From 193236933b0f4ab91b1625b64e2187e2db4e0e8f Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Fri, 5 Apr 2019 15:28:33 -0400 Subject: reset upstream subtrees to HEAD Reset the following subtrees on HEAD: poky: 8217b477a1(master) meta-xilinx: 64aa3d35ae(master) meta-openembedded: 0435c9e193(master) meta-raspberrypi: 490a4441ac(master) meta-security: cb6d1c85ee(master) Squashed patches: meta-phosphor: drop systemd 239 patches meta-phosphor: mrw-api: use correct install path Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d Signed-off-by: Brad Bishop --- .../collectd/0005-Disable-new-gcc8-warnings.patch | 18 +- ...collectdclient-Fix-string-overflow-errors.patch | 31 + .../recipes-extended/collectd/collectd_5.8.0.bb | 87 -- .../recipes-extended/collectd/collectd_5.8.1.bb | 88 +++ ...init.d-Makefile.am-add-missing-dependency.patch | 10 +- .../recipes-extended/haveged/haveged_1.9.2.bb | 42 - .../recipes-extended/haveged/haveged_1.9.4.bb | 42 + .../recipes-extended/jansson/jansson_2.11.bb | 12 - .../recipes-extended/jansson/jansson_2.12.bb | 13 + .../recipes-extended/lcdproc/lcdproc_git.bb | 5 +- .../libblockdev/libblockdev_2.18.bb | 43 - .../libblockdev/libblockdev_2.20.bb | 43 + .../recipes-extended/libreport/libreport_2.9.5.bb | 49 -- .../recipes-extended/libreport/libreport_2.9.7.bb | 49 ++ .../libserialport/libserialport_0.1.1.bb | 12 + .../recipes-extended/libzip/libzip_1.5.1.bb | 18 + .../recipes-extended/logwatch/logwatch_7.4.3.bb | 6 +- .../mozjs/mozjs/format-overflow.patch | 21 + .../meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb | 11 +- ...CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch | 42 + .../openwsman/0001-Port-to-OpenSSL-1.1.0.patch | 162 ---- .../openwsman/0001-openSSL-1.1.0-API-fixes.patch | 77 ++ ...SL-version-number-to-allow-builds-with-ol.patch | 48 -- .../recipes-extended/openwsman/openwsman_2.6.5.bb | 73 -- .../recipes-extended/openwsman/openwsman_2.6.8.bb | 75 ++ .../0001-Adapt-to-OpenSSL-1.1.1.patch | 879 +++++++++++++++++++++ ...gainst-the-correct-OPENSSL_VERSION_NUMBER.patch | 365 +++++++++ .../pam/pam-ssh-agent-auth_0.10.3.bb | 7 +- .../recipes-extended/polkit/polkit-group-rule.inc | 3 + .../polkit/polkit/CVE-2019-6133.patch | 190 ----- .../recipes-extended/polkit/polkit_0.115.bb | 5 +- .../meta-oe/recipes-extended/redis/redis_4.0.12.bb | 58 ++ .../meta-oe/recipes-extended/redis/redis_4.0.8.bb | 57 -- ...0001-src-tcp.c-fix-jump-misses-init-error.patch | 71 -- ...01-src-tcp.c-increase-the-size-of-szHname.patch | 53 -- .../recipes-extended/rsyslog/librelp_1.2.16.bb | 18 - .../recipes-extended/rsyslog/librelp_1.4.0.bb | 16 + .../rsyslog/rsyslog-fix-ptest-not-finish.patch | 118 --- .../recipes-extended/rsyslog/rsyslog_8.1903.0.bb | 169 ++++ .../recipes-extended/rsyslog/rsyslog_8.37.0.bb | 166 ---- .../recipes-extended/sigrok/libsigrok_0.5.1.bb | 23 + .../sigrok/libsigrokdecode_0.5.2.bb | 14 + .../recipes-extended/sigrok/sigrok-cli_0.7.0.bb | 18 + ...p-Use-realpath-BSD-POSIX-instead-of-canon.patch | 28 - .../smartmontools/smartmontools_6.6.bb | 53 -- .../smartmontools/smartmontools_7.0.bb | 52 ++ .../triggerhappy/triggerhappy_0.5.0.bb | 47 ++ ...txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch | 38 + .../meta-oe/recipes-extended/upm/upm_git.bb | 3 +- .../volume_key/volume-key_0.3.11.bb | 34 - .../volume_key/volume-key_0.3.12.bb | 38 + 51 files changed, 2270 insertions(+), 1330 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch create mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb delete mode 100644 meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb create mode 100644 meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb (limited to 'meta-openembedded/meta-oe/recipes-extended') diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch index b12690b327..13510cdea0 100644 --- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch @@ -1,4 +1,4 @@ -From d65e48b68076d5b304e6d865967003ae1fea0e6c Mon Sep 17 00:00:00 2001 +From f82f8faf9942f51e9c3c773b56574652695bef5a Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 9 May 2018 21:45:38 -0700 Subject: [PATCH] Disable new gcc8 warnings @@ -7,17 +7,17 @@ GCC seems to be not able to detect the checks for size are already in place Signed-off-by: Khem Raj + --- -Upstream-Status: Submitted [https://github.com/collectd/collectd/pull/2768] src/libcollectdclient/network_parse.c | 7 +++++++ src/write_sensu.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c -index 2365ab0a..79e6ed96 100644 +index aa753ce..fef43a9 100644 --- a/src/libcollectdclient/network_parse.c +++ b/src/libcollectdclient/network_parse.c -@@ -163,6 +163,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) { +@@ -148,6 +148,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) { return 0; } @@ -29,7 +29,7 @@ index 2365ab0a..79e6ed96 100644 static int parse_string(void *payload, size_t payload_size, char *out, size_t out_size) { char *in = payload; -@@ -175,6 +180,8 @@ static int parse_string(void *payload, size_t payload_size, char *out, +@@ -160,6 +165,8 @@ static int parse_string(void *payload, size_t payload_size, char *out, return 0; } @@ -39,22 +39,22 @@ index 2365ab0a..79e6ed96 100644 lcc_value_list_t *state) { char buf[LCC_NAME_LEN]; diff --git a/src/write_sensu.c b/src/write_sensu.c -index ce23e654..63e1f599 100644 +index bd7a56d..6cb59d5 100644 --- a/src/write_sensu.c +++ b/src/write_sensu.c -@@ -569,6 +569,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */ +@@ -570,6 +570,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */ return ret_str; } /* }}} char *sensu_value_to_json */ +#pragma GCC diagnostic push -+#if __GNUC__ == 8 ++#if __GNUC__ > 7 +#pragma GCC diagnostic ignored "-Wstringop-overflow" +#pragma GCC diagnostic ignored "-Wstringop-truncation" +#endif /* * Uses replace_str2() implementation from * http://creativeandcritical.net/str-replace-c/ -@@ -631,6 +636,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */ +@@ -632,6 +637,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */ return ret; } /* }}} char *replace_str */ diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch new file mode 100644 index 0000000000..3ed652f71f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch @@ -0,0 +1,31 @@ +From 98719ea7f717750c790a1f9384ea8d0117e7f52d Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 17 Dec 2018 18:15:05 -0800 +Subject: [PATCH] libcollectdclient: Fix string overflow errors + +Ensure that string has a space for ending null char + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + src/libcollectdclient/network_parse.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c +index fef43a9..6d65266 100644 +--- a/src/libcollectdclient/network_parse.c ++++ b/src/libcollectdclient/network_parse.c +@@ -169,9 +169,9 @@ static int parse_string(void *payload, size_t payload_size, char *out, + + static int parse_identifier(uint16_t type, void *payload, size_t payload_size, + lcc_value_list_t *state) { +- char buf[LCC_NAME_LEN]; +- +- if (parse_string(payload, payload_size, buf, sizeof(buf)) != 0) ++ char buf[LCC_NAME_LEN+1]; ++ buf[LCC_NAME_LEN] = '\0'; ++ if (parse_string(payload, payload_size, buf, LCC_NAME_LEN) != 0) + return EINVAL; + + switch (type) { diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb deleted file mode 100644 index df9fa233cd..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb +++ /dev/null @@ -1,87 +0,0 @@ -SUMMARY = "Collects and summarises system performance statistics" -DESCRIPTION = "collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files." -LICENSE = "GPLv2 & MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=1bd21f19f7f0c61a7be8ecacb0e28854" - -DEPENDS = "rrdtool curl libpcap libxml2 yajl libgcrypt libtool lvm2" - -SRC_URI = "http://collectd.org/files/collectd-${PV}.tar.bz2 \ - file://collectd.init \ - file://collectd.service \ - file://no-gcrypt-badpath.patch \ - file://0001-conditionally-check-libvirt.patch \ - file://0001-fix-to-build-with-glibc-2.25.patch \ - file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ - file://0005-Disable-new-gcc8-warnings.patch \ - " -SRC_URI[md5sum] = "a841159323624f18bf03198e9f5aa364" -SRC_URI[sha256sum] = "b06ff476bbf05533cb97ae6749262cc3c76c9969f032bd8496690084ddeb15c9" - -inherit autotools pythonnative update-rc.d pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "collectd.service" - -# Floatingpoint layout, architecture dependent -# 'nothing', 'endianflip' or 'intswap' -FPLAYOUT ?= "--with-fp-layout=nothing" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[openjdk] = "--with-java=${STAGING_DIR_TARGET}${libdir}/jvm,--without-java,openjdk-7" -PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp --with-libnetsnmp=no,net-snmp" -PACKAGECONFIG[libmemcached] = "--with-libmemcached,--without-libmemcached,libmemcached" -PACKAGECONFIG[iptables] = "--enable-iptables,--disable-iptables,iptables" -PACKAGECONFIG[postgresql] = "--enable-postgresql --with-libpq=yes, \ - --disable-postgresql --with-libpq=no,postgresql" -PACKAGECONFIG[mysql] = "--enable-mysql --with-libmysql=yes, \ - --disable-mysql --with-libmysql=no,mysql5" -PACKAGECONFIG[dbi] = "--enable-dbi,--disable-dbi,libdbi" -PACKAGECONFIG[modbus] = "--enable-modbus,--disable-modbus,libmodbus" -PACKAGECONFIG[libowcapi] = "--with-libowcapi,--without-libowcapi,owfs" -PACKAGECONFIG[sensors] = "--enable-sensors --with-libsensors=yes, \ - --disable-sensors --with-libsensors=no,lmsensors" -PACKAGECONFIG[amqp] = "--enable-amqp --with-librabbitmq=yes, \ - --disable-amqp --with-librabbitmq=no,rabbitmq-c" -# protobuf-c, libvirt that are currently only available in meta-virtualization layer -PACKAGECONFIG[pinba] = "--enable-pinba,--disable-pinba,protobuf-c-native protobuf-c" -PACKAGECONFIG[libvirt] = "--enable-virt,--disable-virt,libvirt" -PACKAGECONFIG[libesmtp] = "--with-libesmtp,--without-libesmtp,libesmtp" -PACKAGECONFIG[libmnl] = "--with-libmnl,--without-libmnl,libmnl" -PACKAGECONFIG[libatasmart] = "--with-libatasmart,--without-libatasmart,libatasmart" -PACKAGECONFIG[ldap] = "--enable-openldap --with-libldap,--disable-openldap --without-libldap, openldap" - -EXTRA_OECONF = " \ - ${FPLAYOUT} \ - --disable-perl --with-libperl=no --with-perl-bindings=no \ - --with-libgcrypt=${STAGING_BINDIR_CROSS}/libgcrypt-config \ - --disable-notify_desktop \ -" - -do_install_append() { - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/collectd.init ${D}${sysconfdir}/init.d/collectd - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/collectd - sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/collectd - sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/collectd - sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/collectd - install -Dm 0640 ${B}/src/collectd.conf ${D}${sysconfdir}/collectd.conf - # Fix configuration file to allow collectd to start up - sed -i 's!^#FQDNLookup[ \t]*true!FQDNLookup false!g' ${D}${sysconfdir}/collectd.conf - - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - - # Install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/collectd.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/collectd.service -} - -CONFFILES_${PN} = "${sysconfdir}/collectd.conf" - -INITSCRIPT_NAME = "collectd" -INITSCRIPT_PARAMS = "defaults" - -# threshold.so load.so are also provided by gegl -# disk.so is also provided by libgphoto2-camlibs -PRIVATE_LIBS = "threshold.so load.so disk.so" diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb new file mode 100644 index 0000000000..6dff18c16b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb @@ -0,0 +1,88 @@ +SUMMARY = "Collects and summarises system performance statistics" +DESCRIPTION = "collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files." +LICENSE = "GPLv2 & MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=1bd21f19f7f0c61a7be8ecacb0e28854" + +DEPENDS = "rrdtool curl libpcap libxml2 yajl libgcrypt libtool lvm2" + +SRC_URI = "http://collectd.org/files/collectd-${PV}.tar.bz2 \ + file://collectd.init \ + file://collectd.service \ + file://no-gcrypt-badpath.patch \ + file://0001-conditionally-check-libvirt.patch \ + file://0001-fix-to-build-with-glibc-2.25.patch \ + file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \ + file://0005-Disable-new-gcc8-warnings.patch \ + file://0006-libcollectdclient-Fix-string-overflow-errors.patch \ + " +SRC_URI[md5sum] = "bfce96c42cede5243028510bcc57c1e6" +SRC_URI[sha256sum] = "e796fda27ce06377f491ad91aa286962a68c2b54076aa77a29673d53204453da" + +inherit autotools pythonnative update-rc.d pkgconfig systemd + +SYSTEMD_SERVICE_${PN} = "collectd.service" + +# Floatingpoint layout, architecture dependent +# 'nothing', 'endianflip' or 'intswap' +FPLAYOUT ?= "--with-fp-layout=nothing" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[openjdk] = "--with-java=${STAGING_DIR_TARGET}${libdir}/jvm,--without-java,openjdk-7" +PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp --with-libnetsnmp=no,net-snmp" +PACKAGECONFIG[libmemcached] = "--with-libmemcached,--without-libmemcached,libmemcached" +PACKAGECONFIG[iptables] = "--enable-iptables,--disable-iptables,iptables" +PACKAGECONFIG[postgresql] = "--enable-postgresql --with-libpq=yes, \ + --disable-postgresql --with-libpq=no,postgresql" +PACKAGECONFIG[mysql] = "--enable-mysql --with-libmysql=yes, \ + --disable-mysql --with-libmysql=no,mysql5" +PACKAGECONFIG[dbi] = "--enable-dbi,--disable-dbi,libdbi" +PACKAGECONFIG[modbus] = "--enable-modbus,--disable-modbus,libmodbus" +PACKAGECONFIG[libowcapi] = "--with-libowcapi,--without-libowcapi,owfs" +PACKAGECONFIG[sensors] = "--enable-sensors --with-libsensors=yes, \ + --disable-sensors --with-libsensors=no,lmsensors" +PACKAGECONFIG[amqp] = "--enable-amqp --with-librabbitmq=yes, \ + --disable-amqp --with-librabbitmq=no,rabbitmq-c" +# protobuf-c, libvirt that are currently only available in meta-virtualization layer +PACKAGECONFIG[pinba] = "--enable-pinba,--disable-pinba,protobuf-c-native protobuf-c" +PACKAGECONFIG[libvirt] = "--enable-virt,--disable-virt,libvirt" +PACKAGECONFIG[libesmtp] = "--with-libesmtp,--without-libesmtp,libesmtp" +PACKAGECONFIG[libmnl] = "--with-libmnl,--without-libmnl,libmnl" +PACKAGECONFIG[libatasmart] = "--with-libatasmart,--without-libatasmart,libatasmart" +PACKAGECONFIG[ldap] = "--enable-openldap --with-libldap,--disable-openldap --without-libldap, openldap" + +EXTRA_OECONF = " \ + ${FPLAYOUT} \ + --disable-perl --with-libperl=no --with-perl-bindings=no \ + --with-libgcrypt=${STAGING_BINDIR_CROSS}/libgcrypt-config \ + --disable-notify_desktop \ +" + +do_install_append() { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/collectd.init ${D}${sysconfdir}/init.d/collectd + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/collectd + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/collectd + sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/collectd + sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${sysconfdir}/init.d/collectd + install -Dm 0640 ${B}/src/collectd.conf ${D}${sysconfdir}/collectd.conf + # Fix configuration file to allow collectd to start up + sed -i 's!^#FQDNLookup[ \t]*true!FQDNLookup false!g' ${D}${sysconfdir}/collectd.conf + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + + # Install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/collectd.service ${D}${systemd_unitdir}/system + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/collectd.service +} + +CONFFILES_${PN} = "${sysconfdir}/collectd.conf" + +INITSCRIPT_NAME = "collectd" +INITSCRIPT_PARAMS = "defaults" + +# threshold.so load.so are also provided by gegl +# disk.so is also provided by libgphoto2-camlibs +PRIVATE_LIBS = "threshold.so load.so disk.so" diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch index 36fd57c9bc..020ac2c3b8 100644 --- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch +++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch @@ -3,13 +3,14 @@ From: Jackie Huang Date: Tue, 27 Mar 2018 10:21:09 +0800 Subject: [PATCH] init.d/Makefile.am: add missing dependency -install-data-hook should epend on install-exec-hook, or the +install-data-hook should depend on install-exec-hook, or the haveged.service might be installed incorrectly when build with -j option. -Upstream-Status: Inappropriate [no upstream mailing list] +Upstream-Status: Submitted [https://github.com/jirka-h/haveged/pull/13] Signed-off-by: Jackie Huang +Signed-off-by: Khem Raj raj.khem@gmail.com --- init.d/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -21,12 +22,11 @@ index 5940f78..07bcdf7 100644 @@ -33,7 +33,7 @@ if ENABLE_SYSTEMD install-exec-hook: $(do_subst) < $(srcdir)/$(src_tmpl) > haveged.service; - + -install-data-hook: +install-data-hook: install-exec-hook if ENABLE_SYSTEMD_LOOKUP install -p -D -m644 haveged.service $(DESTDIR)`pkg-config --variable=systemdsystemunitdir systemd`/haveged.service; else --- +-- 2.11.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb deleted file mode 100644 index bf1367391b..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb +++ /dev/null @@ -1,42 +0,0 @@ -SUMMARY = "haveged - A simple entropy daemon" -DESCRIPTION = "The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers." -AUTHOR = "Gary Wuertz" -HOMEPAGE = "http://www.issihosts.com/haveged/index.html" -LICENSE = "GPLv3" -LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -SRC_URI = "http://www.issihosts.com/haveged/haveged-${PV}.tar.gz \ - file://haveged-init.d-Makefile.am-add-missing-dependency.patch \ -" - -SRC_URI[md5sum] = "fb1d8b3dcbb9d06b30eccd8aa500fd31" -SRC_URI[sha256sum] = "f77d9adbdf421b61601fa29faa9ce3b479d910f73c66b9e364ba8642ccbfbe70" - -UPSTREAM_CHECK_URI = "http://www.issihosts.com/haveged/downloads.html" - -inherit autotools update-rc.d systemd - -EXTRA_OECONF = "\ - --enable-nistest=yes \ - --enable-olt=yes \ - --enable-threads=no \ -" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--enable-init=service.redhat --enable-initdir=${systemd_system_unitdir}, --enable-init=sysv.redhat, systemd" - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "haveged" -INITSCRIPT_PARAMS_${PN} = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "haveged.service" - -do_install_append() { - # The exit status is 143 when the service is stopped - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - sed -i '/ExecStart/a SuccessExitStatus=143' ${D}${systemd_system_unitdir}/haveged.service - fi -} - -MIPS_INSTRUCTION_SET = "mips" diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb new file mode 100644 index 0000000000..32aab59f16 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb @@ -0,0 +1,42 @@ +SUMMARY = "haveged - A simple entropy daemon" +DESCRIPTION = "The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers." +AUTHOR = "Gary Wuertz" +HOMEPAGE = "http://www.issihosts.com/haveged/index.html" +LICENSE = "GPLv3" +LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +# v1.9.4 +SRCREV = "faa40ff345af194d3253f5fb030403e3c9831c36" +SRC_URI = "git://github.com/jirka-h/haveged.git \ + file://haveged-init.d-Makefile.am-add-missing-dependency.patch \ +" +S = "${WORKDIR}/git" + +UPSTREAM_CHECK_URI = "https://github.com/jirka-h/haveged/releases" + +inherit autotools update-rc.d systemd + +EXTRA_OECONF = "\ + --enable-nistest=yes \ + --enable-olt=yes \ + --enable-threads=no \ +" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--enable-init=service.redhat --enable-initdir=${systemd_system_unitdir}, --enable-init=sysv.redhat, systemd" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "haveged" +INITSCRIPT_PARAMS_${PN} = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "haveged.service" + +do_install_append() { + # The exit status is 143 when the service is stopped + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + sed -i '/ExecStart/a SuccessExitStatus=143' ${D}${systemd_system_unitdir}/haveged.service + fi +} + +MIPS_INSTRUCTION_SET = "mips" diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb deleted file mode 100644 index 370fa22488..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb +++ /dev/null @@ -1,12 +0,0 @@ -SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data" -HOMEPAGE = "http://www.digip.org/jansson/" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8b70213ec164c7bd876ec2120ba52f61" - -SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "7af071db9970441e1eaaf25662310e33" -SRC_URI[sha256sum] = "6e85f42dabe49a7831dbdd6d30dca8a966956b51a9a50ed534b82afc3fa5b2f4" - -inherit autotools pkgconfig - diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb new file mode 100644 index 0000000000..3cc353ee7b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb @@ -0,0 +1,13 @@ +SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data" +HOMEPAGE = "http://www.digip.org/jansson/" +BUGTRACKER = "https://github.com/akheron/jansson/issues" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fc2548c0eb83800f29330040e18b5a05" + +SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz" + +SRC_URI[md5sum] = "0ed1f3a924604aae68067c214b0010ef" +SRC_URI[sha256sum] = "5f8dec765048efac5d919aded51b26a32a05397ea207aa769ff6b53c7027d2c9" + +inherit autotools pkgconfig + diff --git a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb index 93a09f28a0..1354997891 100644 --- a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb @@ -19,9 +19,10 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig update-rc.d -COMPATIBLE_HOST_arm_libc-musl = "null" - LCD_DRIVERS ?= "all,!irman,!svga" +LCD_DRIVERS_append_aarch64 = ",!serialVFD" +LCD_DRIVERS_append_arm = ",!serialVFD" + LCD_DEFAULT_DRIVER ?= "curses" PACKAGECONFIG ??= "usb" diff --git a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb deleted file mode 100644 index 35f0cc0606..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb +++ /dev/null @@ -1,43 +0,0 @@ -DESCRIPTION = "libblockdev is a C library supporting GObject introspection for manipulation of \ -block devices. It has a plugin-based architecture where each technology (like \ -LVM, Btrfs, MD RAID, Swap,...) is implemented in a separate plugin, possibly \ -with multiple implementations (e.g. using LVM CLI or the new LVM DBus API)." -HOMEPAGE = "http://rhinstaller.github.io/libblockdev/" -LICENSE = "LGPLv2+" -SECTION = "devel/lib" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c" - -inherit autotools python3native gobject-introspection - -SRCREV = "0debeb45562ac3d8f6f43f6f942b238abab55be9" -SRC_URI = " \ - git://github.com/rhinstaller/libblockdev;branch=master \ -" - -S = "${WORKDIR}/git" - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" - -PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath" -PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3" -PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python2" -PACKAGECONFIG[lvm] = "--with-lvm, --without-lvm, multipath-tools, lvm2" -PACKAGECONFIG[lvm-dbus] = "--with-lvm_dbus, --without-lvm_dbus, multipath-tools, lvm2" -PACKAGECONFIG[dm] = "--with-dm, --without-dm, multipath-tools, lvm2" -PACKAGECONFIG[dmraid] = "--with-dmraid, --without-dmraid" -PACKAGECONFIG[kmod] = "--with-kbd, --without-kbd, kmod" -PACKAGECONFIG[parted] = "--with-part, --without-part, parted" -PACKAGECONFIG[fs] = "--with-fs, --without-fs, util-linux" -PACKAGECONFIG[doc] = "--with-gtk-doc, --without-gtk-doc, gtk-doc-native" -PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm" -PACKAGECONFIG[vdo] = "--with-vdo, --without-vdo" -PACKAGECONFIG[escrow] = "--with-escrow, --without-escrow, nss volume-key" -PACKAGECONFIG[btrfs] = "--with-btrfs,--without-btrfs,libbytesize btrfs-tools" -PACKAGECONFIG[crypto] = "--with-crypto,--without-crypto,cryptsetup nss volume-key" -PACKAGECONFIG[mdraid] = "--with-mdraid,--without-mdraid,libbytesize" -PACKAGECONFIG[kbd] = "--with-kbd,--without-kbd,libbytesize" -PACKAGECONFIG[mpath] = "--with-mpath,--without-mpath, multipath-tools, lvm2" - -export GIR_EXTRA_LIBS_PATH="${B}/src/utils/.libs" - diff --git a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb new file mode 100644 index 0000000000..54a188dc8b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb @@ -0,0 +1,43 @@ +DESCRIPTION = "libblockdev is a C library supporting GObject introspection for manipulation of \ +block devices. It has a plugin-based architecture where each technology (like \ +LVM, Btrfs, MD RAID, Swap,...) is implemented in a separate plugin, possibly \ +with multiple implementations (e.g. using LVM CLI or the new LVM DBus API)." +HOMEPAGE = "http://rhinstaller.github.io/libblockdev/" +LICENSE = "LGPLv2+" +SECTION = "devel/lib" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c" + +inherit autotools python3native gobject-introspection + +SRCREV = "cb308566c3c5222b8422f78997a1742713b265a9" +SRC_URI = " \ + git://github.com/rhinstaller/libblockdev;branch=master \ +" + +S = "${WORKDIR}/git" + +FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" + +PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath nvdimm" +PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3" +PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python2" +PACKAGECONFIG[lvm] = "--with-lvm, --without-lvm, multipath-tools, lvm2" +PACKAGECONFIG[lvm-dbus] = "--with-lvm_dbus, --without-lvm_dbus, multipath-tools, lvm2" +PACKAGECONFIG[dm] = "--with-dm, --without-dm, multipath-tools, lvm2" +PACKAGECONFIG[dmraid] = "--with-dmraid, --without-dmraid" +PACKAGECONFIG[kmod] = "--with-kbd, --without-kbd, kmod" +PACKAGECONFIG[parted] = "--with-part, --without-part, parted" +PACKAGECONFIG[fs] = "--with-fs, --without-fs, util-linux" +PACKAGECONFIG[doc] = "--with-gtk-doc, --without-gtk-doc, gtk-doc-native" +PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm, ndctl util-linux" +PACKAGECONFIG[vdo] = "--with-vdo, --without-vdo" +PACKAGECONFIG[escrow] = "--with-escrow, --without-escrow, nss volume-key" +PACKAGECONFIG[btrfs] = "--with-btrfs,--without-btrfs,libbytesize btrfs-tools" +PACKAGECONFIG[crypto] = "--with-crypto,--without-crypto,cryptsetup nss volume-key" +PACKAGECONFIG[mdraid] = "--with-mdraid,--without-mdraid,libbytesize" +PACKAGECONFIG[kbd] = "--with-kbd,--without-kbd,libbytesize" +PACKAGECONFIG[mpath] = "--with-mpath,--without-mpath, multipath-tools, lvm2" + +export GIR_EXTRA_LIBS_PATH="${B}/src/utils/.libs" + diff --git a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb deleted file mode 100644 index 542956cf68..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb +++ /dev/null @@ -1,49 +0,0 @@ -DESCRIPTION = "Libraries providing API for reporting different problems in applications \ -to different bug targets like Bugzilla, ftp, trac, etc..." -SUMMARY = "Generic library for reporting various problems" -HOMEPAGE = "https://abrt.readthedocs.org/" -LICENSE = "GPLv2+" -DEPENDS = "xmlrpc-c xmlrpc-c-native intltool-native \ - json-c libtar libnewt libproxy rpm \ - augeas satyr systemd \ -" - -LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" - - -SRC_URI = "git://github.com/abrt/libreport.git;protocol=https" -SRC_URI += "file://0001-Makefile.am-remove-doc-and-apidoc.patch \ - file://0002-configure.ac-remove-prog-test-of-xmlto-and-asciidoc.patch \ - file://0003-without-build-plugins.patch \ - file://0004-configure.ac-remove-prog-test-of-augparse.patch \ -" -SRCREV = "15f92bcaf73e5eb8958fbde655a57dcd111757a7" - -UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" - -S = "${WORKDIR}/git" - -inherit distro_features_check -REQUIRED_DISTRO_FEATURES = "systemd" - -inherit gettext autotools python3native pkgconfig - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES','x11','gtk','',d)}" -PACKAGECONFIG[gtk] = "--with-gtk, --without-gtk, gtk+3," - -EXTRA_OECONF += "--without-python2 --with-python3" - -RDEPENDS_python3-libreport += "${PN}" - -do_patch[prefuncs] += "do_gen_version" -do_gen_version() { - cd ${S} - ./gen-version -} - -PACKAGES += "python3-libreport" - -FILES_${PN} += "${datadir}/*" -FILES_${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/*/.debug" -FILES_python3-libreport = "${PYTHON_SITEPACKAGES_DIR}/*" - diff --git a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb new file mode 100644 index 0000000000..da22836a21 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb @@ -0,0 +1,49 @@ +DESCRIPTION = "Libraries providing API for reporting different problems in applications \ +to different bug targets like Bugzilla, ftp, trac, etc..." +SUMMARY = "Generic library for reporting various problems" +HOMEPAGE = "https://abrt.readthedocs.org/" +LICENSE = "GPLv2+" +DEPENDS = "xmlrpc-c xmlrpc-c-native intltool-native \ + json-c libtar libnewt libproxy rpm \ + augeas satyr systemd \ +" + +LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" + + +SRC_URI = "git://github.com/abrt/libreport.git;protocol=https" +SRC_URI += "file://0001-Makefile.am-remove-doc-and-apidoc.patch \ + file://0002-configure.ac-remove-prog-test-of-xmlto-and-asciidoc.patch \ + file://0003-without-build-plugins.patch \ + file://0004-configure.ac-remove-prog-test-of-augparse.patch \ +" +SRCREV = "1d5cc00e44af4800fcae9761625dd4230681e82a" + +UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" + +S = "${WORKDIR}/git" + +inherit distro_features_check +REQUIRED_DISTRO_FEATURES = "systemd" + +inherit gettext autotools python3native pkgconfig + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES','x11','gtk','',d)}" +PACKAGECONFIG[gtk] = "--with-gtk, --without-gtk, gtk+3," + +EXTRA_OECONF += "--without-python2 --with-python3" + +RDEPENDS_python3-libreport += "${PN}" + +do_patch[prefuncs] += "do_gen_version" +do_gen_version() { + cd ${S} + ./gen-version +} + +PACKAGES += "python3-libreport" + +FILES_${PN} += "${datadir}/*" +FILES_${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/*/.debug" +FILES_python3-libreport = "${PYTHON_SITEPACKAGES_DIR}/*" + diff --git a/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb new file mode 100644 index 0000000000..192d4bce6f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb @@ -0,0 +1,12 @@ +DESCRIPTION = "libserialport is a minimal, cross-platform shared library written in C that is intended to take care of the OS-specific details when writing software that uses serial ports." +HOMEPAGE = "https://sigrok.org/wiki/Libserialport" + +LICENSE = "LGPL-3.0+" +LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02" + +inherit autotools + +SRC_URI = "http://sigrok.org/download/source/libserialport/libserialport-${PV}.tar.gz" + +SRC_URI[md5sum] = "b93f0325a6157198152b5bd7e8182b51" +SRC_URI[sha256sum] = "4a2af9d9c3ff488e92fb75b4ba38b35bcf9b8a66df04773eba2a7bbf1fa7529d" diff --git a/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb new file mode 100644 index 0000000000..ce73700d78 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "libzip is a C library for reading, creating, and modifying zip archives." +HOMEPAGE = "https://libzip.org/" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=01f8b1b8da6403739094396e15b1e722" + +DEPENDS = "zlib bzip2" + +PACKAGECONFIG[ssl] = "-DENABLE_OPENSSL=ON,-DENABLE_OPENSSL=OFF,openssl" + +PACKAGECONFIG ?= "ssl" + +inherit cmake + +SRC_URI = "https://libzip.org/download/libzip-${PV}.tar.xz" + +SRC_URI[md5sum] = "6fe665aa6d6bf3a99eb6fa9c553283fd" +SRC_URI[sha256sum] = "04ea35b6956c7b3453f1ed3f3fe40e3ddae1f43931089124579e8384e79ed372" diff --git a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb index aea539ef0c..275a8f238c 100644 --- a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb @@ -20,9 +20,9 @@ do_install() { install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/logfiles install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/services install -m 0755 -d ${D}${localstatedir}/cache/logwatch - mv conf/ ${D}${datadir}/logwatch/default.conf - mv scripts/ ${D}${datadir}/logwatch/scripts - mv lib ${D}${datadir}/logwatch/lib + cp -r -f conf/ ${D}${datadir}/logwatch/default.conf + cp -r -f scripts/ ${D}${datadir}/logwatch/scripts + cp -r -f lib ${D}${datadir}/logwatch/lib chown -R root:root ${D}${datadir}/logwatch install -m 0755 -d ${D}${mandir}/man1 diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch new file mode 100644 index 0000000000..29c6a7b69c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch @@ -0,0 +1,21 @@ +Drop enable format string warnings to help gcc9 + +Fixes +| /mnt/a/yoe/build/tmp/work/core2-64-yoe-linux-musl/mozjs/52.9.1-r0/mozjs-52.9.1/js/src/jit/x64/BaseAssembler-x64.h:596:13: error: '%s' directive argument is null [-Werror=format-overflow=] +| 596 | spew("movq " MEM_obs ", %s", ADDR_obs(offset, base, index, scale), GPReg64Name(dst)); +| | ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Upstream-Status: Inappropriate [Workaround for gcc9] +Signed-off-by: Khem Raj + +--- a/js/src/moz.build ++++ b/js/src/moz.build +@@ -785,7 +785,7 @@ if CONFIG['JS_HAS_CTYPES']: + DEFINES['FFI_BUILDING'] = True + + if CONFIG['GNU_CXX']: +- CXXFLAGS += ['-Wno-shadow', '-Werror=format'] ++ CXXFLAGS += ['-Wno-shadow'] + + # Suppress warnings in third-party code. + if CONFIG['CLANG_CXX']: diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb index 7c8a7aee10..92d15724fb 100644 --- a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb +++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb @@ -14,6 +14,7 @@ SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/main/m/mozjs52/mozjs52_52.9.1.o file://disable-mozglue-in-stand-alone-builds.patch \ file://add-riscv-support.patch \ file://0001-mozjs-fix-coredump-caused-by-getenv.patch \ + file://format-overflow.patch \ file://JS_PUBLIC_API.patch \ " SRC_URI_append_libc-musl = " \ @@ -44,7 +45,7 @@ EXTRA_OECONF = " \ --host=${BUILD_SYS} \ --prefix=${prefix} \ --libdir=${libdir} \ - --disable-tests \ + --disable-tests --disable-strip --disable-optimize \ --with-nspr-libs='-lplds4 -lplc4 -lnspr4' \ ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', "--enable-gold", '--disable-gold', d)} \ " @@ -52,9 +53,15 @@ EXTRA_OECONF = " \ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" PACKAGECONFIG[x11] = "--x-includes=${STAGING_INCDIR} --x-libraries=${STAGING_LIBDIR},--x-includes=no --x-libraries=no,virtual/libx11" -EXTRA_OEMAKE_task-compile += "OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'" +EXTRA_OEMAKE_task-compile += "BUILD_OPT=1 OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'" EXTRA_OEMAKE_task-install += "STATIC_LIBRARY_NAME=js_static" +export HOST_CC = "${BUILD_CC}" +export HOST_CXX = "${BUILD_CXX}" +export HOST_CFLAGS = "${BUILD_CFLAGS}" +export HOST_CPPFLAGS = "${BUILD_CPPFLAGS}" +export HOST_CXXFLAGS = "${BUILD_CXXFLAGS}" + do_configure() { export SHELL="/bin/sh" export TMP="${B}" diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch new file mode 100644 index 0000000000..4dcd108005 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch @@ -0,0 +1,42 @@ +From f2c37fab5dbaffa06c1268ee1309596306c9a4df Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 20 Nov 2018 12:23:47 -0800 +Subject: [PATCH] Adjust for CURLE_SSL_CACERT deprecation in curl >= 7.62 + +Use CURLE_PEER_FAILED_VERIFICATION instead + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + src/lib/wsman-curl-client-transport.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c +index d0a3829b..92727f4f 100644 +--- a/src/lib/wsman-curl-client-transport.c ++++ b/src/lib/wsman-curl-client-transport.c +@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r) + return WS_LASTERR_SSL_CONNECT_ERROR; + case CURLE_BAD_FUNCTION_ARGUMENT: + return WS_LASTERR_CURL_BAD_FUNCTION_ARG; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_PEER_CERTIFICATE: + return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + case CURLE_SSL_ENGINE_NOTFOUND: + return WS_LASTERR_SSL_ENGINE_NOTFOUND; + case CURLE_SSL_ENGINE_SETFAILED: + return WS_LASTERR_SSL_ENGINE_SETFAILED; + case CURLE_SSL_CERTPROBLEM: + return WS_LASTERR_SSL_CERTPROBLEM; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_CACERT: + return WS_LASTERR_SSL_CACERT; ++#else ++ case CURLE_PEER_FAILED_VERIFICATION: ++ return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + #if LIBCURL_VERSION_NUM > 0x70C01 + case CURLE_SSL_ENGINE_INITFAILED: + return WS_LASTERR_SSL_ENGINE_INITFAILED; diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch deleted file mode 100644 index 49afa56f56..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch +++ /dev/null @@ -1,162 +0,0 @@ -From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001 -From: Vitezslav Crhonek -Date: Wed, 5 Sep 2018 11:23:46 -0700 -Subject: [PATCH 1/2] Port to OpenSSL 1.1.0 - -Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99] -Signed-off-by: Khem Raj ---- - src/lib/wsman-curl-client-transport.c | 6 +++- - src/server/shttpd/io_ssl.c | 17 ---------- - src/server/shttpd/shttpd.c | 20 ++++-------- - src/server/shttpd/ssl.h | 46 --------------------------- - 4 files changed, 12 insertions(+), 77 deletions(-) - -diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c -index cd7f517a..e64ad097 100644 ---- a/src/lib/wsman-curl-client-transport.c -+++ b/src/lib/wsman-curl-client-transport.c -@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data) - static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg) - { - unsigned char *thumbprint = (unsigned char *)arg; -- X509 *cert = ctx->cert; - EVP_MD *tempDigest; - - unsigned char tempFingerprint[EVP_MAX_MD_SIZE]; - unsigned int tempFingerprintLen; - tempDigest = (EVP_MD*)EVP_sha1( ); -+ -+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx); -+ if(!cert) -+ return 0; -+ - if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0) - return 0; - if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen)) -diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c -index 6de0db2a..7ac669e4 100644 ---- a/src/server/shttpd/io_ssl.c -+++ b/src/server/shttpd/io_ssl.c -@@ -11,23 +11,6 @@ - #include "defs.h" - - #if !defined(NO_SSL) --struct ssl_func ssl_sw[] = { -- {"SSL_free", {0}}, -- {"SSL_accept", {0}}, -- {"SSL_connect", {0}}, -- {"SSL_read", {0}}, -- {"SSL_write", {0}}, -- {"SSL_get_error", {0}}, -- {"SSL_set_fd", {0}}, -- {"SSL_new", {0}}, -- {"SSL_CTX_new", {0}}, -- {"SSLv23_server_method", {0}}, -- {"SSL_library_init", {0}}, -- {"SSL_CTX_use_PrivateKey_file", {0}}, -- {"SSL_CTX_use_certificate_file",{0}}, -- {NULL, {0}} --}; -- - void - _shttpd_ssl_handshake(struct stream *stream) - { -diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c -index 5876392e..4c1dbf32 100644 ---- a/src/server/shttpd/shttpd.c -+++ b/src/server/shttpd/shttpd.c -@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - int retval = FALSE; - EC_KEY* key; - -- /* Load SSL library dynamically */ -- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { -- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB); -- return (FALSE); -- } -- -- for (fp = ssl_sw; fp->name != NULL; fp++) -- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { -- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name); -- return (FALSE); -- } -- - /* Initialize SSL crap */ -+ debug("Initialize SSL"); -+ SSL_load_error_strings(); -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); -+ #else -+ OPENSSL_init_ssl(0, NULL); -+ #endif - - if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) - _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); -@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { - //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); - debug("SSL: disable %s protocol", protocols[idx].name); -- SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); -+ SSL_CTX_set_options(CTX, protocols[idx].opt); - break; - } - } -diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h -index a863f2c7..8dad0109 100644 ---- a/src/server/shttpd/ssl.h -+++ b/src/server/shttpd/ssl.h -@@ -12,50 +12,4 @@ - - #include - --#else -- --/* -- * Snatched from OpenSSL includes. I put the prototypes here to be independent -- * from the OpenSSL source installation. Having this, shttpd + SSL can be -- * built on any system with binary SSL libraries installed. -- */ -- --typedef struct ssl_st SSL; --typedef struct ssl_method_st SSL_METHOD; --typedef struct ssl_ctx_st SSL_CTX; -- --#define SSL_ERROR_WANT_READ 2 --#define SSL_ERROR_WANT_WRITE 3 --#define SSL_ERROR_SYSCALL 5 --#define SSL_FILETYPE_PEM 1 -- - #endif -- --/* -- * Dynamically loaded SSL functionality -- */ --struct ssl_func { -- const char *name; /* SSL function name */ -- union variant ptr; /* Function pointer */ --}; -- --extern struct ssl_func ssl_sw[]; -- --#define FUNC(x) ssl_sw[x].ptr.v_func -- --#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x) --#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x) --#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x) --#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z)) --#define SSL_write(x,y,z) \ -- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z)) --#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) --#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) --#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) --#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x) --#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() --#define SSL_library_init() (* (int (*)(void)) FUNC(10))() --#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ -- const char *, int)) FUNC(11))((x), (y), (z)) --#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ -- const char *, int)) FUNC(12))((x), (y), (z)) --- -2.18.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch new file mode 100644 index 0000000000..8d230ba6d9 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch @@ -0,0 +1,77 @@ +From 634b95157e1823672a2c95fac0cecf079b5967e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= +Date: Mon, 19 Nov 2018 15:31:27 +0100 +Subject: [PATCH] openSSL 1.1.0 API fixes + +--- + src/server/shttpd/io_ssl.c | 5 +++++ + src/server/shttpd/shttpd.c | 11 ++++++++++- + src/server/shttpd/ssl.h | 3 +++ + 3 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c +index 6de0db2a..ece610ef 100644 +--- a/src/server/shttpd/io_ssl.c ++++ b/src/server/shttpd/io_ssl.c +@@ -21,8 +21,13 @@ struct ssl_func ssl_sw[] = { + {"SSL_set_fd", {0}}, + {"SSL_new", {0}}, + {"SSL_CTX_new", {0}}, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + {"SSLv23_server_method", {0}}, + {"SSL_library_init", {0}}, ++#else ++ {"TLS_server_method", {0}}, ++ {"OPENSSL_init_ssl", {0}}, ++#endif + {"SSL_CTX_use_PrivateKey_file", {0}}, + {"SSL_CTX_use_certificate_file",{0}}, + {NULL, {0}} +diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c +index f0f3fbd8..652aea17 100644 +--- a/src/server/shttpd/shttpd.c ++++ b/src/server/shttpd/shttpd.c +@@ -1489,9 +1489,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) + } + + /* Initialize SSL crap */ +- SSL_library_init(); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_library_init(); + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) ++#else ++ OPENSSL_init_ssl(); ++ if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL) ++#endif + _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); + else if (SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(), SSL_FILETYPE_PEM) != 1) + _shttpd_elog(E_LOG, NULL, "cannot open certificate file %s", pem); +@@ -1552,6 +1557,10 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) + if (rc != 1) { + _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list); + } ++ else if ((*ssl_cipher_list == 0) || (*ssl_cipher_list == ' ')) { ++ _shttpd_elog(E_LOG, NULL, "Empty 'ssl_cipher_list' defaults to 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'."); ++ _shttpd_elog(E_LOG, NULL, "Check openSSL documentation."); ++ } + } + ctx->ssl_ctx = CTX; + +diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h +index 2304b70a..89a73c49 100644 +--- a/src/server/shttpd/ssl.h ++++ b/src/server/shttpd/ssl.h +@@ -56,6 +56,9 @@ extern struct ssl_func ssl_sw[]; + #if OPENSSL_VERSION_NUMBER < 0x10100000L + #define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() + #define SSL_library_init() (* (int (*)(void)) FUNC(10))() ++#else ++#define TLS_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() ++#define OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))() + #endif + #define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ + const char *, int)) FUNC(11))((x), (y), (z)) +-- +2.19.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch deleted file mode 100644 index 5ae2e0006e..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001 -From: Vitezslav Crhonek -Date: Mon, 24 Apr 2017 11:28:39 +0200 -Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older - version - -Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99] -Signed-off-by: Khem Raj ---- - src/lib/wsman-curl-client-transport.c | 4 ++++ - src/server/shttpd/shttpd.c | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c -index e64ad097..4fc047e8 100644 ---- a/src/lib/wsman-curl-client-transport.c -+++ b/src/lib/wsman-curl-client-transport.c -@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void - unsigned int tempFingerprintLen; - tempDigest = (EVP_MD*)EVP_sha1( ); - -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L -+ X509 *cert = ctx->cert; -+ #else - X509 *cert = X509_STORE_CTX_get_current_cert(ctx); -+ #endif - if(!cert) - return 0; - -diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c -index 4c1dbf32..161720c8 100644 ---- a/src/server/shttpd/shttpd.c -+++ b/src/server/shttpd/shttpd.c -@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem) - if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { - //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); - debug("SSL: disable %s protocol", protocols[idx].name); -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L -+ SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); -+ #else - SSL_CTX_set_options(CTX, protocols[idx].opt); -+ #endif - break; - } - } --- -2.18.0 - diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb deleted file mode 100644 index 5fba3855c0..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb +++ /dev/null @@ -1,73 +0,0 @@ -SUMMARY = "Opensource Implementation of WS-Management" -DESCRIPTION = "Openwsman is a project intended to provide an open-source \ -implementation of the Web Services Management specipication \ -(WS-Management) and to expose system management information on the \ -Linux operating system using the WS-Management protocol. WS-Management \ -is based on a suite of web services specifications and usage \ -requirements that exposes a set of operations focused on and covers \ -all system management aspects. \ -Openwsman Server and service libraries" -HOMEPAGE = "http://www.openwsman.org/" -SECTION = "Applications/System" - -DEPENDS = "curl libxml2 openssl libpam" - -inherit distro_features_check -REQUIRED_DISTRO_FEATURES = "pam" - -SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6" -PV = "2.6.5" - -SRC_URI = "git://github.com/Openwsman/openwsman.git \ - file://libssl-is-required-if-eventint-supported.patch \ - file://openwsmand.service \ - file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ - file://0001-Port-to-OpenSSL-1.1.0.patch \ - file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \ - " - -S = "${WORKDIR}/git" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba" - -inherit systemd cmake pkgconfig pythonnative perlnative - -SYSTEMD_SERVICE_${PN} = "openwsmand.service" -SYSTEMD_AUTO_ENABLE = "disable" - -LDFLAGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', " -fuse-ld=bfd ", '', d)}" - -EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \ - -DBUILD_LIBCIM=NO \ - -DBUILD_PERL=YES \ - -DCMAKE_INSTALL_PREFIX=${prefix} \ - -DLIB=${baselib} \ - " - -do_configure_prepend() { - export STAGING_INCDIR=${STAGING_INCDIR} - export STAGING_LIBDIR=${STAGING_LIBDIR} -} - -do_install_append() { - install -d ${D}/${sysconfdir}/init.d - install -m 755 ${B}/etc/init/openwsmand.sh ${D}/${sysconfdir}/init.d/openwsmand - ln -sf ${sysconfdir}/init.d/openwsmand ${D}/${sbindir}/rcopenwsmand - chmod 755 ${D}/${sysconfdir}/openwsman/owsmangencert.sh - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${WORKDIR}/openwsmand.service ${D}/${systemd_unitdir}/system - - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/openwsmand.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/openwsmand.service - sed -i -e 's,@LOCALSTATEDIR@,${localstatedir},g' ${D}${systemd_unitdir}/system/openwsmand.service - fi -} - -FILES_${PN}-dbg += "${libdir}/openwsman/plugins/.debug/ \ - ${libdir}/openwsman/authenticators/.debug/ \ - " - -INSANE_SKIP_${PN} = "dev-so" -RDEPENDS_${PN} = "ruby" diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb new file mode 100644 index 0000000000..f04ff01d96 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb @@ -0,0 +1,75 @@ +SUMMARY = "Opensource Implementation of WS-Management" +DESCRIPTION = "Openwsman is a project intended to provide an open-source \ +implementation of the Web Services Management specipication \ +(WS-Management) and to expose system management information on the \ +Linux operating system using the WS-Management protocol. WS-Management \ +is based on a suite of web services specifications and usage \ +requirements that exposes a set of operations focused on and covers \ +all system management aspects. \ +Openwsman Server and service libraries" +HOMEPAGE = "http://www.openwsman.org/" +SECTION = "Applications/System" + +DEPENDS = "curl libxml2 openssl libpam" + +inherit distro_features_check +REQUIRED_DISTRO_FEATURES = "pam" + +# v2.6.8 +SRCREV = "b9cd0b72534854abb6dd834c8c11e02111b4c8d7" + +SRC_URI = "git://github.com/Openwsman/openwsman.git \ + file://libssl-is-required-if-eventint-supported.patch \ + file://openwsmand.service \ + file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ + file://0001-openSSL-1.1.0-API-fixes.patch \ + file://0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch \ + " + +S = "${WORKDIR}/git" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba" + +inherit systemd cmake pkgconfig python3native perlnative + +SYSTEMD_SERVICE_${PN} = "openwsmand.service" +SYSTEMD_AUTO_ENABLE = "disable" + +LDFLAGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', " -fuse-ld=bfd ", '', d)}" + +EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \ + -DBUILD_LIBCIM=NO \ + -DBUILD_PERL=YES \ + -DBUILD_PYTHON3=YES \ + -DBUILD_PYTHON=NO \ + -DCMAKE_INSTALL_PREFIX=${prefix} \ + -DLIB=${baselib} \ + " + +do_configure_prepend() { + export STAGING_INCDIR=${STAGING_INCDIR} + export STAGING_LIBDIR=${STAGING_LIBDIR} +} + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${B}/etc/init/openwsmand.sh ${D}/${sysconfdir}/init.d/openwsmand + ln -sf ${sysconfdir}/init.d/openwsmand ${D}/${sbindir}/rcopenwsmand + chmod 755 ${D}/${sysconfdir}/openwsman/owsmangencert.sh + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openwsmand.service ${D}/${systemd_unitdir}/system + + sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/openwsmand.service + sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/openwsmand.service + sed -i -e 's,@LOCALSTATEDIR@,${localstatedir},g' ${D}${systemd_unitdir}/system/openwsmand.service + fi +} + +FILES_${PN}-dbg += "${libdir}/openwsman/plugins/.debug/ \ + ${libdir}/openwsman/authenticators/.debug/ \ + " + +INSANE_SKIP_${PN} = "dev-so" +RDEPENDS_${PN} = "ruby" diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch new file mode 100644 index 0000000000..2d75a18f15 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch @@ -0,0 +1,879 @@ +From 37e233307a79a9250962dcf77b7c7e27a02a1a35 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 1 Feb 2019 22:44:10 -0800 +Subject: [PATCH] Adapt to OpenSSL 1.1.1 + +From: Guido Falsi +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + authfd.c | 50 ++++++++++++++++++++ + bufbn.c | 4 ++ + cipher.h | 6 ++- + kex.h | 9 +++- + key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + ssh-dss.c | 51 ++++++++++++++++---- + ssh-ecdsa.c | 40 ++++++++++++---- + ssh-rsa.c | 22 +++++++-- + 8 files changed, 287 insertions(+), 28 deletions(-) + +diff --git a/authfd.c b/authfd.c +index 212e06b..f91514d 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,6 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -374,6 +375,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + if (keybits < 0 || bits != (u_int)keybits) + pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", + BN_num_bits(key->rsa->n), bits); ++#else ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa)); ++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); ++ keybits = BN_num_bits(RSA_get0_n(key->rsa)); ++ if (keybits < 0 || bits != (u_int)keybits) ++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", ++ BN_num_bits(RSA_get0_n(key->rsa)), bits); ++#endif + break; + case 2: + blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen); +@@ -417,9 +427,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa)); ++#endif + pamsshagentauth_buffer_put_bignum(&buffer, challenge); + pamsshagentauth_buffer_append(&buffer, session_id, 16); + pamsshagentauth_buffer_put_int(&buffer, response_type); +@@ -496,6 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -504,6 +521,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */ + pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ + pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ ++#else ++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key))); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key)); ++ /* To keep within the protocol: p < q for ssh. in SSL p > q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */ ++#endif + pamsshagentauth_buffer_put_cstring(b, comment); + } + +@@ -513,19 +540,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->q); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa)); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa)); ++#endif + break; + } + pamsshagentauth_buffer_put_cstring(b, comment); +@@ -605,9 +649,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa)); ++#endif + } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + pamsshagentauth_key_to_blob(key, &blob, &blen); + pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); +diff --git a/bufbn.c b/bufbn.c +index 6a49c73..4ecedc1 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (value->neg) { ++#else ++ if (BN_is_negative(value)) { ++#endif + pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); + } +diff --git a/cipher.h b/cipher.h +index 49bbc16..64f59ca 100644 +--- a/cipher.h ++++ b/cipher.h +@@ -59,15 +59,18 @@ + #define CIPHER_DECRYPT 0 + + typedef struct Cipher Cipher; +-typedef struct CipherContext CipherContext; ++// typedef struct CipherContext CipherContext; + + struct Cipher; ++/* + struct CipherContext { + int plaintext; + EVP_CIPHER_CTX evp; + Cipher *cipher; + }; ++*/ + ++/* + u_int cipher_mask_ssh1(int); + Cipher *cipher_by_name(const char *); + Cipher *cipher_by_number(int); +@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *); + int cipher_get_keyiv_len(const CipherContext *); + int cipher_get_keycontext(const CipherContext *, u_char *); + void cipher_set_keycontext(CipherContext *, u_char *); ++*/ + #endif /* CIPHER_H */ +diff --git a/kex.h b/kex.h +index 8e29c90..81ca57d 100644 +--- a/kex.h ++++ b/kex.h +@@ -70,7 +70,7 @@ enum kex_exchange { + #define KEX_INIT_SENT 0x0001 + + typedef struct Kex Kex; +-typedef struct Mac Mac; ++// typedef struct Mac Mac; + typedef struct Comp Comp; + typedef struct Enc Enc; + typedef struct Newkeys Newkeys; +@@ -84,6 +84,7 @@ struct Enc { + u_char *key; + u_char *iv; + }; ++/* + struct Mac { + char *name; + int enabled; +@@ -95,11 +96,13 @@ struct Mac { + HMAC_CTX evp_ctx; + struct umac_ctx *umac_ctx; + }; ++*/ + struct Comp { + int type; + int enabled; + char *name; + }; ++/* + struct Newkeys { + Enc enc; + Mac mac; +@@ -126,7 +129,9 @@ struct Kex { + int (*host_key_index)(Key *); + void (*kex[KEX_MAX])(Kex *); + }; ++*/ + ++/* + Kex *kex_setup(char *[PROPOSAL_MAX]); + void kex_finish(Kex *); + +@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + void + derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); + ++*/ ++ + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) + void dump_digest(char *, u_char *, int); + #endif +diff --git a/key.c b/key.c +index 107a442..aedbbb5 100644 +--- a/key.c ++++ b/key.c +@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++#endif + k->rsa = rsa; + break; + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->pub_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed"); ++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_key failed"); ++#endif + k->dsa = dsa; + break; + case KEY_ECDSA: +@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->dmp1 = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed"); ++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed"); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); ++#else ++#endif + break; + case KEY_ED25519: + RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk)); +@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; ++#else ++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 && ++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0; ++#endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && + BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; ++#else ++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0; ++#endif + case KEY_ECDSA: + return a->ecdsa != NULL && b->ecdsa != NULL && + EC_KEY_check_key(a->ecdsa) == 1 && +@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) + { + const EVP_MD *md = NULL; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + u_char *blob = NULL; + u_char *retval = NULL; + u_int len = 0; +@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; + blob = pamsshagentauth_xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); ++#else ++ nlen = BN_num_bytes(RSA_get0_n(k->rsa)); ++ elen = BN_num_bytes(RSA_get0_e(k->rsa)); ++ len = nlen + elen; ++ blob = pamsshagentauth_xmalloc(len); ++ BN_bn2bin(RSA_get0_n(k->rsa), blob); ++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen); ++#endif + break; + case KEY_DSA: + case KEY_ECDSA: +@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + if (blob != NULL) { + retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE); +- EVP_DigestInit(&ctx, md); +- EVP_DigestUpdate(&ctx, blob, len); +- EVP_DigestFinal(&ctx, retval, dgst_raw_length); ++ /* XXX Errors from EVP_* functions are not hadled */ ++ ctx = EVP_MD_CTX_create(); ++ EVP_DigestInit(ctx, md); ++ EVP_DigestUpdate(ctx, blob, len); ++ EVP_DigestFinal(ctx, retval, dgst_raw_length); + memset(blob, 0, len); + pamsshagentauth_xfree(blob); ++ EVP_MD_CTX_destroy(ctx); + } else { + pamsshagentauth_fatal("key_fingerprint_raw: blob is null"); + } +@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) + return -1; ++#else ++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa))) ++ return -1; ++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa))) ++ return -1; ++#endif + success = 1; + break; + case KEY_UNSPEC: +@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && + write_bignum(f, key->rsa->n)) { ++#else ++ bits = BN_num_bits(RSA_get0_n(key->rsa)); ++ fprintf(f, "%u", bits); ++ if (write_bignum(f, RSA_get0_e(key->rsa)) && ++ write_bignum(f, RSA_get0_n(key->rsa))) { ++#endif + success = 1; + } else { + pamsshagentauth_logerror("key_write: failed for RSA key"); +@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: + return BN_num_bits(k->dsa->p); ++#else ++ case KEY_RSA: ++ return BN_num_bits(RSA_get0_n(k->rsa)); ++ case KEY_DSA: ++ return BN_num_bits(DSA_get0_p(k->dsa)); ++#endif + case KEY_ECDSA: + { + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa)); +@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) ++#else ++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) ++#else ++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) || ++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_ECDSA: +@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read rsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read dsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n); + break; ++#else ++ case KEY_DSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa)); ++ break; ++ case KEY_RSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa)); ++ break; ++#endif + case KEY_ECDSA: + { + size_t l = 0; +@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed"); ++#endif + break; + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed"); ++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: + pamsshagentauth_fatal("key_demote: implement me"); +diff --git a/ssh-dss.c b/ssh-dss.c +index 9fdaa5d..1051ae2 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: no DSA key"); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = DSA_do_sign(digest, dlen, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: sign failed"); + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); ++#else ++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s); ++ rlen = BN_num_bytes(r); ++ slen = BN_num_bytes(s); ++#endif + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + pamsshagentauth_logerror("bad sig size %u %u", rlen, slen); + DSA_SIG_free(sig); + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); ++#else ++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); ++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen); ++#endif + DSA_SIG_free(sig); + + if (datafellows & SSH_BUG_SIGBLOB) { +@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_verify: no DSA key"); +@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) + pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++#else ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || ++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); + pamsshagentauth_xfree(sigblob); + + /* sha1 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = DSA_do_verify(digest, dlen, sig, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + DSA_SIG_free(sig); + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index efa0f3d..c213959 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); + return -1; + } + +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = ECDSA_do_sign(digest, dlen, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed"); +@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) { ++#endif + pamsshagentauth_logerror("couldn't serialize signature"); + ECDSA_SIG_free(sig); + return -1; +@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); +@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || ++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) ++#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); + +@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + + /* sha256 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + ECDSA_SIG_free(sig); + + pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; +-} +\ No newline at end of file ++} +diff --git a/ssh-rsa.c b/ssh-rsa.c +index d05844b..9d74eb6 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) + { + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sig; + u_int slen, dlen, len; + int ok, nid; +@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); + return -1; + } ++ md = EVP_MD_CTX_create(); + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); +@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + + ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (ok != 1) { + int ecode = ERR_get_error(); +@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + Buffer b; + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + char *ktype; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen, modlen; +@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#else ++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#else ++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#endif + return -1; + } + pamsshagentauth_buffer_init(&b); +@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + memset(sigblob, 's', len); + pamsshagentauth_xfree(sigblob); + pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch new file mode 100644 index 0000000000..b03b43fb1d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch @@ -0,0 +1,365 @@ +From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 1 Feb 2019 22:45:19 -0800 +Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER + +From: Guido Falsi +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + authfd.c | 12 ++++++------ + bufbn.c | 2 +- + key.c | 36 ++++++++++++++++++------------------ + ssh-dss.c | 10 +++++----- + ssh-ecdsa.c | 8 ++++---- + ssh-rsa.c | 4 ++-- + 6 files changed, 36 insertions(+), 36 deletions(-) + +diff --git a/authfd.c b/authfd.c +index f91514d..4c6cec8 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); +@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); +@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); +@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); +diff --git a/bufbn.c b/bufbn.c +index 4ecedc1..b4754cc 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (value->neg) { + #else + if (BN_is_negative(value)) { +diff --git a/key.c b/key.c +index aedbbb5..dcc5fc8 100644 +--- a/key.c ++++ b/key.c +@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) +@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + #else +@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_ECDSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); + #else +@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + #else +@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + #endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && +@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; +@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) +@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && +@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: +@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || +@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + #else +@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + #else +@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || +@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) +@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +diff --git a/ssh-dss.c b/ssh-dss.c +index 1051ae2..9b96274 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + const BIGNUM *r, *s; + #endif + +@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); + #else +@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); + #else +@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index c213959..5b13b30 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { + #else +@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) + #else +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 9d74eb6..35f2e36 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #else + if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); + #else + BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb index 2a461fc11a..ac7fa4bbf7 100644 --- a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb @@ -7,11 +7,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.OpenSSL;md5=8ab01146141ded59b75f8ba7811ed05a file://OPENSSH_LICENSE;md5=7ae09218173be1643c998a4b71027f9b \ " -SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2" +SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2 \ + file://0001-Adapt-to-OpenSSL-1.1.1.patch \ + file://0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch \ + " SRC_URI[md5sum] = "8dbe90ab3625e545036333e6f51ccf1d" SRC_URI[sha256sum] = "3c53d358d6eaed1b211239df017c27c6f9970995d14102ae67bae16d4f47a763" -DEPENDS += "libpam openssl10" +DEPENDS += "libpam openssl" inherit distro_features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc index 40e4005423..06ab106420 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc @@ -1,6 +1,9 @@ # polkit must prepare polkitd group DEPENDS += "polkit" +inherit distro_features_check +REQUIRED_DISTRO_FEATURES = "polkit" + inherit useradd do_install_prepend() { diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch deleted file mode 100644 index 6fd20dc75e..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Fri, 4 Jan 2019 14:24:48 -0500 -Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary - authorizations - -It turns out that the combination of `(pid, start time)` is not -enough to be unique. For temporary authorizations, we can avoid -separate users racing on pid reuse by simply comparing the uid. - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 - -And the above original email report is included in full in a new comment. - -Reported-by: Jann Horn - -Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 - -CVE: CVE-2019-6133 -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit.git] - -Signed-off-by: Ovidiu Panait ---- - src/polkit/polkitsubject.c | 2 + - src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++- - .../polkitbackendinteractiveauthority.c | 39 +++++++++- - 3 files changed, 110 insertions(+), 2 deletions(-) - -diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c -index d4c1182..ccabd0a 100644 ---- a/src/polkit/polkitsubject.c -+++ b/src/polkit/polkitsubject.c -@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) - * @b: A #PolkitSubject. - * - * Checks if @a and @b are equal, ie. represent the same subject. -+ * However, avoid calling polkit_subject_equal() to compare two processes; -+ * for more information see the `PolkitUnixProcess` documentation. - * - * This function can be used in e.g. g_hash_table_new(). - * -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index b02b258..78d7251 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -51,7 +51,10 @@ - * @title: PolkitUnixProcess - * @short_description: Unix processs - * -- * An object for representing a UNIX process. -+ * An object for representing a UNIX process. NOTE: This object as -+ * designed is now known broken; a mechanism to exploit a delay in -+ * start time in the Linux kernel was identified. Avoid -+ * calling polkit_subject_equal() to compare two processes. - * - * To uniquely identify processes, both the process id and the start - * time of the process (a monotonic increasing value representing the -@@ -66,6 +69,72 @@ - * polkit_unix_process_new_for_owner() with trusted data. - */ - -+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 -+ -+ But quoting the original email in full here to ensure it's preserved: -+ -+ From: Jann Horn -+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork -+ Date: Wednesday, October 10, 2018 5:34 PM -+ -+When a (non-root) user attempts to e.g. control systemd units in the system -+instance from an active session over DBus, the access is gated by a polkit -+policy that requires "auth_admin_keep" auth. This results in an auth prompt -+being shown to the user, asking the user to confirm the action by entering the -+password of an administrator account. -+ -+After the action has been confirmed, the auth decision for "auth_admin_keep" is -+cached for up to five minutes. Subject to some restrictions, similar actions can -+then be performed in this timespan without requiring re-auth: -+ -+ - The PID of the DBus client requesting the new action must match the PID of -+ the DBus client requesting the old action (based on SO_PEERCRED information -+ forwarded by the DBus daemon). -+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) -+ must not have changed. The granularity of this timestamp is in the -+ millisecond range. -+ - polkit polls every two seconds whether a process with the expected start time -+ still exists. If not, the temporary auth entry is purged. -+ -+Without the start time check, this would obviously be buggy because an attacker -+could simply wait for the legitimate client to disappear, then create a new -+client with the same PID. -+ -+Unfortunately, the start time check is bypassable because fork() is not atomic. -+Looking at the source code of copy_process() in the kernel: -+ -+ p->start_time = ktime_get_ns(); -+ p->real_start_time = ktime_get_boot_ns(); -+ [...] -+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); -+ if (retval) -+ goto bad_fork_cleanup_io; -+ -+ if (pid != &init_struct_pid) { -+ pid = alloc_pid(p->nsproxy->pid_ns_for_children); -+ if (IS_ERR(pid)) { -+ retval = PTR_ERR(pid); -+ goto bad_fork_cleanup_thread; -+ } -+ } -+ -+The ktime_get_boot_ns() call is where the "start time" of the process is -+recorded. The alloc_pid() call is where a free PID is allocated. In between -+these, some time passes; and because the copy_thread_tls() call between them can -+access userspace memory when sys_clone() is invoked through the 32-bit syscall -+entry point, an attacker can even stall the kernel arbitrarily long at this -+point (by supplying a pointer into userspace memory that is associated with a -+userfaultfd or is backed by a custom FUSE filesystem). -+ -+This means that an attacker can immediately call sys_clone() when the victim -+process is created, often resulting in a process that has the exact same start -+time reported in procfs; and then the attacker can delay the alloc_pid() call -+until after the victim process has died and the PID assignment has cycled -+around. This results in an attacker process that polkit can't distinguish from -+the victim process. -+*/ -+ -+ - /** - * PolkitUnixProcess: - * -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index a1630b9..80e8141 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) - g_free (store); - } - -+/* See the comment at the top of polkitunixprocess.c */ -+static gboolean -+subject_equal_for_authz (PolkitSubject *a, -+ PolkitSubject *b) -+{ -+ if (!polkit_subject_equal (a, b)) -+ return FALSE; -+ -+ /* Now special case unix processes, as we want to protect against -+ * pid reuse by including the UID. -+ */ -+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { -+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; -+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); -+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; -+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); -+ -+ if (uid_a != -1 && uid_b != -1) -+ { -+ if (uid_a == uid_b) -+ { -+ return TRUE; -+ } -+ else -+ { -+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", -+ polkit_unix_process_get_pid (ap), -+ uid_a, uid_b); -+ return FALSE; -+ } -+ } -+ /* Fall through; one of the uids is unset so we can't reliably compare */ -+ } -+ -+ return TRUE; -+} -+ - static gboolean - temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, - PolkitSubject *subject, -@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st - TemporaryAuthorization *authorization = l->data; - - if (strcmp (action_id, authorization->action_id) == 0 && -- polkit_subject_equal (subject_to_use, authorization->subject)) -+ subject_equal_for_authz (subject_to_use, authorization->subject)) - { - ret = TRUE; - if (out_tmp_authz_id != NULL) --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb index 8d592054f8..13c4b0259a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \ DEPENDS = "expat glib-2.0 intltool-native mozjs" -inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection +inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection distro_features_check + +REQUIRED_DISTRO_FEATURES = "polkit" PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \ @@ -23,7 +25,6 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ file://0001-make-netgroup-support-configurable.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://CVE-2019-6133.patch \ " SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082" SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb new file mode 100644 index 0000000000..af99537f52 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb @@ -0,0 +1,58 @@ +SUMMARY = "Redis key-value store" +DESCRIPTION = "Redis is an open source, advanced key-value store." +HOMEPAGE = "http://redis.io" +SECTION = "libs" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=3c01b49fed4df1a79843688fa3f7b9d6" +DEPENDS = "" + +SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ + file://hiredis-use-default-CC-if-it-is-set.patch \ + file://lua-update-Makefile-to-use-environment-build-setting.patch \ + file://oe-use-libc-malloc.patch \ + file://redis.conf \ + file://init-redis-server \ + file://redis.service \ +" + +SRC_URI_append_mips = " file://remove-atomics.patch" +SRC_URI_append_arm = " file://remove-atomics.patch" +SRC_URI_append_powerpc = " file://remove-atomics.patch" + +SRC_URI[md5sum] = "48f240fd2d96b1b579300b866398edbc" +SRC_URI[sha256sum] = "6447259d2eed426a949c9c13f8fdb2d91fb66d9dc915dd50db13b87f46d93162" + +inherit autotools-brokensep update-rc.d systemd useradd + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" +GROUPADD_PARAM_${PN} = "--system redis" + + +REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" + +do_install() { + export PREFIX=${D}/${prefix} + oe_runmake install + install -d ${D}/${sysconfdir}/redis + install -m 0644 ${WORKDIR}/redis.conf ${D}/${sysconfdir}/redis/redis.conf + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init-redis-server ${D}/${sysconfdir}/init.d/redis-server + install -d ${D}/var/lib/redis/ + chown redis.redis ${D}/var/lib/redis/ + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service + + if [ "${REDIS_ON_SYSTEMD}" = true ]; then + sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf + fi +} + +CONFFILES_${PN} = "${sysconfdir}/redis/redis.conf" + +INITSCRIPT_NAME = "redis-server" +INITSCRIPT_PARAMS = "defaults 87" + +SYSTEMD_SERVICE_${PN} = "redis.service" diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb deleted file mode 100644 index 80d36d2ba1..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "Redis key-value store" -DESCRIPTION = "Redis is an open source, advanced key-value store." -HOMEPAGE = "http://redis.io" -SECTION = "libs" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=3c01b49fed4df1a79843688fa3f7b9d6" -DEPENDS = "" - -SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ - file://hiredis-use-default-CC-if-it-is-set.patch \ - file://lua-update-Makefile-to-use-environment-build-setting.patch \ - file://oe-use-libc-malloc.patch \ - file://redis.conf \ - file://init-redis-server \ - file://redis.service \ -" - -SRC_URI_append_mips = " file://remove-atomics.patch" -SRC_URI_append_arm = " file://remove-atomics.patch" - -SRC_URI[md5sum] = "c75b11e4177e153e4dc1d8dd3a6174e4" -SRC_URI[sha256sum] = "ff0c38b8c156319249fec61e5018cf5b5fe63a65b61690bec798f4c998c232ad" - -inherit autotools-brokensep update-rc.d systemd useradd - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" -GROUPADD_PARAM_${PN} = "--system redis" - - -REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" - -do_install() { - export PREFIX=${D}/${prefix} - oe_runmake install - install -d ${D}/${sysconfdir}/redis - install -m 0644 ${WORKDIR}/redis.conf ${D}/${sysconfdir}/redis/redis.conf - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init-redis-server ${D}/${sysconfdir}/init.d/redis-server - install -d ${D}/var/lib/redis/ - chown redis.redis ${D}/var/lib/redis/ - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service - - if [ "${REDIS_ON_SYSTEMD}" = true ]; then - sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf - fi -} - -CONFFILES_${PN} = "${sysconfdir}/redis/redis.conf" - -INITSCRIPT_NAME = "redis-server" -INITSCRIPT_PARAMS = "defaults 87" - -SYSTEMD_SERVICE_${PN} = "redis.service" diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch deleted file mode 100644 index 68b6863460..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 3e5a0cb440c788e2383e40ab23ac1cf01d96961b Mon Sep 17 00:00:00 2001 -From: Mingli Yu -Date: Tue, 24 Jul 2018 01:30:25 -0700 -Subject: [PATCH] src/tcp.c: fix jump-misses-init error - -Fix below jump-misses-init error - -| In file included from ../../git/src/tcp.c:51: -| ../../git/src/tcp.c: In function 'relpTcpConnect': -| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init] -| goto finalize_it; \ -| ^~~~ -| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE' -| ABORT_FINALIZE(RELP_RET_IO_ERR); -| ^~~~~~~~~~~~~~ -| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here -| finalize_it: -| ^~~~~~~~~~~ -| ../../git/src/tcp.c:1991:6: note: 'r' declared here -| int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); -| ^ -| In file included from ../../git/src/tcp.c:51: -| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init] -| goto finalize_it; \ -| ^~~~ -| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE' -| ABORT_FINALIZE(RELP_RET_IO_ERR); -| ^~~~~~~~~~~~~~ -| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here -| finalize_it: -| ^~~~~~~~~~~ -| ../../git/src/tcp.c:1989:12: note: 'len' declared here -| socklen_t len = sizeof so_error; -| ^~~ - -Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/117] - -Signed-off-by: Mingli Yu ---- - src/tcp.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/tcp.c b/src/tcp.c -index f35eb84..fb34dc7 100644 ---- a/src/tcp.c -+++ b/src/tcp.c -@@ -1936,6 +1936,9 @@ relpTcpConnect(relpTcp_t *const pThis, - struct addrinfo hints; - struct addrinfo *reslocal = NULL; - struct pollfd pfd; -+ int so_error; -+ socklen_t len = sizeof so_error; -+ int r; - - ENTER_RELPFUNC; - RELPOBJ_assert(pThis, Tcp); -@@ -1985,10 +1988,8 @@ relpTcpConnect(relpTcp_t *const pThis, - ABORT_FINALIZE(RELP_RET_TIMED_OUT); - } - -- int so_error; -- socklen_t len = sizeof so_error; - -- int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); -+ r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len); - if (r == -1 || so_error != 0) { - pThis->pEngine->dbgprint("socket has an error %d\n", so_error); - ABORT_FINALIZE(RELP_RET_IO_ERR); --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch deleted file mode 100644 index 5a62e1584d..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d8950ad273d79ec516468289adbd427e681dbc66 Mon Sep 17 00:00:00 2001 -From: Mingli Yu -Date: Mon, 30 Jul 2018 01:22:56 -0700 -Subject: [PATCH] src/tcp.c: increase the size of szHname - -Increase the size of szHname to fix below -error: -| ../../git/src/tcp.c: In function 'relpTcpSetRemHost': -| ../../git/src/tcp.c:352:57: error: '%s' directive output may be truncated writing up to 1024 bytes into a region of size 1011 [-Werror=format-truncation=] -| snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); -| ^~ ~~~~ -| In file included from /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/stdio.h:862, -| from ../../git/src/tcp.c:38: -| /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 16 and 1040 bytes into a destination of size 1025 -| return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, -| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -| __bos (__s), __fmt, __va_arg_pack ()); -| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -| cc1: all warnings being treated as errors -| Makefile:536: recipe for target 'librelp_la-tcp.lo' failed - -Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/118] - -Signed-off-by: Mingli Yu ---- - src/tcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tcp.c b/src/tcp.c -index fb34dc7..2c38b0b 100644 ---- a/src/tcp.c -+++ b/src/tcp.c -@@ -319,7 +319,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr) - relpEngine_t *pEngine; - int error; - unsigned char szIP[NI_MAXHOST] = ""; -- unsigned char szHname[NI_MAXHOST] = ""; -+ unsigned char szHname[1045] = ""; - struct addrinfo hints, *res; - size_t len; - -@@ -349,7 +349,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr) - if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) { - freeaddrinfo (res); - /* OK, we know we have evil, so let's indicate this to our caller */ -- snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP); -+ snprintf((char*)szHname, sizeof(szHname), "[MALICIOUS:IP=%s]", szIP); - pEngine->dbgprint("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname); - iRet = RELP_RET_MALICIOUS_HNAME; - } --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb deleted file mode 100644 index 17478efe40..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "A reliable logging library" -HOMEPAGE = "https://github.com/rsyslog/libfastjson" - -LICENSE = "GPLv3" -LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" - -DEPENDS = "gmp nettle libidn zlib gnutls" - -SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ - file://0001-src-tcp.c-fix-jump-misses-init-error.patch \ - file://0001-src-tcp.c-increase-the-size-of-szHname.patch \ -" - -SRCREV = "5e849ff060be0c7dce972e194c54fdacfee0adc2" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb new file mode 100644 index 0000000000..9e57dd520d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb @@ -0,0 +1,16 @@ +SUMMARY = "A reliable logging library" +HOMEPAGE = "https://github.com/rsyslog/librelp" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" + +DEPENDS = "gmp nettle libidn zlib gnutls openssl" + +SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \ +" + +SRCREV = "e96443dda3c080fa991decec26bc4ac98d24b9a2" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch deleted file mode 100644 index a248f75e5b..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 07ad2a1905089b9124623324a9969e4522317110 Mon Sep 17 00:00:00 2001 -From: Jackie Huang -Date: Fri, 12 Sep 2014 03:41:11 -0400 -Subject: [PATCH] rsyslog: update configure to fix ptest - -$MaxMessageSize doesn't work if before $IncludeConfig diag-common.conf, then -test cases fall into infinite loop with error message: - -8062.511110729:4902c480: error: message received is larger than max msg size, we split it -8062.511152265:4902c480: discarding zero-sized message - -Update configure to fix it. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang - ---- - tests/testsuites/complex1.conf | 2 +- - tests/testsuites/gzipwr_large.conf | 2 +- - tests/testsuites/gzipwr_large_dynfile.conf | 2 +- - tests/testsuites/imptcp_conndrop.conf | 2 +- - tests/testsuites/imptcp_large.conf | 2 +- - tests/testsuites/imtcp_conndrop.conf | 2 +- - tests/testsuites/wr_large.conf | 2 +- - 7 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/tests/testsuites/complex1.conf b/tests/testsuites/complex1.conf -index 9b6a9f3..e00caa4 100644 ---- a/tests/testsuites/complex1.conf -+++ b/tests/testsuites/complex1.conf -@@ -1,7 +1,7 @@ - # complex test case with multiple actions in gzip mode - # rgerhards, 2009-05-22 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $MainMsgQueueTimeoutEnqueue 5000 - -diff --git a/tests/testsuites/gzipwr_large.conf b/tests/testsuites/gzipwr_large.conf -index 54ad3bb..e8247a9 100644 ---- a/tests/testsuites/gzipwr_large.conf -+++ b/tests/testsuites/gzipwr_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/gzipwr_large_dynfile.conf b/tests/testsuites/gzipwr_large_dynfile.conf -index 3a1b255..297cb70 100644 ---- a/tests/testsuites/gzipwr_large_dynfile.conf -+++ b/tests/testsuites/gzipwr_large_dynfile.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imptcp_conndrop.conf b/tests/testsuites/imptcp_conndrop.conf -index 77a5d79..d9a14a8 100644 ---- a/tests/testsuites/imptcp_conndrop.conf -+++ b/tests/testsuites/imptcp_conndrop.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imptcp/.libs/imptcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imptcp_large.conf b/tests/testsuites/imptcp_large.conf -index 77a5d79..d9a14a8 100644 ---- a/tests/testsuites/imptcp_large.conf -+++ b/tests/testsuites/imptcp_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imptcp/.libs/imptcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/imtcp_conndrop.conf b/tests/testsuites/imtcp_conndrop.conf -index de41bc4..7844dc7 100644 ---- a/tests/testsuites/imtcp_conndrop.conf -+++ b/tests/testsuites/imtcp_conndrop.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 -diff --git a/tests/testsuites/wr_large.conf b/tests/testsuites/wr_large.conf -index b64f132..b0ae264 100644 ---- a/tests/testsuites/wr_large.conf -+++ b/tests/testsuites/wr_large.conf -@@ -1,7 +1,7 @@ - # simple async writing test - # rgerhards, 2010-03-09 --$MaxMessageSize 10k - $IncludeConfig diag-common.conf -+$MaxMessageSize 10k - - $ModLoad ../plugins/imtcp/.libs/imtcp - $MainMsgQueueTimeoutShutdown 10000 diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb new file mode 100644 index 0000000000..e06141e816 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb @@ -0,0 +1,169 @@ +SUMMARY = "Rsyslog is an enhanced multi-threaded syslogd" +DESCRIPTION = "\ +Rsyslog is an enhanced syslogd supporting, among others, MySQL,\ + PostgreSQL, failover log destinations, syslog/tcp, fine grain\ + output format control, high precision timestamps, queued operations\ + and the ability to filter on any message part. It is quite\ + compatible to stock sysklogd and can be used as a drop-in replacement.\ + Its advanced features make it suitable for enterprise-class,\ + encryption protected syslog relay chains while at the same time being\ + very easy to setup for the novice user." + +DEPENDS = "zlib libestr libfastjson bison-native flex-native liblogging" +HOMEPAGE = "http://www.rsyslog.com/" +LICENSE = "GPLv3 & LGPLv3 & Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=51d9635e646fb75e1b74c074f788e973 \ + file://COPYING.LESSER;md5=cb7903f1e5c39ae838209e130dca270a \ + file://COPYING.ASL20;md5=052f8a09206615ab07326ff8ce2d9d32\ +" + +SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.tar.gz \ + file://initscript \ + file://rsyslog.conf \ + file://rsyslog.logrotate \ + file://use-pkgconfig-to-check-libgcrypt.patch \ + file://run-ptest \ +" + +SRC_URI_append_libc-musl = " \ + file://0001-Include-sys-time-h.patch \ +" + +SRC_URI[md5sum] = "f0d454c79d4040e3f25fcd12f8f33fe2" +SRC_URI[sha256sum] = "d0d23a493dcec64c7b6807a1bb8ee864ed0f3760c2ff3088008bb661d304056f" + + +UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" +UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)" + +inherit autotools pkgconfig systemd update-rc.d ptest + +EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes" + +# first line is default yes in configure +PACKAGECONFIG ??= " \ + rsyslogd rsyslogrt klog inet regexp uuid libgcrypt \ + fmhttp imdiag gnutls imfile \ + ${@bb.utils.filter('DISTRO_FEATURES', 'snmp systemd', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'testbench relp ${VALGRIND}', '', d)} \ +" + +# default yes in configure +PACKAGECONFIG[relp] = "--enable-relp,--disable-relp,librelp," +PACKAGECONFIG[rsyslogd] = "--enable-rsyslogd,--disable-rsyslogd,," +PACKAGECONFIG[rsyslogrt] = "--enable-rsyslogrt,--disable-rsyslogrt,," +PACKAGECONFIG[fmhttp] = "--enable-fmhttp,--disable-fmhttp,curl," +PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,," +PACKAGECONFIG[klog] = "--enable-klog,--disable-klog,," +PACKAGECONFIG[regexp] = "--enable-regexp,--disable-regexp,," +PACKAGECONFIG[uuid] = "--enable-uuid,--disable-uuid,util-linux," +PACKAGECONFIG[libgcrypt] = "--enable-libgcrypt,--disable-libgcrypt,libgcrypt," +PACKAGECONFIG[testbench] = "--enable-testbench --enable-omstdout,--disable-testbench --disable-omstdout,," + +# default no in configure +PACKAGECONFIG[debug] = "--enable-debug,--disable-debug,," +PACKAGECONFIG[imdiag] = "--enable-imdiag,--disable-imdiag,," +PACKAGECONFIG[imfile] = "--enable-imfile,--disable-imfile,," +PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp," +PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls," +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd," +PACKAGECONFIG[imjournal] = "--enable-imjournal,--disable-imjournal," +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5," +PACKAGECONFIG[postgresql] = "--enable-pgsql,--disable-pgsql,postgresql," +PACKAGECONFIG[libdbi] = "--enable-libdbi,--disable-libdbi,libdbi," +PACKAGECONFIG[mail] = "--enable-mail,--disable-mail,," +PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind," + +TESTDIR = "tests" +do_compile_ptest() { + echo 'buildtest-TESTS: $(check_PROGRAMS)' >> ${TESTDIR}/Makefile + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + # install the tests + cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH} + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} + + # do NOT need to rebuild Makefile itself + sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + # do NOT need to rebuild $(check_PROGRAMS) + sed -i 's/^check-TESTS:.*$/check-TESTS:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # fix the srcdir, top_srcdir + sed -i 's,^\(srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + sed -i 's,^\(top_srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + # fix the abs_top_builddir + sed -i 's,^\(abs_top_builddir = \).*,\1${PTEST_PATH}/,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # valgrind is not compatible with arm and mips, + # so remove related test cases if there is no valgrind. + if [ x${VALGRIND} = x ]; then + sed -i '/udp-msgreduc-/d' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + fi + + # install test-driver + install -m 644 ${S}/test-driver ${D}${PTEST_PATH} + + # install necessary links + install -d ${D}${PTEST_PATH}/tools + ln -sf ${sbindir}/rsyslogd ${D}${PTEST_PATH}/tools/rsyslogd + + install -d ${D}${PTEST_PATH}/runtime + install -d ${D}${PTEST_PATH}/runtime/.libs + ( + cd ${D}/${libdir}/rsyslog + allso="*.so" + for i in $allso; do + ln -sf ${libdir}/rsyslog/$i ${D}${PTEST_PATH}/runtime/.libs/$i + done + ) + + # fix the module load path with runtime/.libs + find ${D}${PTEST_PATH}/${TESTDIR} -name "*.conf" -o -name "*.sh" -o -name "*.c" | xargs \ + sed -i -e 's:../plugins/.*/.libs/:../runtime/.libs/:g' +} + +do_install_append() { + install -d "${D}${sysconfdir}/init.d" + install -d "${D}${sysconfdir}/logrotate.d" + install -m 755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/syslog + install -m 644 ${WORKDIR}/rsyslog.conf ${D}${sysconfdir}/rsyslog.conf + install -m 644 ${WORKDIR}/rsyslog.logrotate ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog + sed -i -e "s#@BINDIR@#${bindir}#g" ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog + + if ${@bb.utils.contains('PACKAGECONFIG', 'imjournal', 'true', 'false', d)}; then + install -d 0755 ${D}${sysconfdir}/rsyslog.d + echo '$ModLoad imjournal' >> ${D}${sysconfdir}/rsyslog.d/imjournal.conf + fi +} + +FILES_${PN} += "${bindir}" + +INITSCRIPT_NAME = "syslog" +INITSCRIPT_PARAMS = "defaults" + +CONFFILES_${PN} = "${sysconfdir}/rsyslog.conf" + +RCONFLICTS_${PN} = "busybox-syslog sysklogd syslog-ng" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${BPN}.service" + +RDEPENDS_${PN} += "logrotate" + +# for rsyslog-ptest +VALGRIND = "valgrind" +VALGRIND_mips = "" +VALGRIND_mips64 = "" +VALGRIND_mips64n32 = "" +VALGRIND_arm = "" +VALGRIND_aarch64 = "" +VALGRIND_riscv64 = "" +RDEPENDS_${PN}-ptest += "\ + make diffutils gzip bash gawk coreutils procps \ + libgcc python-core python-io \ + " +RRECOMMENDS_${PN}-ptest += "${TCLIBC}-dbg ${VALGRIND}" diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb deleted file mode 100644 index 1fb4390150..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb +++ /dev/null @@ -1,166 +0,0 @@ -SUMMARY = "Rsyslog is an enhanced multi-threaded syslogd" -DESCRIPTION = "\ -Rsyslog is an enhanced syslogd supporting, among others, MySQL,\ - PostgreSQL, failover log destinations, syslog/tcp, fine grain\ - output format control, high precision timestamps, queued operations\ - and the ability to filter on any message part. It is quite\ - compatible to stock sysklogd and can be used as a drop-in replacement.\ - Its advanced features make it suitable for enterprise-class,\ - encryption protected syslog relay chains while at the same time being\ - very easy to setup for the novice user." - -DEPENDS = "zlib libestr libfastjson bison-native flex-native liblogging" -HOMEPAGE = "http://www.rsyslog.com/" -LICENSE = "GPLv3 & LGPLv3 & Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=51d9635e646fb75e1b74c074f788e973 \ - file://COPYING.LESSER;md5=cb7903f1e5c39ae838209e130dca270a \ - file://COPYING.ASL20;md5=052f8a09206615ab07326ff8ce2d9d32\ -" - -SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.tar.gz \ - file://initscript \ - file://rsyslog.conf \ - file://rsyslog.logrotate \ - file://use-pkgconfig-to-check-libgcrypt.patch \ - file://run-ptest \ - file://rsyslog-fix-ptest-not-finish.patch \ -" - -SRC_URI_append_libc-musl = " \ - file://0001-Include-sys-time-h.patch \ -" - -SRC_URI[md5sum] = "e0942b4b88a13602a6b6352bf9f05091" -SRC_URI[sha256sum] = "295c289b4c8abd8f8f3fe35a83249b739cedabe82721702b910255f9faf147e7" - -UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" -UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)" - -inherit autotools pkgconfig systemd update-rc.d ptest - -EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes" - -# first line is default yes in configure -PACKAGECONFIG ??= " \ - rsyslogd rsyslogrt klog inet regexp uuid libgcrypt \ - fmhttp imdiag gnutls imfile \ - ${@bb.utils.filter('DISTRO_FEATURES', 'snmp systemd', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'testbench relp ${VALGRIND}', '', d)} \ -" - -# default yes in configure -PACKAGECONFIG[relp] = "--enable-relp,--disable-relp,librelp," -PACKAGECONFIG[rsyslogd] = "--enable-rsyslogd,--disable-rsyslogd,," -PACKAGECONFIG[rsyslogrt] = "--enable-rsyslogrt,--disable-rsyslogrt,," -PACKAGECONFIG[fmhttp] = "--enable-fmhttp,--disable-fmhttp,curl," -PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,," -PACKAGECONFIG[klog] = "--enable-klog,--disable-klog,," -PACKAGECONFIG[regexp] = "--enable-regexp,--disable-regexp,," -PACKAGECONFIG[uuid] = "--enable-uuid,--disable-uuid,util-linux," -PACKAGECONFIG[libgcrypt] = "--enable-libgcrypt,--disable-libgcrypt,libgcrypt," -PACKAGECONFIG[testbench] = "--enable-testbench --enable-omstdout,--disable-testbench --disable-omstdout,," - -# default no in configure -PACKAGECONFIG[debug] = "--enable-debug,--disable-debug,," -PACKAGECONFIG[imdiag] = "--enable-imdiag,--disable-imdiag,," -PACKAGECONFIG[imfile] = "--enable-imfile,--disable-imfile,," -PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp," -PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls," -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd," -PACKAGECONFIG[imjournal] = "--enable-imjournal,--disable-imjournal," -PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5," -PACKAGECONFIG[postgresql] = "--enable-pgsql,--disable-pgsql,postgresql," -PACKAGECONFIG[libdbi] = "--enable-libdbi,--disable-libdbi,libdbi," -PACKAGECONFIG[mail] = "--enable-mail,--disable-mail,," -PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind," - -TESTDIR = "tests" -do_compile_ptest() { - echo 'buildtest-TESTS: $(check_PROGRAMS)' >> ${TESTDIR}/Makefile - oe_runmake -C ${TESTDIR} buildtest-TESTS -} - -do_install_ptest() { - # install the tests - cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH} - cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} - - # do NOT need to rebuild Makefile itself - sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - # do NOT need to rebuild $(check_PROGRAMS) - sed -i 's/^check-TESTS:.*$/check-TESTS:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - - # fix the srcdir, top_srcdir - sed -i 's,^\(srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - sed -i 's,^\(top_srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - # fix the abs_top_builddir - sed -i 's,^\(abs_top_builddir = \).*,\1${PTEST_PATH}/,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - - # valgrind is not compatible with arm and mips, - # so remove related test cases if there is no valgrind. - if [ x${VALGRIND} = x ]; then - sed -i '/udp-msgreduc-/d' ${D}${PTEST_PATH}/${TESTDIR}/Makefile - fi - - # install test-driver - install -m 644 ${S}/test-driver ${D}${PTEST_PATH} - - # install necessary links - install -d ${D}${PTEST_PATH}/tools - ln -sf ${sbindir}/rsyslogd ${D}${PTEST_PATH}/tools/rsyslogd - - install -d ${D}${PTEST_PATH}/runtime - install -d ${D}${PTEST_PATH}/runtime/.libs - ( - cd ${D}/${libdir}/rsyslog - allso="*.so" - for i in $allso; do - ln -sf ${libdir}/rsyslog/$i ${D}${PTEST_PATH}/runtime/.libs/$i - done - ) - - # fix the module load path with runtime/.libs - find ${D}${PTEST_PATH}/${TESTDIR} -name "*.conf" -o -name "*.sh" -o -name "*.c" | xargs \ - sed -i -e 's:../plugins/.*/.libs/:../runtime/.libs/:g' -} - -do_install_append() { - install -d "${D}${sysconfdir}/init.d" - install -d "${D}${sysconfdir}/logrotate.d" - install -m 755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/syslog - install -m 644 ${WORKDIR}/rsyslog.conf ${D}${sysconfdir}/rsyslog.conf - install -m 644 ${WORKDIR}/rsyslog.logrotate ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog - sed -i -e "s#@BINDIR@#${bindir}#g" ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog - - if ${@bb.utils.contains('PACKAGECONFIG', 'imjournal', 'true', 'false', d)}; then - install -d 0755 ${D}${sysconfdir}/rsyslog.d - echo '$ModLoad imjournal' >> ${D}${sysconfdir}/rsyslog.d/imjournal.conf - fi -} - -FILES_${PN} += "${bindir}" - -INITSCRIPT_NAME = "syslog" -INITSCRIPT_PARAMS = "defaults" - -CONFFILES_${PN} = "${sysconfdir}/rsyslog.conf" - -RCONFLICTS_${PN} = "busybox-syslog sysklogd syslog-ng" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "${BPN}.service" - -RDEPENDS_${PN} += "logrotate" - -# for rsyslog-ptest -VALGRIND = "valgrind" -VALGRIND_mips = "" -VALGRIND_mips64 = "" -VALGRIND_mips64n32 = "" -VALGRIND_arm = "" -VALGRIND_aarch64 = "" -VALGRIND_riscv64 = "" -RDEPENDS_${PN}-ptest += "make diffutils gzip bash gawk coreutils procps" -RRECOMMENDS_${PN}-ptest += "${TCLIBC}-dbg ${VALGRIND}" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb new file mode 100644 index 0000000000..8152ca7ca3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "libsigrok is a shared library written in C, which provides the basic hardware access drivers for logic analyzers and other supported devices, as well as input/output file format support." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "glib-2.0 libzip" + +PACKAGECONFIG[serialport] = "--with-libserialport,--without-libserialport,libserialport" +PACKAGECONFIG[ftdi] = "--with-libftdi,--without-libftdi,libftdi" +PACKAGECONFIG[usb] = "--with-libusb,--without-libusb,libusb" +PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,glibmm doxygen-native" + +PACKAGECONFIG ??= "serialport ftdi usb" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/libsigrok/libsigrok-${PV}.tar.gz" + +SRC_URI[md5sum] = "a3de9e52a660e51d27a6aca025d204a7" +SRC_URI[sha256sum] = "e40fde7af98d29e922e9d3cbe0a6c0569889153fc31e47b8b1afe4d846292b9c" + +FILES_${PN} += "${datadir}/*" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb new file mode 100644 index 0000000000..b8e1e4705d --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "libsigrokdecode is a shared library written in C, which provides (streaming) protocol decoding functionality." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "glib-2.0 python3" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/libsigrokdecode/libsigrokdecode-${PV}.tar.gz" + +SRC_URI[md5sum] = "b9033bc7e68bc17fffffd4fdd793f5a1" +SRC_URI[sha256sum] = "e08d9e797c54eccf3144da631b6e5f1498ac531e51520428df537a1da82583f0" diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb new file mode 100644 index 0000000000..d31bcd282f --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "sigrok-cli is a command-line frontend for sigrok." +HOMEPAGE = "http://sigrok.org/wiki/Main_Page" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "libsigrok" + +PACKAGECONFIG[decode] = "--with-libsigrokdecode,--without-libsigrokdecode,libsigrokdecode" + +PACKAGECONFIG ??= "decode" + +inherit autotools pkgconfig + +SRC_URI = "http://sigrok.org/download/source/sigrok-cli/sigrok-cli-${PV}.tar.gz" + +SRC_URI[md5sum] = "77cb745e2fa239c7bd1ea81e2d67ede9" +SRC_URI[sha256sum] = "5669d968c2de3dfc6adfda76e83789b6ba76368407c832438cef5e7099a65e1c" diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch b/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch deleted file mode 100644 index 91e64d2178..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f28aa188e5b0ea85369febe657b8807b8025038b Mon Sep 17 00:00:00 2001 -From: chrfranke -Date: Wed, 8 Nov 2017 06:15:50 +0000 -Subject: [PATCH] os_linux.cpp: Use 'realpath()' (BSD, POSIX) instead of - 'canonicalize_file_name()' (GNU extension). This fixes build on systems with - musl libc (#921). - -git-svn-id: http://svn.code.sf.net/p/smartmontools/code/trunk@4603 4ea69e1a-61f1-4043-bf83-b5c94c648137 - -Upstream-Status: Backport [https://www.smartmontools.org/ticket/921] -Signed-off-by: Khem Raj ---- - os_linux.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/os_linux.cpp b/os_linux.cpp -index 134d5bc..935f9c7 100644 ---- a/os_linux.cpp -+++ b/os_linux.cpp -@@ -3176,7 +3176,7 @@ static bool is_hpsa(const char * name) - { - char path[128]; - snprintf(path, sizeof(path), "/sys/block/%s/device", name); -- char * syshostpath = canonicalize_file_name(path); -+ char * syshostpath = realpath(name, (char *)0); - if (!syshostpath) - return false; - diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb deleted file mode 100644 index c77c10551a..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "Control and monitor storage systems using S.M.A.R.T" -DESCRIPTION = "\ -The smartmontools package contains two utility programs (smartctl \ -and smartd) to control and monitor storage systems using the Self-\ -Monitoring, Analysis and Reporting Technology System (SMART) built \ -into most modern ATA and SCSI hard disks. In many cases, these \ -utilities will provide advanced warning of disk degradation and failure." - -HOMEPAGE = "http://smartmontools.sourceforge.net/" -SECTION = "console/utils" - -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "${SOURCEFORGE_MIRROR}/smartmontools/smartmontools-${PV}.tar.gz \ - file://initd.smartd \ - file://smartmontools.default \ - file://smartd.service \ - file://0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch \ - " - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'libcap-ng selinux', d)}" -PACKAGECONFIG[libcap-ng] = "--with-libcap-ng=yes,--with-libcap-ng=no,libcap-ng" -PACKAGECONFIG[selinux] = "--with-selinux=yes,--with-selinux=no,libselinux" - -SRC_URI[md5sum] = "9ae2c6e7131cd2813edcc65cbe5f223f" -SRC_URI[sha256sum] = "51f43d0fb064fccaf823bbe68cf0d317d0895ff895aa353b3339a3b316a53054" - -inherit autotools update-rc.d systemd - -SYSTEMD_SERVICE_${PN} = "smartd.service" -SYSTEMD_AUTO_ENABLE = "disable" - -do_install_append () { - #install the init.d/smartd - install -d ${D}${sysconfdir}/init.d - install -p -m 0755 ${WORKDIR}/initd.smartd ${D}${sysconfdir}/init.d/smartd - install -d ${D}${sysconfdir}/default - install -p -m 0644 ${WORKDIR}/smartmontools.default ${D}${sysconfdir}/default/smartmontools - - #install systemd service file - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/smartd.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/smartd.service -} - -INITSCRIPT_NAME = "smartd" -INITSCRIPT_PARAMS = "start 60 2 3 4 5 . stop 60 0 1 6 ." - -RDEPENDS_${PN} += "mailx" diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb new file mode 100644 index 0000000000..d984566547 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb @@ -0,0 +1,52 @@ +SUMMARY = "Control and monitor storage systems using S.M.A.R.T" +DESCRIPTION = "\ +The smartmontools package contains two utility programs (smartctl \ +and smartd) to control and monitor storage systems using the Self-\ +Monitoring, Analysis and Reporting Technology System (SMART) built \ +into most modern ATA and SCSI hard disks. In many cases, these \ +utilities will provide advanced warning of disk degradation and failure." + +HOMEPAGE = "http://smartmontools.sourceforge.net/" +SECTION = "console/utils" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "${SOURCEFORGE_MIRROR}/smartmontools/smartmontools-${PV}.tar.gz \ + file://initd.smartd \ + file://smartmontools.default \ + file://smartd.service \ + " + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'libcap-ng selinux', d)}" +PACKAGECONFIG[libcap-ng] = "--with-libcap-ng=yes,--with-libcap-ng=no,libcap-ng" +PACKAGECONFIG[selinux] = "--with-selinux=yes,--with-selinux=no,libselinux" + +SRC_URI[md5sum] = "b2a80e4789af23d67dfe1e88a997abbf" +SRC_URI[sha256sum] = "e5e1ac2786bc87fdbd6f92d0ee751b799fbb3e1a09c0a6a379f9eb64b3e8f61c" + +inherit autotools update-rc.d systemd + +SYSTEMD_SERVICE_${PN} = "smartd.service" +SYSTEMD_AUTO_ENABLE = "disable" + +do_install_append () { + #install the init.d/smartd + install -d ${D}${sysconfdir}/init.d + install -p -m 0755 ${WORKDIR}/initd.smartd ${D}${sysconfdir}/init.d/smartd + install -d ${D}${sysconfdir}/default + install -p -m 0644 ${WORKDIR}/smartmontools.default ${D}${sysconfdir}/default/smartmontools + + #install systemd service file + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/smartd.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/smartd.service +} + +INITSCRIPT_NAME = "smartd" +INITSCRIPT_PARAMS = "start 60 2 3 4 5 . stop 60 0 1 6 ." + +RDEPENDS_${PN} += "mailx" diff --git a/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb new file mode 100644 index 0000000000..037ce063e1 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb @@ -0,0 +1,47 @@ +SUMMARY = "A lightweight hotkey daemon" +HOMEPAGE = "https://github.com/wertarbyte/triggerhappy" + +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRC_URI = "https://github.com/wertarbyte/triggerhappy/archive/debian/0.5.0-1.tar.gz" + +SRC_URI[md5sum] = "77f90a18c775e47c4c5e9e08987ca32f" +SRC_URI[sha256sum] = "9150bafbf7f2de7d57e6cc154676c33da98dc11ac6442e1ca57e5dce82bd4292" + +S = "${WORKDIR}/${PN}-debian-${PV}-1" + +inherit autotools-brokensep pkgconfig update-rc.d systemd + +PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','',d)}" +PACKAGECONFIG[systemd] = ",,systemd" + +INITSCRIPT_NAME = "triggerhappy" +INITSCRIPT_PARAMS = "defaults" +SYSTEMD_SERVICE_${PN} = "triggerhappy.service triggerhappy.socket" + +FILES_${PN} = "\ +${sbindir}/thd \ +${sbindir}/th-cmd \ +${sysconfdir}/triggerhappy/triggers.d \ +${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules \ +${sysconfdir}/init.d/triggerhappy \ +${systemd_unitdir}/system \ +" +CONFFILES_${PN} = "${sysconfdir}/udev/rules.d/80-triggerhappy.rules" + +do_install_append() { + install -d ${D}${sysconfdir}/triggerhappy/triggers.d + + install -d ${D}${nonarch_base_libdir}/udev/rules.d + install -m 0644 ${S}/udev/triggerhappy-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${S}/debian/init.d ${D}${sysconfdir}/init.d/triggerhappy + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 0644 ${S}/systemd/triggerhappy.socket ${D}${systemd_unitdir}/system + install -m 0644 ${S}/systemd/triggerhappy.service ${D}${systemd_unitdir}/system + fi +} diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch new file mode 100644 index 0000000000..4b9a195e02 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch @@ -0,0 +1,38 @@ +From 3707f467f9a26a7df3d41385023b43c3d08911d2 Mon Sep 17 00:00:00 2001 +From: Manjukumar Matha +Date: Tue, 12 Feb 2019 17:46:52 -0800 +Subject: [PATCH][v3] CMakeLists.txt: Use SWIG_SUPPORT_FILES to find the list + of generated files for cmake version 3.12 or higher + +Use SWIG_SUPPORT_FILES to find the list of python files generated by +CMake Swig module and install those files. This should be applicable to +cmake version 3.12 or higher + +Signed-off-by: Manjukumar Matha +--- + src/CMakeLists.txt | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index e19cda2..b565814 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -337,8 +337,14 @@ macro(_upm_swig_python) + OUTPUT_NAME _pyupm_${libname} + LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_PYTHON_BINARY_DIR}) + ++ if (CMAKE_VERSION VERSION_LESS "3.12") ++ set(support_files ${swig_extra_generated_files}) ++ else() ++ get_property(support_files TARGET _${python_wrapper_name} PROPERTY SWIG_SUPPORT_FILES) ++ endif() ++ + # Install .py's to python packages directory/upm +- install (FILES ${swig_extra_generated_files} ++ install (FILES ${support_files} + DESTINATION ${PYTHON_PACKAGES_PATH}/upm + COMPONENT ${CMAKE_PROJECT_NAME}-python${PYTHON_VERSION_MAJOR}) + +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb index babe5f4893..8854a33bcb 100644 --- a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb +++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb @@ -13,6 +13,7 @@ PV = "1.6.0-git${SRCPV}" SRC_URI = "git://github.com/intel-iot-devkit/${BPN}.git;protocol=http \ file://0001-Replace-strncpy-with-memcpy.patch \ file://0001-include-sys-types.h-for-uint-definition.patch \ + file://0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch \ " S = "${WORKDIR}/git" @@ -20,7 +21,7 @@ S = "${WORKDIR}/git" # Depends on mraa which only supports x86 and ARM for now COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux" -inherit distutils3-base cmake +inherit distutils3-base cmake pkgconfig # override this in local.conf to get needed bindings. # BINDINGS_pn-upm="python" diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb deleted file mode 100644 index c41b20c45b..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb +++ /dev/null @@ -1,34 +0,0 @@ -DESCRIPTION = "The volume_key project provides a libvolume_key, a library for manipulating \ -storage volume encryption keys and storing them separately from volumes, and an \ -associated command-line tool, named volume_key." -LICENSE = "GPLv2" -SECTION = "devel/lib" - -HOMEPAGE = "https://pagure.io/volume_key" - -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -SRC_URI = "https://releases.pagure.org/volume_key/volume_key-${PV}.tar.xz \ -" -SRC_URI[md5sum] = "30df56c7743eb7c965293b3d61194232" -SRC_URI[sha256sum] = "e6b279c25ae477b555f938db2e41818f90c8cde942b0eec92f70b6c772095f6d" - -SRCNAME = "volume_key" -S = "${WORKDIR}/${SRCNAME}-${PV}" - -inherit autotools python3native gettext - -DEPENDS += " \ - util-linux \ - glib-2.0 \ - cryptsetup \ - nss \ - gpgme \ - swig-native \ -" - -RDEPENDS_python3-${PN} += "${PN}" - -PACKAGES += "python3-${PN}" -FILES_python3-${PN} = "${PYTHON_SITEPACKAGES_DIR}/*" - diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb new file mode 100644 index 0000000000..398ca5c21b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb @@ -0,0 +1,38 @@ +DESCRIPTION = "The volume_key project provides a libvolume_key, a library for manipulating \ +storage volume encryption keys and storing them separately from volumes, and an \ +associated command-line tool, named volume_key." +LICENSE = "GPLv2" +SECTION = "devel/lib" + +HOMEPAGE = "https://pagure.io/volume_key" + +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "https://releases.pagure.org/volume_key/volume_key-${PV}.tar.xz \ +" +SRC_URI[md5sum] = "200591290173c3ea71528411838f9080" +SRC_URI[sha256sum] = "6ca3748fc1dad22c450bbf6601d4e706cb11c5e662d11bb4aeb473a9cd77309b" + +SRCNAME = "volume_key" +S = "${WORKDIR}/${SRCNAME}-${PV}" + +inherit autotools python3native gettext + +DEPENDS += " \ + util-linux \ + glib-2.0 \ + cryptsetup \ + nss \ + gpgme \ + swig-native \ +" + +PACKAGECONFIG ??= "python3" +PACKAGECONFIG[python] = "--with-python,--without-python,python,python" +PACKAGECONFIG[python3] = "--with-python3,--without-python3,python3,python3" + +RDEPENDS_python3-${PN} += "${PN}" + +PACKAGES += "python3-${PN}" +FILES_python3-${PN} = "${PYTHON_SITEPACKAGES_DIR}/*" + -- cgit v1.2.3