHCP + const char *path_dhcpd_db = _PATH_DHCPD_DB; + const char *path_dhcpd_pid = _PATH_DHCPD_PID; + /* False (default) => we write and use a pid file */ +-isc_boolean_t no_pid_file = ISC_FALSE; ++bool no_pid_file = false; + + int dhcp_max_agent_option_packet_length = DHCP_MTU_MAX; + +@@ -476,7 +476,7 @@ main(int argc, char **argv) { + path_dhcpd_pid = argv [i]; + have_dhcpd_pid = 1; + } else if (!strcmp(argv[i], "--no-pid")) { +- no_pid_file = ISC_TRUE; ++ no_pid_file = true; + } else if (!strcmp (argv [i], "-t")) { + /* test configurations only */ + #ifndef DEBUG +@@ -863,7 +863,7 @@ main(int argc, char **argv) { + * - we don't have a pid file to check + * - there is no other process running + */ +- if ((lftest == 0) && (no_pid_file == ISC_FALSE)) { ++ if ((lftest == 0) && (no_pid_file == false)) { + /*Read previous pid file. */ + if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) { + status = read(i, pbuf, (sizeof pbuf) - 1); +@@ -974,7 +974,7 @@ main(int argc, char **argv) { + * that we have forked we can write our pid if + * appropriate. + */ +- if (no_pid_file == ISC_FALSE) { ++ if (no_pid_file == false) { + i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644); + if (i >= 0) { + sprintf(pbuf, "%d\n", (int) getpid()); +@@ -1730,7 +1730,7 @@ static isc_result_t dhcp_io_shutdown_cou + free_everything (); + omapi_print_dmalloc_usage_by_caller (); + #endif +- if (no_pid_file == ISC_FALSE) ++ if (no_pid_file == false) + (void) unlink(path_dhcpd_pid); + exit (0); + } +@@ -1741,7 +1741,7 @@ static isc_result_t dhcp_io_shutdown_cou + free_everything (); + omapi_print_dmalloc_usage_by_caller (); + #endif +- if (no_pid_file == ISC_FALSE) ++ if (no_pid_file == false) + (void) unlink(path_dhcpd_pid); + exit (0); + } +@@ -1750,7 +1750,7 @@ static isc_result_t dhcp_io_shutdown_cou + #if defined(FAILOVER_PROTOCOL) + !failover_connection_count && + #endif +- ISC_TRUE) { ++ true) { + shutdown_state = shutdown_done; + shutdown_time = cur_time; + goto oncemore; +Index: dhcp-4.4.1/server/mdb6.c +=================================================================== +--- dhcp-4.4.1.orig/server/mdb6.c ++++ dhcp-4.4.1/server/mdb6.c +@@ -514,10 +514,10 @@ ia_remove_all_lease(struct ia_xx *ia, co + /* + * Compare two IA. + */ +-isc_boolean_t ++bool + ia_equal(const struct ia_xx *a, const struct ia_xx *b) + { +- isc_boolean_t found; ++ bool found; + int i, j; + + /* +@@ -525,9 +525,9 @@ ia_equal(const struct ia_xx *a, const st + */ + if (a == NULL) { + if (b == NULL) { +- return ISC_TRUE; ++ return true; + } else { +- return ISC_FALSE; ++ return false; + } + } + +@@ -535,58 +535,58 @@ ia_equal(const struct ia_xx *a, const st + * Check the type is the same. + */ + if (a->ia_type != b->ia_type) { +- return ISC_FALSE; ++ return false; + } + + /* + * Check the DUID is the same. + */ + if (a->iaid_duid.len != b->iaid_duid.len) { +- return ISC_FALSE; ++ return false; + } + if (memcmp(a->iaid_duid.data, + b->iaid_duid.data, a->iaid_duid.len) != 0) { +- return ISC_FALSE; ++ return false; + } + + /* + * Make sure we have the same number of addresses/prefixes in each. + */ + if (a->num_iasubopt != b->num_iasubopt) { +- return ISC_FALSE; ++ return false; + } + + /* + * Check that each address/prefix is present in both. + */ + for (i=0; inum_iasubopt; i++) { +- found = ISC_FALSE; ++ found = false; + for (j=0; jnum_iasubopt; j++) { + if (a->iasubopt[i]->plen != b->iasubopt[i]->plen) + continue; + if (memcmp(&(a->iasubopt[i]->addr), + &(b->iasubopt[j]->addr), + sizeof(struct in6_addr)) == 0) { +- found = ISC_TRUE; ++ found = true; + break; + } + } + if (!found) { +- return ISC_FALSE; ++ return false; + } + } + + /* + * These are the same in every way we care about. + */ +- return ISC_TRUE; ++ return true; + } + + /* + * Helper function for lease heaps. + * Makes the top of the heap the oldest lease. + */ +-static isc_boolean_t ++static bool + lease_older(void *a, void *b) { + struct iasubopt *la = (struct iasubopt *)a; + struct iasubopt *lb = (struct iasubopt *)b; +@@ -1038,8 +1038,8 @@ create_lease6(struct ipv6_pool *pool, st + struct data_string new_ds; + struct iasubopt *iaaddr; + isc_result_t result; +- isc_boolean_t reserved_iid; +- static isc_boolean_t init_resiid = ISC_FALSE; ++ bool reserved_iid; ++ static bool init_resiid = false; + + /* + * Fill the reserved IIDs. +@@ -1049,7 +1049,7 @@ create_lease6(struct ipv6_pool *pool, st + memset(&resany, 0, 8); + resany.s6_addr[8] = 0xfd; + memset(&resany.s6_addr[9], 0xff, 6); +- init_resiid = ISC_TRUE; ++ init_resiid = true; + } + + /* +@@ -1094,14 +1094,14 @@ create_lease6(struct ipv6_pool *pool, st + /* + * Avoid reserved interface IDs. (cf. RFC 5453) + */ +- reserved_iid = ISC_FALSE; ++ reserved_iid = false; + if (memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) { +- reserved_iid = ISC_TRUE; ++ reserved_iid = true; + } + if (!reserved_iid && + (memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) && + ((tmp.s6_addr[15] & 0x80) == 0x80)) { +- reserved_iid = ISC_TRUE; ++ reserved_iid = true; + } + + /* +@@ -1177,7 +1177,7 @@ create_lease6_eui_64(struct ipv6_pool *p + struct iasubopt *test_iaaddr; + struct iasubopt *iaaddr; + isc_result_t result; +- static isc_boolean_t init_resiid = ISC_FALSE; ++ static bool init_resiid = false; + + /* Fill the reserved IIDs. */ + if (!init_resiid) { +@@ -1185,7 +1185,7 @@ create_lease6_eui_64(struct ipv6_pool *p + memset(&resany, 0, 8); + resany.s6_addr[8] = 0xfd; + memset(&resany.s6_addr[9], 0xff, 6); +- init_resiid = ISC_TRUE; ++ init_resiid = true; + } + + /* Pool must be IA_NA */ +@@ -1520,7 +1520,7 @@ add_lease6(struct ipv6_pool *pool, struc + /* + * Determine if an address is present in a pool or not. + */ +-isc_boolean_t ++bool + lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr) { + struct iasubopt *test_iaaddr; + +@@ -1528,9 +1528,9 @@ lease6_exists(const struct ipv6_pool *po + if (iasubopt_hash_lookup(&test_iaaddr, pool->leases, + (void *)addr, sizeof(*addr), MDL)) { + iasubopt_dereference(&test_iaaddr, MDL); +- return ISC_TRUE; ++ return true; + } else { +- return ISC_FALSE; ++ return false; + } + } + +@@ -1545,20 +1545,20 @@ lease6_exists(const struct ipv6_pool *po + * \param[in] lease = lease to check + * + * \return +- * ISC_TRUE = The lease is allowed to use that address +- * ISC_FALSE = The lease isn't allowed to use that address ++ * true = The lease is allowed to use that address ++ * false = The lease isn't allowed to use that address + */ +-isc_boolean_t ++bool + lease6_usable(struct iasubopt *lease) { + struct iasubopt *test_iaaddr; +- isc_boolean_t status = ISC_TRUE; ++ bool status = true; + + test_iaaddr = NULL; + if (iasubopt_hash_lookup(&test_iaaddr, lease->ipv6_pool->leases, + (void *)&lease->addr, + sizeof(lease->addr), MDL)) { + if (test_iaaddr != lease) { +- status = ISC_FALSE; ++ status = false; + } + iasubopt_dereference(&test_iaaddr, MDL); + } +@@ -1697,7 +1697,7 @@ move_lease_to_inactive(struct ipv6_pool + #if defined (NSUPDATE) + /* Process events upon expiration. */ + if (pool->pool_type != D6O_IA_PD) { +- (void) ddns_removals(NULL, lease, NULL, ISC_FALSE); ++ (void) ddns_removals(NULL, lease, NULL, false); + } + #endif + +@@ -1977,21 +1977,21 @@ create_prefix6(struct ipv6_pool *pool, s + /* + * Determine if a prefix is present in a pool or not. + */ +-isc_boolean_t ++bool + prefix6_exists(const struct ipv6_pool *pool, + const struct in6_addr *pref, u_int8_t plen) { + struct iasubopt *test_iapref; + + if ((int)plen != pool->units) +- return ISC_FALSE; ++ return false; + + test_iapref = NULL; + if (iasubopt_hash_lookup(&test_iapref, pool->leases, + (void *)pref, sizeof(*pref), MDL)) { + iasubopt_dereference(&test_iapref, MDL); +- return ISC_TRUE; ++ return true; + } else { +- return ISC_FALSE; ++ return false; + } + } + +@@ -2267,15 +2267,15 @@ ipv6_network_portion(struct in6_addr *re + /* + * Determine if the given address/prefix is in the pool. + */ +-isc_boolean_t ++bool + ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool) { + struct in6_addr tmp; + + ipv6_network_portion(&tmp, addr, pool->bits); + if (memcmp(&tmp, &pool->start_addr, sizeof(tmp)) == 0) { +- return ISC_TRUE; ++ return true; + } else { +- return ISC_FALSE; ++ return false; + } + } + +Index: dhcp-4.4.1/server/ddns.c +=================================================================== +--- dhcp-4.4.1.orig/server/ddns.c ++++ dhcp-4.4.1/server/ddns.c +@@ -373,7 +373,7 @@ ddns_updates(struct packet *packet, stru + + /* If desired do the removals */ + if (do_remove != 0) { +- (void) ddns_removals(lease, lease6, NULL, ISC_TRUE); ++ (void) ddns_removals(lease, lease6, NULL, true); + } + goto out; + } +@@ -618,7 +618,7 @@ ddns_updates(struct packet *packet, stru + * We should log a more specific error closer to the actual + * error if we want one. ddns_removal failure not logged here. + */ +- (void) ddns_removals(lease, lease6, ddns_cb, ISC_TRUE); ++ (void) ddns_removals(lease, lease6, ddns_cb, true); + } + else { + ddns_fwd_srv_connector(lease, lease6, scope, ddns_cb, +@@ -1907,7 +1907,7 @@ ddns_fwd_srv_rem1(dhcp_ddns_cb_t *ddns_c + * the current entry. + * + * \li active - indication about the status of the lease. It is +- * ISC_TRUE if the lease is still active, and FALSE if the lease ++ * true if the lease is still active, and FALSE if the lease + * is inactive. This is used to indicate if the lease is inactive or going + * to inactive so we can avoid trying to update the lease with cb pointers + * and text information if it isn't useful. +@@ -1923,7 +1923,7 @@ isc_result_t + ddns_removals(struct lease *lease, + struct iasubopt *lease6, + dhcp_ddns_cb_t *add_ddns_cb, +- isc_boolean_t active) ++ bool active) + { + isc_result_t rcode, execute_add = ISC_R_FAILURE; + struct binding_scope **scope = NULL; +@@ -1970,7 +1970,7 @@ ddns_removals(struct lease *lease, + if (((ddns_cb->state == DDNS_STATE_ADD_PTR) || + (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) || + (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) || +- ((active == ISC_FALSE) && ++ ((active == false) && + ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) { + /* Cancel the current request */ + ddns_cancel(lease->ddns_cb, MDL); +@@ -1998,7 +1998,7 @@ ddns_removals(struct lease *lease, + if (((ddns_cb->state == DDNS_STATE_ADD_PTR) || + (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) || + (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) || +- ((active == ISC_FALSE) && ++ ((active == false) && + ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) { + /* Cancel the current request */ + ddns_cancel(lease6->ddns_cb, MDL); +@@ -2053,7 +2053,7 @@ ddns_removals(struct lease *lease, + * the lease information for v6 when the response + * from the DNS code is processed. + */ +- if (active == ISC_TRUE) { ++ if (active == true) { + ddns_cb->flags |= DDNS_ACTIVE_LEASE; + } + +Index: dhcp-4.4.1/server/mdb.c +=================================================================== +--- dhcp-4.4.1.orig/server/mdb.c ++++ dhcp-4.4.1/server/mdb.c +@@ -1504,7 +1504,7 @@ void make_binding_state_transition (stru + lease -> binding_state == FTS_ACTIVE && + lease -> next_binding_state != FTS_RELEASED))) { + #if defined (NSUPDATE) +- (void) ddns_removals(lease, NULL, NULL, ISC_TRUE); ++ (void) ddns_removals(lease, NULL, NULL, true); + #endif + if (lease->on_star.on_expiry) { + execute_statements(NULL, NULL, lease, +@@ -1568,7 +1568,7 @@ void make_binding_state_transition (stru + * release message. This is not true of expiry, where the + * peer may have extended the lease. + */ +- (void) ddns_removals(lease, NULL, NULL, ISC_TRUE); ++ (void) ddns_removals(lease, NULL, NULL, true); + #endif + if (lease->on_star.on_release) { + execute_statements(NULL, NULL, lease, +@@ -1736,7 +1736,7 @@ void release_lease (lease, packet) + /* If there are statements to execute when the lease is + released, execute them. */ + #if defined (NSUPDATE) +- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); ++ (void) ddns_removals(lease, NULL, NULL, false); + #endif + if (lease->on_star.on_release) { + execute_statements (NULL, packet, lease, +@@ -1810,7 +1810,7 @@ void abandon_lease (lease, message) + { + struct lease *lt = NULL; + #if defined (NSUPDATE) +- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); ++ (void) ddns_removals(lease, NULL, NULL, false); + #endif + + if (!lease_copy(<, lease, MDL)) { +@@ -1860,7 +1860,7 @@ void dissociate_lease (lease) + { + struct lease *lt = (struct lease *)0; + #if defined (NSUPDATE) +- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); ++ (void) ddns_removals(lease, NULL, NULL, false); + #endif + + if (!lease_copy (<, lease, MDL)) +@@ -2072,38 +2072,38 @@ int find_lease_by_hw_addr (struct lease + * should never see reset leases for this. + * 4) Abandoned leases are always dead last. + */ +-static isc_boolean_t ++static bool + client_lease_preferred(struct lease *cand, struct lease *lease) + { + if (cand->binding_state == FTS_ACTIVE) { + if (lease->binding_state == FTS_ACTIVE && + lease->ends >= cand->ends) +- return ISC_TRUE; ++ return true; + } else if (cand->binding_state == FTS_EXPIRED || + cand->binding_state == FTS_RELEASED) { + if (lease->binding_state == FTS_ACTIVE) +- return ISC_TRUE; ++ return true; + + if ((lease->binding_state == FTS_EXPIRED || + lease->binding_state == FTS_RELEASED) && + lease->cltt >= cand->cltt) +- return ISC_TRUE; ++ return true; + } else if (cand->binding_state != FTS_ABANDONED) { + if (lease->binding_state == FTS_ACTIVE || + lease->binding_state == FTS_EXPIRED || + lease->binding_state == FTS_RELEASED) +- return ISC_TRUE; ++ return true; + + if (lease->binding_state != FTS_ABANDONED && + lease->cltt >= cand->cltt) +- return ISC_TRUE; ++ return true; + } else /* (cand->binding_state == FTS_ABANDONED) */ { + if (lease->binding_state != FTS_ABANDONED || + lease->cltt >= cand->cltt) +- return ISC_TRUE; ++ return true; + } + +- return ISC_FALSE; ++ return false; + } + + /* Add the specified lease to the uid hash. */ diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch deleted file mode 100644 index 006d18ae7..000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Sat, 11 Jun 2016 22:51:44 -0400 -Subject: [PATCH 08/11] tweak to support external bind - -Tweak the external bind to oe-core's sysroot rather than -external bind source build. - -Upstream-Status: Inappropriate - -Signed-off-by: Hongxu Jia ---- - client/Makefile.am | 2 +- - client/tests/Makefile.am | 2 +- - common/tests/Makefile.am | 2 +- - dhcpctl/Makefile.am | 2 +- - omapip/Makefile.am | 2 +- - relay/Makefile.am | 2 +- - server/Makefile.am | 2 +- - server/tests/Makefile.am | 2 +- - 8 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/client/Makefile.am b/client/Makefile.am -index 4730bb3..84d8131 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -4,7 +4,7 @@ - # production code. Sadly, we are not there yet. - SUBDIRS = . tests - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ - -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes -diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am -index 5031d0c..a8dfd26 100644 ---- a/client/tests/Makefile.am -+++ b/client/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes - AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) -diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index f6a43e4..2f98d22 100644 ---- a/common/tests/Makefile.am -+++ b/common/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes - -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index ba8dd8b..9b2486e 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) - -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index dd1afa0..e4a8599 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - AM_CPPFLAGS = -I$(top_srcdir)/includes - - lib_LIBRARIES = libomapi.a -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 6d652f6..b3bf578 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - -diff --git a/server/Makefile.am b/server/Makefile.am -index 3990b9c..b5d8c2d 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -4,7 +4,7 @@ - # production code. Sadly, we are not there yet. - SUBDIRS = . tests - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - -diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index a87c5e7..9821081 100644 ---- a/server/tests/Makefile.am -+++ b/server/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes - AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) --- -1.8.3.1 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb index 159abbc40..ca0daa181 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0009-remove-dhclient-script-bash-dependency.patch \ file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ file://0013-fixup_use_libbind.patch \ + file://0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch \ " SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch new file mode 100644 index 000000000..d4764f586 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch @@ -0,0 +1,31 @@ +Upstream-Status: Pending + +Subject: rcp: fix to work with large files + +When we copy file by rcp command, if the file > 2GB, it will fail. +The cause is that it used incorrect data type on file size in sink() of rcp. + +Signed-off-by: Chen Qi +--- + src/rcp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/rcp.c b/src/rcp.c +index 21f55b6..bafa35f 100644 +--- a/src/rcp.c ++++ b/src/rcp.c +@@ -876,9 +876,9 @@ sink (int argc, char *argv[]) + enum + { YES, NO, DISPLAYED } wrerr; + BUF *bp; +- off_t i, j; ++ off_t i, j, size; + int amt, count, exists, first, mask, mode, ofd, omode; +- int setimes, size, targisdir, wrerrno; ++ int setimes, targisdir, wrerrno; + char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ]; + const char *why; + +-- +1.9.1 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch new file mode 100644 index 000000000..24c134fca --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch @@ -0,0 +1,83 @@ +Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html + +Upstream-Status: Pending + +Signed-off-by: Jackie Huang +--- + ping/ping_common.h | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/ping/ping_common.h b/ping/ping_common.h +index 1dfd1b5..3bfbd12 100644 +--- a/ping/ping_common.h ++++ b/ping/ping_common.h +@@ -17,10 +17,14 @@ + You should have received a copy of the GNU General Public License + along with this program. If not, see `http://www.gnu.org/licenses/'. */ + ++#include ++ + #include + #include + #include ++#ifdef HAVE_IPV6 + #include ++#endif + #include + #include + #include +@@ -62,7 +66,12 @@ struct ping_stat + want to follow the traditional behaviour of ping. */ + #define DEFAULT_PING_COUNT 0 + ++#ifdef HAVE_IPV6 + #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN) ++#else ++#define PING_HEADER_LEN (ICMP_MINLEN) ++#endif ++ + #define PING_TIMING(s) ((s) >= sizeof (struct timeval)) + #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */ + +@@ -74,13 +83,20 @@ struct ping_stat + (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\ + } while (0) + ++#ifdef HAVE_IPV6 + /* FIXME: Adjust IPv6 case for options and their consumption. */ + #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \ + (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)) + ++#else ++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN) ++#endif ++ ++#ifdef HAVE_IPV6 + typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest, + struct sockaddr_in6 * from, struct icmp6_hdr * icmp, + int datalen); ++#endif + + typedef int (*ping_efp) (int code, + void *closure, +@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code, + struct ip * ip, icmphdr_t * icmp, int datalen); + + union event { ++#ifdef HAVE_IPV6 + ping_efp6 handler6; ++#endif + ping_efp handler; + }; + + union ping_address { + struct sockaddr_in ping_sockaddr; ++#ifdef HAVE_IPV6 + struct sockaddr_in6 ping_sockaddr6; ++#endif + }; + + typedef struct ping_data PING; +-- +2.8.3 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch new file mode 100644 index 000000000..3da4e9f55 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch @@ -0,0 +1,29 @@ +From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Thu, 18 Nov 2010 16:59:14 -0500 +Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__ + +Upstream-Status: Pending + +Signed-off-by: Mike Frysinger +--- + lib/printf-parse.h | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/lib/printf-parse.h b/lib/printf-parse.h +index 67a4a2a..3bd6152 100644 +--- a/lib/printf-parse.h ++++ b/lib/printf-parse.h +@@ -25,6 +25,9 @@ + + #include "printf-args.h" + ++#ifdef HAVE_FEATURES_H ++# include /* for __GLIBC__ */ ++#endif + + /* Flags */ + #define FLAG_GROUP 1 /* ' flag */ +-- +1.7.3.2 + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch new file mode 100644 index 000000000..b13bb9229 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch @@ -0,0 +1,14 @@ +Upstream-Status: Pending + +--- inetutils-1.8/lib/wchar.in.h ++++ inetutils-1.8/lib/wchar.in.h +@@ -70,6 +70,9 @@ + /* The include_next requires a split double-inclusion guard. */ + #if @HAVE_WCHAR_H@ + # @INCLUDE_NEXT@ @NEXT_WCHAR_H@ ++#else ++# include ++# define MB_CUR_MAX 1 + #endif + + #undef _GL_ALREADY_INCLUDING_WCHAR_H diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch new file mode 100644 index 000000000..2592989a9 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch @@ -0,0 +1,26 @@ +inetutils: define PATH_PROCNET_DEV if not already defined + +this prevents the following compilation error : +system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function) + +this patch comes from : + http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/ + +Upstream-Status: Inappropriate [not author] + +Signed-of-by: Eric Bénard +--- +diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c +--- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500 ++++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500 +@@ -49,6 +49,10 @@ + #include "../ifconfig.h" + + ++#ifndef PATH_PROCNET_DEV ++ #define PATH_PROCNET_DEV "/proc/net/dev" ++#endif ++ + /* ARPHRD stuff. */ + + static void diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch new file mode 100644 index 000000000..ff3abd86a --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch @@ -0,0 +1,40 @@ +Only check security/pam_appl.h which is provided by package libpam when pam is +enabled. + +Upstream-Status: Pending + +Signed-off-by: Kai Kang +--- +diff --git a/configure.ac b/configure.ac +index b35e672..e78a751 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -195,6 +195,19 @@ fi + + # See if we have libpam.a. Investigate PAM versus Linux-PAM. + if test "$with_pam" = yes ; then ++ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [ ++#include ++#ifdef HAVE_NETINET_IN_SYSTM_H ++# include ++#endif ++#include ++#ifdef HAVE_NETINET_IP_H ++# include ++#endif ++#ifdef HAVE_SYS_PARAM_H ++# include ++#endif ++]) + AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) + AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) + if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then +@@ -587,7 +600,7 @@ AC_HEADER_DIRENT + AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \ + glob.h memory.h netinet/ether.h netinet/in_systm.h \ + netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ +- security/pam_appl.h shadow.h \ ++ shadow.h \ + stdarg.h stdlib.h string.h stropts.h sys/tty.h \ + sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ + sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils new file mode 100644 index 000000000..30e81ef45 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils @@ -0,0 +1,20 @@ +# default: off +# description: +# Rexecd is the server for the rexec program. The server provides remote +# execution facilities with authentication based on user names and +# passwords. +# +service exec +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rexecd + disable = yes +} diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils new file mode 100644 index 000000000..21b55da9a --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils @@ -0,0 +1,23 @@ +# default: off +# description: +# Rlogind is a server for the rlogin program. The server provides remote +# execution with authentication based on privileged port numbers from trusted +# host +# +service login +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rlogind -a + disable = yes +} + + + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils new file mode 100644 index 000000000..2b894a74b --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils @@ -0,0 +1,21 @@ +# default: off +# description: +# The rshd server is a server for the rcmd(3) routine and, +# consequently, for the rsh(1) program. The server provides +# remote execution facilities with authentication based on +# privileged port numbers from trusted hosts. +# +service shell +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rshd -aL + disable = yes +} diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils new file mode 100644 index 000000000..2d9a0408c --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils @@ -0,0 +1,13 @@ +# default: on +# description: The telnet server serves telnet sessions; it uses \ +# unencrypted username/password pairs for authentication. +service telnet +{ + disable = no + flags = REUSE + socket_type = stream + wait = no + user = root + server = @SBINDIR@/in.telnetd + log_on_failure += USERID +} diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils new file mode 100644 index 000000000..67b44c43e --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils @@ -0,0 +1,19 @@ +# default: off +# description: +# Tftpd is a server which supports the Internet Trivial File Transfer +# Pro-tocol (RFC 783). The TFTP server operates at the port indicated +# in the tftp service description; see services(5). +# +service tftp +{ + disable = yes + socket_type = dgram + protocol = udp + flags = IPv6 + wait = yes + user = root + group = root + server = @SBINDIR@/in.tftpd + server_args = /tftpboot +} + diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch new file mode 100644 index 000000000..532a0e5c0 --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch @@ -0,0 +1,17 @@ +Upstream-Status: Pending + +remove m4_esyscmd function + +Signed-off-by: Chunrong Guo +--- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800 ++++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800 +@@ -20,8 +20,7 @@ + + AC_PREREQ(2.59) + +-AC_INIT([GNU inetutils], +- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']), ++AC_INIT([GNU inetutils],[1.9.4], + [bug-inetutils@gnu.org]) + + AC_CONFIG_SRCDIR([src/inetd.c]) diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb new file mode 100644 index 000000000..ec1384eab --- /dev/null +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -0,0 +1,209 @@ +DESCRIPTION = "The GNU inetutils are a collection of common \ +networking utilities and servers including ftp, ftpd, rcp, \ +rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ +talkd, telnet, telnetd, tftp, tftpd, and uucpd." +HOMEPAGE = "http://www.gnu.org/software/inetutils" +SECTION = "net" +DEPENDS = "ncurses netbase readline virtual/crypt" + +LICENSE = "GPLv3" + +LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" + +SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ + file://version.patch \ + file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ + file://inetutils-1.8-0003-wchar.patch \ + file://rexec.xinetd.inetutils \ + file://rlogin.xinetd.inetutils \ + file://rsh.xinetd.inetutils \ + file://telnet.xinetd.inetutils \ + file://tftpd.xinetd.inetutils \ + file://inetutils-1.9-PATH_PROCNET_DEV.patch \ + file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ + file://0001-rcp-fix-to-work-with-large-files.patch \ +" + +SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" +SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616" + +inherit autotools gettext update-alternatives texinfo + +acpaths = "-I ./m4" + +SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}" + +PACKAGECONFIG ??= "ftp uucpd \ + ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ + " +PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline" +PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline" +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," +PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," + +EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ + inetutils_cv_path_login=${base_bindir}/login \ + --with-libreadline-prefix=${STAGING_LIBDIR} \ + --enable-rpath=no \ +" + +# These are horrible for security, disable them +EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ + --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" + +do_configure_prepend () { + export HELP2MAN='true' + cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} + rm -f ${S}/glob/configure* +} + +do_install_append () { + install -m 0755 -d ${D}${base_sbindir} + install -m 0755 -d ${D}${sbindir} + install -m 0755 -d ${D}${sysconfdir}/xinetd.d + if [ "${base_bindir}" != "${bindir}" ] ; then + install -m 0755 -d ${D}${base_bindir} + mv ${D}${bindir}/ping* ${D}${base_bindir}/ + mv ${D}${bindir}/hostname ${D}${base_bindir}/ + fi + mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ + mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ + mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd + mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd + if [ -e ${D}${libexecdir}/rexecd ]; then + mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd + cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec + fi + if [ -e ${D}${libexecdir}/rlogind ]; then + mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind + cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin + fi + if [ -e ${D}${libexecdir}/rshd ]; then + mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd + cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh + fi + if [ -e ${D}${libexecdir}/talkd ]; then + mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd + fi + mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd + mv ${D}${libexecdir}/* ${D}${bindir}/ + cp ${WORKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet + cp ${WORKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd + + sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/* + if [ -e ${D}${libdir}/charset.alias ]; then + rm -rf ${D}${libdir}/charset.alias + fi + rm -rf ${D}${libexecdir}/ + # remove usr/lib if empty + rmdir ${D}${libdir} || true +} + +PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \ +${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \ +${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \ +${PN}-rsh ${PN}-rshd" + +# The packages tftpd, telnetd and rshd conflict with the ones +# provided by netkit, so add the corresponding -dbg packages +# for them to avoid the confliction between the dbg package +# of inetutils and netkit. +PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" +NOAUTOPACKAGEDEBUG = "1" + +ALTERNATIVE_PRIORITY = "79" +ALTERNATIVE_${PN} = "whois" +ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" + +ALTERNATIVE_PRIORITY_${PN}-logger = "60" +ALTERNATIVE_${PN}-logger = "logger" +ALTERNATIVE_${PN}-syslogd = "syslogd" +ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" + +ALTERNATIVE_${PN}-ftp = "ftp" +ALTERNATIVE_${PN}-ftpd = "ftpd" +ALTERNATIVE_${PN}-tftp = "tftp" +ALTERNATIVE_${PN}-tftpd = "tftpd" +ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" +ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" + +ALTERNATIVE_${PN}-telnet = "telnet" +ALTERNATIVE_${PN}-telnetd = "telnetd" +ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" +ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" + +ALTERNATIVE_${PN}-inetd= "inetd" +ALTERNATIVE_${PN}-traceroute = "traceroute" + +ALTERNATIVE_${PN}-hostname = "hostname" +ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" + +ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" +ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" +ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" +ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" + +ALTERNATIVE_${PN}-ifconfig = "ifconfig" +ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" + +ALTERNATIVE_${PN}-ping = "ping" +ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" + +ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" +ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" + + +FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" +FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" +FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" +FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" +FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" +FILES_${PN}-logger = "${bindir}/logger.${BPN}" + +FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" +RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" + +FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" + +FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" +FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" + +# We make us of RCONFLICTS / RPROVIDES here rather than using the normal +# alternatives method as this leads to packaging QA issues when using +# musl as that library does not provide what these applications need to +# build. +FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" +RCONFLICTS_${PN}-rsh += "netkit-rsh-client" +RPROVIDES_${PN}-rsh = "rsh" + +FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ + ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" +FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" +RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" +RCONFLICTS_${PN}-rshd += "netkit-rshd-server" +RPROVIDES_${PN}-rshd = "rshd" + +FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" +FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" +RDEPENDS_${PN}-ftpd += "xinetd" + +FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" +FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" +RCONFLICTS_${PN}-tftpd += "netkit-tftpd" +RDEPENDS_${PN}-tftpd += "xinetd" + +FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" +FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" +RCONFLICTS_${PN}-telnetd += "netkit-telnetd" +RPROVIDES_${PN}-telnetd = "telnetd" +RDEPENDS_${PN}-telnetd += "xinetd" + +FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" + +RDEPENDS_${PN} = "xinetd" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc index b28358906..1aa1eec0d 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -52,3 +52,7 @@ ALTERNATIVE_${PN} = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE_${PN}-tc = "tc" +ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" +ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap.inc b/poky/meta/recipes-connectivity/libpcap/libpcap.inc deleted file mode 100644 index e57ea87b3..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap.inc +++ /dev/null @@ -1,42 +0,0 @@ -SUMMARY = "Interface for user-level network packet capture" -DESCRIPTION = "Libpcap provides a portable framework for low-level network \ -monitoring. Libpcap can provide network statistics collection, \ -security monitoring and network debugging." -HOMEPAGE = "http://www.tcpdump.org/" -BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" -SECTION = "libs/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ - file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" -DEPENDS = "flex-native bison-native" - -INC_PR = "r5" - -SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz" - -BINCONFIG = "${bindir}/pcap-config" - -inherit autotools binconfig-disabled pkgconfig bluetooth - -EXTRA_OECONF = "--with-pcap=linux" -EXTRA_AUTORECONF += "--exclude=aclocal" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" -PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4" -# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap. -PACKAGECONFIG[bluez5] = ",," -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" - -CPPFLAGS_prepend = "-I${S} " -CFLAGS_prepend = "-I${S} " -CXXFLAGS_prepend = "-I${S} " - -do_configure_prepend () { - sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in -} - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch deleted file mode 100644 index edb6ae566..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001 -From: Fabio Berton -Date: Thu, 17 Nov 2016 09:44:42 -0200 -Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined -Organization: O.S. Systems Software LTDA. - -Fix error: - -/ -| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile': -| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t -| {aka struct _compiler_state}' has no member named 'ai' -| cstate.ai = NULL; -\ - -Upstream-Status: Submitted [1] - -[1] https://github.com/the-tcpdump-group/libpcap/pull/541 - -Signed-off-by: Fabio Berton ---- - gencode.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/gencode.c b/gencode.c -index a887f27..e103c70 100644 ---- a/gencode.c -+++ b/gencode.c -@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program, - } - initchunks(&cstate); - cstate.no_optimize = 0; -+#ifdef INET6 - cstate.ai = NULL; -+#endif - cstate.ic.root = NULL; - cstate.ic.cur_mark = 0; - cstate.bpf_pcap = p; --- -2.1.4 - diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch new file mode 100644 index 000000000..01773834c --- /dev/null +++ b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch @@ -0,0 +1,29 @@ +From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001 +From: maxice8 +Date: Sun, 22 Jul 2018 18:54:17 -0300 +Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems. + +fix compilation on musl libc systems like Void Linux and Alpine. + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea] + +Signed-off-by: Anuj Mittal +--- + pcap-usb-linux.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c +index 6f8adf65..b92c05ea 100644 +--- a/pcap-usb-linux.c ++++ b/pcap-usb-linux.c +@@ -50,6 +50,7 @@ + #include + #include + #include ++#include + #include + #include + #include +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch deleted file mode 100644 index 032b265f0..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001 -From: Fabio Berton -Date: Thu, 17 Nov 2016 09:47:29 -0200 -Subject: [PATCH 2/2] Add missing compiler_state_t parameter -Organization: O.S. Systems Software LTDA. - -Fix error: - -/ -|../libpcap-1.8.1/gencode.c: In function 'gen_gateway': -|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared -| (first use in this function) -| bpf_error(cstate, "direction applied to 'gateway'"); -\ - -Upstream-Status: Submitted [1] - -[1] https://github.com/the-tcpdump-group/libpcap/pull/541 - -Signed-off-by: Fabio Berton ---- - gencode.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/gencode.c b/gencode.c -index e103c70..f07c0be 100644 ---- a/gencode.c -+++ b/gencode.c -@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *, - struct in6_addr *, int, int, int); - #endif - #ifndef INET6 --static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); -+static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int); - #endif - static struct block *gen_ipfrag(compiler_state_t *); - static struct block *gen_portatom(compiler_state_t *, int, bpf_int32); -@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr, - - #ifndef INET6 - static struct block * --gen_gateway(eaddr, alist, proto, dir) -- const u_char *eaddr; -- bpf_u_int32 **alist; -- int proto; -- int dir; -+gen_gateway(cstate, eaddr, alist, proto, dir) -+ compiler_state_t *cstate; -+ const u_char *eaddr; -+ bpf_u_int32 **alist; -+ int proto; -+ int dir; - { - struct block *b0, *b1, *tmp; - -@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q) - alist = pcap_nametoaddr(name); - if (alist == NULL || *alist == NULL) - bpf_error(cstate, "unknown host '%s'", name); -- b = gen_gateway(eaddr, alist, proto, dir); -+ b = gen_gateway(cstate, eaddr, alist, proto, dir); - free(eaddr); - return b; - #else --- -2.1.4 - diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch deleted file mode 100644 index 7e1eea6b1..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch +++ /dev/null @@ -1,36 +0,0 @@ -Disable bits of remote capture support inherited from the WinPCAP merge -which cause applications to FTBFS if they define HAVE_REMOTE. - -Patch from: -https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/? -id=f35949969269dfdcc3549b12fade604755e1e326 - -Upstream-Status: Pending - ---- a/pcap/pcap.h -+++ b/pcap/pcap.h -@@ -506,6 +506,11 @@ - #define MODE_STAT 1 - #define MODE_MON 2 - -+#ifdef HAVE_REMOTE -+ /* Includes most of the public stuff that is needed for the remote capture */ -+ #include -+#endif /* HAVE_REMOTE */ -+ - #elif defined(MSDOS) - - /* -@@ -526,11 +531,6 @@ - - #endif /* _WIN32/MSDOS/UN*X */ - --#ifdef HAVE_REMOTE -- /* Includes most of the public stuff that is needed for the remote capture */ -- #include --#endif /* HAVE_REMOTE */ -- - #ifdef __cplusplus - } - #endif - diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch deleted file mode 100644 index f40e655c4..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fix a missing dependency that can result in: - -../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001 -From: Alfredo Alvarez Fernandez -Date: Tue, 21 Feb 2017 11:41:43 +0100 -Subject: [PATCH] Makefile.in: Fix missing dependency - ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index 7044f043..f5d443ae 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -465,7 +465,7 @@ grammar.h: grammar.c - $(MAKE) $(MAKEFLAGS) grammar.c; \ - fi - --grammar.o: grammar.c -+grammar.o: grammar.c scanner.h - $(CC) $(FULL_CFLAGS) -c grammar.c - - gencode.o: $(srcdir)/gencode.c grammar.h scanner.h diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch deleted file mode 100644 index afaa3bea9..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001 -From: Fabio Berton -Date: Thu, 3 Nov 2016 17:56:29 -0200 -Subject: [PATCH] libpcap: pkgconfig support -Organization: O.S. Systems Software LTDA. - -Adding basic structure to support pkg-config. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Joe MacDonald -Signed-off-by: Fabio Berton ---- - Makefile.in | 5 +++++ - configure.ac | 1 + - libpcap.pc.in | 10 ++++++++++ - 3 files changed, 16 insertions(+) - create mode 100644 libpcap.pc.in - -diff --git a/Makefile.in b/Makefile.in -index e71d973..d7004ed 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@ - DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ - PROG=libpcap - -+# pkgconfig support -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = libpcap.pc -+ - # Standard CFLAGS - FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS) - -@@ -286,6 +290,7 @@ EXTRA_DIST = \ - lbl/os-solaris2.h \ - lbl/os-sunos4.h \ - lbl/os-ultrix4.h \ -+ libpcap.pc \ - missing/getopt.c \ - missing/getopt.h \ - missing/snprintf.c \ -diff --git a/configure.ac b/configure.ac -index da2f940..4fc67bf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1805,6 +1805,7 @@ fi - AC_PROG_INSTALL - - AC_CONFIG_HEADER(config.h) -+AC_CONFIG_FILES([libpcap.pc]) - - AC_OUTPUT_COMMANDS([if test -f .devel; then - echo timestamp > stamp-h -diff --git a/libpcap.pc.in b/libpcap.pc.in -new file mode 100644 -index 0000000..4f78ad8 ---- /dev/null -+++ b/libpcap.pc.in -@@ -0,0 +1,10 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+Name: libpcap -+Description: System-independent interface for user-level packet capture. -+Version: @VERSION@ -+Libs: -L${libdir} -lpcap -+Cflags: -I${includedir} --- -2.1.4 - diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb deleted file mode 100644 index 13dfbd67a..000000000 --- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb +++ /dev/null @@ -1,31 +0,0 @@ -require libpcap.inc - -SRC_URI += " \ - file://libpcap-pkgconfig-support.patch \ - file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \ - file://0002-Add-missing-compiler_state_t-parameter.patch \ - file://disable-remote.patch \ - file://fix-grammar-deps.patch \ -" - -SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447" -SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e" - -# -# make install doesn't cover the shared lib -# make install-shared is just broken (no symlinks) -# - -do_configure_prepend () { - #remove hardcoded references to /usr/include - sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac -} - -do_install_prepend () { - install -d ${D}${libdir} - install -d ${D}${bindir} - oe_runmake install-shared DESTDIR=${D} - oe_libinstall -a -so libpcap ${D}${libdir} - sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc - install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc -} diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb new file mode 100644 index 000000000..78361561e --- /dev/null +++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb @@ -0,0 +1,45 @@ +SUMMARY = "Interface for user-level network packet capture" +DESCRIPTION = "Libpcap provides a portable framework for low-level network \ +monitoring. Libpcap can provide network statistics collection, \ +security monitoring and network debugging." +HOMEPAGE = "http://www.tcpdump.org/" +BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" +SECTION = "libs/network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ + file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" +DEPENDS = "flex-native bison-native" + +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ + file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \ + " +SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33" +SRC_URI[sha256sum] = "2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019" + +inherit autotools binconfig-disabled pkgconfig bluetooth + +BINCONFIG = "${bindir}/pcap-config" + +# Explicitly disable dag support. We don't have recipe for it and if enabled here, +# configure script poisons the include dirs with /usr/local/include even when the +# support hasn't been detected. +EXTRA_OECONF = " \ + --with-pcap=linux \ + --without-dag \ + " +EXTRA_AUTORECONF += "--exclude=aclocal" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" + +do_configure_prepend () { + #remove hardcoded references to /usr/include + sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac +} + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch deleted file mode 100644 index 7e97e8ec3..000000000 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch +++ /dev/null @@ -1,18 +0,0 @@ -The mobile-broadband-provider-info.pc file is installed into a non-arch directory -yet contains libdir which can vary depending on which multilib is configured. -The .pc file does not require libdir so remove this to fix multilib builds. - -Upstream-Status: Backport [8109fcd3c7299fae859fb891ff416927581a9955] -Signed-off-by: Zhixiong Chi - -Index: git/mobile-broadband-provider-info.pc.in -=================================================================== ---- git.orig/mobile-broadband-provider-info.pc.in 2018-08-07 13:09:31.811364063 +0800 -+++ git/mobile-broadband-provider-info.pc.in 2018-08-10 17:49:25.645288320 +0800 -@@ -1,6 +1,5 @@ - prefix=@prefix@ - exec_prefix=@exec_prefix@ --libdir=@libdir@ - datarootdir = @datarootdir@ - pkgdatadir=${datarootdir}/@PACKAGE@ - includedir=@includedir@ diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 7f1dd78c1..77adcebba 100644 --- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -3,13 +3,11 @@ HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProvider SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" -PV = "20170310" +SRCREV = "c7def60ba50d9cc30a90f69f89d7e82243501e86" +PV = "20190116" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https \ - file://multilibfix.patch \ -" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" S = "${WORKDIR}/git" inherit autotools diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch new file mode 100644 index 000000000..a44d1bf2f --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch @@ -0,0 +1,32 @@ +From 4f115fc314646500f7b4178d7248a02654c7cd10 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 30 Nov 2018 16:47:57 -0800 +Subject: [PATCH] Do not pass null pointer to freeaddrinfo() + +Passing null pointer as input parameter to freeaddrinfo() is undefined +behaviour, some libcs e.g. glibc might just call free() which does +accept null pointer but other libcs e.g. musl might not and instead +cause the program to segfault. Therefore do not rely on undefined +behaviour instead make it deterministic + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + support/export/client.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: nfs-utils-2.3.2/support/export/client.c +=================================================================== +--- nfs-utils-2.3.2.orig/support/export/client.c ++++ nfs-utils-2.3.2/support/export/client.c +@@ -309,7 +309,8 @@ client_lookup(char *hname, int canonical + init_addrlist(clp, ai); + + out: +- freeaddrinfo(ai); ++ if (ai) ++ freeaddrinfo(ai); + return clp; + } + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch new file mode 100644 index 000000000..23bc3eaf7 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch @@ -0,0 +1,40 @@ +From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001 +From: Pascal Bach +Date: Wed, 13 Feb 2019 09:28:07 +0100 +Subject: [PATCH] Don't build tools with CC_FOR_BUILD + +The tools are intended for the target not for the host. + +Upstream-Status: Pending + +Signed-off-by: Pascal Bach +--- + tools/locktest/Makefile.am | 1 - + tools/rpcgen/Makefile.am | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am +index 3156815..87d0bac 100644 +--- a/tools/locktest/Makefile.am ++++ b/tools/locktest/Makefile.am +@@ -1,6 +1,5 @@ + ## Process this file with automake to produce Makefile.in + +-CC=$(CC_FOR_BUILD) + LIBTOOL = @LIBTOOL@ --tag=CC + + noinst_PROGRAMS = testlk +diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am +index 8a9ec89..3e092c9 100644 +--- a/tools/rpcgen/Makefile.am ++++ b/tools/rpcgen/Makefile.am +@@ -1,6 +1,5 @@ + ## Process this file with automake to produce Makefile.in + +-CC=$(CC_FOR_BUILD) + LIBTOOL = @LIBTOOL@ --tag=CC + + noinst_PROGRAMS = rpcgen +-- +2.11.0 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch new file mode 100644 index 000000000..aa551ebd1 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -0,0 +1,295 @@ +From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Fri, 14 Dec 2018 17:44:32 +0800 +Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a + +The source file of libnsm.a uses some function +in ../support/misc/file.c, add ../support/misc/file.c +to libnsm_a_SOURCES to fix build error when run +"make -C tests statdb_dump": +| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname': +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames': +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir' +| collect2: error: ld returned 1 exit status + +As there is already one source file named file.c +as support/nsm/file.c in support/nsm/Makefile.am, +so rename ../support/misc/file.c to ../support/misc/misc.c. + +Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] + +Signed-off-by: Mingli Yu +--- + support/misc/Makefile.am | 2 +- + support/misc/file.c | 111 ----------------------------------------------- + support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++ + support/nsm/Makefile.am | 2 +- + 4 files changed, 113 insertions(+), 113 deletions(-) + delete mode 100644 support/misc/file.c + create mode 100644 support/misc/misc.c + +diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am +index 8936b0d..d4c1f76 100644 +--- a/support/misc/Makefile.am ++++ b/support/misc/Makefile.am +@@ -1,6 +1,6 @@ + ## Process this file with automake to produce Makefile.in + + noinst_LIBRARIES = libmisc.a +-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c ++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c + + MAINTAINERCLEANFILES = Makefile.in +diff --git a/support/misc/file.c b/support/misc/file.c +deleted file mode 100644 +index e7c3819..0000000 +--- a/support/misc/file.c ++++ /dev/null +@@ -1,111 +0,0 @@ +-/* +- * Copyright 2009 Oracle. All rights reserved. +- * Copyright 2017 Red Hat, Inc. All rights reserved. +- * +- * This file is part of nfs-utils. +- * +- * nfs-utils is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; either version 2 of the License, or +- * (at your option) any later version. +- * +- * nfs-utils is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with nfs-utils. If not, see . +- */ +- +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "xlog.h" +-#include "misc.h" +- +-/* +- * Returns a dynamically allocated, '\0'-terminated buffer +- * containing an appropriate pathname, or NULL if an error +- * occurs. Caller must free the returned result with free(3). +- */ +-__attribute__((__malloc__)) +-char * +-generic_make_pathname(const char *base, const char *leaf) +-{ +- size_t size; +- char *path; +- int len; +- +- size = strlen(base) + strlen(leaf) + 2; +- if (size > PATH_MAX) +- return NULL; +- +- path = malloc(size); +- if (path == NULL) +- return NULL; +- +- len = snprintf(path, size, "%s/%s", base, leaf); +- if ((len < 0) || ((size_t)len >= size)) { +- free(path); +- return NULL; +- } +- +- return path; +-} +- +- +-/** +- * generic_setup_basedir - set up basedir +- * @progname: C string containing name of program, for error messages +- * @parentdir: C string containing pathname to on-disk state, or NULL +- * @base: character buffer to contain the basedir that is set up +- * @baselen: size of @base in bytes +- * +- * This runs before logging is set up, so error messages are directed +- * to stderr. +- * +- * Returns true and sets up our basedir, if @parentdir was valid +- * and usable; otherwise false is returned. +- */ +-_Bool +-generic_setup_basedir(const char *progname, const char *parentdir, char *base, +- const size_t baselen) +-{ +- static char buf[PATH_MAX]; +- struct stat st; +- char *path; +- +- /* First: test length of name and whether it exists */ +- if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) { +- (void)fprintf(stderr, "%s: Directory name too long: %s", +- progname, parentdir); +- return false; +- } +- if (lstat(parentdir, &st) == -1) { +- (void)fprintf(stderr, "%s: Failed to stat %s: %s", +- progname, parentdir, strerror(errno)); +- return false; +- } +- +- /* Ensure we have a clean directory pathname */ +- strncpy(buf, parentdir, sizeof(buf)-1); +- path = dirname(buf); +- if (*path == '.') { +- (void)fprintf(stderr, "%s: Unusable directory %s", +- progname, parentdir); +- return false; +- } +- +- xlog(D_CALL, "Using %s as the state directory", parentdir); +- strcpy(base, parentdir); +- return true; +-} +diff --git a/support/misc/misc.c b/support/misc/misc.c +new file mode 100644 +index 0000000..e7c3819 +--- /dev/null ++++ b/support/misc/misc.c +@@ -0,0 +1,111 @@ ++/* ++ * Copyright 2009 Oracle. All rights reserved. ++ * Copyright 2017 Red Hat, Inc. All rights reserved. ++ * ++ * This file is part of nfs-utils. ++ * ++ * nfs-utils is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * nfs-utils is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with nfs-utils. If not, see . ++ */ ++ ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "xlog.h" ++#include "misc.h" ++ ++/* ++ * Returns a dynamically allocated, '\0'-terminated buffer ++ * containing an appropriate pathname, or NULL if an error ++ * occurs. Caller must free the returned result with free(3). ++ */ ++__attribute__((__malloc__)) ++char * ++generic_make_pathname(const char *base, const char *leaf) ++{ ++ size_t size; ++ char *path; ++ int len; ++ ++ size = strlen(base) + strlen(leaf) + 2; ++ if (size > PATH_MAX) ++ return NULL; ++ ++ path = malloc(size); ++ if (path == NULL) ++ return NULL; ++ ++ len = snprintf(path, size, "%s/%s", base, leaf); ++ if ((len < 0) || ((size_t)len >= size)) { ++ free(path); ++ return NULL; ++ } ++ ++ return path; ++} ++ ++ ++/** ++ * generic_setup_basedir - set up basedir ++ * @progname: C string containing name of program, for error messages ++ * @parentdir: C string containing pathname to on-disk state, or NULL ++ * @base: character buffer to contain the basedir that is set up ++ * @baselen: size of @base in bytes ++ * ++ * This runs before logging is set up, so error messages are directed ++ * to stderr. ++ * ++ * Returns true and sets up our basedir, if @parentdir was valid ++ * and usable; otherwise false is returned. ++ */ ++_Bool ++generic_setup_basedir(const char *progname, const char *parentdir, char *base, ++ const size_t baselen) ++{ ++ static char buf[PATH_MAX]; ++ struct stat st; ++ char *path; ++ ++ /* First: test length of name and whether it exists */ ++ if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) { ++ (void)fprintf(stderr, "%s: Directory name too long: %s", ++ progname, parentdir); ++ return false; ++ } ++ if (lstat(parentdir, &st) == -1) { ++ (void)fprintf(stderr, "%s: Failed to stat %s: %s", ++ progname, parentdir, strerror(errno)); ++ return false; ++ } ++ ++ /* Ensure we have a clean directory pathname */ ++ strncpy(buf, parentdir, sizeof(buf)-1); ++ path = dirname(buf); ++ if (*path == '.') { ++ (void)fprintf(stderr, "%s: Unusable directory %s", ++ progname, parentdir); ++ return false; ++ } ++ ++ xlog(D_CALL, "Using %s as the state directory", parentdir); ++ strcpy(base, parentdir); ++ return true; ++} +diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am +index 8f5874e..68f1a46 100644 +--- a/support/nsm/Makefile.am ++++ b/support/nsm/Makefile.am +@@ -10,7 +10,7 @@ GENFILES = $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H) + EXTRA_DIST = sm_inter.x + + noinst_LIBRARIES = libnsm.a +-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c ++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c + + BUILT_SOURCES = $(GENFILES) + +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch new file mode 100644 index 000000000..906ac0f90 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch @@ -0,0 +1,50 @@ +From fcece65d1b713eaeef41706898440302f8ce92d9 Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Thu, 12 Jul 2018 15:19:41 +0800 +Subject: [PATCH] Makefile.am: update the path of libnfs.a + +The libnfs.a is under ../support/nfs/.libs/ now, +update the reference path accordingly to fix below +build error when run "make -C tests statdb_dump": +| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'. Stop. + +And below error when run "make -C tests/nsm_client nsm_client" +| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'. Stop. + +Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502636522745&w=2] + +Signed-off-by: Mingli Yu +--- + tests/Makefile.am | 2 +- + tests/nsm_client/Makefile.am | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 1f96264..74aa629 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -3,7 +3,7 @@ + check_PROGRAMS = statdb_dump + statdb_dump_SOURCES = statdb_dump.c + +-statdb_dump_LDADD = ../support/nfs/libnfs.a \ ++statdb_dump_LDADD = ../support/nfs/.libs/libnfs.a \ + ../support/nsm/libnsm.a $(LIBCAP) + + SUBDIRS = nsm_client +diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am +index a8fc131..43db9c2 100644 +--- a/tests/nsm_client/Makefile.am ++++ b/tests/nsm_client/Makefile.am +@@ -13,7 +13,7 @@ check_PROGRAMS = nsm_client + nsm_client_SOURCES = $(GENFILES) nsm_client.c + + BUILT_SOURCES = $(GENFILES) +-nsm_client_LDADD = ../../support/nfs/libnfs.a \ ++nsm_client_LDADD = ../../support/nfs/.libs/libnfs.a \ + ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC) + + if CONFIG_RPCGEN +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch new file mode 100644 index 000000000..bafff5b9c --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch @@ -0,0 +1,38 @@ +From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 1 Dec 2018 10:02:12 -0800 +Subject: [PATCH] cacheio: use intmax_t for formatted IO + +time_t is not same size on x32 ABI (ILP32) + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + support/nfs/cacheio.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c +index 9dc4cf1..2086a95 100644 +--- a/support/nfs/cacheio.c ++++ b/support/nfs/cacheio.c +@@ -17,6 +17,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -234,7 +235,7 @@ cache_flush(int force) + stb.st_mtime > now) + stb.st_mtime = time(0); + +- sprintf(stime, "%ld\n", stb.st_mtime); ++ sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime); + for (c=0; cachelist[c]; c++) { + int fd; + sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]); +-- +2.19.2 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch new file mode 100644 index 000000000..17aabb9e4 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch @@ -0,0 +1,43 @@ +From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Mon, 17 Dec 2018 15:29:47 +0800 +Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes + +There comes below error when run "make -C tests/nsm_client nsm_client" +| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes] + +It is because rpcgen doesn't generate -Wmissing-prototypes +free code for nlm_sm_inter_svc.c with below logic +in tests/nsm_client/Makefile.am +[snip] +GENFILES_SVC = nlm_sm_inter_svc.c +[snip] +$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN) + test -f $@ && rm -rf $@ || true + $(RPCGEN) -m -o $@ $< + +So add the logic not to fatalize -Wmissing-prototypes. + +Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2] + +Signed-off-by: Mingli Yu +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index e82ff14..d0cc5d5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -548,7 +548,7 @@ my_am_cflags="\ + -Wall \ + -Wextra \ + -Werror=strict-prototypes \ +- -Werror=missing-prototypes \ ++ -Wmissing-prototypes \ + -Werror=missing-declarations \ + -Werror=format=2 \ + -Werror=undef \ +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch new file mode 100644 index 000000000..1d693e414 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch @@ -0,0 +1,183 @@ +Clang comes up with more printf format warnings +Correcting “format string is not a string literal” warning +requires us to declare that parameter is a printf style +format using the attribute flag + +Upstream-Status: Pending + +Signed-off-by: Khem Raj + +Index: nfs-utils-2.3.3/support/include/xcommon.h +=================================================================== +--- nfs-utils-2.3.3.orig/support/include/xcommon.h ++++ nfs-utils-2.3.3/support/include/xcommon.h +@@ -27,7 +27,7 @@ + + /* Functions in sundries.c that are used in mount.c and umount.c */ + char *canonicalize (const char *path); +-void nfs_error (const char *fmt, ...); ++void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); + void *xmalloc (size_t size); + void *xrealloc(void *p, size_t size); + void xfree(void *); +@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n); + char *xstrconcat2 (const char *, const char *); + char *xstrconcat3 (const char *, const char *, const char *); + char *xstrconcat4 (const char *, const char *, const char *, const char *); +-void die (int errcode, const char *fmt, ...); ++void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); + +-extern void die(int err, const char *fmt, ...); ++extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); + extern void (*at_die)(void); + + /* exit status - bits below are ORed */ +Index: nfs-utils-2.3.3/support/include/xlog.h +=================================================================== +--- nfs-utils-2.3.3.orig/support/include/xlog.h ++++ nfs-utils-2.3.3/support/include/xlog.h +@@ -43,10 +43,10 @@ void xlog_config(int fac, int on); + void xlog_sconfig(char *, int on); + void xlog_from_conffile(char *); + int xlog_enabled(int fac); +-void xlog(int fac, const char *fmt, ...); +-void xlog_warn(const char *fmt, ...); +-void xlog_err(const char *fmt, ...); +-void xlog_errno(int err, const char *fmt, ...); +-void xlog_backend(int fac, const char *fmt, va_list args); ++void xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); ++void xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); ++void xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); ++void xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); ++void xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0))); + + #endif /* XLOG_H */ +Index: nfs-utils-2.3.3/support/nfs/xcommon.c +=================================================================== +--- nfs-utils-2.3.3.orig/support/nfs/xcommon.c ++++ nfs-utils-2.3.3/support/nfs/xcommon.c +@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) { + + fmt2 = xstrconcat2 (fmt, "\n"); + va_start (args, fmt); ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wformat-nonliteral" + vfprintf (stderr, fmt2, args); ++#pragma clang diagnostic pop + va_end (args); + free (fmt2); + } +Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c ++++ nfs-utils-2.3.3/utils/exportfs/exportfs.c +@@ -644,6 +644,7 @@ out: + return result; + } + ++__attribute__((__format__ (__printf__, 2, 3))) + static char + dumpopt(char c, char *fmt, ...) + { +Index: nfs-utils-2.3.3/utils/statd/statd.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/statd/statd.c ++++ nfs-utils-2.3.3/utils/statd/statd.c +@@ -136,7 +136,7 @@ static void log_modes(void) + strcat(buf, "TI-RPC "); + #endif + +- xlog_warn(buf); ++ xlog_warn("%s", buf); + } + + /* +Index: nfs-utils-2.3.3/support/nfs/svc_create.c +=================================================================== +--- nfs-utils-2.3.3.orig/support/nfs/svc_create.c ++++ nfs-utils-2.3.3/support/nfs/svc_create.c +@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s + type = SOCK_STREAM; + break; + default: +- xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u", ++ xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu", + __func__, nconf->nc_semantics); + return -1; + } +Index: nfs-utils-2.3.3/support/nsm/rpc.c +=================================================================== +--- nfs-utils-2.3.3.orig/support/nsm/rpc.c ++++ nfs-utils-2.3.3/support/nsm/rpc.c +@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s + uint32_t xid; + XDR xdr; + +- xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version); ++ xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version); + + nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr); + xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS, +Index: nfs-utils-2.3.3/utils/mountd/cache.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/mountd/cache.c ++++ nfs-utils-2.3.3/utils/mountd/cache.c +@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str + } else if (found_type == i && found->m_warned == 0) { + xlog(L_WARNING, "%s exported to both %s and %s, " + "arbitrarily choosing options from first", +- path, found->m_client->m_hostname, exp->m_client->m_hostname, +- dom); ++ path, found->m_client->m_hostname, exp->m_client->m_hostname); + found->m_warned = 1; + } + } +Index: nfs-utils-2.3.3/utils/mountd/mountd.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/mountd/mountd.c ++++ nfs-utils-2.3.3/utils/mountd/mountd.c +@@ -213,7 +213,7 @@ static void + sig_hup (int sig) + { + /* don't exit on SIGHUP */ +- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig); ++ xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig); + return; + } + +Index: nfs-utils-2.3.3/utils/statd/rmtcall.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c ++++ nfs-utils-2.3.3/utils/statd/rmtcall.c +@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds) + xlog_warn("%s: service %d not registered on localhost", + __func__, NL_MY_PROG(lp)); + } else { +- xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded", ++ xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded", + __func__, NL_MY_NAME(lp), NL_MON_NAME(lp)); + } + nlist_free(¬ify, lp); +Index: nfs-utils-2.3.3/utils/statd/svc_run.c +=================================================================== +--- nfs-utils-2.3.3.orig/utils/statd/svc_run.c ++++ nfs-utils-2.3.3/utils/statd/svc_run.c +@@ -53,6 +53,7 @@ + + #include + #include ++#include + #include "statd.h" + #include "notlist.h" + +@@ -104,8 +105,8 @@ my_svc_run(int sockfd) + + tv.tv_sec = NL_WHEN(notify) - now; + tv.tv_usec = 0; +- xlog(D_GENERAL, "Waiting for reply... (timeo %d)", +- tv.tv_sec); ++ xlog(D_GENERAL, "Waiting for reply... (timeo %jd)", ++ (intmax_t)tv.tv_sec); + selret = select(FD_SETSIZE, &readfds, + (void *) 0, (void *) 0, &tv); + } else { diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch deleted file mode 100644 index 993f1e5ea..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch +++ /dev/null @@ -1,42 +0,0 @@ -nfs-utils: Do not pass CFLAGS to gcc while building - -Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has -been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD). - -Upstream-Status: Pending - -Signed-off-by: Chong Lu ---- - tools/locktest/Makefile.am | 2 ++ - tools/rpcgen/Makefile.am | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index 3156815..1729fd1 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -1,6 +1,8 @@ - ## Process this file with automake to produce Makefile.in - - CC=$(CC_FOR_BUILD) -+CFLAGS= -+LDFLAGS= - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = testlk -diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am -index 8a9ec89..8bacdaa 100644 ---- a/tools/rpcgen/Makefile.am -+++ b/tools/rpcgen/Makefile.am -@@ -1,6 +1,8 @@ - ## Process this file with automake to produce Makefile.in - - CC=$(CC_FOR_BUILD) -+CFLAGS= -+LDFLAGS= - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = rpcgen --- -1.7.9.5 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch index a169e6a22..22002fadc 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch @@ -1,17 +1,24 @@ +From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001 +From: Robert Yang +Date: Tue, 26 Jun 2018 15:59:00 +0800 +Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1 + Fixed: configure: error: res_querydomain needed -Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/musl-res_querydomain.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096] +Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch] Signed-off-by: Robert Yang + --- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + configure.ac | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac +index 276dec3..760238b 100644 --- a/configure.ac +++ b/configure.ac -@@ -401,7 +401,7 @@ if test "$enable_gss" = yes; then +@@ -408,7 +408,7 @@ if test "$enable_gss" = yes; then fi dnl libdnsidmap specific checks @@ -20,3 +27,31 @@ diff --git a/configure.ac b/configure.ac AC_ARG_ENABLE([ldap], [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])]) +@@ -547,11 +547,11 @@ my_am_cflags="\ + -pipe \ + -Wall \ + -Wextra \ +- -Werror=strict-prototypes \ +- -Werror=missing-prototypes \ +- -Werror=missing-declarations \ ++ -Wstrict-prototypes \ ++ -Wmissing-prototypes \ ++ -Wmissing-declarations \ + -Werror=format=2 \ +- -Werror=undef \ ++ -Wundef \ + -Werror=missing-include-dirs \ + -Werror=strict-aliasing=2 \ + -Werror=init-self \ +@@ -579,10 +579,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [ + + CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1]) + CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) +-CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) + CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) + +-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) ++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"]) + + # Make sure that $ACLOCAL_FLAGS are used during a rebuild + AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb deleted file mode 100644 index 6d450c751..000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb +++ /dev/null @@ -1,151 +0,0 @@ -SUMMARY = "userspace utilities for kernel nfs" -DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ -NFS server and related tools." -HOMEPAGE = "http://nfs.sourceforge.net/" -SECTION = "console/network" - -LICENSE = "MIT & GPLv2+ & BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" - -# util-linux for libblkid -DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client bash" -RRECOMMENDS_${PN} = "kernel-module-nfsd" - -inherit useradd - -USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ - --shell /bin/false --user-group rpcuser" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ - file://nfsserver \ - file://nfscommon \ - file://nfs-utils.conf \ - file://nfs-server.service \ - file://nfs-mountd.service \ - file://nfs-statd.service \ - file://proc-fs-nfsd.mount \ - file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ - file://nfs-utils-debianize-start-statd.patch \ - file://bugfix-adjust-statd-service-name.patch \ - file://nfs-utils-musl-limits.patch \ -" - -SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" - -SRC_URI[md5sum] = "d77b182a9ee396aa6221ac2401ad7046" -SRC_URI[sha256sum] = "96d06b5a86b185815760d8f04c34fdface8fa8b9949ff256ac05c3ebc08335a5" - -# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will -# pull in the remainder of the dependencies. - -INITSCRIPT_PACKAGES = "${PN} ${PN}-client" -INITSCRIPT_NAME = "nfsserver" -INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" - -inherit autotools-brokensep update-rc.d systemd pkgconfig - -SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" - -# --enable-uuid is need for cross-compiling -EXTRA_OECONF = "--with-statduser=rpcuser \ - --enable-mountconfig \ - --enable-libmount-mount \ - --enable-uuid \ - --disable-gss \ - --disable-nfsdcltrack \ - --with-statdpath=/var/lib/nfs/statd \ - " - -PACKAGECONFIG ??= "tcp-wrappers \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" -PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -# libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" -# keyutils is available in meta-security -PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" - -PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" - -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ - ${localstatedir}/lib/nfs/rmtab \ - ${localstatedir}/lib/nfs/xtab \ - ${localstatedir}/lib/nfs/statd/state \ - ${sysconfdir}/nfsmount.conf" - -FILES_${PN}-client = "${sbindir}/*statd \ - ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ - ${sbindir}/showmount ${sbindir}/nfsstat \ - ${localstatedir}/lib/nfs \ - ${sysconfdir}/nfs-utils.conf \ - ${sysconfdir}/nfsmount.conf \ - ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" - -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" - -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" -RDEPENDS_${PN}-stats = "python3-core" - -FILES_${PN} += "${systemd_unitdir}" - -do_configure_prepend() { - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/mount/Makefile.am - - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/osd_login/Makefile.am -} - -# Make clean needed because the package comes with -# precompiled 64-bit objects that break the build -do_compile_prepend() { - make clean -} - -do_install_append () { - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver - install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon - - install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} - install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - ${D}${systemd_unitdir}/system/*.service - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount - fi - - # kernel code as of 3.8 hard-codes this path as a default - install -d ${D}/var/lib/nfs/v4recovery - - # chown the directories and files - chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd - chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state - - # the following are built by CC_FOR_BUILD - rm -f ${D}${sbindir}/rpcdebug - rm -f ${D}${sbindir}/rpcgen - rm -f ${D}${sbindir}/locktest - - # Make python tools use python 3 - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat - -} diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb new file mode 100644 index 000000000..ac4437b92 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb @@ -0,0 +1,153 @@ +SUMMARY = "userspace utilities for kernel nfs" +DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ +NFS server and related tools." +HOMEPAGE = "http://nfs.sourceforge.net/" +SECTION = "console/network" + +LICENSE = "MIT & GPLv2+ & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" + +# util-linux for libblkid +DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" +RDEPENDS_${PN} = "${PN}-client bash" +RRECOMMENDS_${PN} = "kernel-module-nfsd" + +inherit useradd + +USERADD_PACKAGES = "${PN}-client" +USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ + --shell /bin/false --user-group rpcuser" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ + file://nfsserver \ + file://nfscommon \ + file://nfs-utils.conf \ + file://nfs-server.service \ + file://nfs-mountd.service \ + file://nfs-statd.service \ + file://proc-fs-nfsd.mount \ + file://nfs-utils-debianize-start-statd.patch \ + file://bugfix-adjust-statd-service-name.patch \ + file://nfs-utils-musl-limits.patch \ + file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \ + file://0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch \ + file://clang-format-string.patch \ + file://0001-Makefile.am-update-the-path-of-libnfs.a.patch \ + file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ + file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ +" +SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" +SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" + +SRC_URI[md5sum] = "b6c9c032995af1c08fea9fbcc1ce33e9" +SRC_URI[sha256sum] = "f68b34793831b05f1fd5760d6bdec92772c7684177586a99a61e7b444f336322" + +# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will +# pull in the remainder of the dependencies. + +INITSCRIPT_PACKAGES = "${PN} ${PN}-client" +INITSCRIPT_NAME = "nfsserver" +INITSCRIPT_PARAMS = "defaults" +INITSCRIPT_NAME_${PN}-client = "nfscommon" +INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" + +inherit autotools-brokensep update-rc.d systemd pkgconfig + +SYSTEMD_PACKAGES = "${PN} ${PN}-client" +SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" + +# --enable-uuid is need for cross-compiling +EXTRA_OECONF = "--with-statduser=rpcuser \ + --enable-mountconfig \ + --enable-libmount-mount \ + --enable-uuid \ + --disable-gss \ + --disable-nfsdcltrack \ + --with-statdpath=/var/lib/nfs/statd \ + " + +CFLAGS += "-Wno-error=format-overflow" + +PACKAGECONFIG ??= "tcp-wrappers \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +# libdevmapper is available in meta-oe +PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" +# keyutils is available in meta-security +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" + +PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" + +CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ + ${localstatedir}/lib/nfs/rmtab \ + ${localstatedir}/lib/nfs/xtab \ + ${localstatedir}/lib/nfs/statd/state \ + ${sysconfdir}/nfsmount.conf" + +FILES_${PN}-client = "${sbindir}/*statd \ + ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ + ${sbindir}/showmount ${sbindir}/nfsstat \ + ${localstatedir}/lib/nfs \ + ${sysconfdir}/nfs-utils.conf \ + ${sysconfdir}/nfsmount.conf \ + ${sysconfdir}/init.d/nfscommon \ + ${systemd_unitdir}/system/nfs-statd.service" +RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + +FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" + +FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" +RDEPENDS_${PN}-stats = "python3-core" + +FILES_${PN} += "${systemd_unitdir}" + +do_configure_prepend() { + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/mount/Makefile.am + + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/osd_login/Makefile.am +} + +# Make clean needed because the package comes with +# precompiled 64-bit objects that break the build +do_compile_prepend() { + make clean +} + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver + install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon + + install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} + install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${systemd_unitdir}/system/*.service + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + fi + + # kernel code as of 3.8 hard-codes this path as a default + install -d ${D}/var/lib/nfs/v4recovery + + # chown the directories and files + chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd + chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state + + # Make python tools use python 3 + sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat + +} diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb deleted file mode 100644 index be7d9ea85..000000000 --- a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb +++ /dev/null @@ -1,9 +0,0 @@ -require ofono.inc - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://ofono \ - file://use-python3.patch \ -" -SRC_URI[md5sum] = "be24e80f6551f46fea0c5b5879964d6c" -SRC_URI[sha256sum] = "9c8e351b7658f4b43f9a4380b731c47d2d7544a89987c48c3f227e73636c87ae" diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb new file mode 100644 index 000000000..3688b9d2f --- /dev/null +++ b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb @@ -0,0 +1,9 @@ +require ofono.inc + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://ofono \ + file://use-python3.patch \ +" +SRC_URI[md5sum] = "31450cabdd8dbbf3f808ea2f2f066863" +SRC_URI[sha256sum] = "eb011fcd3080e93f3a56f96be60350b6595a8b5f36b61646312ba41b0bcb0d75" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb deleted file mode 100644 index f54dfb5de..000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb +++ /dev/null @@ -1,164 +0,0 @@ -SUMMARY = "A suite of security-related network utilities based on \ -the SSH protocol including the ssh client and sshd server" -DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ -Ssh (Secure Shell) is a program for logging into a remote machine \ -and for executing commands on a remote machine." -HOMEPAGE = "http://www.openssh.com/" -SECTION = "console/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" - -DEPENDS = "zlib openssl" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \ - file://sshd_config \ - file://ssh_config \ - file://init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://sshd.socket \ - file://sshd@.service \ - file://sshdgenkeys.service \ - file://volatiles.99_sshd \ - file://run-ptest \ - file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ - file://sshd_check_keys \ - file://add-test-support-for-busybox.patch \ - " - -PAM_SRC_URI = "file://sshd" - -SRCREV = "cce8cbe0ed7d1ba3a575310e0b63c193326ae616" - -S = "${WORKDIR}/git" - -inherit useradd update-rc.d update-alternatives systemd - -USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" -INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" - -inherit autotools-brokensep ptest - -EXTRA_AUTORECONF += "--exclude=aclocal" - -# login path is hardcoded in sshd -EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - --without-zlib-version-check \ - --with-privsep-path=${localstatedir}/run/sshd \ - --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=${bindir}/xauth \ - --disable-strip \ - " - -# musl doesn't implement wtmp/utmp -EXTRA_OECONF_append_libc-musl = " --disable-wtmp" - -# Since we do not depend on libbsd, we do not want configure to use it -# just because it finds libutil.h. But, specifying --disable-libutil -# causes compile errors, so... -CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" - -# passwd path is hardcoded in sshd -CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" - -# We don't want to depend on libblockfile -CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" - -do_configure_prepend () { - export LD="${CC}" - install -m 0644 ${WORKDIR}/sshd_config ${B}/ - install -m 0644 ${WORKDIR}/ssh_config ${B}/ -} - -do_compile_ptest() { - # skip regress/unittests/ binaries: this will silently skip - # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ - regress/check-perm regress/mkdtemp -} - -do_install_append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd - rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin - rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} - install -d ${D}/${sysconfdir}/default/volatiles - install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} - - # Create config files for read-only rootfs - install -d ${D}${sysconfdir}/ssh - install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service - - sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${sysconfdir}/init.d/sshd - - install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys -} - -do_install_ptest () { - sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh - cp -r regress ${D}${PTEST_PATH} -} - -ALLOW_EMPTY_${PN} = "1" - -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make" - -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" - -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" - -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" - -ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" - -BBCLASSEXTEND += "nativesdk" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb new file mode 100644 index 000000000..2a23f64b8 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb @@ -0,0 +1,162 @@ +SUMMARY = "A suite of security-related network utilities based on \ +the SSH protocol including the ssh client and sshd server" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine." +HOMEPAGE = "http://www.openssh.com/" +SECTION = "console/network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" + +DEPENDS = "zlib openssl" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://sshd_config \ + file://ssh_config \ + file://init \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.socket \ + file://sshd@.service \ + file://sshdgenkeys.service \ + file://volatiles.99_sshd \ + file://run-ptest \ + file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://sshd_check_keys \ + file://add-test-support-for-busybox.patch \ + " +SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f" +SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad" + +PAM_SRC_URI = "file://sshd" + +inherit useradd update-rc.d update-alternatives systemd + +USERADD_PACKAGES = "${PN}-sshd" +USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +INITSCRIPT_PACKAGES = "${PN}-sshd" +INITSCRIPT_NAME_${PN}-sshd = "sshd" +INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}-sshd" +SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" + +inherit autotools-brokensep ptest + +EXTRA_AUTORECONF += "--exclude=aclocal" + +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + --without-zlib-version-check \ + --with-privsep-path=${localstatedir}/run/sshd \ + --sysconfdir=${sysconfdir}/ssh \ + --with-xauth=${bindir}/xauth \ + --disable-strip \ + " + +# musl doesn't implement wtmp/utmp +EXTRA_OECONF_append_libc-musl = " --disable-wtmp" + +# Since we do not depend on libbsd, we do not want configure to use it +# just because it finds libutil.h. But, specifying --disable-libutil +# causes compile errors, so... +CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" + +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + +# We don't want to depend on libblockfile +CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" + +do_configure_prepend () { + export LD="${CC}" + install -m 0644 ${WORKDIR}/sshd_config ${B}/ + install -m 0644 ${WORKDIR}/ssh_config ${B}/ +} + +do_compile_ptest() { + # skip regress/unittests/ binaries: this will silently skip + # unittests in run-ptests which is good because they are so slow. + oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ + regress/check-perm regress/mkdtemp +} + +do_install_append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd + rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin + rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} + install -d ${D}/${sysconfdir}/default/volatiles + install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd + install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} + + # Create config files for read-only rootfs + install -d ${D}${sysconfdir}/ssh + install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly + sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + + install -d ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + + sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${sysconfdir}/init.d/sshd + + install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys +} + +do_install_ptest () { + sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh + cp -r regress ${D}${PTEST_PATH} +} + +ALLOW_EMPTY_${PN} = "1" + +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" +FILES_${PN}-scp = "${bindir}/scp.${BPN}" +FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" +FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES_${PN}-sftp = "${bindir}/sftp" +FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES_${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make" + +RPROVIDES_${PN}-ssh = "ssh" +RPROVIDES_${PN}-sshd = "sshd" + +RCONFLICTS_${PN} = "dropbear" +RCONFLICTS_${PN}-sshd = "dropbear" + +CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" + +ALTERNATIVE_PRIORITY = "90" +ALTERNATIVE_${PN}-scp = "scp" +ALTERNATIVE_${PN}-ssh = "ssh" + +BBCLASSEXTEND += "nativesdk" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 80b62ab18..949c78834 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -20,6 +20,11 @@ https://patchwork.openembedded.org/patch/147229/ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Martin Hundebøll + + +Update to fix buildpaths qa issue for '-fmacro-prefix-map'. + +Signed-off-by: Kai Kang --- Configurations/unix-Makefile.tmpl | 10 +++++++++- crypto/build.info | 2 +- @@ -29,7 +34,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm index 16af4d2087..54c162784c 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -43,6 +48,7 @@ index 16af4d2087..54c162784c 100644 +CFLAGS_Q={- for (@{$config{CFLAGS}}) { + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; ++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; + } + join(' ', @{$config{CFLAGS}}) -} + diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch new file mode 100644 index 000000000..900ef97fc --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch @@ -0,0 +1,69 @@ +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3] +Signed-off-by: Ross Burton + +From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 5 Mar 2019 14:39:15 +0000 +Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305 + +ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for +every encryption operation. RFC 7539 specifies that the nonce value (IV) +should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and +front pads the nonce with 0 bytes if it is less than 12 bytes. However it +also incorrectly allows a nonce to be set of up to 16 bytes. In this case +only the last 12 bytes are significant and any additional leading bytes are +ignored. + +It is a requirement of using this cipher that nonce values are unique. +Messages encrypted using a reused nonce value are susceptible to serious +confidentiality and integrity attacks. If an application changes the +default nonce length to be longer than 12 bytes and then makes a change to +the leading bytes of the nonce expecting the new value to be a new unique +nonce then such an application could inadvertently encrypt messages with a +reused nonce. + +Additionally the ignored bytes in a long nonce are not covered by the +integrity guarantee of this cipher. Any application that relies on the +integrity of these ignored leading bytes of a long nonce may be further +affected. + +Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe +because no such use sets such a long nonce value. However user +applications that use this cipher directly and set a non-default nonce +length to be longer than 12 bytes may be vulnerable. + +CVE: CVE-2019-1543 + +Fixes #8345 + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8406) + +(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6) +--- + crypto/evp/e_chacha20_poly1305.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c +index c1917bb86a6..d3e2c622a1b 100644 +--- a/crypto/evp/e_chacha20_poly1305.c ++++ b/crypto/evp/e_chacha20_poly1305.c +@@ -30,6 +30,8 @@ typedef struct { + + #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) + ++#define CHACHA20_POLY1305_MAX_IVLEN 12 ++ + static int chacha_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char user_key[CHACHA_KEY_SIZE], + const unsigned char iv[CHACHA_CTR_SIZE], int enc) +@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: +- if (arg <= 0 || arg > CHACHA_CTR_SIZE) ++ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) + return 0; + actx->nonce_len = arg; + return 1; diff --git a/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch new file mode 100644 index 000000000..7c4b084f3 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch @@ -0,0 +1,31 @@ +Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. + +Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] +Signed-off-by: Ross Burton + +diff --git a/Configure b/Configure +index 3baa8ce..9ef52ed 100755 +--- a/Configure ++++ b/Configure +@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) + unless ($disabled{afalgeng}) { + $config{afalgeng}=""; + if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { +- my $minver = 4*10000 + 1*100 + 0; +- if ($config{CROSS_COMPILE} eq "") { +- my $verstr = `uname -r`; +- my ($ma, $mi1, $mi2) = split("\\.", $verstr); +- ($mi2) = $mi2 =~ /(\d+)/; +- my $ver = $ma*10000 + $mi1*100 + $mi2; +- if ($ver < $minver) { +- $disabled{afalgeng} = "too-old-kernel"; +- } else { +- push @{$config{engdirs}}, "afalg"; +- } +- } else { +- $disabled{afalgeng} = "cross-compiling"; +- } ++ push @{$config{engdirs}}, "afalg"; + } else { + $disabled{afalgeng} = "not-linux"; + } diff --git a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh deleted file mode 100644 index 6620fdcb5..000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/sh -# -# Ben Secrest -# -# sh c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. -# -# based on the c_rehash perl script distributed with openssl -# -# LICENSE: See OpenSSL license -# ^^acceptable?^^ -# - -# default certificate location -DIR=/etc/openssl - -# for filetype bitfield -IS_CERT=$(( 1 << 0 )) -IS_CRL=$(( 1 << 1 )) - - -# check to see if a file is a certificate file or a CRL file -# arguments: -# 1. the filename to be scanned -# returns: -# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} -# -check_file() -{ - local IS_TYPE=0 - - # make IFS a newline so we can process grep output line by line - local OLDIFS=${IFS} - IFS=$( printf "\n" ) - - # XXX: could be more efficient to have two 'grep -m' but is -m portable? - for LINE in $( grep '^-----BEGIN .*-----' ${1} ) - do - if echo ${LINE} \ - | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) - - if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] - then - break - fi - elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) - - if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] - then - break - fi - fi - done - - # restore IFS - IFS=${OLDIFS} - - return ${IS_TYPE} -} - - -# -# use openssl to fingerprint a file -# arguments: -# 1. the filename to fingerprint -# 2. the method to use (x509, crl) -# returns: -# none -# assumptions: -# user will capture output from last stage of pipeline -# -fingerprint() -{ - ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' -} - - -# -# link_hash - create links to certificate files -# arguments: -# 1. the filename to create a link for -# 2. the type of certificate being linked (x509, crl) -# returns: -# 0 on success, 1 otherwise -# -link_hash() -{ - local FINGERPRINT=$( fingerprint ${1} ${2} ) - local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) - local SUFFIX=0 - local LINKFILE='' - local TAG='' - - if [ ${2} = "crl" ] - then - TAG='r' - fi - - LINKFILE=${HASH}.${TAG}${SUFFIX} - - while [ -f ${LINKFILE} ] - do - if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] - then - echo "NOTE: Skipping duplicate file ${1}" >&2 - return 1 - fi - - SUFFIX=$(( ${SUFFIX} + 1 )) - LINKFILE=${HASH}.${TAG}${SUFFIX} - done - - echo "${3} => ${LINKFILE}" - - # assume any system with a POSIX shell will either support symlinks or - # do something to handle this gracefully - ln -s ${3} ${LINKFILE} - - return 0 -} - - -# hash_dir create hash links in a given directory -hash_dir() -{ - echo "Doing ${1}" - - cd ${1} - - ls -1 * 2>/dev/null | while read FILE - do - if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ - && [ -h "${FILE}" ] - then - rm ${FILE} - fi - done - - ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE - do - REAL_FILE=${FILE} - # if we run on build host then get to the real files in rootfs - if [ -n "${SYSROOT}" -a -h ${FILE} ] - then - FILE=$( readlink ${FILE} ) - # check the symlink is absolute (or dangling in other word) - if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] - then - REAL_FILE=${SYSROOT}/${FILE} - fi - fi - - check_file ${REAL_FILE} - local FILE_TYPE=${?} - local TYPE_STR='' - - if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] - then - TYPE_STR='x509' - elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] - then - TYPE_STR='crl' - else - echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 - continue - fi - - link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} - done -} - - -# choose the name of an ssl application -if [ -n "${OPENSSL}" ] -then - SSL_CMD=$(which ${OPENSSL} 2>/dev/null) -else - SSL_CMD=/usr/bin/openssl - OPENSSL=${SSL_CMD} - export OPENSSL -fi - -# fix paths -PATH=${PATH}:${DIR}/bin -export PATH - -# confirm existance/executability of ssl command -if ! [ -x ${SSL_CMD} ] -then - echo "${0}: rehashing skipped ('openssl' program not available)" >&2 - exit 0 -fi - -# determine which directories to process -old_IFS=$IFS -if [ ${#} -gt 0 ] -then - IFS=':' - DIRLIST=${*} -elif [ -n "${SSL_CERT_DIR}" ] -then - DIRLIST=$SSL_CERT_DIR -else - DIRLIST=${DIR}/certs -fi - -IFS=':' - -# process directories -for CERT_DIR in ${DIRLIST} -do - if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] - then - IFS=$old_IFS - hash_dir ${CERT_DIR} - IFS=':' - fi -done diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest index 0a620dea7..3fb22471f 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -9,4 +9,4 @@ export TOP=. # OPENSSL_ENGINES is relative from the test binaries export OPENSSL_ENGINES=../engines -perl ./test/run_tests.pl $* +perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb deleted file mode 100644 index 54af100f9..000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb +++ /dev/null @@ -1,363 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77" - -DEPENDS = "hostperl-runtime-native" -DEPENDS_append_class-target = " openssl-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://debian1.0.2/soname.patch \ - file://openssl_fix_for_x32.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://Use-SHA256-not-MD5-as-default-digest.patch \ - file://0001-Fix-build-with-clang-using-external-assembler.patch \ - file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ - file://0001-allow-manpages-to-be-disabled.patch \ - file://0001-Fix-BN_LLONG-breakage.patch \ - file://0001-Fix-DES_LONG-breakage.patch \ - " - -SRC_URI_append_class-target = " \ - file://reproducible-cflags.patch \ - file://reproducible-mkbuildinf.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c" -SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684" - -S = "${WORKDIR}/openssl-${PV}" - -UPSTREAM_CHECK_REGEX = "openssl-(?P1\.0.+)\.tar" - -inherit pkgconfig siteinfo multilib_header ptest manpages - -PACKAGECONFIG ?= "cryptodev-linux" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" -PACKAGECONFIG[manpages] = ",,," -PACKAGECONFIG[perl] = ",,," - -# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE -# vulnerability -EXTRA_OECONF = "no-ssl3" - -EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}" - -export OE_LDFLAGS = "${LDFLAGS}" - -# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810 -CCACHE = "" - -TERMIO ?= "-DTERMIO" -TERMIO_libc-musl = "-DTERMIOS" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ - ${TERMIO} ${CFLAGS} -Wall" - -# Avoid binaries being marked as requiring an executable stack since they don't -# (and it causes issues with SELinux) -CFLAG += "-Wa,--noexecstack" - -CFLAG_append_class-native = " -fPIC" - -do_configure () { - # The crypto_use_bigint patch means that perl's bignum module needs to be - # installed, but some distributions (for example Fedora 23) don't ship it by - # default. As the resulting error is very misleading check for bignum before - # building. - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi - - ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ - - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-elf-armeb - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-sh3) - target=debian-sh3 - ;; - linux-sh4) - target=debian-sh4 - ;; - linux-i486) - target=debian-i386-i486 - ;; - linux-i586 | linux-viac3) - target=debian-i386-i586 - ;; - linux-i686) - target=debian-i386-i686/cmov - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-gnun32-mips*el) - target=debian-mipsn32el - ;; - linux-gnun32-mips*) - target=debian-mipsn32 - ;; - linux-mips*64*el) - target=debian-mips64el - ;; - linux-mips*64*) - target=debian-mips64 - ;; - linux-mips*el) - target=debian-mipsel - ;; - linux-mips*) - target=debian-mips - ;; - linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv8 - ;; - esac - - # inject machine-specific flags - sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )" - perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target -} - -do_compile () { - oe_runmake depend - oe_runmake -} - -do_compile_class-target () { - sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile - oe_runmake depend - cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g') - oe_runmake CC_INFO="$cc_sanitized" -} - -do_compile_ptest () { - oe_runmake buildtest -} - -do_install () { - # Create ${D}/${prefix} to fix parallel issues - mkdir -p ${D}/${prefix}/ - - oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install - - oe_libinstall -so libcrypto ${D}${libdir} - oe_libinstall -so libssl ${D}${libdir} - - install -d ${D}${includedir} - cp --dereference -R include/openssl ${D}${includedir} - - oe_multilib_header openssl/opensslconf.h - - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash - - if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget - else - rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget - fi - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl/certs \ - ${D}${libdir}/ssl/private \ - ${D}${libdir}/ssl/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs - ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private - ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf - - # Rename man pages to prefix openssl10-* - for f in `find ${D}${mandir} -type f`; do - mv $f $(dirname $f)/openssl10-$(basename $f) - done - for f in `find ${D}${mandir} -type l`; do - ln_f=`readlink $f` - rm -f $f - ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) - done -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl/certs \ - SSL_CERT_FILE=${libdir}/ssl/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl/engines -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -do_install_ptest () { - cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} - - # Replace the path to native perl with the path to target perl - sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile - - cp Configure config e_os.h ${D}${PTEST_PATH} - cp -r -L include ${D}${PTEST_PATH} - ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} - ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} - mkdir -p ${D}${PTEST_PATH}/crypto - cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto - cp -r certs ${D}${PTEST_PATH} - mkdir -p ${D}${PTEST_PATH}/apps - ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps - ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps - ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps - cp apps/server.pem ${D}${PTEST_PATH}/apps - cp apps/server2.pem ${D}${PTEST_PATH}/apps - mkdir -p ${D}${PTEST_PATH}/util - install util/opensslwrap.sh ${D}${PTEST_PATH}/util - install util/shlib_wrap.sh ${D}${PTEST_PATH}/util - # Time stamps are relevant for "make alltests", otherwise - # make may try to recompile binaries. Not only must the - # binary files be newer than the sources, they also must - # be more recent than the header files in /usr/include. - # - # Using "cp -a" is not sufficient, because do_install - # does not preserve the original time stamps. - # - # So instead of using the original file stamps, we set - # the current time for all files. Binaries will get - # modified again later when stripping them, but that's okay. - touch ${D}${PTEST_PATH} - find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} - - # exclude binary files or the package won't install - for d in ssltest_old v3ext x509aux; do - rm -rf ${D}${libdir}/${BPN}/ptest/test/$d - done - - # Remove build host references - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the base openssl package and the libcrypto -# package since the base openssl package depends on the libcrypto package. - -PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl10 = "${libdir}/libssl${SOLIBS}" -FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -FILES_${PN}-misc = "${libdir}/ssl/misc" -FILES_${PN} =+ "${libdir}/ssl/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto10 += "openssl10-conf" -RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" -RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" - -BBCLASSEXTEND = "native nativesdk" -PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess" - -# openssl 1.0 development files and executable binaries clash with openssl 1.1 -# files when installed into target rootfs. So we don't put them into -# packages, but they continue to be provided via target sysroot for -# cross-compilation on the host, if some software still depends on openssl 1.0. -openssl_package_preprocess () { - for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do - rm $file - done - rm ${PKGD}${bindir}/openssl - rm ${PKGD}${bindir}/c_rehash - rmdir ${PKGD}${bindir} - -} diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb new file mode 100644 index 000000000..87df4f517 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb @@ -0,0 +1,360 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77" + +DEPENDS = "hostperl-runtime-native" +DEPENDS_append_class-target = " openssl-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://debian1.0.2/soname.patch \ + file://openssl_fix_for_x32.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + file://Use-SHA256-not-MD5-as-default-digest.patch \ + file://0001-Fix-build-with-clang-using-external-assembler.patch \ + file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ + file://0001-allow-manpages-to-be-disabled.patch \ + file://0001-Fix-BN_LLONG-breakage.patch \ + file://0001-Fix-DES_LONG-breakage.patch \ + " + +SRC_URI_append_class-target = " \ + file://reproducible-cflags.patch \ + file://reproducible-mkbuildinf.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac" +SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6" + +S = "${WORKDIR}/openssl-${PV}" + +UPSTREAM_CHECK_REGEX = "openssl-(?P1\.0.+)\.tar" + +inherit pkgconfig siteinfo multilib_header ptest manpages + +PACKAGECONFIG ?= "cryptodev-linux" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" +PACKAGECONFIG[manpages] = ",,," +PACKAGECONFIG[perl] = ",,," + +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +EXTRA_OECONF = "no-ssl3" + +EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}" + +export OE_LDFLAGS = "${LDFLAGS}" + +TERMIO ?= "-DTERMIO" +TERMIO_libc-musl = "-DTERMIOS" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ + ${TERMIO} ${CFLAGS} -Wall" + +# Avoid binaries being marked as requiring an executable stack since they don't +# (and it causes issues with SELinux) +CFLAG += "-Wa,--noexecstack" + +CFLAG_append_class-native = " -fPIC" + +do_configure () { + # The crypto_use_bigint patch means that perl's bignum module needs to be + # installed, but some distributions (for example Fedora 23) don't ship it by + # default. As the resulting error is very misleading check for bignum before + # building. + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi + + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ + + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-elf-armeb + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-sh3) + target=debian-sh3 + ;; + linux-sh4) + target=debian-sh4 + ;; + linux-i486) + target=debian-i386-i486 + ;; + linux-i586 | linux-viac3) + target=debian-i386-i586 + ;; + linux-i686) + target=debian-i386-i686/cmov + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-gnun32-mips*el) + target=debian-mipsn32el + ;; + linux-gnun32-mips*) + target=debian-mipsn32 + ;; + linux-mips*64*el) + target=debian-mips64el + ;; + linux-mips*64*) + target=debian-mips64 + ;; + linux-mips*el) + target=debian-mipsel + ;; + linux-mips*) + target=debian-mips + ;; + linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv8 + ;; + esac + + # inject machine-specific flags + sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )" + perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target +} + +do_compile () { + oe_runmake depend + oe_runmake +} + +do_compile_class-target () { + sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile + oe_runmake depend + cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g') + oe_runmake CC_INFO="$cc_sanitized" +} + +do_compile_ptest () { + oe_runmake buildtest +} + +do_install () { + # Create ${D}/${prefix} to fix parallel issues + mkdir -p ${D}/${prefix}/ + + oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install + + oe_libinstall -so libcrypto ${D}${libdir} + oe_libinstall -so libssl ${D}${libdir} + + install -d ${D}${includedir} + cp --dereference -R include/openssl ${D}${includedir} + + oe_multilib_header openssl/opensslconf.h + + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash + + if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget + else + rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget + fi + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl/certs \ + ${D}${libdir}/ssl/private \ + ${D}${libdir}/ssl/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private + ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf + + # Rename man pages to prefix openssl10-* + for f in `find ${D}${mandir} -type f`; do + mv $f $(dirname $f)/openssl10-$(basename $f) + done + for f in `find ${D}${mandir} -type l`; do + ln_f=`readlink $f` + rm -f $f + ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) + done +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl/certs \ + SSL_CERT_FILE=${libdir}/ssl/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl/engines +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +do_install_ptest () { + cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} + + # Replace the path to native perl with the path to target perl + sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile + + cp Configure config e_os.h ${D}${PTEST_PATH} + cp -r -L include ${D}${PTEST_PATH} + ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/crypto + cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto + cp -r certs ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps + cp apps/server.pem ${D}${PTEST_PATH}/apps + cp apps/server2.pem ${D}${PTEST_PATH}/apps + mkdir -p ${D}${PTEST_PATH}/util + install util/opensslwrap.sh ${D}${PTEST_PATH}/util + install util/shlib_wrap.sh ${D}${PTEST_PATH}/util + # Time stamps are relevant for "make alltests", otherwise + # make may try to recompile binaries. Not only must the + # binary files be newer than the sources, they also must + # be more recent than the header files in /usr/include. + # + # Using "cp -a" is not sufficient, because do_install + # does not preserve the original time stamps. + # + # So instead of using the original file stamps, we set + # the current time for all files. Binaries will get + # modified again later when stripping them, but that's okay. + touch ${D}${PTEST_PATH} + find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} + + # exclude binary files or the package won't install + for d in ssltest_old v3ext x509aux; do + rm -rf ${D}${libdir}/${BPN}/ptest/test/$d + done + + # Remove build host references + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the base openssl package and the libcrypto +# package since the base openssl package depends on the libcrypto package. + +PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl10 = "${libdir}/libssl${SOLIBS}" +FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" +FILES_${PN}-misc = "${libdir}/ssl/misc" +FILES_${PN} =+ "${libdir}/ssl/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto10 += "openssl10-conf" +RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" +RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" + +BBCLASSEXTEND = "native nativesdk" +PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess" + +# openssl 1.0 development files and executable binaries clash with openssl 1.1 +# files when installed into target rootfs. So we don't put them into +# packages, but they continue to be provided via target sysroot for +# cross-compilation on the host, if some software still depends on openssl 1.0. +openssl_package_preprocess () { + for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do + rm $file + done + rm ${PKGD}${bindir}/openssl + rm ${PKGD}${bindir}/c_rehash + rmdir ${PKGD}${bindir} + +} diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb deleted file mode 100644 index e9e9facd3..000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb +++ /dev/null @@ -1,210 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73" -SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41" - -inherit lib_package multilib_header ptest - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# This prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines - - # Install a custom version of c_rehash that can handle sysroots properly. - # This version is used for example when installing ca-certificates during - # image creation. - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-bin = "perl" -RDEPENDS_${PN}-misc = "perl" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python" - -RPROVIDES_openssl-conf = "openssl10-conf" -RREPLACES_openssl-conf = "openssl10-conf" -RCONFLICTS_openssl-conf = "openssl10-conf" - -BBCLASSEXTEND = "native nativesdk" - -inherit multilib_script - -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb new file mode 100644 index 000000000..d3404d2ef --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb @@ -0,0 +1,206 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-skip-test_symbol_presence.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://CVE-2019-1543.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930" +SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b" + +inherit lib_package multilib_header ptest + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +# This prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl-1.1/engines +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" + +RPROVIDES_openssl-conf = "openssl10-conf" +RREPLACES_openssl-conf = "openssl10-conf" +RCONFLICTS_openssl-conf = "openssl10-conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch new file mode 100644 index 000000000..a476cf040 --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch @@ -0,0 +1,52 @@ +From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001 +From: Joshua DeWeese +Date: Wed, 30 Jan 2019 16:19:47 -0500 +Subject: [PATCH] replace systemd install Alias with WantedBy + +According to the systemd documentation "WantedBy=foo.service in a +service bar.service is mostly equivalent to +Alias=foo.service.wants/bar.service in the same file." However, +this is not really the intended purpose of install Aliases. + +Upstream-Status: Submitted [hostap@lists.infradead.org] + +Signed-off-by: Joshua DeWeese +--- + wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- + wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +- + wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in +index 03ac507..da69a87 100644 +--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in ++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in +@@ -12,4 +12,4 @@ Type=simple + ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I + + [Install] +-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service ++WantedBy=multi-user.target +diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in +index c8a744d..ca3054b 100644 +--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in ++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in +@@ -12,4 +12,4 @@ Type=simple + ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I + + [Install] +-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service ++WantedBy=multi-user.target +diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in +index 7788b38..55d2b9c 100644 +--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in ++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in +@@ -12,4 +12,4 @@ Type=simple + ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I + + [Install] +-Alias=multi-user.target.wants/wpa_supplicant@%i.service ++WantedBy=multi-user.target +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch deleted file mode 100644 index d4d49e7fc..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch +++ /dev/null @@ -1,191 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef ---- - src/ap/ieee802_11.c | 16 +++++++++++++--- - src/ap/wpa_auth.c | 11 +++++++++++ - src/ap/wpa_auth.h | 3 ++- - src/ap/wpa_auth_ft.c | 10 ++++++++++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* - * Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, - * FT-over-the-DS, where a station re-associates back to the same AP but - * skips the authentication flow, or if working with a driver that - * does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. - */ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+ set = 0; -+ } - - #ifdef CONFIG_IEEE80211N - if (sta->flags & WLAN_STA_HT) -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, - sta->vht_opmode, sta->p2p_ie ? 1 : 0, -- sta->added_unassoc)) { -+ set)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, - "Could not %s STA to kernel driver", -- sta->added_unassoc ? "set" : "add"); -+ set ? "set" : "add"); - - if (sta->added_unassoc) { - hostapd_drv_sta_remove(hapd, sta->addr); -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 3587086..707971d 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) - #else /* CONFIG_IEEE80211R */ - break; - #endif /* CONFIG_IEEE80211R */ -+ case WPA_DRV_STA_REMOVED: -+ sm->tk_already_set = FALSE; -+ return 0; - } - - #ifdef CONFIG_IEEE80211R -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) - } - - -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) -+{ -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) -+ return 0; -+ return sm->tk_already_set; -+} -+ -+ - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry) - { -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h -index 0de8d97..97461b0 100644 ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, - u8 *data, size_t data_len); - enum wpa_event { - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED - }; - void wpa_remove_ptk(struct wpa_state_machine *sm); - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry); - struct rsn_pmksa_cache_entry * -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c -index 42242a5..e63b99a 100644 ---- a/src/ap/wpa_auth_ft.c -+++ b/src/ap/wpa_auth_ft.c -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - return; - } - -+ if (sm->tk_already_set) { -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX -+ * PN in the driver */ -+ wpa_printf(MSG_DEBUG, -+ "FT: Do not re-install same PTK to the driver"); -+ return; -+ } -+ - /* FIX: add STA entry to kernel/driver here? The set_key will fail - * most likely without this.. At the moment, STA entry is added only - * after association has been completed. This function will be called -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ - sm->pairwise_set = TRUE; -+ sm->tk_already_set = TRUE; - } - - -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, - - sm->pairwise = pairwise; - sm->PTK_valid = TRUE; -+ sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); - - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h -index 72b7eb3..7fd8f05 100644 ---- a/src/ap/wpa_auth_i.h -+++ b/src/ap/wpa_auth_i.h -@@ -65,6 +65,7 @@ struct wpa_state_machine { - struct wpa_ptk PTK; - Boolean PTK_valid; - Boolean pairwise_set; -+ Boolean tk_already_set; - int keycount; - Boolean Pair; - struct wpa_key_replay_counter { --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch deleted file mode 100644 index 501bb4b56..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch +++ /dev/null @@ -1,267 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Wed, 12 Jul 2017 16:03:24 +0200 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key - -Track the current GTK and IGTK that is in use and when receiving a -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do -not install the given key if it is already in use. This prevents an -attacker from trying to trick the client into resetting or lowering the -sequence counter associated to the group key. - -Signed-off-by: Mathy Vanhoef ---- - src/common/wpa_common.h | 11 +++++ - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ - src/rsn_supp/wpa_i.h | 4 ++ - 3 files changed, 87 insertions(+), 44 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index af1d0f0..d200285 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -217,6 +217,17 @@ struct wpa_ptk { - size_t tk_len; - }; - -+struct wpa_gtk { -+ u8 gtk[WPA_GTK_MAX_LEN]; -+ size_t gtk_len; -+}; -+ -+#ifdef CONFIG_IEEE80211W -+struct wpa_igtk { -+ u8 igtk[WPA_IGTK_MAX_LEN]; -+ size_t igtk_len; -+}; -+#endif /* CONFIG_IEEE80211W */ - - /* WPA IE version 1 - * 00-50-f2:1 (OUI:OUI type) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 3c47879..95bd7be 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - -+ /* Detect possible key reinstallation */ -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", -+ gd->keyidx, gd->tx, gd->gtk_len); -+ return 0; -+ } -+ - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ - return 0; - } - -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - } - - -+#ifdef CONFIG_IEEE80211W -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -+ const struct wpa_igtk_kde *igtk) -+{ -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); -+ -+ /* Detect possible key reinstallation */ -+ if (sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", -+ keyidx); -+ return 0; -+ } -+ -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", -+ keyidx, MAC2STR(igtk->pn)); -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); -+ if (keyidx > 4095) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Invalid IGTK KeyID %d", keyidx); -+ return -1; -+ } -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -+ broadcast_ether_addr, -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), -+ igtk->igtk, len) < 0) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Failed to configure IGTK to the driver"); -+ return -1; -+ } -+ -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ -+ return 0; -+} -+#endif /* CONFIG_IEEE80211W */ -+ -+ - static int ieee80211w_set_keys(struct wpa_sm *sm, - struct wpa_eapol_ie_parse *ie) - { -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - if (ie->igtk) { - size_t len; - const struct wpa_igtk_kde *igtk; -- u16 keyidx; -+ - len = wpa_cipher_key_len(sm->mgmt_group_cipher); - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) - return -1; -+ - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- keyidx = WPA_GET_LE16(igtk->keyid); -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " -- "pn %02x%02x%02x%02x%02x%02x", -- keyidx, MAC2STR(igtk->pn)); -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", -- igtk->igtk, len); -- if (keyidx > 4095) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Invalid IGTK KeyID %d", keyidx); -- return -1; -- } -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igtk->pn, sizeof(igtk->pn), -- igtk->igtk, len) < 0) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Failed to configure IGTK to the driver"); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } - } - - return 0; -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) - */ - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - { -- int clear_ptk = 1; -+ int clear_keys = 1; - - if (sm == NULL) - return; -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - /* Prepare for the next transition */ - wpa_ft_prepare_auth_request(sm, NULL); - -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_IEEE80211R */ - -- if (clear_ptk) { -+ if (clear_keys) { - /* - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if - * this is not part of a Fast BSS Transition. -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - } - - #ifdef CONFIG_TDLS -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(sm->pmk, 0, sizeof(sm->pmk)); - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - os_memset(&gd, 0, sizeof(gd)); - #ifdef CONFIG_IEEE80211W - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { -- struct wpa_igtk_kde igd; -- u16 keyidx; -- -- os_memset(&igd, 0, sizeof(igd)); -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); -- os_memcpy(igd.keyid, buf + 2, 2); -- os_memcpy(igd.pn, buf + 4, 6); -- -- keyidx = WPA_GET_LE16(igd.keyid); -- os_memcpy(igd.igtk, buf + 10, keylen); -- -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", -- igd.igtk, keylen); -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igd.pn, sizeof(igd.pn), -- igd.igtk, keylen) < 0) { -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " -- "WNM mode"); -- os_memset(&igd, 0, sizeof(igd)); -+ const struct wpa_igtk_kde *igtk; -+ -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- os_memset(&igd, 0, sizeof(igd)); - #endif /* CONFIG_IEEE80211W */ - } else { - wpa_printf(MSG_DEBUG, "Unknown element id"); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index f653ba6..afc9e37 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -31,6 +31,10 @@ struct wpa_sm { - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; -+ struct wpa_gtk gtk; -+#ifdef CONFIG_IEEE80211W -+ struct wpa_igtk igtk; -+#endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ - --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch deleted file mode 100644 index 2e2265585..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch +++ /dev/null @@ -1,201 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Oct 2017 12:12:24 +0300 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep - Mode cases - -This extends the protection to track last configured GTK/IGTK value -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a -corner case where these two different mechanisms may get used when the -GTK/IGTK has changed and tracking a single value is not sufficient to -detect a possible key reconfiguration. - -Signed-off-by: Jouni Malinen ---- - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- - src/rsn_supp/wpa_i.h | 2 ++ - 2 files changed, 40 insertions(+), 15 deletions(-) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 95bd7be..7a2c68d 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -709,14 +709,17 @@ struct wpa_gtk_data { - - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const struct wpa_gtk_data *gd, -- const u8 *key_rsc) -+ const u8 *key_rsc, int wnm_sleep) - { - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - - /* Detect possible key reinstallation */ -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", - gd->keyidx, gd->tx, gd->gtk_len); -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -- sm->gtk.gtk_len = gd->gtk_len; -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ if (wnm_sleep) { -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len); -+ } else { -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ } - - return 0; - } -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, gtk_len, - &gd.key_rsc_len, &gd.alg) || -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "RSN: Failed to install GTK"); - os_memset(&gd, 0, sizeof(gd)); -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - - #ifdef CONFIG_IEEE80211W - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -- const struct wpa_igtk_kde *igtk) -+ const struct wpa_igtk_kde *igtk, -+ int wnm_sleep) - { - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); - u16 keyidx = WPA_GET_LE16(igtk->keyid); - - /* Detect possible key reinstallation */ -- if (sm->igtk.igtk_len == len && -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ if ((sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || -+ (sm->igtk_wnm_sleep.igtk_len == len && -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", - keyidx); -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, - return -1; - } - -- sm->igtk.igtk_len = len; -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ if (wnm_sleep) { -+ sm->igtk_wnm_sleep.igtk_len = len; -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len); -+ } else { -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ } - - return 0; - } -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - return -1; - - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) - return -1; - } - -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) - key_rsc = null_rsc; - -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) - goto failed; - os_memset(&gd, 0, sizeof(gd)); -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - } - -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", - gd.gtk, gd.gtk_len); -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { - os_memset(&gd, 0, sizeof(gd)); - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " - "WNM mode"); -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - const struct wpa_igtk_kde *igtk; - - igtk = (const struct wpa_igtk_kde *) (buf + 2); -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) - return -1; - #endif /* CONFIG_IEEE80211W */ - } else { -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index afc9e37..9a54631 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -32,8 +32,10 @@ struct wpa_sm { - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; - struct wpa_gtk gtk; -+ struct wpa_gtk gtk_wnm_sleep; - #ifdef CONFIG_IEEE80211W - struct wpa_igtk igtk; -+ struct wpa_igtk igtk_wnm_sleep; - #endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch deleted file mode 100644 index 6c1948696..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch +++ /dev/null @@ -1,96 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef ---- - src/common/wpa_common.h | 1 + - src/rsn_supp/wpa.c | 5 ++--- - src/rsn_supp/wpa_i.h | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index d200285..1021ccb 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -215,6 +215,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 7a2c68d..0550a41 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 9a54631..41f371f 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch deleted file mode 100644 index b262dcac5..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch +++ /dev/null @@ -1,81 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Sun, 1 Oct 2017 12:32:57 +0300 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce - -The Authenticator state machine path for PTK rekeying ended up bypassing -the AUTHENTICATION2 state where a new ANonce is generated when going -directly to the PTKSTART state since there is no need to try to -determine the PMK again in such a case. This is far from ideal since the -new PTK would depend on a new nonce only from the supplicant. - -Fix this by generating a new ANonce when moving to the PTKSTART state -for the purpose of starting new 4-way handshake to rekey PTK. - -Signed-off-by: Jouni Malinen ---- - src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 707971d..bf10cc1 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) - } - - -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) -+{ -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { -+ wpa_printf(MSG_ERROR, -+ "WPA: Failed to get random data for ANonce"); -+ sm->Disconnect = TRUE; -+ return -1; -+ } -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, -+ WPA_NONCE_LEN); -+ sm->TimeoutCtr = 0; -+ return 0; -+} -+ -+ - SM_STATE(WPA_PTK, INITPMK) - { - u8 msk[2 * PMK_LEN]; -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) - SM_ENTER(WPA_PTK, AUTHENTICATION); - else if (sm->ReAuthenticationRequest) - SM_ENTER(WPA_PTK, AUTHENTICATION2); -- else if (sm->PTKRequest) -- SM_ENTER(WPA_PTK, PTKSTART); -- else switch (sm->wpa_ptk_state) { -+ else if (sm->PTKRequest) { -+ if (wpa_auth_sm_ptk_update(sm) < 0) -+ SM_ENTER(WPA_PTK, DISCONNECTED); -+ else -+ SM_ENTER(WPA_PTK, PTKSTART); -+ } else switch (sm->wpa_ptk_state) { - case WPA_PTK_INITIALIZE: - break; - case WPA_PTK_DISCONNECT: --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch deleted file mode 100644 index 15183f40c..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch +++ /dev/null @@ -1,149 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 22 Sep 2017 11:03:15 +0300 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration - -Do not try to reconfigure the same TPK-TK to the driver after it has -been successfully configured. This is an explicit check to avoid issues -related to resetting the TX/RX packet number. There was already a check -for this for TPK M2 (retries of that message are ignored completely), so -that behavior does not get modified. - -For TPK M3, the TPK-TK could have been reconfigured, but that was -followed by immediate teardown of the link due to an issue in updating -the STA entry. Furthermore, for TDLS with any real security (i.e., -ignoring open/WEP), the TPK message exchange is protected on the AP path -and simple replay attacks are not feasible. - -As an additional corner case, make sure the local nonce gets updated if -the peer uses a very unlikely "random nonce" of all zeros. - -Signed-off-by: Jouni Malinen ---- - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- - 1 file changed, 36 insertions(+), 2 deletions(-) - -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c -index e424168..9eb9738 100644 ---- a/src/rsn_supp/tdls.c -+++ b/src/rsn_supp/tdls.c -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ - } tpk; - int tpk_set; -+ int tk_set; /* TPK-TK configured to the driver */ - int tpk_success; - int tpk_in_progress; - -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - u8 rsc[6]; - enum wpa_alg alg; - -+ if (peer->tk_set) { -+ /* -+ * This same TPK-TK has already been configured to the driver -+ * and this new configuration attempt (likely due to an -+ * unexpected retransmitted frame) would result in clearing -+ * the TX/RX sequence number which can break security, so must -+ * not allow that to happen. -+ */ -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR -+ " has already been configured to the driver - do not reconfigure", -+ MAC2STR(peer->addr)); -+ return -1; -+ } -+ - os_memset(rsc, 0, 6); - - switch (peer->cipher) { -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - return -1; - } - -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, -+ MAC2STR(peer->addr)); - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " - "driver"); - return -1; - } -+ peer->tk_set = 1; - return 0; - } - -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - peer->cipher = 0; - peer->qos_info = 0; - peer->wmm_capable = 0; -- peer->tpk_set = peer->tpk_success = 0; -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; - peer->chan_switch_enabled = 0; - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); - os_memset(peer->inonce, 0, WPA_NONCE_LEN); -@@ -1159,6 +1177,7 @@ skip_rsnie: - wpa_tdls_peer_free(sm, peer); - return -1; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", - peer->inonce, WPA_NONCE_LEN); - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, - } - - -+static int tdls_nonce_set(const u8 *nonce) -+{ -+ int i; -+ -+ for (i = 0; i < WPA_NONCE_LEN; i++) { -+ if (nonce[i]) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, - const u8 *buf, size_t len) - { -@@ -2004,7 +2036,8 @@ skip_rsn: - peer->rsnie_i_len = kde.rsn_ie_len; - peer->cipher = cipher; - -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || -+ !tdls_nonce_set(peer->inonce)) { - /* - * There is no point in updating the RNonce for every obtained - * TPK M1 frame (e.g., retransmission due to timeout) with the -@@ -2020,6 +2053,7 @@ skip_rsn: - "TDLS: Failed to get random data for responder nonce"); - goto error; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - } - - #if 0 --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch deleted file mode 100644 index 2e12bc755..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch +++ /dev/null @@ -1,60 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 22 Sep 2017 11:25:02 +0300 -Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending - request - -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep -Mode Response if WNM-Sleep Mode has not been used') started ignoring the -response when no WNM-Sleep Mode Request had been used during the -association. This can be made tighter by clearing the used flag when -successfully processing a response. This adds an additional layer of -protection against unexpected retransmissions of the response frame. - -Signed-off-by: Jouni Malinen ---- - wpa_supplicant/wnm_sta.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c -index 1b3409c..67a07ff 100644 ---- a/wpa_supplicant/wnm_sta.c -+++ b/wpa_supplicant/wnm_sta.c -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, - - if (!wpa_s->wnmsleep_used) { - wpa_printf(MSG_DEBUG, -- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); -+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); - return; - } - -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, - return; - } - -+ wpa_s->wnmsleep_used = 0; -+ - if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || - wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { - wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch deleted file mode 100644 index 7f5390c31..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch +++ /dev/null @@ -1,99 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Fri, 22 Sep 2017 12:06:37 +0300 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames - -The driver is expected to not report a second association event without -the station having explicitly request a new association. As such, this -case should not be reachable. However, since reconfiguring the same -pairwise or group keys to the driver could result in nonce reuse issues, -be extra careful here and do an additional state check to avoid this -even if the local driver ends up somehow accepting an unexpected -Reassociation Response frame. - -Signed-off-by: Jouni Malinen ---- - src/rsn_supp/wpa.c | 3 +++ - src/rsn_supp/wpa_ft.c | 8 ++++++++ - src/rsn_supp/wpa_i.h | 1 + - 3 files changed, 12 insertions(+) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 0550a41..2a53c6f 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) - #ifdef CONFIG_TDLS - wpa_tdls_disassoc(sm); - #endif /* CONFIG_TDLS */ -+#ifdef CONFIG_IEEE80211R -+ sm->ft_reassoc_completed = 0; -+#endif /* CONFIG_IEEE80211R */ - - /* Keys are not needed in the WPA state machine anymore */ - wpa_sm_drop_sa(sm); -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c -index 205793e..d45bb45 100644 ---- a/src/rsn_supp/wpa_ft.c -+++ b/src/rsn_supp/wpa_ft.c -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, - u16 capab; - - sm->ft_completed = 0; -+ sm->ft_reassoc_completed = 0; - - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + - 2 + sm->r0kh_id_len + ric_ies_len + 100; -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ if (sm->ft_reassoc_completed) { -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); -+ return 0; -+ } -+ - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); - return -1; -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ sm->ft_reassoc_completed = 1; -+ - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) - return -1; - -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 41f371f..56f88dc 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -128,6 +128,7 @@ struct wpa_sm { - size_t r0kh_id_len; - u8 r1kh_id[FT_R1KH_ID_LEN]; - int ft_completed; -+ int ft_reassoc_completed; - int over_the_ds_in_progress; - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ - int set_ptk_after_assoc; --- -2.7.4 \ No newline at end of file diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch deleted file mode 100644 index e800a410e..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch +++ /dev/null @@ -1,44 +0,0 @@ -wpa_supplicant-2.6: Fix CVE-2018-14526 - -[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt - -wpa: Ignore unauthenticated encrypted EAPOL-Key data - -Ignore unauthenticated encrypted EAPOL-Key data in supplicant -processing. When using WPA2, these are frames that have the Encrypted -flag set, but not the MIC flag. - -When using WPA2, EAPOL-Key frames that had the Encrypted flag set but -not the MIC flag, had their data field decrypted without first verifying -the MIC. In case the data field was encrypted using RC4 (i.e., when -negotiating TKIP as the pairwise cipher), this meant that -unauthenticated but decrypted data would then be processed. An adversary -could abuse this as a decryption oracle to recover sensitive information -in the data field of EAPOL-Key messages (e.g., the group key). - -Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961] -CVE: CVE-2018-14526 -Signed-off-by: Andrej Valek - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 3c47879..6bdf923 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, - - if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && - (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { -+ /* -+ * Only decrypt the Key Data field if the frame's authenticity -+ * was verified. When using AES-SIV (FILS), the MIC flag is not -+ * set, so this check should only be performed if mic_len != 0 -+ * which is the case in this code branch. -+ */ -+ if (!(key_info & WPA_KEY_INFO_MIC)) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); -+ goto out; -+ } - if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, - &key_data_len)) - goto out; diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb deleted file mode 100644 index aa4c4c2da..000000000 --- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb +++ /dev/null @@ -1,119 +0,0 @@ -SUMMARY = "Client for Wi-Fi Protected Access (WPA)" -HOMEPAGE = "http://w1.fi/wpa_supplicant/" -BUGTRACKER = "http://w1.fi/security/" -SECTION = "network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \ - file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba" -DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" -PACKAGECONFIG[openssl] = ",,openssl" - -inherit pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" -SYSTEMD_AUTO_ENABLE = "disable" - -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ - file://defconfig \ - file://wpa-supplicant.sh \ - file://wpa_supplicant.conf \ - file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ - file://key-replay-cve-multiple1.patch \ - file://key-replay-cve-multiple2.patch \ - file://key-replay-cve-multiple3.patch \ - file://key-replay-cve-multiple4.patch \ - file://key-replay-cve-multiple5.patch \ - file://key-replay-cve-multiple6.patch \ - file://key-replay-cve-multiple7.patch \ - file://key-replay-cve-multiple8.patch \ - file://wpa_supplicant-CVE-2018-14526.patch \ - " -SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c" -SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450" - -CVE_PRODUCT = "wpa_supplicant" - -S = "${WORKDIR}/wpa_supplicant-${PV}" - -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" - -do_configure () { - ${MAKE} -C wpa_supplicant clean - install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config - echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config - echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config - - if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then - ssl=openssl - elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then - ssl=gnutls - fi - if [ -n "$ssl" ]; then - sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config - fi - - # For rebuild - rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d -} - -export EXTRA_CFLAGS = "${CFLAGS}" -export BINDIR = "${sbindir}" - -do_compile () { - unset CFLAGS CPPFLAGS CXXFLAGS - sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules - oe_runmake -C wpa_supplicant -} - -do_install () { - install -d ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} - - install -d ${D}${bindir} - install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} - - install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant - - install -d ${D}${sysconfdir} - install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf - - install -d ${D}${sysconfdir}/network/if-pre-up.d/ - install -d ${D}${sysconfdir}/network/if-post-down.d/ - install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant - cd ${D}${sysconfdir}/network/ && \ - ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant - - install -d ${D}/${sysconfdir}/dbus-1/system.d - install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d - install -d ${D}/${datadir}/dbus-1/system-services - install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system - fi - - install -d ${D}/etc/default/volatiles - install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles -} - -pkg_postinst_wpa-supplicant () { - # If we're offline, we don't need to do this. - if [ "x$D" = "x" ]; then - killall -q -HUP dbus-daemon || true - fi - -} diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb new file mode 100644 index 000000000..fe5fa2b82 --- /dev/null +++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb @@ -0,0 +1,109 @@ +SUMMARY = "Client for Wi-Fi Protected Access (WPA)" +HOMEPAGE = "http://w1.fi/wpa_supplicant/" +BUGTRACKER = "http://w1.fi/security/" +SECTION = "network" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=a3791c270ad6bb026707d17bf750e5ef \ + file://README;beginline=1;endline=56;md5=495cbce6008253de4b4d8f4cdfae9f4f \ + file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=a5687903a31b8679e6a06b3afa5c819e" +DEPENDS = "dbus libnl" +RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" + +PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" +PACKAGECONFIG[openssl] = ",,openssl" + +inherit pkgconfig systemd + +SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" +SYSTEMD_AUTO_ENABLE = "disable" + +SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ + file://defconfig \ + file://wpa-supplicant.sh \ + file://wpa_supplicant.conf \ + file://wpa_supplicant.conf-sane \ + file://99_wpa_supplicant \ + file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ + " +SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10" +SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074" + +CVE_PRODUCT = "wpa_supplicant" + +S = "${WORKDIR}/wpa_supplicant-${PV}" + +PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " +FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" +FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" +FILES_${PN} += "${datadir}/dbus-1/system-services/*" +CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" + +do_configure () { + ${MAKE} -C wpa_supplicant clean + install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config + + if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then + ssl=openssl + elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then + ssl=gnutls + fi + if [ -n "$ssl" ]; then + sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config + fi + + # For rebuild + rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d +} + +export EXTRA_CFLAGS = "${CFLAGS}" +export BINDIR = "${sbindir}" + +do_compile () { + unset CFLAGS CPPFLAGS CXXFLAGS + sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules + oe_runmake -C wpa_supplicant +} + +do_install () { + install -d ${D}${sbindir} + install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} + install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} + + install -d ${D}${bindir} + install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} + + install -d ${D}${docdir}/wpa_supplicant + install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant + + install -d ${D}${sysconfdir} + install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf + + install -d ${D}${sysconfdir}/network/if-pre-up.d/ + install -d ${D}${sysconfdir}/network/if-post-down.d/ + install -d ${D}${sysconfdir}/network/if-down.d/ + install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant + cd ${D}${sysconfdir}/network/ && \ + ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant + + install -d ${D}/${sysconfdir}/dbus-1/system.d + install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d + install -d ${D}/${datadir}/dbus-1/system-services + install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system + fi + + install -d ${D}/etc/default/volatiles + install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles +} + +pkg_postinst_wpa-supplicant () { + # If we're offline, we don't need to do this. + if [ "x$D" = "x" ]; then + killall -q -HUP dbus-daemon || true + fi + +} -- cgit v1.2.3