From 82c905dc58a36aeae40b1b273a12f63fb1973cf4 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Mon, 13 Apr 2020 13:39:40 -0500
Subject: meta-openembedded and poky: subtree updates

Squash of the following due to dependencies among them
and OpenBMC changes:

meta-openembedded: subtree update:d0748372d2..9201611135
meta-openembedded: subtree update:9201611135..17fd382f34
poky: subtree update:9052e5b32a..2e11d97b6c
poky: subtree update:2e11d97b6c..a8544811d7

The change log was too large for the jenkins plugin
to handle therefore it has been removed. Here is
the first and last commit of each subtree:

meta-openembedded:d0748372d2
      cppzmq: bump to version 4.6.0
meta-openembedded:17fd382f34
      mpv: Remove X11 dependency
poky:9052e5b32a
      package_ipk: Remove pointless comment to trigger rebuild
poky:a8544811d7
      pbzip2: Fix license warning

Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
---
 ...ge-variable-name-to-avoid-colliding-with-.patch | 51 ++++++++++++++++++++++
 ...infod-fix-systemd-Documentation-url-error.patch | 28 ++++++++++++
 .../0001-rarpd-rdisc-Drop-PrivateUsers.patch       | 46 +++++++++++++++++++
 .../recipes-extended/iputils/iputils_s20190709.bb  | 30 +++++++++----
 4 files changed, 147 insertions(+), 8 deletions(-)
 create mode 100644 poky/meta/recipes-extended/iputils/iputils/0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch
 create mode 100644 poky/meta/recipes-extended/iputils/iputils/0001-ninfod-fix-systemd-Documentation-url-error.patch
 create mode 100644 poky/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch

(limited to 'poky/meta/recipes-extended/iputils')

diff --git a/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch b/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch
new file mode 100644
index 000000000..e106a0cf7
--- /dev/null
+++ b/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch
@@ -0,0 +1,51 @@
+From ab1aa2eb0097a7ef05ffccac058b06812deb2695 Mon Sep 17 00:00:00 2001
+From: Sami Kerola <kerolasa@iki.fi>
+Date: Sat, 28 Dec 2019 17:16:27 +0000
+Subject: [PATCH] ninfod: change variable name to avoid colliding with function
+ name
+
+The sys/capability.h header has 'extern int cap_setuid(uid_t uid);'
+function prototype.
+
+Addresses: https://github.com/iputils/iputils/issues/246
+
+Upstream-Status: Backport [https://github.com/iputils/iputils/commit/18f9a84e0e702841d6cc4d5f593de4fbd1348e83]
+Signed-off-by: Sami Kerola <kerolasa@iki.fi>
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ ninfod/ninfod.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c
+index badbf80..28f03af 100644
+--- a/ninfod/ninfod.c
++++ b/ninfod/ninfod.c
+@@ -454,7 +454,7 @@ static void do_daemonize(void)
+ /* --------- */
+ #ifdef HAVE_LIBCAP
+ static const cap_value_t cap_net_raw = CAP_NET_RAW;
+-static const cap_value_t cap_setuid =  CAP_SETUID; 
++static const cap_value_t cap_setuserid = CAP_SETUID;
+ static cap_flag_value_t cap_ok;
+ #else
+ static uid_t euid;
+@@ -486,7 +486,7 @@ static void limit_capabilities(void)
+ 
+ 	cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok);
+ 	if (cap_ok != CAP_CLEAR)
+-		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
++		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
+ 
+ 	if (cap_set_proc(cap_p) < 0) {
+ 		DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
+@@ -519,8 +519,8 @@ static void drop_capabilities(void)
+ 
+ 	/* setuid / setuid */
+ 	if (cap_ok != CAP_CLEAR) {
+-		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
+-		cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET);
++		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
++		cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET);
+ 
+ 		if (cap_set_proc(cap_p) < 0) {
+ 			DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
diff --git a/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-fix-systemd-Documentation-url-error.patch b/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-fix-systemd-Documentation-url-error.patch
new file mode 100644
index 000000000..03a3f5602
--- /dev/null
+++ b/poky/meta/recipes-extended/iputils/iputils/0001-ninfod-fix-systemd-Documentation-url-error.patch
@@ -0,0 +1,28 @@
+From c1f1527eb30d4a5feebf9a0757582bbf7fe3eae9 Mon Sep 17 00:00:00 2001
+From: Andrea Stevanato <andrea.stevanato.95@hotmail.it>
+Date: Tue, 5 Nov 2019 19:08:30 +0000
+Subject: [PATCH] ninfod: fix systemd Documentation url error
+
+systemd[1]: /usr/lib/systemd/system/ninfod.service:3: Invalid URL, ignoring: ninfod(8)
+
+Upstream-Status: Backport [https://github.com/iputils/iputils/commit/c1f1527eb30d4a5feebf9a0757582bbf7fe3eae9]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ systemd/ninfod.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/systemd/ninfod.service.in b/systemd/ninfod.service.in
+index 5ab69ca00e96..8e79fcd9238e 100644
+--- a/systemd/ninfod.service.in
++++ b/systemd/ninfod.service.in
+@@ -1,6 +1,6 @@
+ [Unit]
+ Description=Respond to IPv6 Node Information Queries
+-Documentation=ninfod(8)
++Documentation=man:ninfod(8)
+ Requires=network.target
+ After=network.target
+ 
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch b/poky/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
new file mode 100644
index 000000000..d7367caf7
--- /dev/null
+++ b/poky/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
@@ -0,0 +1,46 @@
+From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alex.kiernan@gmail.com>
+Date: Thu, 13 Feb 2020 06:08:45 +0000
+Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers
+
+Neither rarpd nor rdisc can gain the necessary capabilities with
+PrivateUsers enabled.
+
+Upstream-Status: Pending
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ systemd/rarpd.service.in | 1 -
+ systemd/rdisc.service.in | 3 ++-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
+index e600c10c93e6..f5d7621a7ce8 100644
+--- a/systemd/rarpd.service.in
++++ b/systemd/rarpd.service.in
+@@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
+ DynamicUser=yes
+ PrivateTmp=yes
+ PrivateDevices=yes
+-PrivateUsers=yes
+ ProtectSystem=strict
+ ProtectHome=yes
+ ProtectControlGroups=yes
+diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in
+index 4e2a1ec9d0e5..a71b87d36b37 100644
+--- a/systemd/rdisc.service.in
++++ b/systemd/rdisc.service.in
+@@ -8,9 +8,10 @@ After=network.target
+ EnvironmentFile=-/etc/sysconfig/rdisc
+ ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS
+ 
++CapabilityBoundingSet=CAP_NET_RAW
+ AmbientCapabilities=CAP_NET_RAW
+ PrivateTmp=yes
+-PrivateUsers=yes
++DynamicUser=yes
+ ProtectSystem=strict
+ ProtectHome=yes
+ ProtectControlGroups=yes
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
index 3f9e9917f..2aed6b56c 100644
--- a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
@@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390"
 
 DEPENDS = "gnutls"
 
-SRC_URI = "git://github.com/iputils/iputils"
+SRC_URI = "git://github.com/iputils/iputils \
+           file://0001-ninfod-change-variable-name-to-avoid-colliding-with-.patch \
+           file://0001-ninfod-fix-systemd-Documentation-url-error.patch \
+           file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
+           "
 SRCREV = "13e00847176aa23683d68fce1d17ffb523510946"
 
 S = "${WORKDIR}/git"
@@ -21,30 +25,35 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>s\d+)"
 # breaks the version order.
 CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
 
-PACKAGECONFIG ??= "libcap libgcrypt rarpd traceroute6"
+PACKAGECONFIG ??= "libcap libgcrypt rarpd \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
 PACKAGECONFIG[libgcrypt] = "-DUSE_CRYPTO=gcrypt, -DUSE_CRYPTO=none, libgcrypt"
 PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
 PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
+PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
 PACKAGECONFIG[rarpd] = "-DBUILD_RARPD=true,-DBUILD_RARPD=false,"
+PACKAGECONFIG[systemd] = "-Dsystemdunitdir=${systemd_unitdir}/system,,systemd"
 PACKAGECONFIG[traceroute6] = "-DBUILD_TRACEROUTE6=true,-DBUILD_TRACEROUTE6=false,"
 PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt"
 
-inherit meson update-alternatives
+inherit meson systemd update-alternatives
 
-EXTRA_OEMESON += "--prefix=${root_prefix}/"
+# Have to disable setcap/suid as its not deterministic
+EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true"
 
 ALTERNATIVE_PRIORITY = "100"
 
 ALTERNATIVE_${PN}-ping = "ping"
 ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
 
-SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-traceroute6 ${PN}-clockdiff ${PN}-tftpd ${PN}-rarpd ${PN}-rdisc ${PN}-ninfod"
+SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff ${PN}-tftpd ${PN}-rdisc \
+             ${@bb.utils.contains('PACKAGECONFIG', 'rarpd', '${PN}-rarpd', '', d)} \
+             ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-traceroute6 ${PN}-ninfod', '', d)}"
 PACKAGES += "${SPLITPKGS}"
 
 ALLOW_EMPTY_${PN} = "1"
-ALLOW_EMPTY_${PN}-rarpd = "1"
-ALLOW_EMPTY_${PN}-traceroute6 = "1"
 RDEPENDS_${PN} += "${SPLITPKGS}"
 
 FILES_${PN} = ""
@@ -54,6 +63,11 @@ FILES_${PN}-tracepath = "${base_bindir}/tracepath"
 FILES_${PN}-traceroute6	= "${base_bindir}/traceroute6"
 FILES_${PN}-clockdiff = "${base_bindir}/clockdiff"
 FILES_${PN}-tftpd = "${base_bindir}/tftpd"
-FILES_${PN}-rarpd = "${base_sbindir}/rarpd"
+FILES_${PN}-rarpd = "${base_sbindir}/rarpd  ${systemd_unitdir}/system/rarpd@.service"
 FILES_${PN}-rdisc = "${base_sbindir}/rdisc"
 FILES_${PN}-ninfod = "${base_sbindir}/ninfod ${sysconfdir}/init.d/ninfod.sh"
+
+SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ninfod', '', d)} \
+                    ${PN}-rdisc"
+SYSTEMD_SERVICE_${PN}-ninfod = "ninfod.service"
+SYSTEMD_SERVICE_${PN}-rdisc = "rdisc.service"
-- 
cgit v1.2.3