From bffdb3e0d00e91bc943c2cc8d73cd5d0cd510fa5 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 21 Aug 2020 16:13:29 -0500 Subject: meta-openembedded: subtree update:76b83194b3..ae39f2e711 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adrian Bunk (3): libpeas: gobject-introspection is mandatory and cannot be configured gnome-settings-daemon: smartcard support is optional, and needs nss gnome-settings-daemon: Remove duplicate outdated SRC_URI hashes Alex Kiernan (1): ostree: upgrade 2020.4 -> 2020.5 Andreas Müller (29): xfce4-whiskermenu-plugin: upgrade 2.4.5 -> 2.4.6 xfwm4: upgrade 4.14.2 -> 4.14.3 xfce4-timer-plugin: upgrade 1.7.0 -> 1.7.1 gnome-desktop3: upgrade 3.36.3.1 -> 3.36.4 evolution-data-server: upgrade 3.36.3 -> 3.36.4 gnome-control-center: upgrade 3.36.3 -> 3.36.4 gtksourceview4: upgrade 4.6.0 -> 4.6.1 libnma: upgrade 1.8.28 -> 1.8.30 libgweather: upgrade 3.36.0 -> 3.36.1 evince: upgrade 3.36.5 -> 3.36.7 exiv2: upgrade 0.27.1 -> 0.27.3 poppler: upgrade 0.89.0 -> 0.90.1 live555: merge recipe with inc live555: upgrade 20190828 -> 20200721 tumbler: upgrade 0.2.8 -> 0.2.9 xfwm4: upgrade 4.14.3 -> 4.14.4 geoclue: upgrade 2.5.3 -> 2.5.6 gnome-help.bbclass: remove double FILES_${PN}-help entry gnome-calendar: initial add 3.36.2 imagemagick: upgrade 7.0.9_13 -> 7.0.10_25 libpeas: disable tests when introspection is not enabled/available udisks2: upgrade 2.8.4+ -> 2.9.1 xfwm4: upgrade 4.14.4 -> 4.14.5 gnome-desktop3: upgrade 3.36.4 -> 3.36.5 file-roller: upgrade 3.36.2 -> 3.36.3 evolution-data-server: upgrade 3.36.4 -> 3.36.5 gnome-disk-utility: re-add 3.36.3 gdm: upgrade 3.36.2 -> 3.36.3 poppler: upgrade 0.90.1 -> 20.08.0 Andrey Konovalov (1): libcamera: fix packaging and installation Aníbal Limón (1): meta-oe: opengl-es-cts install deqp test runners Armin Kuster (2): jsoncpp: add PE do to dunfell reverts libpeas: this depends on gtk3+ add FEATURE CHECK Arthur She (1): xmlrpc-c: Upgrade 1.51.03 -> 1.54.02 Changqing Li (1): mozjs: fix multilib conflict Colin McAllister (6): python3-paramiko: Added recipe python3-lorem: Added recipe python3-textparser: Added recipe python3-jdatetime: Added recipe python3-pynacl: Added recipe autossh: Created recipe Daniel Dragomir (1): rasdaemon: update to 0.6.6 and fix SRC_URI broken link Gianfranco (4): dlt-daemon: update to 2.18.5 dlt-daemon: add new dlt-filetransfer PACKAGECONFIG option dlt-daemon: fix build failure when dlt-dbus is enabled, due to missing service file. dlt-daemon: enable some configurations by default in PACKAGECONFIG Gianfranco Costamagna (2): vboxguestdrivers: upgrade 6.1.6 -> 6.1.12 dlt-daemon: fix build with upstream-proposed patch for MUSL libc Hongxu Jia (1): vboxguestdrivers: fix failed to compile with kernel 5.8.0 Jack Mitchell (1): python3-pybind11: install both python wheel and cmake build Jacob Kroon (1): abseil-cpp: Use SkipRecipe exception James Feist (1): boost-url: Add recipe Jens Rehsack (1): bearssl: add new recipe Johan Jeppsson (1): nngpp: Add recipe Jyothi-k (1): fmt: 7.0.1 -> 7.0.3 Kai Kang (2): xfce4-eyes-plugin: 4.5.0 -> 4.5.1 rdist: fix parallel build Khem Raj (82): flashrom: Fix build failure with glibc 2.32 spdlog: Upgrade to 1.7.0 gerbera: Upgrade to 1.6.0 libqmi: Delete --enable-more-warnings configure option gnome-settings-daemon: Drop using autotools specific option gnome-settings-daemon: Add introspection to UNKNOWN_CONFIGURE_WHITELIST iwd: Module load dir should be relative to root_dir libcamera: Fix License names to match SPDX convention satyr: Upgrade to 0.30 gpm: Upgrade to latest master gensio: Upgrade to 2.1.4 freeglut: Use -fcommon always xfsprogs: Upgrade to 5.7.0 freerdp: Upgrade to 2.2.0 htop: Fix build with -fno-common dialog: Turn X11 support into a packageconfig option x11vnc: Update to latest on master vblade: Upgrade to version 24 netperf: Fix build with -fno-common netplan: Update to latest to fix build with -fno-common ncftp: Fix build with -fno-common iscsi-initiator-utils: Upgrade to _2.1.2 tftp-hpa: Fix build with -fno-common fwknop: Fix build with gcc10 dibbler: Update to latest quagga: Use -fcommon to compile drbd: Upgrade to 9.0.24-1 drbd-utils: Uphgrade to 9.13.1 snort: Upgrade to 2.9.16.1 daq: Upgrade to 2.0.7 openlldp: Update to latest master iftop: Fix build with -fno-common xfce4-sensors-plugin: Fix build with -fno-common xfce4-cpufreq-plugin: Fix build with -fno-common imsettings: Upgrade to 1.8.2 lcdproc: Fix compilation with GCC >= 10.x openal-soft: Update to 1.20.1 mimic: Upgrade to 1.3.0.1 minidlna: Fix build with -fno-common tvheadend: Update to latest tip monkey: Upgrade to 1.6.9 klibc: Compile with -fcommon kexecboot: Use -fcommon to compile python3-matplotlib: Use lld for linking when using clang python3-pandas: Add workaround to fix build with clang memtester: Fix build with -fno-common read-edid: Fix build with gcc-10+ owfs: Fix build with -fno-common sharutils: Fix build with -fno-common lprng: Fix build with -fno-common fluentbit: Use -fcommon to compile fbida: Upgrade to 2.14 ipmitool: Fix build with -fno-common smstools3: Fix build with -fno-common sblim-sfcb: Fix build with -fno-common cdrkit: Fix build with -fno-common openocd: Fix build with gcc10/-fno-common liblbxutil: Fix build with gcc10/-fno-common mg: Upgrade to 20200723 tag libforms: Fix build with -fno-common wifi-test-suite: Update to latest tip xf86-video-ati: Fix link failure with gcc 10 ifplugd: Fix build with gcc10/-fno-common tcsh: Fix build with -fno-common makedumpfile: Fix build with -fno-common nodejs: Upgrade to 12.18.3 opencl-headers: Upgrade to v2020.06.16 ocl-icd: Upgrade to latest opencl-icd-loader: Update beyond 2020.06.16 fwts: Upgrade to 20.07.00 pegtl: Disable type-limits warning opensaf: Fix build with -fno-common crash: Fix arm64 build with -fno-common minifi-cpp: Fix build with lto/clang libyui-ncurses: Disable werror with clang sedutils: Fix build with clang11 directfb: Disable dtor-typedef warning with clang11 gerbera: Disable PIE on rv64 opengl-es-cts: Use SECURITY_NOPIE_CFLAGS opencv: Upgrade to 4.4.0 minifi-cpp: Fix linking with libxml2 sdbus-c++: Fix ptest packaging Leon Anavi (80): python3-pytest-metadata: Upgrade 1.9.0 -> 1.10.0 python3-cmd2: Upgrade 1.1.0 -> 1.2.1 python3-aenum: Upgrade 2.2.3 -> 2.2.4 python3-bitarray: Upgrade 1.4.1 -> 1.4.2 python3-colorlog: Upgrade 4.1.0 -> 4.2.1 python3-matplotlib: Upgrade 3.2.2 -> 3.3.0 python3-urllib3: Upgrade 1.25.9 -> 1.25.10 python3-pywbem: Upgrade 0.17.3 -> 0.17.4 python3-lxml: Upgrade 4.5.1 -> 4.5.2 python3-gmqtt: Upgarde 0.6.5 -> 0.6.7 python3-pyroute2: Upgrade 0.5.12 -> 0.5.13 python3-pymongo: Upgrade 3.10.1 -> 3.11.0 python3-pid: Upgrade 3.0.3 -> 3.0.4 python3-pychromecast: Upgrade 7.1.2 -> 7.2.0 python3-dynamic-dispatch: Upgrade 1.0.2 -> 1.0.3 python3-cbor2: Upgrade 5.1.1 -> 5.1.2 python3-xlsxwriter: Consolidate in a single file python3-xlsxwriter: Upgrade 1.2.9 -> 1.3.0 python3-cffi: Upgrade 1.14.0 -> 1.14.1 python3-pandas: Upgrade 1.0.5 -> 1.1.0 python3-luma-core: Upgrade 1.14.0 -> 1.14.1 python3-tqdm: Upgrade 4.47.0 -> 4.48.0 python3-asn1crypto: Upgrade 1.3.0 -> 1.4.0 python3-pyalsaaudio: Consolidate in a single file python3-pyalsaaudio: Upgrade 0.8.4 -> 0.9.0 python3-autobahn: Upgrade 20.6.2 -> 20.7.1 python3-isort: Upgrade 5.1.4 -> 5.2.2 python3-ujson: Upgrade 3.0.0 -> 3.1.0 python3-yarl: Upgrade 1.4.2 -> 1.5.1 python3-openpyxl: Upgrade 3.0.3 -> 3.0.4 python3-cryptography: Upgrade 2.8 -> 3.0 python3-dnspython: Upgrade 1.16.0 -> 2.0.0 python3-regex: Upgrade 2020.6.8 -> 2020.7.14 python3-lazy-object-proxy: Upgrade 1.5.0 -> 1.5.1 python3-xxhash: Upgrade 1.4.4 -> 2.0.0 xxhash: Upgrade 0.7.4 -> 0.8.0 python3-parso: Upgrade 0.7.1 -> 0.8.0 python3-argexec: Upgrade 1.0.2 -> 1.0.3 python3-xlsxwriter: Upgrade 1.3.0 -> 1.3.2 python3-cantools: Upgrade 35.1.0 -> 35.3.0 python3-wtforms: Upgrade 2.3.1 -> 2.3.3 python3-prompt-toolkit: Upgrade 3.0.5 -> 3.0.6 python3-cmd2: Upgrade 1.2.1 -> 1.3.1 python3-luma-core: Upgrade 1.14.1 -> 1.15.0 python3-hyperlink: Upgrade 19.0.0 -> 20.0.1 python3-bitarray: Upgrade 1.4.2 -> 1.5.1 python3-isort: Upgrade 5.2.2 -> 5.3.2 python3-gast: Upgrade 0.3.3 -> 0.4.0 python3-tqdm: Upgrade 4.48.0 -> 4.48.2 python3-sympy: Upgrade 1.6.1 -> 1.6.2 python3-parse: Upgrade 1.15.0 -> 1.16.0 python3-flask-login: Consolidate in a single file python3-flask-login: Upgrade 0.4.1 -> 0.5.0 python3-graphviz: Upgrade 0.14 -> 0.14.1 python3-huey: Upgrade 2.2.0 -> 2.3.0 python3-rsa: Upgrade 3.4.2 -> 4.6 python3-cmd2: Upgrade 1.3.1 -> 1.3.2 python3-u-msgpack-python: Upgrade 2.6.0 -> 2.7.0 python3-pytest-timeout: Upgrade 1.4.1 -> 1.4.2 python3-javaobj-py3: Upgrade 0.4.0.1 -> 0.4.1 python3-sentry-sdk: Upgrade 0.16.0 -> 0.16.3 python3-coverage: Upgrade 5.2 -> 5.2.1 python3-redis: Upgrade 2.10.6 -> 3.5.3 mosquitto: Upgrade 1.6.10 -> 1.6.11 python3-matplotlib: Upgrade 3.3.0 -> 3.3.1 python3-humanize: Upgrade 2.5.0 -> 2.6.0 python3-bcrypt: Upgrade 3.1.7 -> 3.2.0 python3-isort: Upgrade 5.3.2 -> 5.4.2 python3-cffi: Upgrade 1.14.1 -> 1.14.2 python3-wheel: Upgrade 0.34.2 -> 0.35.1 python3-cmd2: Upgrade 1.3.2 -> 1.3.3 python3-google-api-python-client: Upgrade 1.9.3 -> 1.10.0 python3-bitarray: Upgrade 1.5.1 -> 1.5.2 python3-xlsxwriter: Upgrade 1.3.2 -> 1.3.3 python3-sqlalchemy: Upgrade 1.3.18 -> 1.3.19 python3-sentry-sdk: Upgrade 0.16.3 -> 0.16.5 python3-python-vlc: Upgrade 3.0.10114 -> 3.0.11115 python3-pytest-asyncio: Upgrade 0.12.0 -> 0.14.0 python3-djangorestframework: Consolidate in a single file python3-djangorestframework: Upgrade 3.9.0 -> 3.11.1 Martin Jansa (2): khronos-cts: add opengl to REQUIRED_DISTRO_FEATURES lcov: fix lcov-native build Mingli Yu (4): mariadb: upgrade to 10.5.4 mariadb: not use the bundled libpcre2 freeradius: fix the occasional verification failure fio: upgrade to 3.21 Oleksandr Kravchuk (49): iwd: update to 1.8 nvme-cli: update to 1.12 dialog: update to 1.3-20200327 libqmi: update to 1.26.0 libmbim: update to 1.24.2 libwebsockets: update to 4.0.20 libkcapi: update to 1.2.0 libbytesize: update to 2.3 libvdpau: update to 1.4 libcec: update to 6.0.2 dctl: update v69 pmdk: update to 1.9 libzip: update to 1.7.3 tmux: update to 3.1b libjcat: update to 0.1.3 leptonica: update to 1.79.0 libvncserver: update to 0.9.13 libopusenc: add recipe 0.2.1 broadcom-bt-firmware: update to 12.0.1.1105_p2 lsscsi: update to 0.31 opusfile: update to 0.12 libmpdclient: update to 2.19 crossguid: update to 0.2.2 libmediaart: update to 2.0_1.9.4 kronosnet: update to 1.18 keepalived: update to 2.1.5 valijson: update to 0.3 ostree: update to 2020.4 terminus-font: update to 4.48 libteam: update to 1.31 libimobiledevice: update to 1.3.0 libusbmuxd: update to 2.0.2 libplist: update to 2.2.0 usbmuxd: update to 1.1.1 ifuse: update to 1.1.4 libyui: update to 3.10.0 libyui-ncurses: update to 2.55.0 mpc: update to 0.33 ncmpc: update to 0.38 dhcpcd: update to 9.1.4 firewalld: update to 0.8.3 openconnect: update to 8.10 relayd: bump to latest revision fping: update to 4.4 nano: update to 5.0 broadcom-bt-firmware: add PE back libpeas: update to 1.26.0 ifenslave: update to 2.11 libupnp: update to 1.14.0 Shlomi Vaknin (11): monit: Set monit files in temporary locations python3-ipython: add recipe python3-traitlets: add recipe python3-ipython-genutils: add recipe python3-jedi: add recipe python3-pickleshare: add recipe python3-backcall: add recipe python3-parso: add recipe prompt-toolkit: fix recipe json-schema-validator: Add recipe python3-pybind11-json: Add recipe Slater, Joseph (4): lvm2: allow for reproducible binary builds python3-cryptography: fix two tests mozjs: specify TMPDIR aoetool: make builds reproducible Vijay Khemka (1): Adding recipe for exprtk William A. Kennington III (3): fmt: 6.2.0 -> 7.0.1 cli11: 1.9.0 -> 1.9.1 function2: 4.0.0 -> 4.1.0 Yi Zhao (2): libldb: upgrade 1.5.7 -> 1.5.8 samba: upgrade 4.10.15 -> 4.10.17 Yue Tao (1): lua: Security Advisory - lua - CVE-2020-15888 Zang Ruochen (25): fping: upgrade 4.2 -> 4.3 capnproto: upgrade 0.7.0 -> 0.8.0 c-ares: upgrade 1.16.0 -> 1.16.1 iozone3: upgrade 489 -> 490 ser2net: upgrade 4.1.8 -> 4.2.0 apache-websocket: upgrade 0.1.1 -> 0.1.2 hiawatha: upgrade 10.10 -> 10.11 nostromo: upgrade 1.9.7 -> 1.9.9 purple-skypeweb: upgrade 1.5 -> 1.6 dnsmasq: upgrade 2.81 -> 2.82 linuxptp: upgrade 2.0 -> 3.0 nlohmann-json: upgrade 3.7.3 -> 3.9.0 paho-mqtt-c: upgrade 1.3.2 -> 1.3.4 zlog: upgrade 1.2.14 -> 1.2.15 jasper: upgrade 2.0.16 -> 2.0.19 dash: upgrade 0.5.11 -> 0.5.11.1 libbytesize: upgrade 2.3 -> 2.4 jsonrpc: Fix build with libmicrohttpd 0.9.71 libmicrohttpd: upgrade 0.9.70 -> 0.9.71 rdma-core: upgrade 28.0 -> 30.0 ipc-run: upgrade 20180523.0 -> 20200505.0 uhubctl: upgrade 2.1.0 -> 2.2.0 gsoap: upgrade 2.8.103 -> 2.8.105 libcgi-perl: upgrade 4.48 -> 4.50 redis: upgrade 6.0.5 -> 6.0.6 wonjong.lee (1): minifi: Add recipe for c++ version Signed-off-by: Andrew Geissler Change-Id: I003021e0f4c267f79eedf704c43fbb6fdcdaf8b8 --- .../recipes-connectivity/autossh/autossh_1.4g.bb | 30 ++ ...-Unix.mk-remove-fixed-command-definitions.patch | 57 ++++ ...-test_x509.c-fix-potential-overflow-issue.patch | 41 +++ .../recipes-connectivity/bearssl/bearssl_0.6.bb | 35 +++ .../recipes-connectivity/daq/daq_2.0.6.bb | 35 --- .../recipes-connectivity/daq/daq_2.0.7.bb | 32 ++ .../recipes-connectivity/dhcpcd/dhcpcd_8.1.6.bb | 27 -- .../recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb | 28 ++ ...port-Rename-pthread_mutex_t-variable-lock.patch | 74 ----- .../recipes-connectivity/dibbler/dibbler_git.bb | 3 +- .../firewalld/firewalld_0.7.5.bb | 92 ------ .../firewalld/firewalld_0.8.3.bb | 90 ++++++ ...-Makefile-fix-the-occasional-verification.patch | 135 ++++++++ .../freeradius/freeradius_3.0.20.bb | 1 + .../mosquitto/mosquitto_1.6.10.bb | 89 ------ .../mosquitto/mosquitto_1.6.11.bb | 89 ++++++ .../recipes-connectivity/nanomsg/nngpp_git.bb | 14 + .../netplan/0001-dbus-Remove-unused-variabes.patch | 33 ++ .../0001-src-parse.c-Initialize-key-to-NULL.patch | 32 ++ ...se-first-prerquisite-only-for-target-rule.patch | 35 +++ .../recipes-connectivity/netplan/netplan_0.99.bb | 5 +- ...rojans-tncc-wrapper.py-convert-to-python3.patch | 71 ----- .../openconnect/openconnect_8.03.bb | 29 -- .../openconnect/openconnect_8.10.bb | 32 ++ .../rdist-6.1.5-fix-parallel-build.patch | 31 ++ .../recipes-connectivity/rdist/rdist_6.1.5.bb | 1 + .../recipes-connectivity/relayd/relayd_git.bb | 2 +- .../0001-util-Simplify-input-validation.patch | 59 ++++ ...ild-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch | 79 +++++ ...cate-larger-buffer-if-getpwuid_r-returns-.patch | 50 +++ .../recipes-connectivity/samba/samba_4.10.15.bb | 336 -------------------- .../recipes-connectivity/samba/samba_4.10.17.bb | 339 +++++++++++++++++++++ .../recipes-connectivity/snort/snort_2.9.16.1.bb | 111 +++++++ .../recipes-connectivity/snort/snort_2.9.16.bb | 113 ------- 34 files changed, 1360 insertions(+), 870 deletions(-) create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/autossh/autossh_1.4g.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.6.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_8.1.6.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler/0001-linux-port-Rename-pthread_mutex_t-variable-lock.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.5.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.8.3.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.10.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.11.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nngpp_git.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-src-parse.c-Initialize-key-to-NULL.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Use-first-prerquisite-only-for-target-rule.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect/0001-trojans-tncc-wrapper.py-convert-to-python3.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.03.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.10.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist-6.1.5/rdist-6.1.5-fix-parallel-build.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb create mode 100644 meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.1.bb delete mode 100644 meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.bb (limited to 'meta-openembedded/meta-networking/recipes-connectivity') diff --git a/meta-openembedded/meta-networking/recipes-connectivity/autossh/autossh_1.4g.bb b/meta-openembedded/meta-networking/recipes-connectivity/autossh/autossh_1.4g.bb new file mode 100644 index 0000000000..a84fd9ac1a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/autossh/autossh_1.4g.bb @@ -0,0 +1,30 @@ +DESCRIPTION = "autossh is a program to start a copy of ssh and monitor it, restarting it as necessary should it die or stop passing traffic" +HOMEPAGE = "https://www.harding.motd.ca/autossh/" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://autossh.spec;md5=80a6701134723fd3420e733b46a0eb97" + +SRC_URI = "https://www.harding.motd.ca/autossh/${BP}.tgz" +SRC_URI[md5sum] = "2b804bc1bf6d2f2afaa526d02df7c0a2" +SRC_URI[sha256sum] = "5fc3cee3361ca1615af862364c480593171d0c54ec156de79fc421e31ae21277" + +RDEPENDS_${PN} = "openssh" + +CFLAGS_prepend = "-I${WORKDIR}/build " + +inherit autotools + +EXTRA_OECONF="--with-ssh=/usr/bin/ssh" + +do_compile_append() { + cp ${WORKDIR}/autossh-${PV}/CHANGES ${WORKDIR}/build + cp ${WORKDIR}/autossh-${PV}/README ${WORKDIR}/build + cp ${WORKDIR}/autossh-${PV}/autossh.host ${WORKDIR}/build + cp ${WORKDIR}/autossh-${PV}/rscreen ${WORKDIR}/build + cp ${WORKDIR}/autossh-${PV}/autossh.1 ${WORKDIR}/build + cp ${WORKDIR}/autossh-${PV}/autossh.spec ${WORKDIR}/build +} + +do_install_append() { + rm -rf ${D}${datadir}/examples +} diff --git a/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch new file mode 100644 index 0000000000..00be224990 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch @@ -0,0 +1,57 @@ +From 4ba61c59d3488c263d106d486b656854a57ad79f Mon Sep 17 00:00:00 2001 +From: Jens Rehsack +Date: Thu, 13 Aug 2020 15:26:30 +0200 +Subject: [PATCH 1/2] conf/Unix.mk: remove fixed command definitions + +For cross compiling in Yocto or with appropriate SDKs, commands like +`$CC` are reasonably predefined. + +Upstream-Status: Inappropriate + +Signed-off-by: Jens Rehsack +--- + conf/Unix.mk | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/conf/Unix.mk b/conf/Unix.mk +index 02f2b2b..05979fc 100644 +--- a/conf/Unix.mk ++++ b/conf/Unix.mk +@@ -37,23 +37,19 @@ RM = rm -f + MKDIR = mkdir -p + + # C compiler and flags. +-CC = cc +-CFLAGS = -W -Wall -Os -fPIC + CCOUT = -c -o + + # Static library building tool. +-AR = ar + ARFLAGS = -rcs + AROUT = + + # DLL building tool. +-LDDLL = cc ++LDDLL = $(CCLD) + LDDLLFLAGS = -shared + LDDLLOUT = -o + + # Static linker. +-LD = cc +-LDFLAGS = ++LD = $(CCLD) + LDOUT = -o + + # C# compiler; we assume usage of Mono. +@@ -63,7 +59,7 @@ RUNT0COMP = mono T0Comp.exe + # Set the values to 'no' to disable building of the corresponding element + # by default. Building can still be invoked with an explicit target call + # (e.g. 'make dll' to force build the DLL). +-#STATICLIB = no ++STATICLIB = no + #DLL = no + #TOOLS = no + #TESTS = no +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch new file mode 100644 index 0000000000..94abd27faf --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch @@ -0,0 +1,41 @@ +From 542380a13f178d97851751b57054a6b5be555d1c Mon Sep 17 00:00:00 2001 +From: Jens Rehsack +Date: Thu, 13 Aug 2020 16:16:44 +0200 +Subject: [PATCH 2/2] test/test_x509.c: fix potential overflow issue + +Instead of doing a memcpy() which does static overflow checking, use +snprintf() for string copying which does the check dynamically. + +Fixes: +| In file included from .../recipe-sysroot/usr/include/string.h:519, +| from test/test_x509.c:27: +| In function 'memcpy', +| inlined from 'parse_keyvalue' at test/test_x509.c:845:2, +| inlined from 'process_conf_file' at test/test_x509.c:1360:7, +| inlined from 'main' at test/test_x509.c:2038:2: +| .../recipe-sysroot/usr/include/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] +| 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Jens Rehsack +--- + test/test_x509.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/test/test_x509.c b/test/test_x509.c +index 2c61cf5..76f6ab9 100644 +--- a/test/test_x509.c ++++ b/test/test_x509.c +@@ -842,8 +842,7 @@ parse_keyvalue(HT *d) + return -1; + } + name = xmalloc(u + 1); +- memcpy(name, buf, u); +- name[u] = 0; ++ snprintf(name, u, "%s", buf); + if (HT_get(d, name) != NULL) { + xfree(name); + return -1; +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb new file mode 100644 index 0000000000..a0f64e9334 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb @@ -0,0 +1,35 @@ +SUMMARY = "BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C" +DESCRIPTION = "BearSSL is an implementation of the SSL/TLS protocol (RFC \ +5246) written in C. It aims at offering the following features: \ + * Be correct and secure. In particular, insecure protocol versions and \ + choices of algorithms are not supported, by design; cryptographic \ + algorithm implementations are constant-time by default. \ + * Be small, both in RAM and code footprint. For instance, a minimal \ + server implementation may fit in about 20 kilobytes of compiled code \ + and 25 kilobytes of RAM. \ + * Be highly portable. BearSSL targets not only “big” operating systems \ + like Linux and Windows, but also small embedded systems and even special \ + contexts like bootstrap code. \ + * Be feature-rich and extensible. SSL/TLS has many defined cipher suites \ + and extensions; BearSSL should implement most of them, and allow extra \ + algorithm implementations to be added afterwards, possibly from third \ + parties." +HOMEPAGE = "https://bearssl.org" + +SECTION = "libs" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=1fc37e1037ae673975fbcb96a98f7191" + +SRCREV = "8ef7680081c61b486622f2d983c0d3d21e83caad" +SRC_URI = "git://www.bearssl.org/git/BearSSL;protocol=https;nobranch=1 \ + file://0001-conf-Unix.mk-remove-fixed-command-definitions.patch \ + file://0002-test-test_x509.c-fix-potential-overflow-issue.patch \ + " + +# without compile errors like +# <..>/ld: build/obj/ghash_pclmul.o: warning: relocation against `br_ghash_pclmul' in read-only section `.text' +CFLAGS += "-fPIC" + +S = "${WORKDIR}/git" +B = "${S}" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.6.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.6.bb deleted file mode 100644 index 42ffb17a1f..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.6.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "The dump DAQ test the various inline mode features " -HOMEPAGE = "http://www.snort.org" -SECTION = "libs" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=f9ce51a65dd738dc1ae631d8b21c40e0" - -PARALLEL_MAKE = "" - -DEPENDS = "libpcap libpcre libdnet bison-native" - -SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ - file://disable-run-test-program-while-cross-compiling.patch \ - file://0001-correct-the-location-of-unistd.h.patch \ - " - -# these 2 create undeclared dependency on libdnet and libnetfilter-queue from meta-networking -# this error from test-dependencies script: -# daq/daq/latest lost dependency on libdnet libmnl libnetfilter-queue libnfnetlink -# -# never look to /usr/local lib while cross compiling - -EXTRA_OECONF = "--disable-nfq-module --disable-ipq-module --includedir=${includedir} \ - --with-libpcap-includes=${STAGING_INCDIR} --with-dnet-includes=${STAGING_LIBDIR}" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," - -SRC_URI[md5sum] = "2cd6da422a72c129c685fc4bb848c24c" -SRC_URI[sha256sum] = "b40e1d1273e08aaeaa86e69d4f28d535b7e53bdb3898adf539266b63137be7cb" - -inherit autotools - -DISABLE_STATIC = "" - -BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb new file mode 100644 index 0000000000..8e5ee66a2a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb @@ -0,0 +1,32 @@ +SUMMARY = "The dump DAQ test the various inline mode features " +HOMEPAGE = "http://www.snort.org" +SECTION = "libs" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=f9ce51a65dd738dc1ae631d8b21c40e0" + +PARALLEL_MAKE = "" + +DEPENDS = "libpcap libpcre libdnet bison-native" + +SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ + file://disable-run-test-program-while-cross-compiling.patch \ + file://0001-correct-the-location-of-unistd.h.patch \ + " +SRC_URI[sha256sum] = "bdc4e5a24d1ea492c39ee213a63c55466a2e8114b6a9abed609927ae13a7705e" +# these 2 create undeclared dependency on libdnet and libnetfilter-queue from meta-networking +# this error from test-dependencies script: +# daq/daq/latest lost dependency on libdnet libmnl libnetfilter-queue libnfnetlink +# +# never look to /usr/local lib while cross compiling + +EXTRA_OECONF = "--disable-nfq-module --disable-ipq-module --includedir=${includedir} \ + --with-libpcap-includes=${STAGING_INCDIR} --with-dnet-includes=${STAGING_LIBDIR}" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +inherit autotools + +DISABLE_STATIC = "" + +BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_8.1.6.bb b/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_8.1.6.bb deleted file mode 100644 index 1cb2af5009..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_8.1.6.bb +++ /dev/null @@ -1,27 +0,0 @@ -SECTION = "console/network" -SUMMARY = "dhcpcd - a DHCP client" -DESCRIPTION = "dhcpcd runs on your machine and silently configures your computer to work on the attached networks without trouble and mostly without configuration." - -HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0531457992a97ecebc6975914a874a9d" - -UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" - -SRC_URI = "http://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ - file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch" - -SRC_URI[md5sum] = "e1eea03388d12c9ad21ecd7c135fdf8b" -SRC_URI[sha256sum] = "6c2934a3e1e67a5cfd5bb15b1efa71f65c00314ac1ccb5c50da8eae3a0b8147f" - -inherit pkgconfig autotools-brokensep - -PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" - -PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" - -EXTRA_OECONF = "--enable-ipv4" - -FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb b/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb new file mode 100644 index 0000000000..defd3420f0 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb @@ -0,0 +1,28 @@ +SECTION = "console/network" +SUMMARY = "dhcpcd - a DHCP client" +DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ + computer to work on the attached networks without trouble \ + and mostly without configuration." + +HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2" + +UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" + +SRC_URI = "http://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ + file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch" + +SRC_URI[sha256sum] = "5fe133e5497d8af6d26bd6e6b8dd48ab12d124d6cc4cefe6de6536ff97f76820" + +inherit pkgconfig autotools-brokensep + +PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" + +PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" + +EXTRA_OECONF = "--enable-ipv4" + +FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler/0001-linux-port-Rename-pthread_mutex_t-variable-lock.patch b/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler/0001-linux-port-Rename-pthread_mutex_t-variable-lock.patch deleted file mode 100644 index 346a56a9ad..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler/0001-linux-port-Rename-pthread_mutex_t-variable-lock.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 630086cf1b3fba71822319a268d3711734cd6aa8 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Thu, 31 Jan 2019 12:56:13 -0800 -Subject: [PATCH] linux-port: Rename pthread_mutex_t variable 'lock' - -lock is also used by libc++ in std namespace and using it here causes -clang to fail e.g. - -dibbler-client.cpp:47:25: error: reference to 'lock' is ambiguous - pthread_mutex_lock(&lock); - ^ -../../../../../../../workspace/sources/dibbler/Port-linux/dibbler-client.cpp:29:26: note: candidate found by name lookup is 'lock' -extern ::pthread_mutex_t lock; - ^ -/mnt/a/yoe/build/tmp/work/aarch64-yoe-linux/dibbler/1.0.1+1.0.2RC1+gitc4b0ed52e751da7823dd9a36e91f93a6310e5525-r0/recipe-sysroot/usr/include/c++/v1/mutex:446:1: note: candidate found by name lookup is 'std::__1::lock' -lock(_L0& __l0, _L1& __l1, _L2& __l2, _L3& ...__l3) - -Upstream-Status: Submitted [https://github.com/tomaszmrugalski/dibbler/pull/37] - -Signed-off-by: Khem Raj ---- - Port-linux/dibbler-client.cpp | 6 +++--- - Port-linux/lowlevel-linux-link-state.c | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/Port-linux/dibbler-client.cpp b/Port-linux/dibbler-client.cpp -index 78f34241..b5ebb9f0 100644 ---- a/Port-linux/dibbler-client.cpp -+++ b/Port-linux/dibbler-client.cpp -@@ -26,7 +26,7 @@ using namespace std; - - #define IF_RECONNECTED_DETECTED -1 - --extern pthread_mutex_t lock; -+extern pthread_mutex_t dibbler_lock; - - TDHCPClient* ptr = 0; - -@@ -44,8 +44,8 @@ void signal_handler(int n) { - #ifdef MOD_CLNT_CONFIRM - void signal_handler_of_linkstate_change(int n) { - Log(Notice) << "Network switch off event detected. initiating CONFIRM." << LogEnd; -- pthread_mutex_lock(&lock); -- pthread_mutex_unlock(&lock); -+ pthread_mutex_lock(&dibbler_lock); -+ pthread_mutex_unlock(&dibbler_lock); - } - #endif - -diff --git a/Port-linux/lowlevel-linux-link-state.c b/Port-linux/lowlevel-linux-link-state.c -index 76293ea1..e6b94063 100644 ---- a/Port-linux/lowlevel-linux-link-state.c -+++ b/Port-linux/lowlevel-linux-link-state.c -@@ -34,7 +34,7 @@ volatile int * notifier = 0; - int isDone = 0; - pthread_t parent_id; - pthread_t ntid; --pthread_mutex_t lock; -+pthread_mutex_t dibbler_lock; - - struct state { - int id; -@@ -86,9 +86,9 @@ void link_state_changed(int ifindex) - { - if (changed_links->cnt<16) - changed_links->ifindex[changed_links->cnt++] = ifindex; -- pthread_mutex_lock(&lock); -+ pthread_mutex_lock(&dibbler_lock); - *notifier = 1; /* notify that change has occured */ -- pthread_mutex_unlock(&lock); -+ pthread_mutex_unlock(&dibbler_lock); - pthread_kill(parent_id,SIGUSR1); - } else - { diff --git a/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler_git.bb index 90051a319a..c2f4827161 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/dibbler/dibbler_git.bb @@ -5,11 +5,10 @@ HOMEPAGE = "http://klub.com.pl/dhcpv6" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=7236695bb6d4461c105d685a8b61c4e3" -SRCREV = "c4b0ed52e751da7823dd9a36e91f93a6310e5525" +SRCREV = "a7c6cf58a88a510cb00841351e75030ce78d36bf" SRC_URI = "git://github.com/tomaszmrugalski/dibbler \ file://dibbler_fix_getSize_crash.patch \ - file://0001-linux-port-Rename-pthread_mutex_t-variable-lock.patch \ " PV = "1.0.1+1.0.2RC1+git${SRCREV}" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.5.bb b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.5.bb deleted file mode 100644 index fbf586f769..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.5.bb +++ /dev/null @@ -1,92 +0,0 @@ -SUMMARY = "Dynamic firewall daemon with a D-Bus interface" -HOMEPAGE = "https://firewalld.org/" -BUGTRACKER = "https://github.com/firewalld/firewalld/issues" -UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ - file://firewalld.init \ -" -SRC_URI[md5sum] = "b1aeede85a72adcf4f79d98019811244" -SRC_URI[sha256sum] = "45a8a7dbc084ef56ce306154d3834922e7f1fc2bf11b6c821f579cad51313226" - -# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 -DEPENDS = "intltool-native glib-2.0-native" - -inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" -PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" - -PACKAGES += "${PN}-zsh-completion" - -# iptables, ip6tables, ebtables, and ipset *should* be unnecessary -# when the nftables backend is available, because nftables supersedes all of them. -# However we still need iptables and ip6tables to be available otherwise any -# application relying on "direct passthrough" rules (such as docker) will break. -# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by -# the Red Hat-specific init script which we aren't using, so we disable that. -EXTRA_OECONF = "\ - --with-nft=${sbindir}/nft \ - --without-ipset \ - --with-iptables=${sbindir}/iptables \ - --with-iptables-restore=${sbindir}/iptables-restore \ - --with-ip6tables=${sbindir}/ip6tables \ - --with-ip6tables-restore=${sbindir}/ip6tables-restore \ - --without-ebtables \ - --without-ebtables-restore \ - --disable-sysconfig \ -" - -INITSCRIPT_NAME = "firewalld" -SYSTEMD_SERVICE_${PN} = "firewalld.service" - -do_install_append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - : - else - # firewalld ships an init script but it contains Red Hat-isms, replace it with our own - rm -rf ${D}${sysconfdir}/rc.d/ - install -d ${D}${sysconfdir}/init.d - install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld - fi - - # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE - # so now we need to fix up any references to point at the proper path in the image. - # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. - if [ ${PN} != "${BPN}-native" ]; then - sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - fi - sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ - ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml - - # This file contains Red Hat-isms. Modules get loaded without it. - rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf -} - -FILES_${PN} += "\ - ${PYTHON_SITEPACKAGES_DIR}/firewall \ - ${nonarch_libdir}/firewalld \ - ${datadir}/dbus-1 \ - ${datadir}/polkit-1 \ - ${datadir}/metainfo \ -" -FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions" - -RDEPENDS_${PN} = "\ - nftables \ - iptables \ - python3-core \ - python3-io \ - python3-fcntl \ - python3-shell \ - python3-syslog \ - python3-xml \ - python3-dbus \ - python3-slip-dbus \ - python3-decorator \ - python3-pygobject \ -" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.8.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.8.3.bb new file mode 100644 index 0000000000..ddf5ff88ee --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.8.3.bb @@ -0,0 +1,90 @@ +SUMMARY = "Dynamic firewall daemon with a D-Bus interface" +HOMEPAGE = "https://firewalld.org/" +BUGTRACKER = "https://github.com/firewalld/firewalld/issues" +UPSTREAM_CHECK_URI = "https://github.com/firewalld/firewalld/releases" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ + file://firewalld.init \ +" +SRC_URI[sha256sum] = "4ecb16d82c2825ccfb8f109e543c0492cf6ea8c43e2d0f59901bddcead037dc6" + +# glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4 +DEPENDS = "intltool-native glib-2.0-native" + +inherit gettext autotools bash-completion python3native gsettings systemd update-rc.d + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--with-systemd-unitdir=${systemd_system_unitdir},--disable-systemd" +PACKAGECONFIG[docs] = "--with-xml-catalog=${STAGING_ETCDIR_NATIVE}/xml/catalog,--disable-docs,libxslt-native docbook-xsl-stylesheets-native" + +PACKAGES += "${PN}-zsh-completion" + +# iptables, ip6tables, ebtables, and ipset *should* be unnecessary +# when the nftables backend is available, because nftables supersedes all of them. +# However we still need iptables and ip6tables to be available otherwise any +# application relying on "direct passthrough" rules (such as docker) will break. +# /etc/sysconfig/firewalld is a Red Hat-ism, only referenced by +# the Red Hat-specific init script which we aren't using, so we disable that. +EXTRA_OECONF = "\ + --without-ipset \ + --with-iptables=${sbindir}/iptables \ + --with-iptables-restore=${sbindir}/iptables-restore \ + --with-ip6tables=${sbindir}/ip6tables \ + --with-ip6tables-restore=${sbindir}/ip6tables-restore \ + --without-ebtables \ + --without-ebtables-restore \ + --disable-sysconfig \ +" + +INITSCRIPT_NAME = "firewalld" +SYSTEMD_SERVICE_${PN} = "firewalld.service" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + : + else + # firewalld ships an init script but it contains Red Hat-isms, replace it with our own + rm -rf ${D}${sysconfdir}/rc.d/ + install -d ${D}${sysconfdir}/init.d + install -m0755 ${WORKDIR}/firewalld.init ${D}${sysconfdir}/init.d/firewalld + fi + + # We ran ./configure with PYTHON pointed at the binary inside $STAGING_BINDIR_NATIVE + # so now we need to fix up any references to point at the proper path in the image. + # This hack is also in distutils.bbclass, but firewalld doesn't use distutils/setuptools. + if [ ${PN} != "${BPN}-native" ]; then + sed -i -e s:${STAGING_BINDIR_NATIVE}/python3-native/python3:${bindir}/python3:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + fi + sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g \ + ${D}${bindir}/* ${D}${sbindir}/* ${D}${sysconfdir}/firewalld/*.xml + + # This file contains Red Hat-isms. Modules get loaded without it. + rm -f ${D}${sysconfdir}/modprobe.d/firewalld-sysctls.conf +} + +FILES_${PN} += "\ + ${PYTHON_SITEPACKAGES_DIR}/firewall \ + ${nonarch_libdir}/firewalld \ + ${datadir}/dbus-1 \ + ${datadir}/polkit-1 \ + ${datadir}/metainfo \ +" +FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions" + +RDEPENDS_${PN} = "\ + nftables \ + iptables \ + python3-core \ + python3-io \ + python3-fcntl \ + python3-shell \ + python3-syslog \ + python3-xml \ + python3-dbus \ + python3-slip-dbus \ + python3-decorator \ + python3-pygobject \ +" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch new file mode 100644 index 0000000000..dce0427e1a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-occasional-verification.patch @@ -0,0 +1,135 @@ +From 3eda5d35fbaf66ed6bdc86ada4320a0a18681b7e Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Wed, 5 Aug 2020 07:23:11 +0000 +Subject: [PATCH] raddb/certs/Makefile: fix the occasional verification failure + +Fixes: + # cd /etc/raddb/certs + # ./bootstrap +[snip] +chmod g+r ca.key +openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever' +chmod g+r server.pem +C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org +error 7 at 0 depth lookup: certificate signature failure +140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553: +140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170: +error server.pem: verification failed +make: *** [Makefile:107: server.vrfy] Error 2 + +It seems the ca.pem mismatchs server.pem which results in failing to +execute "openssl verify -CAfile ca.pem server.pem", so add to check +the file to avoid inconsistency. + +Upstream-Status: Pending + +Signed-off-by: Mingli Yu +--- + raddb/certs/Makefile | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile +index 77eec9baa1..3dcb63fe71 100644 +--- a/raddb/certs/Makefile ++++ b/raddb/certs/Makefile +@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf + # + ###################################################################### + dh: +- $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE) ++ @[ -f dh ] || $(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE) + + ###################################################################### + # +@@ -69,17 +69,17 @@ dh: + ca.key ca.pem: ca.cnf + @[ -f index.txt ] || $(MAKE) index.txt + @[ -f serial ] || $(MAKE) serial +- $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \ ++ @[ -f ca.pem ] || $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \ + -days $(CA_DEFAULT_DAYS) -config ./ca.cnf \ + -passin pass:$(PASSWORD_CA) -passout pass:$(PASSWORD_CA) + chmod g+r ca.key + + ca.der: ca.pem +- $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der ++ @[ -f ca.der ] || $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der + + ca.crl: ca.pem +- $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA) +- $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl ++ @[ -f ca-crl.pem ] || $(OPENSSL) ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out ca-crl.pem -key $(PASSWORD_CA) ++ @[ -f ca.crl ] || $(OPENSSL) crl -in ca-crl.pem -outform der -out ca.crl + rm ca-crl.pem + + ###################################################################### +@@ -88,18 +88,18 @@ ca.crl: ca.pem + # + ###################################################################### + server.csr server.key: server.cnf +- $(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf ++ @[ -f server.csr ] || $(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf + chmod g+r server.key + + server.crt: server.csr ca.key ca.pem + @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf + + server.p12: server.crt +- $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) ++ @[ -f server.p12 ] || $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) + chmod g+r server.p12 + + server.pem: server.p12 +- $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) ++ @[ -f server.pem ] || $(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) + chmod g+r server.pem + + .PHONY: server.vrfy +@@ -113,18 +113,18 @@ server.vrfy: ca.pem + # + ###################################################################### + client.csr client.key: client.cnf +- $(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf ++ @[ -f client.csr ] || $(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf + chmod g+r client.key + + client.crt: client.csr ca.pem ca.key + @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf + + client.p12: client.crt +- $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) ++ @[ -f client.p12 ] || $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) + chmod g+r client.p12 + + client.pem: client.p12 +- $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) ++ @[ -f client.pem ] || $(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) + chmod g+r client.pem + cp client.pem $(USER_NAME).pem + +@@ -139,18 +139,18 @@ client.vrfy: ca.pem client.pem + # + ###################################################################### + inner-server.csr inner-server.key: inner-server.cnf +- $(OPENSSL) req -new -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf ++ @[ -f inner-server.csr] || $(OPENSSL) req -new -out inner-server.csr -keyout inner-server.key -config ./inner-server.cnf + chmod g+r inner-server.key + + inner-server.crt: inner-server.csr ca.key ca.pem +- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf ++ @[ -f inner-server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in inner-server.csr -key $(PASSWORD_CA) -out inner-server.crt -extensions xpserver_ext -extfile xpextensions -config ./inner-server.cnf + + inner-server.p12: inner-server.crt +- $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER) ++ @[ -f inner-server.p12 ] || $(OPENSSL) pkcs12 -export -in inner-server.crt -inkey inner-server.key -out inner-server.p12 -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER) + chmod g+r inner-server.p12 + + inner-server.pem: inner-server.p12 +- $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER) ++ @[ -f inner-server.pem ] || $(OPENSSL) pkcs12 -in inner-server.p12 -out inner-server.pem -passin pass:$(PASSWORD_INNER) -passout pass:$(PASSWORD_INNER) + chmod g+r inner-server.pem + + .PHONY: inner-server.vrfy +-- +2.26.2 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb index d2046d72eb..2c39c4c443 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \ file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \ file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \ + file://0001-raddb-certs-Makefile-fix-the-occasional-verification.patch \ file://radiusd.service \ file://radiusd-volatiles.conf \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.10.bb b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.10.bb deleted file mode 100644 index 9f6080336a..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.10.bb +++ /dev/null @@ -1,89 +0,0 @@ -SUMMARY = "Open source MQTT implementation" -DESCRIPTION = "Mosquitto is an open source (Eclipse licensed) message broker \ -that implements the MQ Telemetry Transport protocol version 3.1, 3.1.1 and \ -5, providing both an MQTT broker and several command-line clients. MQTT \ -provides a lightweight method of carrying out messaging using a \ -publish/subscribe model. " -HOMEPAGE = "http://mosquitto.org/" -SECTION = "console/network" -LICENSE = "EPL-1.0 | EDL-1.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=62ddc846179e908dc0c8efec4a42ef20 \ - file://edl-v10;md5=c09f121939f063aeb5235972be8c722c \ - file://epl-v10;md5=8d383c379e91d20ba18a52c3e7d3a979 \ - file://notice.html;md5=a00d6f9ab542be7babc2d8b80d5d2a4c \ -" -DEPENDS = "uthash" - -SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \ - file://mosquitto.init \ - file://1571.patch \ - file://install-protocol.patch \ -" - -SRC_URI[md5sum] = "960f963b81b7f93982d7511cd28082e5" -SRC_URI[sha256sum] = "92d1807717f0f6d57d1ac1207ffdb952e8377e916c7b0bb4718f745239774232" - -inherit systemd update-rc.d useradd cmake - -PACKAGECONFIG ??= "ssl dlt websockets \ - ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \ - " - -PACKAGECONFIG[dns-srv] = "-DWITH_SRV=ON,-DWITH_SRV=OFF,c-ares" -PACKAGECONFIG[ssl] = "-DWITH_TLS=ON -DWITH_TLS_PSK=ON -DWITH_EC=ON,-DWITH_TLS=OFF -DWITH_TLS_PSK=OFF -DWITH_EC=OFF,openssl" -PACKAGECONFIG[systemd] = "-DWITH_SYSTEMD=ON,-DWITH_SYSTEMD=OFF,systemd" -PACKAGECONFIG[websockets] = "-DWITH_WEBSOCKETS=ON,-DWITH_WEBSOCKETS=OFF,libwebsockets" -PACKAGECONFIG[dlt] = "-DWITH_DLT=ON,-DWITH_DLT=OFF,dlt-daemon" - -EXTRA_OECMAKE = " \ - -DWITH_BUNDLED_DEPS=OFF \ - -DWITH_ADNS=ON \ -" - -do_install_append() { - install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${S}/service/systemd/mosquitto.service.notify ${D}${systemd_unitdir}/system/mosquitto.service - - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${WORKDIR}/mosquitto.init ${D}${sysconfdir}/init.d/mosquitto - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BASE_SBINDIR@,${base_sbindir},g' \ - -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - ${D}${sysconfdir}/init.d/mosquitto -} - -PACKAGES += "libmosquitto1 libmosquittopp1 ${PN}-clients" - -PACKAGE_BEFORE_PN = "${PN}-examples" - -FILES_${PN} = "${sbindir}/mosquitto \ - ${bindir}/mosquitto_passwd \ - ${sysconfdir}/mosquitto \ - ${sysconfdir}/init.d \ - ${systemd_unitdir}/system/mosquitto.service \ -" - -CONFFILES_${PN} += "${sysconfdir}/mosquitto/mosquitto.conf" - -FILES_libmosquitto1 = "${libdir}/libmosquitto.so.*" - -FILES_libmosquittopp1 = "${libdir}/libmosquittopp.so.*" - -FILES_${PN}-clients = "${bindir}/mosquitto_pub \ - ${bindir}/mosquitto_sub \ - ${bindir}/mosquitto_rr \ -" - -FILES_${PN}-examples = "${sysconfdir}/mosquitto/*.example" - -SYSTEMD_SERVICE_${PN} = "mosquitto.service" - -INITSCRIPT_NAME = "mosquitto" -INITSCRIPT_PARAMS = "defaults 30" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --no-create-home --shell /bin/false \ - --user-group mosquitto" - -BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.11.bb b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.11.bb new file mode 100644 index 0000000000..3690346921 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.11.bb @@ -0,0 +1,89 @@ +SUMMARY = "Open source MQTT implementation" +DESCRIPTION = "Mosquitto is an open source (Eclipse licensed) message broker \ +that implements the MQ Telemetry Transport protocol version 3.1, 3.1.1 and \ +5, providing both an MQTT broker and several command-line clients. MQTT \ +provides a lightweight method of carrying out messaging using a \ +publish/subscribe model. " +HOMEPAGE = "http://mosquitto.org/" +SECTION = "console/network" +LICENSE = "EPL-1.0 | EDL-1.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=62ddc846179e908dc0c8efec4a42ef20 \ + file://edl-v10;md5=c09f121939f063aeb5235972be8c722c \ + file://epl-v10;md5=8d383c379e91d20ba18a52c3e7d3a979 \ + file://notice.html;md5=a00d6f9ab542be7babc2d8b80d5d2a4c \ +" +DEPENDS = "uthash" + +SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \ + file://mosquitto.init \ + file://1571.patch \ + file://install-protocol.patch \ +" + +SRC_URI[md5sum] = "35925c7ccd1bac87e4201b635ffa66a1" +SRC_URI[sha256sum] = "b02d8f1368c40d5779ee125c37daf9003608eb47d7fbb04c5b938c76c1230a1f" + +inherit systemd update-rc.d useradd cmake + +PACKAGECONFIG ??= "ssl dlt websockets \ + ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \ + " + +PACKAGECONFIG[dns-srv] = "-DWITH_SRV=ON,-DWITH_SRV=OFF,c-ares" +PACKAGECONFIG[ssl] = "-DWITH_TLS=ON -DWITH_TLS_PSK=ON -DWITH_EC=ON,-DWITH_TLS=OFF -DWITH_TLS_PSK=OFF -DWITH_EC=OFF,openssl" +PACKAGECONFIG[systemd] = "-DWITH_SYSTEMD=ON,-DWITH_SYSTEMD=OFF,systemd" +PACKAGECONFIG[websockets] = "-DWITH_WEBSOCKETS=ON,-DWITH_WEBSOCKETS=OFF,libwebsockets" +PACKAGECONFIG[dlt] = "-DWITH_DLT=ON,-DWITH_DLT=OFF,dlt-daemon" + +EXTRA_OECMAKE = " \ + -DWITH_BUNDLED_DEPS=OFF \ + -DWITH_ADNS=ON \ +" + +do_install_append() { + install -d ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/service/systemd/mosquitto.service.notify ${D}${systemd_unitdir}/system/mosquitto.service + + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/mosquitto.init ${D}${sysconfdir}/init.d/mosquitto + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BASE_SBINDIR@,${base_sbindir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${sysconfdir}/init.d/mosquitto +} + +PACKAGES += "libmosquitto1 libmosquittopp1 ${PN}-clients" + +PACKAGE_BEFORE_PN = "${PN}-examples" + +FILES_${PN} = "${sbindir}/mosquitto \ + ${bindir}/mosquitto_passwd \ + ${sysconfdir}/mosquitto \ + ${sysconfdir}/init.d \ + ${systemd_unitdir}/system/mosquitto.service \ +" + +CONFFILES_${PN} += "${sysconfdir}/mosquitto/mosquitto.conf" + +FILES_libmosquitto1 = "${libdir}/libmosquitto.so.*" + +FILES_libmosquittopp1 = "${libdir}/libmosquittopp.so.*" + +FILES_${PN}-clients = "${bindir}/mosquitto_pub \ + ${bindir}/mosquitto_sub \ + ${bindir}/mosquitto_rr \ +" + +FILES_${PN}-examples = "${sysconfdir}/mosquitto/*.example" + +SYSTEMD_SERVICE_${PN} = "mosquitto.service" + +INITSCRIPT_NAME = "mosquitto" +INITSCRIPT_PARAMS = "defaults 30" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --no-create-home --shell /bin/false \ + --user-group mosquitto" + +BBCLASSEXTEND += "native nativesdk" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nngpp_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nngpp_git.bb new file mode 100644 index 0000000000..517624dced --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nngpp_git.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "C++ wrapper around the nanomsg NNG API" +HOMEPAGE = "https://github.com/cwzx/nngpp" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://license.txt;md5=6d17d78c3597e0d4452fb1c63bf7c58e" +DEPENDS = "nng" + +SRCREV = "85294eda3f584281439649a074f46e2d3516b2a1" +PV = "1.2.4" + +SRC_URI = "git://github.com/cwzx/nngpp" + +S = "${WORKDIR}/git" + +inherit cmake diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch new file mode 100644 index 0000000000..22ecae3047 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-dbus-Remove-unused-variabes.patch @@ -0,0 +1,33 @@ +From 0edb96a5f79dcec4f4467193716c2bf015fe5132 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 12 Aug 2020 10:38:07 -0700 +Subject: [PATCH 1/2] dbus: Remove unused variabes + +Fixes +src/dbus.c:49:23: error: unused variable 'stdout' [-Werror,-Wunused-variable] +g_autofree gchar *stdout = NULL; +^ + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + src/dbus.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/dbus.c b/src/dbus.c +index cb7ec38..a057236 100644 +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -45,9 +45,6 @@ static int method_apply(sd_bus_message *m, void *userdata, sd_bus_error *ret_err + + static int method_info(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { + sd_bus_message *reply = NULL; +- g_autoptr(GError) err = NULL; +- g_autofree gchar *stdout = NULL; +- g_autofree gchar *stderr = NULL; + gint exit_status = 0; + + exit_status = sd_bus_message_new_method_return(m, &reply); +-- +2.28.0 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-src-parse.c-Initialize-key-to-NULL.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-src-parse.c-Initialize-key-to-NULL.patch new file mode 100644 index 0000000000..a710b1e576 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0001-src-parse.c-Initialize-key-to-NULL.patch @@ -0,0 +1,32 @@ +From 63de116c617a35ff3d54c785b3dfb5378bb07f46 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 12 Aug 2020 22:39:17 -0700 +Subject: [PATCH] src/parse.c: Initialize key to NULL + +Fixes + +src/parse.c:810:22: note: 'key' was declared here +cc1: all warnings being treated as errors + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + src/parse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/parse.c b/src/parse.c +index 63a0863..c66277f 100644 +--- a/src/parse.c ++++ b/src/parse.c +@@ -807,7 +807,7 @@ handle_addresses(yaml_document_t* doc, yaml_node_t* node, const void* _, GError* + char* prefix_len; + guint64 prefix_len_num; + yaml_node_t *entry = yaml_document_get_node(doc, *i); +- yaml_node_t *key, *value = NULL; ++ yaml_node_t *key = NULL, *value = NULL; + + if (entry->type != YAML_SCALAR_NODE && entry->type != YAML_MAPPING_NODE) { + return yaml_error(entry, error, "expected either scalar or mapping (check indentation)"); +-- +2.28.0 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Use-first-prerquisite-only-for-target-rule.patch b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Use-first-prerquisite-only-for-target-rule.patch new file mode 100644 index 0000000000..e736529a8a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan/0002-Makefile-Use-first-prerquisite-only-for-target-rule.patch @@ -0,0 +1,35 @@ +From 1da4451fd3470e6600b027cb78526b440e296f8b Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 12 Aug 2020 10:47:08 -0700 +Subject: [PATCH 2/2] Makefile: Use first prerquisite only for target rule + +This ensures that src/_features.h is not added to compiler cmdline which +can confuse the compiler as it may not understand .h as valid input and +complain + +| clang-11: error: cannot specify -o when generating multiple output files +| make: *** [Makefile:50: netplan-dbus] Error 1 +| make: *** Waiting for unfinished jobs.... + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 4495773..c05dea3 100644 +--- a/Makefile ++++ b/Makefile +@@ -47,7 +47,7 @@ generate: libnetplan.so.$(NETPLAN_SOVER) nm.o networkd.o generate.o sriov.o + $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ -L. -lnetplan `pkg-config --cflags --libs glib-2.0 gio-2.0 yaml-0.1 uuid` + + netplan-dbus: src/dbus.c src/_features.h +- $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ `pkg-config --cflags --libs libsystemd glib-2.0` ++ $(CC) $(BUILDFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $< `pkg-config --cflags --libs libsystemd glib-2.0` + + src/_features.h: src/[^_]*.[hc] + printf "#include \nstatic const char *feature_flags[] __attribute__((__unused__)) = {\n" > $@ +-- +2.28.0 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.99.bb b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.99.bb index 67ccddf6ab..5546f300b3 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.99.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/netplan/netplan_0.99.bb @@ -11,11 +11,14 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" S = "${WORKDIR}/git" -SRCREV = "1ccf7e0e3a7a91edbbe3f9f0669c8bbab8248cd1" +SRCREV = "85134d13eb1ee5a1a7d139cd74ffa10933d73677" PV = "0.99+git${SRCPV}" SRC_URI = " \ git://github.com/CanonicalLtd/netplan.git \ + file://0001-dbus-Remove-unused-variabes.patch \ + file://0002-Makefile-Use-first-prerquisite-only-for-target-rule.patch \ + file://0001-src-parse.c-Initialize-key-to-NULL.patch \ " DEPENDS = "glib-2.0 libyaml ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect/0001-trojans-tncc-wrapper.py-convert-to-python3.patch b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect/0001-trojans-tncc-wrapper.py-convert-to-python3.patch deleted file mode 100644 index 623ec101d3..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect/0001-trojans-tncc-wrapper.py-convert-to-python3.patch +++ /dev/null @@ -1,71 +0,0 @@ -From de78bcac5e1fd13de0371c8e14b062b8786ade56 Mon Sep 17 00:00:00 2001 -From: Max Krummenacher -Date: Sun, 2 Feb 2020 15:53:05 +0000 -Subject: [PATCH] trojans/tncc-wrapper.py: convert to python3 - -Use 2to3 to convert the script to python3. - -Upstream-Status: Pending - -Signed-off-by: Max Krummenacher ---- - trojans/tncc-wrapper.py | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/trojans/tncc-wrapper.py b/trojans/tncc-wrapper.py -index 0d4587bf..1a9a1f4d 100755 ---- a/trojans/tncc-wrapper.py -+++ b/trojans/tncc-wrapper.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python2 -+#!/usr/bin/python3 - - # Lifted from Russ Dill's juniper-vpn-wrap.py, thus: - # -@@ -18,19 +18,19 @@ - - import subprocess - import mechanize --import cookielib -+import http.cookiejar - import getpass - import sys - import os - import zipfile --import urllib -+import urllib.request, urllib.parse, urllib.error - import socket - import ssl - import errno - import argparse - import atexit - import signal --import ConfigParser -+import configparser - import time - import binascii - import hmac -@@ -39,7 +39,7 @@ import hashlib - def mkdir_p(path): - try: - os.mkdir(path) -- except OSError, exc: -+ except OSError as exc: - if exc.errno == errno.EEXIST and os.path.isdir(path): - pass - else: -@@ -64,9 +64,9 @@ class Tncc: - if zipfile.ZipFile(self.tncc_jar, 'r').testzip() is not None: - raise Exception() - except: -- print 'Downloading tncc.jar...' -+ print('Downloading tncc.jar...') - mkdir_p(os.path.expanduser('~/.juniper_networks')) -- urllib.urlretrieve('https://' + self.vpn_host -+ urllib.request.urlretrieve('https://' + self.vpn_host - + '/dana-cached/hc/tncc.jar', self.tncc_jar) - - with zipfile.ZipFile(self.tncc_jar, 'r') as jar: --- -2.20.1 - diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.03.bb b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.03.bb deleted file mode 100644 index 597c1920cf..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.03.bb +++ /dev/null @@ -1,29 +0,0 @@ -SUMMARY = "Open client for Cisco AnyConnect VPN" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING.LGPL;md5=243b725d71bb5df4a1e5920b344b86ad" - -SRC_URI = " \ - git://git.infradead.org/users/dwmw2/openconnect.git \ - file://0001-trojans-tncc-wrapper.py-convert-to-python3.patch \ -" -SRCREV = "ea73851969ae7a6ea54fdd2d2b8c94776af24b2a" - -DEPENDS = "vpnc libxml2 krb5 gettext-native" -RDEPENDS_${PN} = "bash python3-core vpnc-script" - -PACKAGECONFIG ??= "gnutls lz4 libproxy" - -# config defaults -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls," -PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," -PACKAGECONFIG[libproxy] = "--with-libproxy,--without-libproxy,libproxy," - -# not config defaults -PACKAGECONFIG[pcsc-lite] = "--with-libpcsclite,--without-libpcsclite,pcsc-lite," - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig - -EXTRA_OECONF += "--with-vpnc-script=${sysconfdir}/vpnc/vpnc-script \ - --disable-static" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.10.bb b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.10.bb new file mode 100644 index 0000000000..a486cf0e05 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/openconnect/openconnect_8.10.bb @@ -0,0 +1,32 @@ +SUMMARY = "Open client for Cisco AnyConnect VPN" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING.LGPL;md5=243b725d71bb5df4a1e5920b344b86ad" + +SRC_URI = " \ + git://git.infradead.org/users/dwmw2/openconnect.git \ +" +SRCREV = "9d287e40c57233190a51b6434ba7345370e36f38" + +DEPENDS = "vpnc libxml2 krb5 gettext-native" +RDEPENDS_${PN} = "bash python3-core vpnc-script" + +PACKAGECONFIG ??= "gnutls lz4 libproxy" + +# config defaults +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls," +PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," +PACKAGECONFIG[libproxy] = "--with-libproxy,--without-libproxy,libproxy," + +# not config defaults +PACKAGECONFIG[pcsc-lite] = "--with-libpcsclite,--without-libpcsclite,pcsc-lite," + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig bash-completion + +EXTRA_OECONF += "--with-vpnc-script=${sysconfdir}/vpnc/vpnc-script \ + --disable-static" + +do_install_append() { + rm ${D}/usr/libexec/openconnect/hipreport-android.sh +} diff --git a/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist-6.1.5/rdist-6.1.5-fix-parallel-build.patch b/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist-6.1.5/rdist-6.1.5-fix-parallel-build.patch new file mode 100644 index 0000000000..f35e96a34f --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist-6.1.5/rdist-6.1.5-fix-parallel-build.patch @@ -0,0 +1,31 @@ +It fails to produce common.o when system load is high: + +| In file included from common.c:57: +| ../include/defs.h:49:10: fatal error: y.tab.h: No such file or directory +| 49 | #include "y.tab.h" +| | ^~~~~~~~~ +| compilation terminated. + +Make $(COMMONOBJS) which include common.o to depends on related header files +and y.tab.h to fix the parallel build failure. + +Upstream-Status: Inappropriate [no upstream] + +Signed-off-by: Kai Kang +--- + src/Makefile.real | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile.real b/src/Makefile.real +index e0f0dfc..53d4944 100644 +--- a/src/Makefile.real ++++ b/src/Makefile.real +@@ -41,7 +41,7 @@ $(SERVER_BIN): $(SERVEROBJS) $(COMMONOBJS) $(MISSINGOBJS) + $(CLIENT_BIN): $(CLIENTOBJS) $(COMMONOBJS) $(MISSINGOBJS) + $(CC) -o $@ $(CLIENTOBJS) $(COMMONOBJS) $(MISSINGOBJS) $(LIBS) $(LDFLAGS) + +-$(CLIENTOBJS) $(SERVEROBJS): $(HFILES) y.tab.h ++$(COMMONOBJS) $(CLIENTOBJS) $(SERVEROBJS): $(HFILES) y.tab.h + + y.tab.h: gram.c + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist_6.1.5.bb b/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist_6.1.5.bb index 3a27c2c5b3..37b3eebe4b 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist_6.1.5.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/rdist/rdist_6.1.5.bb @@ -28,6 +28,7 @@ SRC_URI += "file://rdist-6.1.5-linux.patch \ file://rdist-6.1.5-fix-msgsndnotify-loop.patch \ file://rdist-6.1.5-bb-build.patch \ file://rdist-6.1.5-makefile-add-ldflags.patch \ + file://rdist-6.1.5-fix-parallel-build.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/rdist/files/rdist/" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb index e3134e41fc..ebe64cb1b5 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/relayd/relayd_git.bb @@ -9,7 +9,7 @@ SRC_URI = "git://git.openwrt.org/project/relayd.git \ file://0001-rtnl_flush-Error-on-failed-write.patch \ " -SRCREV = "ad0b25ad74345d367c62311e14b279f5ccb8ef13" +SRCREV = "f4d759be54ceb37714e9a6ca320d5b50c95e9ce9" PV = "0.0.1+git${SRCPV}" UPSTREAM_CHECK_COMMITS = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch new file mode 100644 index 0000000000..e724c04bcd --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch @@ -0,0 +1,59 @@ +From f9d9ba6cd06aca053c747c399ba700db80b1623c Mon Sep 17 00:00:00 2001 +From: Martin Schwenke +Date: Tue, 9 Jun 2020 11:52:50 +1000 +Subject: [PATCH 1/3] util: Simplify input validation + +It appears that snprintf(3) is being used for input validation. +However, this seems like overkill because it causes szPath to be +copied an extra time. The mostly likely protections being sought +here, according to https://cwe.mitre.org/data/definitions/20.html, +look to be DoS attacks involving CPU and memory usage. A simpler +check that uses strnlen(3) can mitigate against both of these and is +simpler. + +Signed-off-by: Martin Schwenke +Reviewed-by: Volker Lendecke +Reviewed-by: Bjoern Jacke +(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229) + +Upstream-Status:Backport +[https://gitlab.com/samba-team/samba/-/commit/f9d9ba6cd06aca053c747c399ba700db80b1623c] + +Signed-off-by: Yi Zhao +--- + lib/util/util_paths.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index c0ee5c32c30..dec91772d9e 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; + char buf[NSS_BUFLEN_PASSWD] = {0}; ++ size_t len; + int rc; + + rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { +- int len_written; + const char *szPath = getenv("HOME"); + if (szPath == NULL) { + return NULL; + } +- len_written = snprintf(buf, sizeof(buf), "%s", szPath); +- if (len_written >= sizeof(buf) || len_written < 0) { +- /* Output was truncated or an error. */ ++ len = strnlen(szPath, PATH_MAX); ++ if (len >= PATH_MAX) { + return NULL; + } +- return talloc_strdup(mem_ctx, buf); ++ return talloc_strdup(mem_ctx, szPath); + } + + return talloc_strdup(mem_ctx, pwd.pw_dir); +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch new file mode 100644 index 0000000000..dcd79044ae --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch @@ -0,0 +1,79 @@ +From 57bd719af1f138f44f71b2078995452582da0da6 Mon Sep 17 00:00:00 2001 +From: Martin Schwenke +Date: Fri, 5 Jun 2020 21:52:23 +1000 +Subject: [PATCH 2/3] util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD + +NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use +sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX. + +Use a dynamically allocated buffer instead of trying to cram all of +the logic into the declarations. This will come in useful later +anyway. + +Signed-off-by: Martin Schwenke +Reviewed-by: Volker Lendecke +Reviewed-by: Bjoern Jacke +(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b) + +Upstream-Status:Backport +[https://gitlab.com/samba-team/samba/-/commit/57bd719af1f138f44f71b2078995452582da0da6] + +Signed-off-by: Yi Zhao +--- + lib/util/util_paths.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index dec91772d9e..9bc6df37e5d 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -68,24 +68,41 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + { + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; +- char buf[NSS_BUFLEN_PASSWD] = {0}; ++ char *buf = NULL; ++ char *out = NULL; ++ long int initlen; + size_t len; + int rc; + +- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); ++ initlen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ if (initlen == -1) { ++ len = 1024; ++ } else { ++ len = (size_t)initlen; ++ } ++ buf = talloc_size(mem_ctx, len); ++ if (buf == NULL) { ++ return NULL; ++ } ++ ++ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { + const char *szPath = getenv("HOME"); + if (szPath == NULL) { +- return NULL; ++ goto done; + } + len = strnlen(szPath, PATH_MAX); + if (len >= PATH_MAX) { + return NULL; + } +- return talloc_strdup(mem_ctx, szPath); ++ out = talloc_strdup(mem_ctx, szPath); ++ goto done; + } + +- return talloc_strdup(mem_ctx, pwd.pw_dir); ++ out = talloc_strdup(mem_ctx, pwd.pw_dir); ++done: ++ TALLOC_FREE(buf); ++ return out; + } + + char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d) +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch new file mode 100644 index 0000000000..53a3f67814 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch @@ -0,0 +1,50 @@ +From 016e08ca07f86af9e0131a908a2df116bcb9a48e Mon Sep 17 00:00:00 2001 +From: Martin Schwenke +Date: Fri, 5 Jun 2020 22:05:42 +1000 +Subject: [PATCH 3/3] util: Reallocate larger buffer if getpwuid_r() returns + ERANGE + +Signed-off-by: Martin Schwenke +Reviewed-by: Volker Lendecke +Reviewed-by: Bjoern Jacke + +Autobuild-User(master): Martin Schwenke +Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184 + +(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c) + +Upstream-Status:Backport +[https://gitlab.com/samba-team/samba/-/commit/016e08ca07f86af9e0131a908a2df116bcb9a48e] + +Signed-off-by: Yi Zhao +--- + lib/util/util_paths.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index 9bc6df37e5d..72cc0aab8de 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -86,6 +86,19 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + } + + rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); ++ while (rc == ERANGE) { ++ size_t newlen = 2 * len; ++ if (newlen < len) { ++ /* Overflow */ ++ goto done; ++ } ++ len = newlen; ++ buf = talloc_realloc_size(mem_ctx, buf, len); ++ if (buf == NULL) { ++ goto done; ++ } ++ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); ++ } + if (rc != 0 || pwdbuf == NULL ) { + const char *szPath = getenv("HOME"); + if (szPath == NULL) { +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb deleted file mode 100644 index 01250cb43f..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb +++ /dev/null @@ -1,336 +0,0 @@ -HOMEPAGE = "https://www.samba.org/" -SECTION = "console/network" - -LICENSE = "GPL-3.0+ & LGPL-3.0+ & GPL-2.0+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://${COREBASE}/meta/files/common-licenses/LGPL-3.0;md5=bfccfe952269fff2b407dd11f2f3083b \ - file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 " - -SAMBA_MIRROR = "http://samba.org/samba/ftp" -MIRRORS += "\ -${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \ -${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \ -" - -SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ - file://smb.conf \ - file://16-do-not-check-xsltproc-manpages.patch \ - file://20-do-not-import-target-module-while-cross-compile.patch \ - file://21-add-config-option-without-valgrind.patch \ - file://netdb_defines.patch \ - file://glibc_only.patch \ - file://iconv-4.7.0.patch \ - file://dnsserver-4.7.0.patch \ - file://smb_conf-4.7.0.patch \ - file://volatiles.03_samba \ - file://0001-waf-add-support-of-cross_compile.patch \ - file://0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch \ - file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ - file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ - file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ - " -SRC_URI_append_libc-musl = " \ - file://samba-pam.patch \ - file://samba-4.3.9-remove-getpwent_r.patch \ - file://cmocka-uintptr_t.patch \ - file://0001-samba-fix-musl-lib-without-innetgr.patch \ - " - -SRC_URI[md5sum] = "67e9f6b8c5140475641bf5121c93b3d4" -SRC_URI[sha256sum] = "0b8b62558b62fbb121015f28f40fae0f07522710b6bef77c508b51bb6914ced9" - -UPSTREAM_CHECK_REGEX = "samba\-(?P4\.10(\.\d+)+).tar.gz" - -inherit systemd waf-samba cpan-base perlnative update-rc.d -# remove default added RDEPENDS on perl -RDEPENDS_${PN}_remove = "perl" - -DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson" - -inherit features_check -REQUIRED_DISTRO_FEATURES = "pam" - -DEPENDS_append_libc-musl = " libtirpc" -CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc" -LDFLAGS_append_libc-musl = " -ltirpc" - -INITSCRIPT_NAME = "samba" -INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ." - -SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind" -SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service" -SYSTEMD_SERVICE_${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}" -SYSTEMD_SERVICE_winbind = "winbind.service" - -# There are prerequisite settings to enable ad-dc, so disable the service by default. -# Reference: -# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller -SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable" - -#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen -#to cross Popen -export WAF_NO_PREFORK="yes" - -# Use krb5. Build active domain controller. -# -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \ - acl cups ad-dc gnutls ldap mitkrb5 \ -" - -RDEPENDS_${PN}-ctdb-tests += "bash util-linux-getopt" - -PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl" -PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin" -PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups" -PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" -PACKAGECONFIG[sasl] = ",,cyrus-sasl" -PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" -PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi" -PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi" -PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind," -PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust" -PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive" -PACKAGECONFIG[libunwind] = ", , libunwind" -PACKAGECONFIG[gpgme] = ",--without-gpgme,," -PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," -PACKAGECONFIG[libbsd] = "--with-libbsd, --without-libbsd, libbsd" - -# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS, -# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to: -# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html -# So the working combination is: -# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable -# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable -# -# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where -# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow. -# -PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,," -PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls," -PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5," - -SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" -SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" -SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4" -SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}" - -# These libraries are supposed to replace others supplied by packages, but decorate the names of -# .so files so there will not be a conflict. This is not done consistantly, so be very careful -# when adding to this list. -# -SAMBA4_LIBS="heimdal,cmocka,NONE" - -EXTRA_OECONF += "--enable-fhs \ - --with-piddir=/run \ - --with-sockets-dir=/run/samba \ - --with-modulesdir=${libdir}/samba \ - --with-lockdir=${localstatedir}/lib/samba \ - --with-cachedir=${localstatedir}/lib/samba \ - --disable-rpath-install \ - --with-shared-modules=${SAMBA4_MODULES} \ - --bundled-libraries=${SAMBA4_LIBS} \ - ${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \ - --with-cluster-support \ - --with-profiling-data \ - --with-libiconv=${STAGING_DIR_HOST}${prefix} \ - --with-pam --with-pammodulesdir=${base_libdir}/security \ - " - -LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}" - -do_install_append() { - for section in 1 5 7; do - install -d ${D}${mandir}/man$section - install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section - done - for section in 1 5 7 8; do - install -d ${D}${mandir}/man$section - install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section - done - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/ - sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \ - -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \ - -i ${D}${systemd_system_unitdir}/*.service - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then - rm -f ${D}${systemd_system_unitdir}/samba.service - fi - - install -d ${D}${sysconfdir}/tmpfiles.d - install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf - echo "d ${localstatedir}/log/samba 0755 root root -" \ - >> ${D}${sysconfdir}/tmpfiles.d/samba.conf - install -d ${D}${sysconfdir}/init.d - install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba - sed -e 's,/opt/samba/bin,${sbindir},g' \ - -e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \ - -e 's,/opt/samba/log,${localstatedir}/log/samba,g' \ - -e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \ - -e 's,/usr/bin,${base_bindir},g' \ - -i ${D}${sysconfdir}/init.d/samba - - install -d ${D}${sysconfdir}/samba - echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts - install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf - install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba - - install -d ${D}${sysconfdir}/default - install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba - - # the items are from ctdb/tests/run_tests.sh - for d in onnode takeover tool eventscripts cunit simple complex; do - testdir=${D}${datadir}/ctdb-tests/$d - install -d $testdir - cp ${S}/ctdb/tests/$d/*.sh $testdir - cp -r ${S}/ctdb/tests/$d/scripts ${S}/ctdb/tests/$d/stubs $testdir || true - done - - # fix file-rdeps qa warning - if [ -f ${D}${bindir}/onnode ]; then - sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode - fi - - chmod 0750 ${D}${sysconfdir}/sudoers.d || true - rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log - - for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate; do - if [ -f "${D}${sbindir}/$f" ]; then - sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${sbindir}/$f - fi - done - if [ -f "${D}${bindir}/samba-tool" ]; then - sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${bindir}/samba-tool - fi - -} - -PACKAGES =+ "${PN}-python3 ${PN}-pidl \ - ${PN}-dsdb-modules ${PN}-testsuite registry-tools \ - winbind \ - ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \ - smbclient ${PN}-client ${PN}-server ${PN}-test" - -python samba_populate_packages() { - def module_hook(file, pkg, pattern, format, basename): - pn = d.getVar('PN') - d.appendVar('RRECOMMENDS_%s-base' % pn, ' %s' % pkg) - - mlprefix = d.getVar('MLPREFIX') or '' - pam_libdir = d.expand('${base_libdir}/security') - pam_pkgname = mlprefix + 'pam-plugin%s' - do_split_packages(d, pam_libdir, '^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True) - - libdir = d.getVar('libdir') - do_split_packages(d, libdir, '^lib(.*)\.so\..*$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True) - pkglibdir = '%s/samba' % libdir - do_split_packages(d, pkglibdir, '^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True) - moduledir = '%s/samba/auth' % libdir - do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True) - moduledir = '%s/samba/pdb' % libdir - do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True) -} - -PACKAGESPLITFUNCS_prepend = "samba_populate_packages " -PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*" - -RDEPENDS_${PN} += "${PN}-base ${PN}-python3 ${PN}-dsdb-modules python3" -RDEPENDS_${PN}-python3 += "pytalloc python3-tdb" - -FILES_${PN}-base = "${sbindir}/nmbd \ - ${sbindir}/smbd \ - ${sysconfdir}/init.d \ - ${systemd_system_unitdir}/nmb.service \ - ${systemd_system_unitdir}/smb.service" - -FILES_${PN}-ad-dc = "${sbindir}/samba \ - ${systemd_system_unitdir}/samba.service \ - ${libdir}/krb5/plugins/kdb/samba.so \ -" -RDEPENDS_${PN}-ad-dc = "krb5-kdc" - -FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \ - ${bindir}/ctdb_run_cluster_tests \ - ${sysconfdir}/ctdb/nodes \ - ${datadir}/ctdb-tests \ - ${datadir}/ctdb/tests \ - ${localstatedir}/lib/ctdb \ - " - -FILES_${BPN}-common = "${sysconfdir}/default \ - ${sysconfdir}/samba \ - ${sysconfdir}/tmpfiles.d \ - ${localstatedir}/lib/samba \ - ${localstatedir}/spool/samba \ -" - -FILES_${PN} += "${libdir}/vfs/*.so \ - ${libdir}/charset/*.so \ - ${libdir}/*.dat \ - ${libdir}/auth/*.so \ - ${datadir}/ctdb/events/* \ -" - -FILES_${PN}-dsdb-modules = "${libdir}/samba/ldb" - -FILES_${PN}-testsuite = "${bindir}/gentest \ - ${bindir}/locktest \ - ${bindir}/masktest \ - ${bindir}/ndrdump \ - ${bindir}/smbtorture" - -FILES_registry-tools = "${bindir}/regdiff \ - ${bindir}/regpatch \ - ${bindir}/regshell \ - ${bindir}/regtree" - -FILES_winbind = "${sbindir}/winbindd \ - ${bindir}/wbinfo \ - ${bindir}/ntlm_auth \ - ${libdir}/samba/idmap \ - ${libdir}/samba/nss_info \ - ${libdir}/winbind_krb5_locator.so \ - ${libdir}/winbind-krb5-localauth.so \ - ${sysconfdir}/init.d/winbind \ - ${systemd_system_unitdir}/winbind.service" - -FILES_${PN}-python3 = "${PYTHON_SITEPACKAGES_DIR}" - -FILES_smbclient = "${bindir}/cifsdd \ - ${bindir}/rpcclient \ - ${bindir}/smbcacls \ - ${bindir}/smbclient \ - ${bindir}/smbcquotas \ - ${bindir}/smbget \ - ${bindir}/smbspool \ - ${bindir}/smbtar \ - ${bindir}/smbtree \ - ${libdir}/samba/smbspool_krb5_wrapper" - -RDEPENDS_${PN}-pidl_append = " perl" -FILES_${PN}-pidl = "${bindir}/pidl ${datadir}/perl5/Parse" - -RDEPENDS_${PN}-client = "\ - smbclient \ - winbind \ - registry-tools \ - ${PN}-pidl \ - " - -ALLOW_EMPTY_${PN}-client = "1" - -RDEPENDS_${PN}-server = "\ - ${PN} \ - winbind \ - registry-tools \ - " - -ALLOW_EMPTY_${PN}-server = "1" - -RDEPENDS_${PN}-test = "\ - ${PN}-ctdb-tests \ - ${PN}-testsuite \ - " - -ALLOW_EMPTY_${PN}-test = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb new file mode 100644 index 0000000000..3ae5afbe95 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb @@ -0,0 +1,339 @@ +HOMEPAGE = "https://www.samba.org/" +SECTION = "console/network" + +LICENSE = "GPL-3.0+ & LGPL-3.0+ & GPL-2.0+" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://${COREBASE}/meta/files/common-licenses/LGPL-3.0;md5=bfccfe952269fff2b407dd11f2f3083b \ + file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 " + +SAMBA_MIRROR = "http://samba.org/samba/ftp" +MIRRORS += "\ +${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \ +${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \ +" + +SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ + file://smb.conf \ + file://16-do-not-check-xsltproc-manpages.patch \ + file://20-do-not-import-target-module-while-cross-compile.patch \ + file://21-add-config-option-without-valgrind.patch \ + file://netdb_defines.patch \ + file://glibc_only.patch \ + file://iconv-4.7.0.patch \ + file://dnsserver-4.7.0.patch \ + file://smb_conf-4.7.0.patch \ + file://volatiles.03_samba \ + file://0001-waf-add-support-of-cross_compile.patch \ + file://0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch \ + file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ + file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ + file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ + file://0001-util-Simplify-input-validation.patch \ + file://0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch \ + file://0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch \ + " +SRC_URI_append_libc-musl = " \ + file://samba-pam.patch \ + file://samba-4.3.9-remove-getpwent_r.patch \ + file://cmocka-uintptr_t.patch \ + file://0001-samba-fix-musl-lib-without-innetgr.patch \ + " + +SRC_URI[md5sum] = "f69cac9ba5035ee60257520a209a0a83" +SRC_URI[sha256sum] = "03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e" + +UPSTREAM_CHECK_REGEX = "samba\-(?P4\.10(\.\d+)+).tar.gz" + +inherit systemd waf-samba cpan-base perlnative update-rc.d +# remove default added RDEPENDS on perl +RDEPENDS_${PN}_remove = "perl" + +DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libaio libpam libtasn1 jansson" + +inherit features_check +REQUIRED_DISTRO_FEATURES = "pam" + +DEPENDS_append_libc-musl = " libtirpc" +CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc" +LDFLAGS_append_libc-musl = " -ltirpc" + +INITSCRIPT_NAME = "samba" +INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind" +SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service" +SYSTEMD_SERVICE_${PN}-ad-dc = "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'samba.service', '', d)}" +SYSTEMD_SERVICE_winbind = "winbind.service" + +# There are prerequisite settings to enable ad-dc, so disable the service by default. +# Reference: +# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller +SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable" + +#cross_compile cannot use preforked process, since fork process earlier than point subproces.popen +#to cross Popen +export WAF_NO_PREFORK="yes" + +# Use krb5. Build active domain controller. +# +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \ + acl cups ad-dc gnutls ldap mitkrb5 \ +" + +RDEPENDS_${PN}-ctdb-tests += "bash util-linux-getopt" + +PACKAGECONFIG[acl] = "--with-acl-support,--without-acl-support,acl" +PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin" +PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,cups" +PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap" +PACKAGECONFIG[sasl] = ",,cyrus-sasl" +PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" +PACKAGECONFIG[dmapi] = "--with-dmapi,--without-dmapi,dmapi" +PACKAGECONFIG[zeroconf] = "--enable-avahi,--disable-avahi,avahi" +PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind," +PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust" +PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive" +PACKAGECONFIG[libunwind] = ", , libunwind" +PACKAGECONFIG[gpgme] = ",--without-gpgme,," +PACKAGECONFIG[lmdb] = ",--without-ldb-lmdb,lmdb," +PACKAGECONFIG[libbsd] = "--with-libbsd, --without-libbsd, libbsd" + +# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS, +# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to: +# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html +# So the working combination is: +# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable +# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable +# +# We are now at 4.7.0, so take the above with a grain of salt. We do not need to know where +# krb5kdc is unless ad-dc is enabled, but we tell configure anyhow. +# +PACKAGECONFIG[ad-dc] = "--with-experimental-mit-ad-dc,--without-ad-dc,," +PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls," +PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5 --with-system-mitkdc=/usr/sbin/krb5kdc,,krb5," + +SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" +SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" +SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4" +SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}" + +# These libraries are supposed to replace others supplied by packages, but decorate the names of +# .so files so there will not be a conflict. This is not done consistantly, so be very careful +# when adding to this list. +# +SAMBA4_LIBS="heimdal,cmocka,NONE" + +EXTRA_OECONF += "--enable-fhs \ + --with-piddir=/run \ + --with-sockets-dir=/run/samba \ + --with-modulesdir=${libdir}/samba \ + --with-lockdir=${localstatedir}/lib/samba \ + --with-cachedir=${localstatedir}/lib/samba \ + --disable-rpath-install \ + --with-shared-modules=${SAMBA4_MODULES} \ + --bundled-libraries=${SAMBA4_LIBS} \ + ${@oe.utils.conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \ + --with-cluster-support \ + --with-profiling-data \ + --with-libiconv=${STAGING_DIR_HOST}${prefix} \ + --with-pam --with-pammodulesdir=${base_libdir}/security \ + " + +LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}" + +do_install_append() { + for section in 1 5 7; do + install -d ${D}${mandir}/man$section + install -m 0644 ctdb/doc/*.$section ${D}${mandir}/man$section + done + for section in 1 5 7 8; do + install -d ${D}${mandir}/man$section + install -m 0644 docs/manpages/*.$section ${D}${mandir}/man$section + done + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${S}/bin/default/packaging/systemd/*.service ${D}${systemd_system_unitdir}/ + sed -e 's,\(ExecReload=\).*\(/kill\),\1${base_bindir}\2,' \ + -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \ + -i ${D}${systemd_system_unitdir}/*.service + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then + rm -f ${D}${systemd_system_unitdir}/samba.service + fi + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf + echo "d ${localstatedir}/log/samba 0755 root root -" \ + >> ${D}${sysconfdir}/tmpfiles.d/samba.conf + install -d ${D}${sysconfdir}/init.d + install -m 0755 packaging/sysv/samba.init ${D}${sysconfdir}/init.d/samba + sed -e 's,/opt/samba/bin,${sbindir},g' \ + -e 's,/opt/samba/smb.conf,${sysconfdir}/samba/smb.conf,g' \ + -e 's,/opt/samba/log,${localstatedir}/log/samba,g' \ + -e 's,/etc/init.d/samba.server,${sysconfdir}/init.d/samba,g' \ + -e 's,/usr/bin,${base_bindir},g' \ + -i ${D}${sysconfdir}/init.d/samba + + install -d ${D}${sysconfdir}/samba + echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts + install -m644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf + install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/03_samba + + install -d ${D}${sysconfdir}/default + install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/default/samba + + # the items are from ctdb/tests/run_tests.sh + for d in onnode takeover tool eventscripts cunit simple complex; do + testdir=${D}${datadir}/ctdb-tests/$d + install -d $testdir + cp ${S}/ctdb/tests/$d/*.sh $testdir + cp -r ${S}/ctdb/tests/$d/scripts ${S}/ctdb/tests/$d/stubs $testdir || true + done + + # fix file-rdeps qa warning + if [ -f ${D}${bindir}/onnode ]; then + sed -i 's:\(#!/bin/\)bash:\1sh:' ${D}${bindir}/onnode + fi + + chmod 0750 ${D}${sysconfdir}/sudoers.d || true + rm -rf ${D}/run ${D}${localstatedir}/run ${D}${localstatedir}/log + + for f in samba-gpupdate samba_upgradedns samba_spnupdate samba_kcc samba_dnsupdate; do + if [ -f "${D}${sbindir}/$f" ]; then + sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${sbindir}/$f + fi + done + if [ -f "${D}${bindir}/samba-tool" ]; then + sed -i -e 's,${PYTHON},/usr/bin/env python3,g' ${D}${bindir}/samba-tool + fi + +} + +PACKAGES =+ "${PN}-python3 ${PN}-pidl \ + ${PN}-dsdb-modules ${PN}-testsuite registry-tools \ + winbind \ + ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \ + smbclient ${PN}-client ${PN}-server ${PN}-test" + +python samba_populate_packages() { + def module_hook(file, pkg, pattern, format, basename): + pn = d.getVar('PN') + d.appendVar('RRECOMMENDS_%s-base' % pn, ' %s' % pkg) + + mlprefix = d.getVar('MLPREFIX') or '' + pam_libdir = d.expand('${base_libdir}/security') + pam_pkgname = mlprefix + 'pam-plugin%s' + do_split_packages(d, pam_libdir, '^pam_(.*)\.so$', pam_pkgname, 'PAM plugin for %s', extra_depends='', prepend=True) + + libdir = d.getVar('libdir') + do_split_packages(d, libdir, '^lib(.*)\.so\..*$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True, allow_links=True) + pkglibdir = '%s/samba' % libdir + do_split_packages(d, pkglibdir, '^lib(.*)\.so$', 'lib%s', 'Samba %s library', extra_depends='${PN}-common', prepend=True) + moduledir = '%s/samba/auth' % libdir + do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-auth-%s', 'Samba %s authentication backend', hook=module_hook, extra_depends='', prepend=True) + moduledir = '%s/samba/pdb' % libdir + do_split_packages(d, moduledir, '^(.*)\.so$', 'samba-pdb-%s', 'Samba %s password backend', hook=module_hook, extra_depends='', prepend=True) +} + +PACKAGESPLITFUNCS_prepend = "samba_populate_packages " +PACKAGES_DYNAMIC = "samba-auth-.* samba-pdb-.*" + +RDEPENDS_${PN} += "${PN}-base ${PN}-python3 ${PN}-dsdb-modules python3" +RDEPENDS_${PN}-python3 += "pytalloc python3-tdb" + +FILES_${PN}-base = "${sbindir}/nmbd \ + ${sbindir}/smbd \ + ${sysconfdir}/init.d \ + ${systemd_system_unitdir}/nmb.service \ + ${systemd_system_unitdir}/smb.service" + +FILES_${PN}-ad-dc = "${sbindir}/samba \ + ${systemd_system_unitdir}/samba.service \ + ${libdir}/krb5/plugins/kdb/samba.so \ +" +RDEPENDS_${PN}-ad-dc = "krb5-kdc" + +FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \ + ${bindir}/ctdb_run_cluster_tests \ + ${sysconfdir}/ctdb/nodes \ + ${datadir}/ctdb-tests \ + ${datadir}/ctdb/tests \ + ${localstatedir}/lib/ctdb \ + " + +FILES_${BPN}-common = "${sysconfdir}/default \ + ${sysconfdir}/samba \ + ${sysconfdir}/tmpfiles.d \ + ${localstatedir}/lib/samba \ + ${localstatedir}/spool/samba \ +" + +FILES_${PN} += "${libdir}/vfs/*.so \ + ${libdir}/charset/*.so \ + ${libdir}/*.dat \ + ${libdir}/auth/*.so \ + ${datadir}/ctdb/events/* \ +" + +FILES_${PN}-dsdb-modules = "${libdir}/samba/ldb" + +FILES_${PN}-testsuite = "${bindir}/gentest \ + ${bindir}/locktest \ + ${bindir}/masktest \ + ${bindir}/ndrdump \ + ${bindir}/smbtorture" + +FILES_registry-tools = "${bindir}/regdiff \ + ${bindir}/regpatch \ + ${bindir}/regshell \ + ${bindir}/regtree" + +FILES_winbind = "${sbindir}/winbindd \ + ${bindir}/wbinfo \ + ${bindir}/ntlm_auth \ + ${libdir}/samba/idmap \ + ${libdir}/samba/nss_info \ + ${libdir}/winbind_krb5_locator.so \ + ${libdir}/winbind-krb5-localauth.so \ + ${sysconfdir}/init.d/winbind \ + ${systemd_system_unitdir}/winbind.service" + +FILES_${PN}-python3 = "${PYTHON_SITEPACKAGES_DIR}" + +FILES_smbclient = "${bindir}/cifsdd \ + ${bindir}/rpcclient \ + ${bindir}/smbcacls \ + ${bindir}/smbclient \ + ${bindir}/smbcquotas \ + ${bindir}/smbget \ + ${bindir}/smbspool \ + ${bindir}/smbtar \ + ${bindir}/smbtree \ + ${libdir}/samba/smbspool_krb5_wrapper" + +RDEPENDS_${PN}-pidl_append = " perl" +FILES_${PN}-pidl = "${bindir}/pidl ${datadir}/perl5/Parse" + +RDEPENDS_${PN}-client = "\ + smbclient \ + winbind \ + registry-tools \ + ${PN}-pidl \ + " + +ALLOW_EMPTY_${PN}-client = "1" + +RDEPENDS_${PN}-server = "\ + ${PN} \ + winbind \ + registry-tools \ + " + +ALLOW_EMPTY_${PN}-server = "1" + +RDEPENDS_${PN}-test = "\ + ${PN}-ctdb-tests \ + ${PN}-testsuite \ + " + +ALLOW_EMPTY_${PN}-test = "1" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.1.bb new file mode 100644 index 0000000000..e967f7a034 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.1.bb @@ -0,0 +1,111 @@ +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." +HOMEPAGE = "http://www.snort.org/" +SECTION = "net" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" + +DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native" + +SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \ + file://snort.init \ + file://volatiles.99_snort \ + file://0001-libpcap-search-sysroot-for-headers.patch \ + file://fix-host-contamination-when-enable-static-daq.patch \ + file://disable-run-test-program-while-cross-compiling.patch \ + file://configure.in-disable-tirpc-checking-for-fedora.patch \ +" +SRC_URI[sha256sum] = "e3ac45a1a3cc2c997d52d19cd92f1adf5641c3a919387adab47a4d13a9dc9f8e" + +UPSTREAM_CHECK_URI = "https://www.snort.org/downloads" +UPSTREAM_CHECK_REGEX = "snort-(?P\d+(\.\d+)+)\.tar" + +inherit autotools gettext update-rc.d pkgconfig + +INITSCRIPT_NAME = "snort" +INITSCRIPT_PARAMS = "defaults" + +EXTRA_OECONF = " \ + --enable-gre \ + --enable-linux-smp-stats \ + --enable-reload \ + --enable-reload-error-restart \ + --enable-targetbased \ + --enable-static-daq \ + --with-dnet-includes=${STAGING_INCDIR} \ + --with-dnet-libraries=${STAGING_LIBDIR} \ + --with-libpcre-includes=${STAGING_INCDIR} \ + --with-libpcre-libraries=${STAGING_LIBDIR} \ + --with-daq-includes=${STAGING_INCDIR} \ + --with-daq-libraries=${STAGING_LIBDIR} \ +" + +# if you want to disable it, you need to patch configure.in first +# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no") +# is called even with --without-openssl-includes +PACKAGECONFIG ?= "openssl lzma" +PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," +PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," +PACKAGECONFIG[appid] = "--enable-open-appid, --disable-open-appid, luajit, bash" + +CFLAGS += "-I${STAGING_INCDIR}/tirpc" +LDFLAGS += " -ltirpc" + +do_install_append() { + install -d ${D}${sysconfdir}/snort/rules + install -d ${D}${sysconfdir}/snort/preproc_rules + install -d ${D}${sysconfdir}/init.d + for i in map config conf dtd; do + cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/ + done + + # fix the hardcoded path and lib name + # comment out the rules that are not provided + sed -i -e 's#/usr/local/lib#${libdir}#' \ + -e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \ + -e 's#\(libsf_engine.so\)#\1.0#' \ + -e 's/^\(include $RULE_PATH\)/#\1/' \ + -e 's/^\(dynamicdetection\)/#\1/' \ + -e '/preprocessor reputation/,/blacklist/ s/^/#/' \ + ${D}${sysconfdir}/snort/snort.conf + + cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ + install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.99_snort ${D}${sysconfdir}/default/volatiles/99_snort + + sed -i -e 's|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc +} + +pkg_postinst_${PN}() { + if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi +} + +FILES_${PN} += " \ + ${libdir}/snort_dynamicengine/*.so.* \ + ${libdir}/snort_dynamicpreprocessor/*.so.* \ + ${libdir}/snort_dynamicrules/*.so.* \ +" +FILES_${PN}-dbg += " \ + ${libdir}/snort_dynamicengine/.debug \ + ${libdir}/snort_dynamicpreprocessor/.debug \ + ${libdir}/snort_dynamicrules/.debug \ +" +FILES_${PN}-staticdev += " \ + ${libdir}/snort_dynamicengine/*.a \ + ${libdir}/snort_dynamicpreprocessor/*.a \ + ${libdir}/snort_dynamicrules/*.a \ + ${libdir}/snort/dynamic_preproc/*.a \ + ${libdir}/snort/dynamic_output/*.a \ +" +FILES_${PN}-dev += " \ + ${libdir}/snort_dynamicengine/*.la \ + ${libdir}/snort_dynamicpreprocessor/*.la \ + ${libdir}/snort_dynamicrules/*.la \ + ${libdir}/snort_dynamicengine/*.so \ + ${libdir}/snort_dynamicpreprocessor/*.so \ + ${libdir}/snort_dynamicrules/*.so \ + ${prefix}/src/snort_dynamicsrc \ +" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.bb deleted file mode 100644 index d8073d865b..0000000000 --- a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.16.bb +++ /dev/null @@ -1,113 +0,0 @@ -DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." -HOMEPAGE = "http://www.snort.org/" -SECTION = "net" -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" - -DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native" - -SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \ - file://snort.init \ - file://volatiles.99_snort \ - file://0001-libpcap-search-sysroot-for-headers.patch \ - file://fix-host-contamination-when-enable-static-daq.patch \ - file://disable-run-test-program-while-cross-compiling.patch \ - file://configure.in-disable-tirpc-checking-for-fedora.patch \ -" - -SRC_URI[md5sum] = "1cec58babaea3420014d61a93e6e1545" -SRC_URI[sha256sum] = "9688d8edf1da09dec6574000fb3c0e62f99c56428587616e17c60103c0bcbad7" - -UPSTREAM_CHECK_URI = "https://www.snort.org/downloads" -UPSTREAM_CHECK_REGEX = "snort-(?P\d+(\.\d+)+)\.tar" - -inherit autotools gettext update-rc.d pkgconfig - -INITSCRIPT_NAME = "snort" -INITSCRIPT_PARAMS = "defaults" - -EXTRA_OECONF = " \ - --enable-gre \ - --enable-linux-smp-stats \ - --enable-reload \ - --enable-reload-error-restart \ - --enable-targetbased \ - --enable-static-daq \ - --with-dnet-includes=${STAGING_INCDIR} \ - --with-dnet-libraries=${STAGING_LIBDIR} \ - --with-libpcre-includes=${STAGING_INCDIR} \ - --with-libpcre-libraries=${STAGING_LIBDIR} \ - --with-daq-includes=${STAGING_INCDIR} \ - --with-daq-libraries=${STAGING_LIBDIR} \ -" - -# if you want to disable it, you need to patch configure.in first -# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no") -# is called even with --without-openssl-includes -PACKAGECONFIG ?= "openssl lzma" -PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," -PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," -PACKAGECONFIG[appid] = "--enable-open-appid, --disable-open-appid, luajit, bash" - -CFLAGS += "-I${STAGING_INCDIR}/tirpc" -LDFLAGS += " -ltirpc" - -do_install_append() { - install -d ${D}${sysconfdir}/snort/rules - install -d ${D}${sysconfdir}/snort/preproc_rules - install -d ${D}${sysconfdir}/init.d - for i in map config conf dtd; do - cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/ - done - - # fix the hardcoded path and lib name - # comment out the rules that are not provided - sed -i -e 's#/usr/local/lib#${libdir}#' \ - -e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \ - -e 's#\(libsf_engine.so\)#\1.0#' \ - -e 's/^\(include $RULE_PATH\)/#\1/' \ - -e 's/^\(dynamicdetection\)/#\1/' \ - -e '/preprocessor reputation/,/blacklist/ s/^/#/' \ - ${D}${sysconfdir}/snort/snort.conf - - cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ - install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort - - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.99_snort ${D}${sysconfdir}/default/volatiles/99_snort - - sed -i -e 's|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc -} - -pkg_postinst_${PN}() { - if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi -} - -FILES_${PN} += " \ - ${libdir}/snort_dynamicengine/*.so.* \ - ${libdir}/snort_dynamicpreprocessor/*.so.* \ - ${libdir}/snort_dynamicrules/*.so.* \ -" -FILES_${PN}-dbg += " \ - ${libdir}/snort_dynamicengine/.debug \ - ${libdir}/snort_dynamicpreprocessor/.debug \ - ${libdir}/snort_dynamicrules/.debug \ -" -FILES_${PN}-staticdev += " \ - ${libdir}/snort_dynamicengine/*.a \ - ${libdir}/snort_dynamicpreprocessor/*.a \ - ${libdir}/snort_dynamicrules/*.a \ - ${libdir}/snort/dynamic_preproc/*.a \ - ${libdir}/snort/dynamic_output/*.a \ -" -FILES_${PN}-dev += " \ - ${libdir}/snort_dynamicengine/*.la \ - ${libdir}/snort_dynamicpreprocessor/*.la \ - ${libdir}/snort_dynamicrules/*.la \ - ${libdir}/snort_dynamicengine/*.so \ - ${libdir}/snort_dynamicpreprocessor/*.so \ - ${libdir}/snort_dynamicrules/*.so \ - ${prefix}/src/snort_dynamicsrc \ -" -- cgit v1.2.3