diff options
Diffstat (limited to 'meta-openembedded/meta-networking')
-rw-r--r-- | meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch | 61 | ||||
-rw-r--r-- | meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.9.bb (renamed from meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.8.bb) | 9 | ||||
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch | 22 | ||||
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch | 92 | ||||
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch | 99 | ||||
-rw-r--r-- | meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb (renamed from meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb) | 5 |
6 files changed, 161 insertions, 127 deletions
diff --git a/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch new file mode 100644 index 0000000000..a02940af3d --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/files/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch @@ -0,0 +1,61 @@ +From 21ee35dde73aec5eba35290587d479218c6dd824 Mon Sep 17 00:00:00 2001 +From: Robert Marko <robimarko@gmail.com> +Date: Thu, 24 Feb 2022 15:01:11 +0100 +Subject: [PATCH] conntrack: fix build with kernel 5.15 and musl + +Currently, with kernel 5.15 headers and musl building is failing with +redefinition errors due to a conflict between the kernel and musl headers. + +Musl is able to suppres the conflicting kernel header definitions if they +are included after the standard libc ones, however since ICMP definitions +were moved into a separate internal header to avoid duplication this has +stopped working and is breaking the builds. + +It seems that the issue is that <netinet/in.h> which contains the UAPI +suppression defines is included in the internal.h header and not in the +proto.h which actually includes the kernel ICMP headers and thus UAPI +supression defines are not present. + +Solve this by moving the <netinet/in.h> include before the ICMP kernel +includes in the proto.h + +Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file") +Signed-off-by: Robert Marko <robimarko@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> + +Upstream-Status: Backport +[https://git.netfilter.org/libnetfilter_conntrack/commit/?id=21ee35dde73aec5eba35290587d479218c6dd824] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + include/internal/internal.h | 1 - + include/internal/proto.h | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/internal/internal.h b/include/internal/internal.h +index 2ef8a90..7cd7c44 100644 +--- a/include/internal/internal.h ++++ b/include/internal/internal.h +@@ -14,7 +14,6 @@ + #include <arpa/inet.h> + #include <time.h> + #include <errno.h> +-#include <netinet/in.h> + + #include <libnfnetlink/libnfnetlink.h> + #include <libnetfilter_conntrack/libnetfilter_conntrack.h> +diff --git a/include/internal/proto.h b/include/internal/proto.h +index 40e7bfe..60a5f4e 100644 +--- a/include/internal/proto.h ++++ b/include/internal/proto.h +@@ -2,6 +2,7 @@ + #define _NFCT_PROTO_H_ + + #include <stdint.h> ++#include <netinet/in.h> + #include <linux/icmp.h> + #include <linux/icmpv6.h> + +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.8.bb b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.9.bb index 180f076039..abec84b256 100644 --- a/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.8.bb +++ b/meta-openembedded/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.9.bb @@ -6,9 +6,12 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" -SRC_URI = "https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2" -SRC_URI[md5sum] = "3121b55acf97322db830da75d8407cba" -SRC_URI[sha256sum] = "0cd13be008923528687af6c6b860f35392d49251c04ee0648282d36b1faec1cf" +SRC_URI = "https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2 \ + file://0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch \ + " + +SRC_URI[md5sum] = "596c722733cdf30f24d4418f34f999d9" +SRC_URI[sha256sum] = "67bd9df49fe34e8b82144f6dfb93b320f384a8ea59727e92ff8d18b5f4b579a8" S = "${WORKDIR}/libnetfilter_conntrack-${PV}" diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch deleted file mode 100644 index 2d17507b17..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 33a53dc13fd924949a582109b45fedd8d0bed59b Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 27 Jun 2017 07:42:11 -0700 -Subject: [PATCH] memory.h: Include stdint.h for uintptr_t - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - src/libstrongswan/utils/utils/memory.h | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/src/libstrongswan/utils/utils/memory.h -+++ b/src/libstrongswan/utils/utils/memory.h -@@ -26,6 +26,8 @@ - #include <string.h> - #endif - -+#include <stdint.h> -+ - /** - * Helper function that compares two binary blobs for equality - */ diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch new file mode 100644 index 0000000000..7da48cd2cf --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch @@ -0,0 +1,92 @@ +From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Wed, 23 Feb 2022 17:29:02 +0100 +Subject: [PATCH] openssl: Don't unload providers + +There is a conflict between atexit() handlers registered by OpenSSL and +some executables (e.g. swanctl or pki) to deinitialize libstrongswan. +Because plugins are usually loaded after atexit() has been called, the +handler registered by OpenSSL will run before our handler. So when the +latter destroys the plugins it's a bad idea to try to access any OpenSSL +objects as they might already be invalid. + +Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.") +Closes strongswan/strongswan#921 + +Upstream-Status: Backport +[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + .../plugins/openssl/openssl_plugin.c | 27 +++---------------- + 1 file changed, 3 insertions(+), 24 deletions(-) + +diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c +index 6b4923649..1491d5cf8 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c ++++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c +@@ -16,7 +16,6 @@ + + #include <library.h> + #include <utils/debug.h> +-#include <collections/array.h> + #include <threading/thread.h> + #include <threading/mutex.h> + #include <threading/thread_value.h> +@@ -74,13 +73,6 @@ struct private_openssl_plugin_t { + * public functions + */ + openssl_plugin_t public; +- +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- /** +- * Loaded providers +- */ +- array_t *providers; +-#endif + }; + + /** +@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int, + METHOD(plugin_t, destroy, void, + private_openssl_plugin_t *this) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- OSSL_PROVIDER *provider; +- while (array_remove(this->providers, ARRAY_TAIL, &provider)) +- { +- OSSL_PROVIDER_unload(provider); +- } +- array_destroy(this->providers); +-#endif /* OPENSSL_VERSION_NUMBER */ +- + /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create() + DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); + return NULL; + } +- array_insert_create(&this->providers, ARRAY_TAIL, fips); + /* explicitly load the base provider containing encoding functions */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "base")); ++ OSSL_PROVIDER_load(NULL, "base"); + } + else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", + TRUE, lib->ns)) + { + /* load the legacy provider for algorithms like MD4, DES, BF etc. */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "legacy")); ++ OSSL_PROVIDER_load(NULL, "legacy"); + /* explicitly load the default provider, as mentioned by crypto(7) */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "default")); ++ OSSL_PROVIDER_load(NULL, "default"); + } + ossl_provider_names_t data = {}; + OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch b/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch deleted file mode 100644 index 5945507bf1..0000000000 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 9f97479373f3fceedc471074b81486d77a49618d Mon Sep 17 00:00:00 2001 -From: "Roy.Li" <rongqing.li@windriver.com> -Date: Tue, 4 Mar 2014 14:38:42 +0800 -Subject: [PATCH] fix the function parameter - -Upstream-Status: Pending - -Original openssl_diffie_hellman_create has three parameters, but -it is reassigned a function pointer which has one parameter, and -is called with one parameter, which will lead to segment fault -on PPC, Now we simply correct the number of parameters. - - #0 0x484d4aa0 in __GI_raise (sig=6) - at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 - #1 0x484d9930 in __GI_abort () at abort.c:91 - #2 0x10002064 in segv_handler (signal=11) at charon.c:224 - #3 <signal handler called> - #4 0x48d89630 in openssl_diffie_hellman_create (group=MODP_1024_BIT, g=..., - p=<error reading variable: Cannot access memory at address 0x0>) - at openssl_diffie_hellman.c:143 - #5 0x482c54f8 in create_dh (this=0x11ac6e68, group=MODP_1024_BIT) - at crypto/crypto_factory.c:358 - #6 0x48375884 in create_dh (this=<optimized out>, group=<optimized out>) - at sa/keymat.c:132 - #7 0x483843b8 in process_payloads (this=0x51400a78, message=<optimized - out>) - at sa/tasks/ike_init.c:200 - #8 0x483844d0 in process_r (this=0x51400a78, message=0x51500778) - at sa/tasks/ike_init.c:319 - #9 0x48374c9c in process_request (message=0x51500778, this=0x51400d20) - at sa/task_manager.c:870 - #10 process_message (this=0x51400d20, msg=0x51500778) at - sa/task_manager.c:925 - #11 0x4836c378 in process_message (this=0x514005f0, message=0x51500778) - at sa/ike_sa.c:1317 - #12 0x48362270 in execute (this=0x515008d0) - at processing/jobs/process_message_job.c:74 - -Signed-off-by: Roy.Li <rongqing.li@windriver.com> - ---- - src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 8 +++++++- - src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h | 4 +++- - src/libstrongswan/plugins/openssl/openssl_plugin.c | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -index 8e9c118..a73b038 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -@@ -192,7 +192,7 @@ METHOD(diffie_hellman_t, destroy, void, - /* - * Described in header. - */ --openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( - diffie_hellman_group_t group, ...) - { - private_openssl_diffie_hellman_t *this; -@@ -255,5 +255,11 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( - DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey)); - return &this->public; - } -+openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group) -+{ -+ chunk_t g; -+ chunk_t p; -+ openssl_diffie_hellman_create_custom(group, g, p); -+} - - #endif /* OPENSSL_NO_DH */ -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -index 5de5520..22586e0 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -@@ -43,8 +43,10 @@ struct openssl_diffie_hellman_t { - * @param ... expects generator and prime as chunk_t if MODP_CUSTOM - * @return openssl_diffie_hellman_t object, NULL if not supported - */ --openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( - diffie_hellman_group_t group, ...); -+openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+ diffie_hellman_group_t group); - - #endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 8b0a7c5..114d575 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -609,6 +609,7 @@ METHOD(plugin_t, get_features, int, - PLUGIN_PROVIDE(DH, MODP_1024_BIT), - PLUGIN_PROVIDE(DH, MODP_1024_160), - PLUGIN_PROVIDE(DH, MODP_768_BIT), -+ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create_custom), - PLUGIN_PROVIDE(DH, MODP_CUSTOM), - #endif - #ifndef OPENSSL_NO_RSA diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb index babfe17d29..cfb7b41fa4 100644 --- a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb @@ -9,11 +9,10 @@ DEPENDS = "flex-native flex bison-native" DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ - file://fix-funtion-parameter.patch \ - file://0001-memory.h-Include-stdint.h-for-uintptr_t.patch \ + file://0001-openssl-Don-t-unload-providers.patch \ " -SRC_URI[sha256sum] = "45fdf1a4c2af086d8ff5b76fd7b21d3b6f0890f365f83bf4c9a75dda26887518" +SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" |