From 82c905dc58a36aeae40b1b273a12f63fb1973cf4 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Mon, 13 Apr 2020 13:39:40 -0500 Subject: meta-openembedded and poky: subtree updates Squash of the following due to dependencies among them and OpenBMC changes: meta-openembedded: subtree update:d0748372d2..9201611135 meta-openembedded: subtree update:9201611135..17fd382f34 poky: subtree update:9052e5b32a..2e11d97b6c poky: subtree update:2e11d97b6c..a8544811d7 The change log was too large for the jenkins plugin to handle therefore it has been removed. Here is the first and last commit of each subtree: meta-openembedded:d0748372d2 cppzmq: bump to version 4.6.0 meta-openembedded:17fd382f34 mpv: Remove X11 dependency poky:9052e5b32a package_ipk: Remove pointless comment to trigger rebuild poky:a8544811d7 pbzip2: Fix license warning Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6 Signed-off-by: Andrew Geissler --- poky/meta/recipes-connectivity/avahi/avahi_0.7.bb | 10 + .../bind/bind/0001-bind-fix-CVE-2019-6471.patch | 64 -- ...igure.in-remove-useless-L-use_openssl-lib.patch | 18 +- .../0001-fix-enforcement-of-tcp-clients-v1.patch | 60 -- ...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 22 - .../0001-lib-dns-gen.c-fix-too-long-error.patch | 31 - ...02-tcp-clients-could-still-be-exceeded-v2.patch | 670 --------------- ...-reference-counter-for-pipeline-groups-v3.patch | 278 ------- ...uota-accounting-and-client-mortality-chec.patch | 512 ------------ ...pquota-and-pipeline-refs-allow-special-ca.patch | 911 --------------------- ...tore-allowance-for-tcp-clients-interfaces.patch | 80 -- ...mic-operations-in-bin-named-client.c-with.patch | 140 ---- ...-searching-for-json-headers-searches-sysr.patch | 15 +- .../meta/recipes-connectivity/bind/bind_9.11.13.bb | 141 ++++ .../recipes-connectivity/bind/bind_9.11.5-P4.bb | 149 ---- poky/meta/recipes-connectivity/bluez5/bluez5.inc | 22 +- ...-obexd-without-systemd-in-the-user-sessio.patch | 12 +- ...01-Makefile.am-Fix-a-race-issue-for-tools.patch | 30 - ...ls-Fix-build-after-y2038-changes-in-glibc.patch | 68 -- .../0001-tools-btpclient.c-include-signal.h.patch | 30 - .../bluez5/bluez5/CVE-2018-10910.patch | 505 ------------ .../bluez5/bluez5/gcc9-fixes.patch | 301 ------- .../bluez5/bluez5/out-of-tree.patch | 26 - .../recipes-connectivity/bluez5/bluez5/run-ptest | 2 +- .../recipes-connectivity/bluez5/bluez5_5.50.bb | 68 -- .../recipes-connectivity/bluez5/bluez5_5.54.bb | 68 ++ poky/meta/recipes-connectivity/connman/connman.inc | 10 +- poky/meta/recipes-connectivity/dhcp/dhcp.inc | 1 + .../dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch | 68 -- ...d-includes-of-new-BIND9-compatibility-hea.patch | 79 -- .../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch | 6 +- poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb | 23 - poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | 21 + .../inetutils/inetutils_1.9.4.bb | 6 +- .../recipes-connectivity/iproute2/iproute2.inc | 34 +- .../iproute2/iproute2_5.3.0.bb | 12 - .../iproute2/iproute2_5.5.0.bb | 12 + .../iw/iw/separate-objdir.patch | 24 +- poky/meta/recipes-connectivity/iw/iw_5.3.bb | 32 - poky/meta/recipes-connectivity/iw/iw_5.4.bb | 32 + .../libnss-mdns/libnss-mdns_0.10.bb | 46 -- .../libnss-mdns/libnss-mdns_0.14.1.bb | 38 + .../0001-Don-t-build-tools-with-CC_FOR_BUILD.patch | 40 - ...include-order-between-config.h-and-stat.h.patch | 156 ---- ...le.am-fix-undefined-function-for-libnsm.a.patch | 12 +- ...re.ac-Do-not-fatalize-Wmissing-prototypes.patch | 40 - .../nfs-utils/nfs-utils/clang-format-string.patch | 183 ----- .../nfs-utils/nfs-utils/clang-warnings.patch | 61 ++ .../nfs-utils/nfs-utils-musl-res_querydomain.patch | 46 -- .../nfs-utils/nfs-utils_2.4.1.bb | 152 ---- .../nfs-utils/nfs-utils_2.4.3.bb | 147 ++++ ...x-integer-overflow-in-XMSS-private-key-pa.patch | 40 - .../recipes-connectivity/openssh/openssh/run-ptest | 1 + .../openssh/openssh/sshd.socket | 1 + .../openssh/openssh/sshd@.service | 2 - .../recipes-connectivity/openssh/openssh_8.0p1.bb | 165 ---- .../recipes-connectivity/openssh/openssh_8.2p1.bb | 170 ++++ .../openssl/openssl/reproducible.patch | 32 + .../recipes-connectivity/openssl/openssl_1.1.1d.bb | 204 ----- .../recipes-connectivity/openssl/openssl_1.1.1f.bb | 211 +++++ .../0001-pppd-Fix-bounds-check-in-EAP-code.patch | 47 ++ poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 1 + .../resolvconf/resolvconf_1.79.bb | 67 -- .../resolvconf/resolvconf_1.82.bb | 68 ++ .../recipes-connectivity/socat/socat_1.7.3.3.bb | 52 -- .../recipes-connectivity/socat/socat_1.7.3.4.bb | 54 ++ 66 files changed, 1207 insertions(+), 5422 deletions(-) delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch delete mode 100644 poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch create mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.13.bb delete mode 100644 poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch delete mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb create mode 100644 poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb delete mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch delete mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch delete mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb create mode 100644 poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb delete mode 100644 poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb create mode 100644 poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb delete mode 100644 poky/meta/recipes-connectivity/iw/iw_5.3.bb create mode 100644 poky/meta/recipes-connectivity/iw/iw_5.4.bb delete mode 100644 poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb create mode 100644 poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch delete mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb create mode 100644 poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb delete mode 100644 poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch delete mode 100644 poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb create mode 100644 poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch delete mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb create mode 100644 poky/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb create mode 100644 poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch delete mode 100644 poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb create mode 100644 poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb delete mode 100644 poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb create mode 100644 poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb (limited to 'poky/meta/recipes-connectivity') diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb index 2e04d304c7..24523c7f81 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb @@ -10,6 +10,16 @@ inherit update-rc.d systemd useradd PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils" +LICENSE_libavahi-gobject = "LGPLv2.1+" +LICENSE_avahi-daemon = "LGPLv2.1+" +LICENSE_libavahi-common = "LGPLv2.1+" +LICENSE_libavahi-core = "LGPLv2.1+" +LICENSE_avahi-client = "LGPLv2.1+" +LICENSE_avahi-dnsconfd = "LGPLv2.1+" +LICENSE_libavahi-glib = "LGPLv2.1+" +LICENSE_avahi-autoipd = "LGPLv2.1+" +LICENSE_avahi-utils = "LGPLv2.1+" + # As avahi doesn't put any files into PN, clear the files list to avoid problems # if extra libraries appear. FILES_${PN} = "" diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch deleted file mode 100644 index 2fed99e1bb..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch +++ /dev/null @@ -1,64 +0,0 @@ -Backport patch to fix CVE-2019-6471. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2019-6471 - -CVE: CVE-2019-6471 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb] - -Signed-off-by: Kai Kang - -From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Tue, 19 Mar 2019 14:14:21 +1100 -Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext() - -(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712) ---- - lib/dns/dispatch.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c -index 408beda367..3278db4a07 100644 ---- a/lib/dns/dispatch.c -+++ b/lib/dns/dispatch.c -@@ -134,7 +134,7 @@ struct dns_dispentry { - isc_task_t *task; - isc_taskaction_t action; - void *arg; -- bool item_out; -+ bool item_out; - dispsocket_t *dispsocket; - ISC_LIST(dns_dispatchevent_t) items; - ISC_LINK(dns_dispentry_t) link; -@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) { - disp = resp->disp; - REQUIRE(VALID_DISPATCH(disp)); - -- REQUIRE(resp->item_out == true); -- resp->item_out = false; -- - ev = *sockevent; - *sockevent = NULL; - - LOCK(&disp->lock); -+ -+ REQUIRE(resp->item_out == true); -+ resp->item_out = false; -+ - if (ev->buffer.base != NULL) - free_buffer(disp, ev->buffer.base, ev->buffer.length); - free_devent(disp, ev); -@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, - isc_task_send(disp->task[0], &disp->ctlevent); - } - -+/* -+ * disp must be locked. -+ */ - static void - do_cancel(dns_dispatch_t *disp) { - dns_dispatchevent_t *ev; --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch index 871bb2a5f6..9d31b98080 100644 --- a/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch +++ b/poky/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch @@ -1,4 +1,4 @@ -From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 +From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Mon, 27 Aug 2018 15:00:51 +0800 Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' @@ -10,15 +10,16 @@ and helpful for clean up host build path in isc-config.sh Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Hongxu Jia + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index 54efc55..76ac0eb 100644 ---- a/configure.in -+++ b/configure.in -@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) +diff --git a/configure.ac b/configure.ac +index e85a5c6..2bbfc58 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl]) fi ;; *) @@ -27,6 +28,3 @@ index 54efc55..76ac0eb 100644 ;; esac fi --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch deleted file mode 100644 index 48ae125f84..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch +++ /dev/null @@ -1,60 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d] - -Signed-off-by: Kai Kang - -From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= -Date: Thu, 3 Jan 2019 14:17:43 +0100 -Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1) - -tcp-clients settings could be exceeded in some cases by -creating more and more active TCP clients that are over -the set quota limit, which in the end could lead to a -DoS attack by e.g. exhaustion of file descriptors. - -If TCP client we're closing went over the quota (so it's -not attached to a quota) mark it as mortal - so that it -will be destroyed and not set up to listen for new -connections - unless it's the last client for a specific -interface. - -(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) -(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776) ---- - bin/named/client.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d482da7121..0739dd48af 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) { - isc_socket_detach(&client->tcpsocket); - } - -- if (client->tcpquota != NULL) -+ if (client->tcpquota != NULL) { - isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * We went over quota with this client, we don't -+ * want to restart listening unless this is the -+ * last client on this interface, which is -+ * checked later. -+ */ -+ if (TCP_CLIENT(client)) { -+ client->mortal = true; -+ } -+ } - - if (client->timerset) { - (void)isc_timer_reset(client->timer, --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch deleted file mode 100644 index a8d601dcaa..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Pending - -Subject: gen.c: extend DIRNAMESIZE from 256 to 512 - -Signed-off-by: Chen Qi ---- - lib/dns/gen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,7 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 --#define DIRNAMESIZE 256 -+#define DIRNAMESIZE 512 - - static struct cc { - struct cc *next; diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch deleted file mode 100644 index 01874a4407..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001 -From: Robert Yang -Date: Wed, 16 Sep 2015 20:23:47 -0700 -Subject: [PATCH] lib/dns/gen.c: fix too long error - -The 512 is a little short when build in deep dir, and cause "too long" -error, use PATH_MAX if defined. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang ---- - lib/dns/gen.c | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,11 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 -+#ifdef PATH_MAX -+#define DIRNAMESIZE PATH_MAX -+#else - #define DIRNAMESIZE 512 -+#endif - - static struct cc { - struct cc *next; diff --git a/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch b/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch deleted file mode 100644 index ca4e8b1a66..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch +++ /dev/null @@ -1,670 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604] - -Signed-off-by: Kai Kang - -From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= -Date: Fri, 4 Jan 2019 12:50:51 +0100 -Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2) - -the TCP client quota could still be ineffective under some -circumstances. this change: - -- improves quota accounting to ensure that TCP clients are - properly limited, while still guaranteeing that at least one client - is always available to serve TCP connections on each interface. -- uses more descriptive names and removes one (ntcptarget) that - was no longer needed -- adds comments - -(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2) -(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396) ---- - bin/named/client.c | 311 ++++++++++++++++++++----- - bin/named/include/named/client.h | 14 +- - bin/named/include/named/interfacemgr.h | 11 +- - bin/named/interfacemgr.c | 8 +- - 4 files changed, 267 insertions(+), 77 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 0739dd48af..a7b49a0f71 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, -- isc_socket_t *sock); -+ isc_socket_t *sock, ns_client_t *oldclient); - static inline bool --allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr, -- uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl); -+allowed(isc_netaddr_t *addr, dns_name_t *signer, -+ isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -+ uint8_t *ecs_scope, dns_acl_t *acl) - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) { - */ - INSIST(client->recursionquota == NULL); - INSIST(client->newstate <= NS_CLIENTSTATE_READY); -- if (client->nreads > 0) -+ -+ if (client->nreads > 0) { - dns_tcpmsg_cancelread(&client->tcpmsg); -+ } -+ - if (client->nreads != 0) { - /* Still waiting for read cancel completion. */ - return (true); -@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_invalidate(&client->tcpmsg); - client->tcpmsg_valid = false; - } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } - } - - if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } else { - /* -- * We went over quota with this client, we don't -- * want to restart listening unless this is the -- * last client on this interface, which is -- * checked later. -+ * If we are not in a pipeline group, or -+ * we are the last client in the group, detach from -+ * tcpquota; otherwise, transfer the quota to -+ * another client in the same group. - */ -- if (TCP_CLIENT(client)) { -- client->mortal = true; -+ if (!ISC_LINK_LINKED(client, glink) || -+ (client->glink.next == NULL && -+ client->glink.prev == NULL)) -+ { -+ isc_quota_detach(&client->tcpquota); -+ } else if (client->glink.next != NULL) { -+ INSIST(client->glink.next->tcpquota == NULL); -+ client->glink.next->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; -+ } else { -+ INSIST(client->glink.prev->tcpquota == NULL); -+ client->glink.prev->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; - } - } - -+ /* -+ * Unlink from pipeline group. -+ */ -+ if (ISC_LINK_LINKED(client, glink)) { -+ if (client->glink.next != NULL) { -+ client->glink.next->glink.prev = -+ client->glink.prev; -+ } -+ if (client->glink.prev != NULL) { -+ client->glink.prev->glink.next = -+ client->glink.next; -+ } -+ ISC_LINK_INIT(client, glink); -+ } -+ - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) { - * that already. Check whether this client needs to remain - * active and force it to go inactive if not. - * -- * UDP clients go inactive at this point, but TCP clients -- * may remain active if we have fewer active TCP client -- * objects than desired due to an earlier quota exhaustion. -+ * UDP clients go inactive at this point, but a TCP client -+ * will needs to remain active if no other clients are -+ * listening for TCP requests on this interface, to -+ * prevent this interface from going nonresponsive. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpcurrent < -- client->interface->ntcptarget) -+ if (client->interface->ntcpaccepting == 0) { - client->mortal = false; -+ } - UNLOCK(&client->interface->lock); - } - -@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) { - * queue for recycling. - */ - if (client->mortal) { -- if (client->newstate > NS_CLIENTSTATE_INACTIVE) -+ if (client->newstate > NS_CLIENTSTATE_INACTIVE) { - client->newstate = NS_CLIENTSTATE_INACTIVE; -+ } - } - - if (NS_CLIENTSTATE_READY == client->newstate) { - if (TCP_CLIENT(client)) { - client_accept(client); -- } else -+ } else { - client_udprecv(client); -+ } - client->newstate = NS_CLIENTSTATE_MAX; - return (true); - } -@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) { - /* - * We are trying to enter the inactive state. - */ -- if (client->naccepts > 0) -+ if (client->naccepts > 0) { - isc_socket_cancel(client->tcplistener, client->task, - ISC_SOCKCANCEL_ACCEPT); -+ } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) -+ if (! (client->naccepts == 0)) { - return (true); -+ } - - /* Accept cancel is complete. */ -- if (client->nrecvs > 0) -+ if (client->nrecvs > 0) { - isc_socket_cancel(client->udpsocket, client->task, - ISC_SOCKCANCEL_RECV); -+ } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) -+ if (! (client->nrecvs == 0)) { - return (true); -+ } - - /* Still waiting for control event to be delivered */ -- if (client->nctls > 0) -+ if (client->nctls > 0) { - return (true); -- -- /* Deactivate the client. */ -- if (client->interface) -- ns_interface_detach(&client->interface); -+ } - - INSIST(client->naccepts == 0); - INSIST(client->recursionquota == NULL); -- if (client->tcplistener != NULL) -+ if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); - -- if (client->udpsocket != NULL) -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } -+ } -+ if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -+ } - -- if (client->dispatch != NULL) -+ /* Deactivate the client. */ -+ if (client->interface != NULL) { -+ ns_interface_detach(&client->interface); -+ } -+ -+ if (client->dispatch != NULL) { - dns_dispatch_detach(&client->dispatch); -+ } - - client->attributes = 0; - client->mortal = false; -@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) { - client->newstate = NS_CLIENTSTATE_MAX; - if (!ns_g_clienttest && manager != NULL && - !manager->exiting) -+ { - ISC_QUEUE_PUSH(manager->inactive, client, - ilink); -- if (client->needshutdown) -+ } -+ if (client->needshutdown) { - isc_task_shutdown(client->task); -+ } - return (true); - } - } -@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) { - } - } - -- - /*% - * The client's task has received a shutdown event. - */ -@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) -+ if (client->message->opcode != dns_opcode_query) { - client->pipelined = false; -+ } - if (TCP_CLIENT(client) && client->pipelined) { -- result = isc_quota_reserve(&ns_g_server->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -+ result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(read): %s", -- isc_result_totext(result)); - client->pipelined = false; - } - } -@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->filter_aaaa = dns_aaaa_ok; - #endif - client->needshutdown = ns_g_clienttest; -+ client->tcpactive = false; - - ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, - NS_EVENT_CLIENTCONTROL, client_start, client, client, -@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -+ ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - - INSIST(client->state == NS_CLIENTSTATE_READY); - -+ /* -+ * The accept() was successful and we're now establishing a new -+ * connection. We need to make note of it in the client and -+ * interface objects so client objects can do the right thing -+ * when going inactive in exit_check() (see comments in -+ * client_accept() for details). -+ */ - INSIST(client->naccepts == 1); - client->naccepts--; - - LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpcurrent > 0); -- client->interface->ntcpcurrent--; -+ INSIST(client->interface->ntcpaccepting > 0); -+ client->interface->ntcpaccepting--; - UNLOCK(&client->interface->lock); - - /* -@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - } - - if (exit_check(client)) -@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * deny service to legitimate TCP clients. - */ - client->pipelined = false; -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -- if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(accept): %s", -- isc_result_totext(result)); -- } else if (ns_g_server->keepresporder == NULL || -- !allowed(&netaddr, NULL, NULL, 0, NULL, -- ns_g_server->keepresporder)) { -+ result = ns_client_replace(client); -+ if (result == ISC_R_SUCCESS && -+ (client->sctx->keepresporder == NULL || -+ !allowed(&netaddr, NULL, NULL, 0, NULL, -+ ns_g_server->keepresporder))) -+ { - client->pipelined = true; - } - -@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) { - - CTRACE("accept"); - -+ /* -+ * The tcpquota object can only be simultaneously referenced a -+ * pre-defined number of times; this is configured by 'tcp-clients' -+ * in named.conf. If we can't attach to it here, that means the TCP -+ * client quota has been exceeded. -+ */ -+ result = isc_quota_attach(&client->sctx->tcpquota, -+ &client->tcpquota); -+ if (result != ISC_R_SUCCESS) { -+ bool exit; -+ -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -+ "no more TCP clients: %s", -+ isc_result_totext(result)); -+ -+ /* -+ * We have exceeded the system-wide TCP client -+ * quota. But, we can't just block this accept -+ * in all cases, because if we did, a heavy TCP -+ * load on other interfaces might cause this -+ * interface to be starved, with no clients able -+ * to accept new connections. -+ * -+ * So, we check here to see if any other client -+ * is already servicing TCP queries on this -+ * interface (whether accepting, reading, or -+ * processing). -+ * -+ * If so, then it's okay *not* to call -+ * accept - we can let this client to go inactive -+ * and the other one handle the next connection -+ * when it's ready. -+ * -+ * But if not, then we need to be a little bit -+ * flexible about the quota. We allow *one* extra -+ * TCP client through, to ensure we're listening on -+ * every interface. -+ * -+ * (Note: In practice this means that the *real* -+ * TCP client quota is tcp-clients plus the number -+ * of interfaces.) -+ */ -+ LOCK(&client->interface->lock); -+ exit = (client->interface->ntcpactive > 0); -+ UNLOCK(&client->interface->lock); -+ -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } -+ } -+ -+ /* -+ * By incrementing the interface's ntcpactive counter we signal -+ * that there is at least one client servicing TCP queries for the -+ * interface. -+ * -+ * We also make note of the fact in the client itself with the -+ * tcpactive flag. This ensures proper accounting by preventing -+ * us from accidentally incrementing or decrementing ntcpactive -+ * more than once per client object. -+ */ -+ if (!client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ } -+ - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); - if (result != ISC_R_SUCCESS) { -- UNEXPECTED_ERROR(__FILE__, __LINE__, -- "isc_socket_accept() failed: %s", -- isc_result_totext(result)); - /* - * XXXRTH What should we do? We're trying to accept but - * it didn't work. If we just give up, then TCP -@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) { - * - * For now, we just go idle. - */ -+ UNEXPECTED_ERROR(__FILE__, __LINE__, -+ "isc_socket_accept() failed: %s", -+ isc_result_totext(result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - return; - } -+ -+ /* -+ * The client's 'naccepts' counter indicates that this client has -+ * called accept() and is waiting for a new connection. It should -+ * never exceed 1. -+ */ - INSIST(client->naccepts == 0); - client->naccepts++; -+ -+ /* -+ * The interface's 'ntcpaccepting' counter is incremented when -+ * any client calls accept(), and decremented in client_newconn() -+ * once the connection is established. -+ * -+ * When the client object is shutting down after handling a TCP -+ * request (see exit_check()), it looks to see whether this value is -+ * non-zero. If so, that means another client has already called -+ * accept() and is waiting to establish the next connection, which -+ * means the first client is free to go inactive. Otherwise, -+ * the first client must come back and call accept() again; this -+ * guarantees there will always be at least one client listening -+ * for new TCP connections on each interface. -+ */ - LOCK(&client->interface->lock); -- client->interface->ntcpcurrent++; -+ client->interface->ntcpaccepting++; - UNLOCK(&client->interface->lock); - } - -@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) { - tcp = TCP_CLIENT(client); - if (tcp && client->pipelined) { - result = get_worker(client->manager, client->interface, -- client->tcpsocket); -+ client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, - client->dispatch, tcp); - } -- if (result != ISC_R_SUCCESS) -+ if (result != ISC_R_SUCCESS) { - return (result); -+ } - - /* - * The responsibility for listening for new requests is hereby -@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -+ - } else { - isc_socket_t *sock; - -@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - } - - static isc_result_t --get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) -+get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, -+ ns_client_t *oldclient) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - MTRACE("get worker"); - - REQUIRE(manager != NULL); -+ REQUIRE(oldclient != NULL); - - if (manager->exiting) - return (ISC_R_SHUTTINGDOWN); -@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -+ -+ /* -+ * Transfer TCP quota to the new client. -+ */ -+ INSIST(client->tcpquota == NULL); -+ INSIST(oldclient->tcpquota != NULL); -+ client->tcpquota = oldclient->tcpquota; -+ oldclient->tcpquota = NULL; -+ -+ /* -+ * Link to a pipeline group, creating it if needed. -+ */ -+ if (!ISC_LINK_LINKED(oldclient, glink)) { -+ oldclient->glink.next = NULL; -+ oldclient->glink.prev = NULL; -+ } -+ client->glink.next = oldclient->glink.next; -+ client->glink.prev = oldclient; -+ if (oldclient->glink.next != NULL) { -+ oldclient->glink.next->glink.prev = client; -+ } -+ oldclient->glink.next = client; - - client->dscp = ifp->dscp; - -@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ -+ client->tcpactive = true; -+ - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index b23a7b191d..1f7973f9c5 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -94,7 +94,8 @@ struct ns_client { - int nupdates; - int nctls; - int references; -- bool needshutdown; /* -+ bool tcpactive; -+ bool needshutdown; /* - * Used by clienttest to get - * the client to go from - * inactive to free state -@@ -130,9 +131,9 @@ struct ns_client { - isc_stdtime_t now; - isc_time_t tnow; - dns_name_t signername; /*%< [T]SIG key name */ -- dns_name_t * signer; /*%< NULL if not valid sig */ -- bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -+ dns_name_t *signer; /*%< NULL if not valid sig */ -+ bool mortal; /*%< Die after handling request */ -+ bool pipelined; /*%< TCP queries not in sequence */ - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -143,8 +144,8 @@ struct ns_client { - isc_sockaddr_t destsockaddr; - - isc_netaddr_t ecs_addr; /*%< EDNS client subnet */ -- uint8_t ecs_addrlen; -- uint8_t ecs_scope; -+ uint8_t ecs_addrlen; -+ uint8_t ecs_scope; - - struct in6_pktinfo pktinfo; - isc_dscp_t dscp; -@@ -166,6 +167,7 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -+ ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 7d1883e1e8..61b08826a6 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -77,9 +77,14 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcptarget; /*%< Desired number of concurrent -- TCP accepts */ -- int ntcpcurrent; /*%< Current ditto, locked */ -+ int ntcpaccepting; /*%< Number of clients -+ ready to accept new -+ TCP connections on this -+ interface */ -+ int ntcpactive; /*%< Number of clients -+ servicing TCP queries -+ (whether accepting or -+ connected) */ - int nudpdispatch; /*%< Number of UDP dispatches */ - ns_clientmgr_t * clientmgr; /*%< Client manager. */ - ISC_LINK(ns_interface_t) link; -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 419927bf54..955096ef47 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcptarget = 1; -- ifp->ntcpcurrent = 0; -+ ifp->ntcpaccepting = 0; -+ ifp->ntcpactive = 0; - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) { - */ - (void)isc_socket_filter(ifp->tcpsocket, "dataready"); - -- result = ns_clientmgr_createclients(ifp->clientmgr, -- ifp->ntcptarget, ifp, -- true); -+ result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "TCP ns_clientmgr_createclients(): %s", --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch deleted file mode 100644 index 032cfb8c44..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch +++ /dev/null @@ -1,278 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1] - -Signed-off-by: Kai Kang - -From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= -Date: Thu, 17 Jan 2019 15:53:38 +0100 -Subject: [PATCH 3/6] use reference counter for pipeline groups (v3) - -Track pipeline groups using a shared reference counter -instead of a linked list. - -(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91) -(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb) ---- - bin/named/client.c | 171 ++++++++++++++++++++----------- - bin/named/include/named/client.h | 2 +- - 2 files changed, 110 insertions(+), 63 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index a7b49a0f71..277656cef0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - } - -+/*% -+ * Allocate a reference counter that will track the number of client structures -+ * using the TCP connection that 'client' called accept() for. This counter -+ * will be shared between all client structures associated with this TCP -+ * connection. -+ */ -+static void -+pipeline_init(ns_client_t *client) { -+ isc_refcount_t *refs; -+ -+ REQUIRE(client->pipeline_refs == NULL); -+ -+ /* -+ * A global memory context is used for the allocation as different -+ * client structures may have different memory contexts assigned and a -+ * reference counter allocated here might need to be freed by a -+ * different client. The performance impact caused by memory context -+ * contention here is expected to be negligible, given that this code -+ * is only executed for TCP connections. -+ */ -+ refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ isc_refcount_init(refs, 1); -+ client->pipeline_refs = refs; -+} -+ -+/*% -+ * Increase the count of client structures using the TCP connection that -+ * 'source' is associated with and put a pointer to that count in 'target', -+ * thus associating it with the same TCP connection. -+ */ -+static void -+pipeline_attach(ns_client_t *source, ns_client_t *target) { -+ int old_refs; -+ -+ REQUIRE(source->pipeline_refs != NULL); -+ REQUIRE(target->pipeline_refs == NULL); -+ -+ old_refs = isc_refcount_increment(source->pipeline_refs); -+ INSIST(old_refs > 0); -+ target->pipeline_refs = source->pipeline_refs; -+} -+ -+/*% -+ * Decrease the count of client structures using the TCP connection that -+ * 'client' is associated with. If this is the last client using this TCP -+ * connection, free the reference counter and return true; otherwise, return -+ * false. -+ */ -+static bool -+pipeline_detach(ns_client_t *client) { -+ isc_refcount_t *refs; -+ int old_refs; -+ -+ REQUIRE(client->pipeline_refs != NULL); -+ -+ refs = client->pipeline_refs; -+ client->pipeline_refs = NULL; -+ -+ old_refs = isc_refcount_decrement(refs); -+ INSIST(old_refs > 0); -+ -+ if (old_refs == 1) { -+ isc_mem_free(client->sctx->mctx, refs); -+ return (true); -+ } -+ -+ return (false); -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -+ if (client->tcpquota != NULL) { -+ if (client->pipeline_refs == NULL || -+ pipeline_detach(client)) -+ { -+ /* -+ * Only detach from the TCP client quota if -+ * there are no more client structures using -+ * this TCP connection. -+ * -+ * Note that we check 'pipeline_refs' and not -+ * 'pipelined' because in some cases (e.g. -+ * after receiving a request with an opcode -+ * different than QUERY) 'pipelined' is set to -+ * false after the reference counter gets -+ * allocated in pipeline_init() and we must -+ * still drop our reference as failing to do so -+ * would prevent the reference counter itself -+ * from being freed. -+ */ -+ isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * There are other client structures using this -+ * TCP connection, so we cannot detach from the -+ * TCP client quota to prevent excess TCP -+ * connections from being accepted. However, -+ * this client structure might later be reused -+ * for accepting new connections and thus must -+ * have its 'tcpquota' field set to NULL. -+ */ -+ client->tcpquota = NULL; -+ } -+ } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) { - } - } - -- if (client->tcpquota != NULL) { -- /* -- * If we are not in a pipeline group, or -- * we are the last client in the group, detach from -- * tcpquota; otherwise, transfer the quota to -- * another client in the same group. -- */ -- if (!ISC_LINK_LINKED(client, glink) || -- (client->glink.next == NULL && -- client->glink.prev == NULL)) -- { -- isc_quota_detach(&client->tcpquota); -- } else if (client->glink.next != NULL) { -- INSIST(client->glink.next->tcpquota == NULL); -- client->glink.next->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } else { -- INSIST(client->glink.prev->tcpquota == NULL); -- client->glink.prev->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } -- } -- -- /* -- * Unlink from pipeline group. -- */ -- if (ISC_LINK_LINKED(client, glink)) { -- if (client->glink.next != NULL) { -- client->glink.next->glink.prev = -- client->glink.prev; -- } -- if (client->glink.prev != NULL) { -- client->glink.prev->glink.next = -- client->glink.next; -- } -- ISC_LINK_INIT(client, glink); -- } -- - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - dns_name_init(&client->signername, NULL); - client->mortal = false; - client->pipelined = false; -+ client->pipeline_refs = NULL; - client->tcpquota = NULL; - client->recursionquota = NULL; - client->interface = NULL; -@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -- ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -+ pipeline_init(client); - client->pipelined = true; - } - -@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- -- /* -- * Transfer TCP quota to the new client. -- */ -- INSIST(client->tcpquota == NULL); -- INSIST(oldclient->tcpquota != NULL); -- client->tcpquota = oldclient->tcpquota; -- oldclient->tcpquota = NULL; -- -- /* -- * Link to a pipeline group, creating it if needed. -- */ -- if (!ISC_LINK_LINKED(oldclient, glink)) { -- oldclient->glink.next = NULL; -- oldclient->glink.prev = NULL; -- } -- client->glink.next = oldclient->glink.next; -- client->glink.prev = oldclient; -- if (oldclient->glink.next != NULL) { -- oldclient->glink.next->glink.prev = client; -- } -- oldclient->glink.next = client; -+ client->tcpquota = &client->sctx->tcpquota; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; -- client->pipelined = true; - client->mortal = true; - -+ pipeline_attach(oldclient, client); -+ client->pipelined = true; -+ - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); - isc_socket_setname(client->tcpsocket, "worker-tcp", NULL); -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index 1f7973f9c5..aeed9ccdda 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -134,6 +134,7 @@ struct ns_client { - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ - bool pipelined; /*%< TCP queries not in sequence */ -+ isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -167,7 +168,6 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -- ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch b/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch deleted file mode 100644 index 034ab13303..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch +++ /dev/null @@ -1,512 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08] - -Signed-off-by: Kai Kang - -From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001 -From: Evan Hunt -Date: Fri, 5 Apr 2019 16:12:18 -0700 -Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks - -- ensure that tcpactive is cleaned up correctly when accept() fails. -- set 'client->tcpattached' when the client is attached to the tcpquota. - carry this value on to new clients sharing the same pipeline group. - don't call isc_quota_detach() on the tcpquota unless tcpattached is - set. this way clients that were allowed to accept TCP connections - despite being over quota (and therefore, were never attached to the - quota) will not inadvertently detach from it and mess up the - accounting. -- simplify the code for tcpquota disconnection by using a new function - tcpquota_disconnect(). -- before deciding whether to reject a new connection due to quota - exhaustion, check to see whether there are at least two active - clients. previously, this was "at least one", but that could be - insufficient if there was one other client in READING state (waiting - for messages on an open connection) but none in READY (listening - for new connections). -- before deciding whether a TCP client object can to go inactive, we - must ensure there are enough other clients to maintain service - afterward -- both accepting new connections and reading/processing new - queries. A TCP client can't shut down unless at least one - client is accepting new connections and (in the case of pipelined - clients) at least one additional client is waiting to read. - -(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900) -(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856) -(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3) ---- - bin/named/client.c | 244 +++++++++++++++++++------------ - bin/named/include/named/client.h | 3 +- - 2 files changed, 152 insertions(+), 95 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 277656cef0..61e96dd28c 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp); -+ dns_dispatch_t *disp, ns_client_t *oldclient, -+ bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool - allowed(isc_netaddr_t *addr, dns_name_t *signer, - isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -- uint8_t *ecs_scope, dns_acl_t *acl) -+ uint8_t *ecs_scope, dns_acl_t *acl); - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); - isc_refcount_init(refs, 1); - client->pipeline_refs = refs; - } -@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) { - */ - static void - pipeline_attach(ns_client_t *source, ns_client_t *target) { -- int old_refs; -+ int refs; - - REQUIRE(source->pipeline_refs != NULL); - REQUIRE(target->pipeline_refs == NULL); - -- old_refs = isc_refcount_increment(source->pipeline_refs); -- INSIST(old_refs > 0); -+ isc_refcount_increment(source->pipeline_refs, &refs); -+ INSIST(refs > 1); - target->pipeline_refs = source->pipeline_refs; - } - -@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) { - */ - static bool - pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refs; -- int old_refs; -+ isc_refcount_t *refcount; -+ int refs; - - REQUIRE(client->pipeline_refs != NULL); - -- refs = client->pipeline_refs; -+ refcount = client->pipeline_refs; - client->pipeline_refs = NULL; - -- old_refs = isc_refcount_decrement(refs); -- INSIST(old_refs > 0); -+ isc_refcount_decrement(refcount, refs); - -- if (old_refs == 1) { -- isc_mem_free(client->sctx->mctx, refs); -+ if (refs == 0) { -+ isc_mem_free(ns_g_mctx, refs); - return (true); - } - - return (false); - } - -+/* -+ * Detach a client from the TCP client quota if appropriate, and set -+ * the quota pointer to NULL. -+ * -+ * Sometimes when the TCP client quota is exhausted but there are no other -+ * clients servicing the interface, a client will be allowed to continue -+ * running despite not having been attached to the quota. In this event, -+ * the TCP quota was never attached to the client, so when the client (or -+ * associated pipeline group) shuts down, the quota must NOT be detached. -+ * -+ * Otherwise, if the quota pointer is set, it should be detached. If not -+ * set at all, we just return without doing anything. -+ */ -+static void -+tcpquota_disconnect(ns_client_t *client) { -+ if (client->tcpquota == NULL) { -+ return; -+ } -+ -+ if (client->tcpattached) { -+ isc_quota_detach(&client->tcpquota); -+ client->tcpattached = false; -+ } else { -+ client->tcpquota = NULL; -+ } -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -- if (client->tcpquota != NULL) { -- if (client->pipeline_refs == NULL || -- pipeline_detach(client)) -- { -- /* -- * Only detach from the TCP client quota if -- * there are no more client structures using -- * this TCP connection. -- * -- * Note that we check 'pipeline_refs' and not -- * 'pipelined' because in some cases (e.g. -- * after receiving a request with an opcode -- * different than QUERY) 'pipelined' is set to -- * false after the reference counter gets -- * allocated in pipeline_init() and we must -- * still drop our reference as failing to do so -- * would prevent the reference counter itself -- * from being freed. -- */ -- isc_quota_detach(&client->tcpquota); -- } else { -- /* -- * There are other client structures using this -- * TCP connection, so we cannot detach from the -- * TCP client quota to prevent excess TCP -- * connections from being accepted. However, -- * this client structure might later be reused -- * for accepting new connections and thus must -- * have its 'tcpquota' field set to NULL. -- */ -- client->tcpquota = NULL; -- } -+ /* -+ * Detach from pipeline group and from TCP client quota, -+ * if appropriate. -+ * -+ * - If no pipeline group is active, attempt to -+ * detach from the TCP client quota. -+ * -+ * - If a pipeline group is active, detach from it; -+ * if the return code indicates that there no more -+ * clients left if this pipeline group, we also detach -+ * from the TCP client quota. -+ * -+ * - Otherwise we don't try to detach, we just set the -+ * TCP quota pointer to NULL if it wasn't NULL already. -+ * -+ * tcpquota_disconnect() will set tcpquota to NULL, either -+ * by detaching it or by assignment, depending on the -+ * needs of the client. See the comments on that function -+ * for further information. -+ */ -+ if (client->pipeline_refs == NULL || pipeline_detach(client)) { -+ tcpquota_disconnect(client); -+ } else { -+ client->tcpquota = NULL; -+ client->tcpattached = false; - } - - if (client->tcpsocket != NULL) { -@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) { - client->timerset = false; - } - -- client->pipelined = false; -- - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) { - * active and force it to go inactive if not. - * - * UDP clients go inactive at this point, but a TCP client -- * will needs to remain active if no other clients are -- * listening for TCP requests on this interface, to -- * prevent this interface from going nonresponsive. -+ * may need to remain active and go into ready state if -+ * no other clients are available to listen for TCP -+ * requests on this interface or (in the case of pipelined -+ * clients) to read for additional messages on the current -+ * connection. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpaccepting == 0) { -+ if ((client->interface->ntcpaccepting == 0 || -+ (client->pipelined && -+ client->interface->ntcpactive < 2)) && -+ client->newstate != NS_CLIENTSTATE_FREED) -+ { - client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; - } - UNLOCK(&client->interface->lock); - } - -+ client->pipelined = false; -+ - /* - * We don't need the client; send it to the inactive - * queue for recycling. -@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - } - if (TCP_CLIENT(client) && client->pipelined) { -+ /* -+ * We're pipelining. Replace the client; the -+ * the replacement can read the TCP socket looking -+ * for new messages and this client can process the -+ * current message asynchronously. -+ * -+ * There are now at least three clients using this -+ * TCP socket - one accepting new connections, -+ * one reading an existing connection to get new -+ * messages, and one answering the message already -+ * received. -+ */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { - client->pipelined = false; -@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->pipelined = false; - client->pipeline_refs = NULL; - client->tcpquota = NULL; -+ client->tcpattached = false; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } -+ tcpquota_disconnect(client); - } - - if (exit_check(client)) -@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && -- (client->sctx->keepresporder == NULL || -+ (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) { - * in named.conf. If we can't attach to it here, that means the TCP - * client quota has been exceeded. - */ -- result = isc_quota_attach(&client->sctx->tcpquota, -+ result = isc_quota_attach(&ns_g_server->tcpquota, - &client->tcpquota); - if (result != ISC_R_SUCCESS) { - bool exit; -@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) { - * interface to be starved, with no clients able - * to accept new connections. - * -- * So, we check here to see if any other client -- * is already servicing TCP queries on this -+ * So, we check here to see if any other clients -+ * are already servicing TCP queries on this - * interface (whether accepting, reading, or -- * processing). -- * -- * If so, then it's okay *not* to call -- * accept - we can let this client to go inactive -- * and the other one handle the next connection -- * when it's ready. -+ * processing). If there are at least two -+ * (one reading and one processing a request) -+ * then it's okay *not* to call accept - we -+ * can let this client go inactive and another -+ * one will resume accepting when it's done. - * -- * But if not, then we need to be a little bit -- * flexible about the quota. We allow *one* extra -- * TCP client through, to ensure we're listening on -- * every interface. -+ * If there aren't enough active clients on the -+ * interface, then we can be a little bit -+ * flexible about the quota. We'll allow *one* -+ * extra client through to ensure we're listening -+ * on every interface. - * -- * (Note: In practice this means that the *real* -- * TCP client quota is tcp-clients plus the number -- * of interfaces.) -+ * (Note: In practice this means that the real -+ * TCP client quota is tcp-clients plus the -+ * number of listening interfaces plus 2.) - */ - LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 0); -+ exit = (client->interface->ntcpactive > 1); - UNLOCK(&client->interface->lock); - - if (exit) { -@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) { - (void)exit_check(client); - return; - } -+ -+ } else { -+ client->tcpattached = true; - } - - /* -@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_socket_accept() failed: %s", - isc_result_totext(result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -+ -+ tcpquota_disconnect(client); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; - } -+ - return; - } - -@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) { - * once the connection is established. - * - * When the client object is shutting down after handling a TCP -- * request (see exit_check()), it looks to see whether this value is -- * non-zero. If so, that means another client has already called -- * accept() and is waiting to establish the next connection, which -- * means the first client is free to go inactive. Otherwise, -- * the first client must come back and call accept() again; this -- * guarantees there will always be at least one client listening -- * for new TCP connections on each interface. -+ * request (see exit_check()), if this value is at least one, that -+ * means another client has called accept() and is waiting to -+ * establish the next connection. That means the client may be -+ * be free to become inactive; otherwise it may need to start -+ * listening for connections itself to prevent the interface -+ * going dead. - */ - LOCK(&client->interface->lock); - client->interface->ntcpaccepting++; -@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) { - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, tcp); -+ client->dispatch, client, tcp); -+ -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; -- - return (ISC_R_SUCCESS); - } - -@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp) -+ dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -+ client->tcpattached = false; -+ if (oldclient != NULL) { -+ client->tcpattached = oldclient->tcpattached; -+ } -+ -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &client->sctx->tcpquota; -+ client->tcpquota = &ns_g_server->tcpquota; -+ client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - -@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - LOCK(&client->interface->lock); - client->interface->ntcpactive++; - UNLOCK(&client->interface->lock); -- - client->tcpactive = true; - - INSIST(client->tcpmsg_valid == false); -@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], -+ NULL, tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index aeed9ccdda..e2c40acd28 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */ -- - #ifndef NAMED_CLIENT_H - #define NAMED_CLIENT_H 1 - -@@ -136,6 +134,7 @@ struct ns_client { - bool pipelined; /*%< TCP queries not in sequence */ - isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; -+ bool tcpattached; - isc_quota_t *recursionquota; - ns_interface_t *interface; - --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch b/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch deleted file mode 100644 index 987e75bc0e..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch +++ /dev/null @@ -1,911 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6] - -Signed-off-by: Kai Kang - -From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001 -From: Evan Hunt -Date: Fri, 5 Apr 2019 16:26:05 -0700 -Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case - overrun in isc_quota - -- if the TCP quota has been exceeded but there are no clients listening - for new connections on the interface, we can now force attachment to the - quota using isc_quota_force(), instead of carrying on with the quota not - attached. -- the TCP client quota is now referenced via a reference-counted - 'ns_tcpconn' object, one of which is created whenever a client begins - listening for new connections, and attached to by members of that - client's pipeline group. when the last reference to the tcpconn - object is detached, it is freed and the TCP quota slot is released. -- reduce code duplication by adding mark_tcp_active() function. -- convert counters to atomic. - -(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b) -(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46) -(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9) ---- - bin/named/client.c | 444 +++++++++++-------------- - bin/named/include/named/client.h | 12 +- - bin/named/include/named/interfacemgr.h | 6 +- - bin/named/interfacemgr.c | 1 + - lib/isc/include/isc/quota.h | 7 + - lib/isc/quota.c | 33 +- - lib/isc/win32/libisc.def.in | 1 + - 7 files changed, 236 insertions(+), 268 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 61e96dd28c..d826ab32bf 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, -- bool tcp); -+ dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool -@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - - /*% -- * Allocate a reference counter that will track the number of client structures -- * using the TCP connection that 'client' called accept() for. This counter -- * will be shared between all client structures associated with this TCP -- * connection. -+ * Allocate a reference-counted object that will maintain a single pointer to -+ * the (also reference-counted) TCP client quota, shared between all the -+ * clients processing queries on a single TCP connection, so that all -+ * clients sharing the one socket will together consume only one slot in -+ * the 'tcp-clients' quota. - */ --static void --pipeline_init(ns_client_t *client) { -- isc_refcount_t *refs; -+static isc_result_t -+tcpconn_init(ns_client_t *client, bool force) { -+ isc_result_t result; -+ isc_quota_t *quota = NULL; -+ ns_tcpconn_t *tconn = NULL; - -- REQUIRE(client->pipeline_refs == NULL); -+ REQUIRE(client->tcpconn == NULL); -+ -+ /* -+ * Try to attach to the quota first, so we won't pointlessly -+ * allocate memory for a tcpconn object if we can't get one. -+ */ -+ if (force) { -+ result = isc_quota_force(&ns_g_server->tcpquota, "a); -+ } else { -+ result = isc_quota_attach(&ns_g_server->tcpquota, "a); -+ } -+ if (result != ISC_R_SUCCESS) { -+ return (result); -+ } - - /* - * A global memory context is used for the allocation as different -@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); -- isc_refcount_init(refs, 1); -- client->pipeline_refs = refs; -+ tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn)); -+ -+ isc_refcount_init(&tconn->refs, 1); -+ tconn->tcpquota = quota; -+ quota = NULL; -+ tconn->pipelined = false; -+ -+ client->tcpconn = tconn; -+ -+ return (ISC_R_SUCCESS); - } - - /*% -- * Increase the count of client structures using the TCP connection that -- * 'source' is associated with and put a pointer to that count in 'target', -- * thus associating it with the same TCP connection. -+ * Increase the count of client structures sharing the TCP connection -+ * that 'source' is associated with; add a pointer to the same tcpconn -+ * to 'target', thus associating it with the same TCP connection. - */ - static void --pipeline_attach(ns_client_t *source, ns_client_t *target) { -+tcpconn_attach(ns_client_t *source, ns_client_t *target) { - int refs; - -- REQUIRE(source->pipeline_refs != NULL); -- REQUIRE(target->pipeline_refs == NULL); -+ REQUIRE(source->tcpconn != NULL); -+ REQUIRE(target->tcpconn == NULL); -+ REQUIRE(source->tcpconn->pipelined); - -- isc_refcount_increment(source->pipeline_refs, &refs); -+ isc_refcount_increment(&source->tcpconn->refs, &refs); - INSIST(refs > 1); -- target->pipeline_refs = source->pipeline_refs; -+ target->tcpconn = source->tcpconn; - } - - /*% -- * Decrease the count of client structures using the TCP connection that -+ * Decrease the count of client structures sharing the TCP connection that - * 'client' is associated with. If this is the last client using this TCP -- * connection, free the reference counter and return true; otherwise, return -- * false. -+ * connection, we detach from the TCP quota and free the tcpconn -+ * object. Either way, client->tcpconn is set to NULL. - */ --static bool --pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refcount; -+static void -+tcpconn_detach(ns_client_t *client) { -+ ns_tcpconn_t *tconn = NULL; - int refs; - -- REQUIRE(client->pipeline_refs != NULL); -- -- refcount = client->pipeline_refs; -- client->pipeline_refs = NULL; -+ REQUIRE(client->tcpconn != NULL); - -- isc_refcount_decrement(refcount, refs); -+ tconn = client->tcpconn; -+ client->tcpconn = NULL; - -+ isc_refcount_decrement(&tconn->refs, &refs); - if (refs == 0) { -- isc_mem_free(ns_g_mctx, refs); -- return (true); -+ isc_quota_detach(&tconn->tcpquota); -+ isc_mem_free(ns_g_mctx, tconn); - } -- -- return (false); - } - --/* -- * Detach a client from the TCP client quota if appropriate, and set -- * the quota pointer to NULL. -- * -- * Sometimes when the TCP client quota is exhausted but there are no other -- * clients servicing the interface, a client will be allowed to continue -- * running despite not having been attached to the quota. In this event, -- * the TCP quota was never attached to the client, so when the client (or -- * associated pipeline group) shuts down, the quota must NOT be detached. -+/*% -+ * Mark a client as active and increment the interface's 'ntcpactive' -+ * counter, as a signal that there is at least one client servicing -+ * TCP queries for the interface. If we reach the TCP client quota at -+ * some point, this will be used to determine whether a quota overrun -+ * should be permitted. - * -- * Otherwise, if the quota pointer is set, it should be detached. If not -- * set at all, we just return without doing anything. -+ * Marking the client active with the 'tcpactive' flag ensures proper -+ * accounting, by preventing us from incrementing or decrementing -+ * 'ntcpactive' more than once per client. - */ - static void --tcpquota_disconnect(ns_client_t *client) { -- if (client->tcpquota == NULL) { -- return; -- } -- -- if (client->tcpattached) { -- isc_quota_detach(&client->tcpquota); -- client->tcpattached = false; -- } else { -- client->tcpquota = NULL; -+mark_tcp_active(ns_client_t *client, bool active) { -+ if (active && !client->tcpactive) { -+ isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ client->tcpactive = active; -+ } else if (!active && client->tcpactive) { -+ uint32_t old = -+ isc_atomic_xadd(&client->interface->ntcpactive, -1); -+ INSIST(old > 0); -+ client->tcpactive = active; - } - } - -@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - - if (NS_CLIENTSTATE_READING == client->newstate) { -- if (!client->pipelined) { -+ INSIST(client->tcpconn != NULL); -+ if (!client->tcpconn->pipelined) { - client_read(client); - client->newstate = NS_CLIENTSTATE_MAX; - return (true); /* We're done. */ -@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_cancelread(&client->tcpmsg); - } - -- if (client->nreads != 0) { -- /* Still waiting for read cancel completion. */ -+ /* Still waiting for read cancel completion. */ -+ if (client->nreads > 0) { - return (true); - } - -@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) { - } - - /* -- * Detach from pipeline group and from TCP client quota, -- * if appropriate. -+ * Soon the client will be ready to accept a new TCP -+ * connection or UDP request, but we may have enough -+ * clients doing that already. Check whether this client -+ * needs to remain active and allow it go inactive if -+ * not. - * -- * - If no pipeline group is active, attempt to -- * detach from the TCP client quota. -+ * UDP clients always go inactive at this point, but a TCP -+ * client may need to stay active and return to READY -+ * state if no other clients are available to listen -+ * for TCP requests on this interface. - * -- * - If a pipeline group is active, detach from it; -- * if the return code indicates that there no more -- * clients left if this pipeline group, we also detach -- * from the TCP client quota. -- * -- * - Otherwise we don't try to detach, we just set the -- * TCP quota pointer to NULL if it wasn't NULL already. -- * -- * tcpquota_disconnect() will set tcpquota to NULL, either -- * by detaching it or by assignment, depending on the -- * needs of the client. See the comments on that function -- * for further information. -+ * Regardless, if we're going to FREED state, that means -+ * the system is shutting down and we don't need to -+ * retain clients. - */ -- if (client->pipeline_refs == NULL || pipeline_detach(client)) { -- tcpquota_disconnect(client); -- } else { -- client->tcpquota = NULL; -- client->tcpattached = false; -+ if (client->mortal && TCP_CLIENT(client) && -+ client->newstate != NS_CLIENTSTATE_FREED && -+ !ns_g_clienttest && -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ { -+ /* Nobody else is accepting */ -+ client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; -+ } -+ -+ /* -+ * Detach from TCP connection and TCP client quota, -+ * if appropriate. If this is the last reference to -+ * the TCP connection in our pipeline group, the -+ * TCP quota slot will be released. -+ */ -+ if (client->tcpconn) { -+ tcpconn_detach(client); - } - - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - - if (client->timerset) { -@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) { - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -- INSIST(client->recursionquota == NULL); -- -- /* -- * Now the client is ready to accept a new TCP connection -- * or UDP request, but we may have enough clients doing -- * that already. Check whether this client needs to remain -- * active and force it to go inactive if not. -- * -- * UDP clients go inactive at this point, but a TCP client -- * may need to remain active and go into ready state if -- * no other clients are available to listen for TCP -- * requests on this interface or (in the case of pipelined -- * clients) to read for additional messages on the current -- * connection. -- */ -- if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { -- LOCK(&client->interface->lock); -- if ((client->interface->ntcpaccepting == 0 || -- (client->pipelined && -- client->interface->ntcpactive < 2)) && -- client->newstate != NS_CLIENTSTATE_FREED) -- { -- client->mortal = false; -- client->newstate = NS_CLIENTSTATE_READY; -- } -- UNLOCK(&client->interface->lock); -- } -- -- client->pipelined = false; - - /* - * We don't need the client; send it to the inactive -@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) { -+ if (client->naccepts > 0) { - return (true); - } - -@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) { -+ if (client->nrecvs > 0) { - return (true); - } - -@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) { - return; - - if (TCP_CLIENT(client)) { -- if (client->pipelined) { -+ if (client->tcpconn != NULL) { - client_read(client); - } else { - client_accept(client); -@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->nrecvs--; - } else { - INSIST(TCP_CLIENT(client)); -+ INSIST(client->tcpconn != NULL); - REQUIRE(event->ev_type == DNS_EVENT_TCPMSG); - REQUIRE(event->ev_sender == &client->tcpmsg); - buffer = &client->tcpmsg.buffer; -@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) { -- client->pipelined = false; -+ if (TCP_CLIENT(client) && -+ client->message->opcode != dns_opcode_query) -+ { -+ client->tcpconn->pipelined = false; - } -- if (TCP_CLIENT(client) && client->pipelined) { -+ if (TCP_CLIENT(client) && client->tcpconn->pipelined) { - /* - * We're pipelining. Replace the client; the -- * the replacement can read the TCP socket looking -- * for new messages and this client can process the -+ * replacement can read the TCP socket looking -+ * for new messages and this one can process the - * current message asynchronously. - * -- * There are now at least three clients using this -+ * There will now be at least three clients using this - * TCP socket - one accepting new connections, - * one reading an existing connection to get new - * messages, and one answering the message already -@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- client->pipelined = false; -+ client->tcpconn->pipelined = false; - } - } - -@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->signer = NULL; - dns_name_init(&client->signername, NULL); - client->mortal = false; -- client->pipelined = false; -- client->pipeline_refs = NULL; -- client->tcpquota = NULL; -- client->tcpattached = false; -+ client->tcpconn = NULL; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) { - - static void - client_newconn(isc_task_t *task, isc_event_t *event) { -+ isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- isc_result_t result; -+ uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpaccepting > 0); -- client->interface->ntcpaccepting--; -- UNLOCK(&client->interface->lock); -+ old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -+ INSIST(old > 0); - - /* - * We must take ownership of the new socket before the exit -@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- tcpquota_disconnect(client); -+ tcpconn_detach(client); - } - - if (exit_check(client)) -@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * telnetting to port 53 (once per CPU) will - * deny service to legitimate TCP clients. - */ -- client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && - (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -- pipeline_init(client); -- client->pipelined = true; -+ client->tcpconn->pipelined = true; - } - - client_read(client); -@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) { - CTRACE("accept"); - - /* -- * The tcpquota object can only be simultaneously referenced a -- * pre-defined number of times; this is configured by 'tcp-clients' -- * in named.conf. If we can't attach to it here, that means the TCP -- * client quota has been exceeded. -+ * Set up a new TCP connection. This means try to attach to the -+ * TCP client quota (tcp-clients), but fail if we're over quota. - */ -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -+ result = tcpconn_init(client, false); - if (result != ISC_R_SUCCESS) { -- bool exit; -+ bool exit; - -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -- "no more TCP clients: %s", -- isc_result_totext(result)); -- -- /* -- * We have exceeded the system-wide TCP client -- * quota. But, we can't just block this accept -- * in all cases, because if we did, a heavy TCP -- * load on other interfaces might cause this -- * interface to be starved, with no clients able -- * to accept new connections. -- * -- * So, we check here to see if any other clients -- * are already servicing TCP queries on this -- * interface (whether accepting, reading, or -- * processing). If there are at least two -- * (one reading and one processing a request) -- * then it's okay *not* to call accept - we -- * can let this client go inactive and another -- * one will resume accepting when it's done. -- * -- * If there aren't enough active clients on the -- * interface, then we can be a little bit -- * flexible about the quota. We'll allow *one* -- * extra client through to ensure we're listening -- * on every interface. -- * -- * (Note: In practice this means that the real -- * TCP client quota is tcp-clients plus the -- * number of listening interfaces plus 2.) -- */ -- LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 1); -- UNLOCK(&client->interface->lock); -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -+ "TCP client quota reached: %s", -+ isc_result_totext(result)); - -- if (exit) { -- client->newstate = NS_CLIENTSTATE_INACTIVE; -- (void)exit_check(client); -- return; -- } -+ /* -+ * We have exceeded the system-wide TCP client quota. But, -+ * we can't just block this accept in all cases, because if -+ * we did, a heavy TCP load on other interfaces might cause -+ * this interface to be starved, with no clients able to -+ * accept new connections. -+ * -+ * So, we check here to see if any other clients are -+ * already servicing TCP queries on this interface (whether -+ * accepting, reading, or processing). If we find at least -+ * one, then it's okay *not* to call accept - we can let this -+ * client go inactive and another will take over when it's -+ * done. -+ * -+ * If there aren't enough active clients on the interface, -+ * then we can be a little bit flexible about the quota. -+ * We'll allow *one* extra client through to ensure we're -+ * listening on every interface; we do this by setting the -+ * 'force' option to tcpconn_init(). -+ * -+ * (Note: In practice this means that the real TCP client -+ * quota is tcp-clients plus the number of listening -+ * interfaces plus 1.) -+ */ -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } - -- } else { -- client->tcpattached = true; -+ result = tcpconn_init(client, true); -+ RUNTIME_CHECK(result == ISC_R_SUCCESS); - } - - /* -- * By incrementing the interface's ntcpactive counter we signal -- * that there is at least one client servicing TCP queries for the -- * interface. -- * -- * We also make note of the fact in the client itself with the -- * tcpactive flag. This ensures proper accounting by preventing -- * us from accidentally incrementing or decrementing ntcpactive -- * more than once per client object. -+ * If this client was set up using get_client() or get_worker(), -+ * then TCP is already marked active. However, if it was restarted -+ * from exit_check(), it might not be, so we take care of it now. - */ -- if (!client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- } -+ mark_tcp_active(client, true); - - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); -@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) { - "isc_socket_accept() failed: %s", - isc_result_totext(result)); - -- tcpquota_disconnect(client); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -- -+ tcpconn_detach(client); -+ mark_tcp_active(client, false); - return; - } - -@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- LOCK(&client->interface->lock); -- client->interface->ntcpaccepting++; -- UNLOCK(&client->interface->lock); -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 1); - } - - static void -@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) { - REQUIRE(client->manager != NULL); - - tcp = TCP_CLIENT(client); -- if (tcp && client->pipelined) { -+ if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) { - result = get_worker(client->manager, client->interface, - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, client, tcp); -+ client->dispatch, tcp); - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; -+ - return (ISC_R_SUCCESS); - } - -@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) -+ dns_dispatch_t *disp, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -- client->tcpattached = false; -- if (oldclient != NULL) { -- client->tcpattached = oldclient->tcpattached; -- } -- -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -+ mark_tcp_active(client, true); - - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, -@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -- client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; - client->mortal = true; - -- pipeline_attach(oldclient, client); -- client->pipelined = true; -+ tcpconn_attach(oldclient, client); -+ mark_tcp_active(client, true); - - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); -@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], -- NULL, tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index e2c40acd28..969ee4c08f 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -78,6 +78,13 @@ - *** Types - ***/ - -+/*% reference-counted TCP connection object */ -+typedef struct ns_tcpconn { -+ isc_refcount_t refs; -+ isc_quota_t *tcpquota; -+ bool pipelined; -+} ns_tcpconn_t; -+ - /*% nameserver client structure */ - struct ns_client { - unsigned int magic; -@@ -131,10 +138,7 @@ struct ns_client { - dns_name_t signername; /*%< [T]SIG key name */ - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -- isc_refcount_t *pipeline_refs; -- isc_quota_t *tcpquota; -- bool tcpattached; -+ ns_tcpconn_t *tcpconn; - isc_quota_t *recursionquota; - ns_interface_t *interface; - -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 61b08826a6..3535ef22a8 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */ -- - #ifndef NAMED_INTERFACEMGR_H - #define NAMED_INTERFACEMGR_H 1 - -@@ -77,11 +75,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcpaccepting; /*%< Number of clients -+ int32_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int ntcpactive; /*%< Number of clients -+ int32_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 955096ef47..d9f6df5802 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - */ - ifp->ntcpaccepting = 0; - ifp->ntcpactive = 0; -+ - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h -index b9bf59877a..36c5830242 100644 ---- a/lib/isc/include/isc/quota.h -+++ b/lib/isc/include/isc/quota.h -@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p); - * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA). - */ - -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p); -+/*%< -+ * Like isc_quota_attach, but will attach '*p' to the quota -+ * even if the hard quota has been exceeded. -+ */ -+ - void - isc_quota_detach(isc_quota_t **p); - /*%< -diff --git a/lib/isc/quota.c b/lib/isc/quota.c -index 3ddff0d875..556a61f21d 100644 ---- a/lib/isc/quota.c -+++ b/lib/isc/quota.c -@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) { - UNLOCK("a->lock); - } - --isc_result_t --isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) --{ -+static isc_result_t -+doattach(isc_quota_t *quota, isc_quota_t **p, bool force) { - isc_result_t result; -- INSIST(p != NULL && *p == NULL); -+ REQUIRE(p != NULL && *p == NULL); -+ - result = isc_quota_reserve(quota); -- if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) -+ if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) { -+ *p = quota; -+ } else if (result == ISC_R_QUOTA && force) { -+ /* attach anyway */ -+ LOCK("a->lock); -+ quota->used++; -+ UNLOCK("a->lock); -+ - *p = quota; -+ result = ISC_R_SUCCESS; -+ } -+ - return (result); - } - -+isc_result_t -+isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, false)); -+} -+ -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, true)); -+} -+ - void --isc_quota_detach(isc_quota_t **p) --{ -+isc_quota_detach(isc_quota_t **p) { - INSIST(p != NULL && *p != NULL); - isc_quota_release(*p); - *p = NULL; -diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in -index a82facec0f..7b9f23d776 100644 ---- a/lib/isc/win32/libisc.def.in -+++ b/lib/isc/win32/libisc.def.in -@@ -519,6 +519,7 @@ isc_portset_removerange - isc_quota_attach - isc_quota_destroy - isc_quota_detach -+isc_quota_force - isc_quota_init - isc_quota_max - isc_quota_release --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch deleted file mode 100644 index 3821d18501..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch +++ /dev/null @@ -1,80 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9] - -Signed-off-by: Kai Kang - -From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001 -From: Evan Hunt -Date: Fri, 5 Apr 2019 16:26:19 -0700 -Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces - -in the "refactor tcpquota and pipeline refs" commit, the counting -of active interfaces was tightened in such a way that named could -fail to listen on an interface if there were more interfaces than -tcp-clients. when checking the quota to start accepting on an -interface, if the number of active clients was above zero, then -it was presumed that some other client was able to handle accepting -new connections. this, however, ignored the fact that the current client -could be included in that count, so if the quota was already exceeded -before all the interfaces were listening, some interfaces would never -listen. - -we now check whether the current client has been marked active; if so, -then the number of active clients on the interface must be greater -than 1, not 0. - -(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5) -(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41) ---- - bin/named/client.c | 8 +++++--- - doc/arm/Bv9ARM-book.xml | 3 ++- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d826ab32bf..845326abc0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) { - * - * So, we check here to see if any other clients are - * already servicing TCP queries on this interface (whether -- * accepting, reading, or processing). If we find at least -- * one, then it's okay *not* to call accept - we can let this -+ * accepting, reading, or processing). If we find that at -+ * least one client other than this one is active, then -+ * it's okay *not* to call accept - we can let this - * client go inactive and another will take over when it's - * done. - * -@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -+ (client->tcpactive ? 1 : 0)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 381768d540..9c76d3cd6f 100644 ---- a/doc/arm/Bv9ARM-book.xml -+++ b/doc/arm/Bv9ARM-book.xml -@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - - The number of file descriptors reserved for TCP, stdio, - etc. This needs to be big enough to cover the number of -- interfaces named listens on, tcp-clients as well as -+ interfaces named listens on plus -+ tcp-clients, as well as - to provide room for outgoing TCP queries and incoming zone - transfers. The default is 512. - The minimum value is 128 and the --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch b/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch deleted file mode 100644 index 1a84eca58a..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch +++ /dev/null @@ -1,140 +0,0 @@ -Backport commit to fix compile error on arm caused by commits which are -to fix CVE-2018-5743. - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780] - -Signed-off-by: Kai Kang - -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include - #include - #include -+#include - - #include - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 37e210e6da..84559e5f37 100644 --- a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 +From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -27,15 +27,16 @@ to make use of the combination some day. Upstream-Status: Inappropriate [OE Specific] Signed-off-by: Paul Gortmaker + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: bind-9.11.3/configure.in -=================================================================== ---- bind-9.11.3.orig/configure.in -+++ bind-9.11.3/configure.in -@@ -2574,7 +2574,7 @@ case "$use_libjson" in +diff --git a/configure.ac b/configure.ac +index 17392fd..e85a5c6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2449,7 +2449,7 @@ case "$use_libjson" in libjson_libs="" ;; auto|yes) diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb new file mode 100644 index 0000000000..4e64171cc1 --- /dev/null +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb @@ -0,0 +1,141 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "http://www.isc.org/sw/bind/" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" + +DEPENDS = "openssl libcap zlib" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057" +SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 +UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" + +# BIND >= 9.11.2 need dhcpd >= 4.4.0, +# don't report it here since dhcpd is already recent enough. +CVE_CHECK_WHITELIST += "CVE-2019-6470" + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script multilib_header + +MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," + +ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ + --disable-devpoll --enable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ + --with-lmdb=no \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "named.service" + +do_install_prepend() { + # clean host path in isc-config.sh before the hardlink created + # by "make install": + # bind9-config -> isc-config.sh + sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh +} + +do_install_append() { + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ + ${D}${sbindir}/dnssec-coverage \ + ${D}${sbindir}/dnssec-checkds \ + ${D}${sbindir}/dnssec-keymgr + fi + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi + + oe_multilib_header isc/platform.h +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +FILES_${PN}-libs = "${libdir}/*.so*" +FILES_${PN}-staticdev += "${libdir}/*.la" + +PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" +FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ + ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN}-dev = "" +RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb deleted file mode 100644 index 0897706346..0000000000 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb +++ /dev/null @@ -1,149 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" - -DEPENDS = "openssl libcap zlib" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ - file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - file://0001-bind-fix-CVE-2019-6471.patch \ - file://0001-fix-enforcement-of-tcp-clients-v1.patch \ - file://0002-tcp-clients-could-still-be-exceeded-v2.patch \ - file://0003-use-reference-counter-for-pipeline-groups-v3.patch \ - file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \ - file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \ - file://0006-restore-allowance-for-tcp-clients-interfaces.patch \ - file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \ -" - -SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960" -SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" - -# BIND >= 9.11.2 need dhcpd >= 4.4.0, -# don't report it here since dhcpd is already recent enough. -CVE_CHECK_WHITELIST += "CVE-2019-6470" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script - -MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," -PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ - --with-lmdb=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE_${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc index 484509350b..150d909d73 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc @@ -46,20 +46,13 @@ PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ - file://out-of-tree.patch \ - file://init \ - file://run-ptest \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ - file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ - file://0001-test-gatt-Fix-hung-issue.patch \ - file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \ - file://CVE-2018-10910.patch \ - file://gcc9-fixes.patch \ - file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ - file://0001-tools-btpclient.c-include-signal.h.patch \ -" +SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ + file://init \ + file://run-ptest \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ + file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-test-gatt-Fix-hung-issue.patch \ + " S = "${WORKDIR}/bluez-${PV}" CVE_PRODUCT = "bluez" @@ -70,6 +63,7 @@ EXTRA_OECONF = "\ --enable-test \ --enable-datafiles \ --enable-library \ + --without-zsh-completion-dir \ " # bluez5 builds a large number of useful utilities but does not diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch index da7140922d..618ed734a9 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -1,4 +1,4 @@ -From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001 +From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001 From: Giovanni Campagna Date: Sat, 12 Oct 2013 17:45:25 +0200 Subject: [PATCH] Allow using obexd without systemd in the user session @@ -17,22 +17,22 @@ http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 Signed-off-by: Javier Viguera --- - Makefile.obexd | 4 ++-- - obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- + Makefile.obexd | 4 ++-- + .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%) diff --git a/Makefile.obexd b/Makefile.obexd -index c462692..0325f66 100644 +index de59d29..73004a3 100644 --- a/Makefile.obexd +++ b/Makefile.obexd @@ -1,12 +1,12 @@ if SYSTEMD - systemduserunitdir = @SYSTEMD_USERUNITDIR@ + systemduserunitdir = $(SYSTEMD_USERUNITDIR) systemduserunit_DATA = obexd/src/obex.service +endif - dbussessionbusdir = @DBUS_SESSIONBUSDIR@ + dbussessionbusdir = $(DBUS_SESSIONBUSDIR) dbussessionbus_DATA = obexd/src/org.bluez.obex.service -endif diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch deleted file mode 100644 index b6cb978393..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From 117c41242c01e057295aed80ed973c6dc7e35fe2 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 8 Oct 2019 11:01:56 +0100 -Subject: [PATCH BlueZ] Makefile.am: add missing mkdir in rules generation - -In parallel out-of-tree builds it's possible that tools/*.rules are -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index 2ac28b23d..e7bcd2366 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -589,6 +589,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources) - $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ - - tools/%.rules: -+ $(AM_V_at)$(MKDIR_P) tools - $(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@ - - $(lib_libbluetooth_la_OBJECTS): $(local_headers) --- -2.20.1 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch deleted file mode 100644 index 9ca20ae53b..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch +++ /dev/null @@ -1,68 +0,0 @@ -From f36f71f60b1e68c0f12e615b9b128d089ec3dd19 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Fri, 7 Jun 2019 09:51:33 +0200 -Subject: [PATCH] tools: Fix build after y2038 changes in glibc - -The 32-bit SIOCGSTAMP has been deprecated. Use the deprecated name -to fix the build. - -Upstream-Status: backport commit f36f71f60b1e68c0f12e615b9b128d089ec3dd19 - -Signed-off-by: Bruce Ashfield - ---- - tools/l2test.c | 6 +++++- - tools/rctest.c | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/tools/l2test.c b/tools/l2test.c -index e755ac881..e787c2ce2 100644 ---- a/tools/l2test.c -+++ b/tools/l2test.c -@@ -55,6 +55,10 @@ - #define BREDR_DEFAULT_PSM 0x1011 - #define LE_DEFAULT_PSM 0x0080 - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -907,7 +911,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { -diff --git a/tools/rctest.c b/tools/rctest.c -index 94490f462..bc8ed875d 100644 ---- a/tools/rctest.c -+++ b/tools/rctest.c -@@ -50,6 +50,10 @@ - - #include "src/shared/util.h" - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -505,7 +509,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { --- -2.19.1 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch deleted file mode 100644 index 620aaabc68..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0b1766514f6847c7367fce07f19a750ec74c11a6 Mon Sep 17 00:00:00 2001 -From: Robert Yang -Date: Thu, 26 Sep 2019 16:19:34 +0800 -Subject: [PATCH] tools/btpclient.c: include signal.h - -Fix compile failure when configure --enable-btpclient: -btpclient.c:2834:7: error: 'SIGINT' undeclared (first use in this function) - -Upstream-Status: Backport [A subset of the full fix that went upstream] - -Signed-off-by: Robert Yang ---- - tools/btpclient.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/btpclient.c b/tools/btpclient.c -index b217df5..aece7fe 100644 ---- a/tools/btpclient.c -+++ b/tools/btpclient.c -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - - #include - --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch deleted file mode 100644 index 2a78077443..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch +++ /dev/null @@ -1,505 +0,0 @@ -From 977321f2c7f974ea68a3d90df296c66189a3f254 Mon Sep 17 00:00:00 2001 -From: Lei Maohui -Date: Fri, 21 Jun 2019 17:57:35 +0900 -Subject: [PATCH] CVE-2018-10910 - -A bug in Bluez may allow for the Bluetooth Discoverable state being set to on -when no Bluetooth agent is registered with the system. This situation could -lead to the unauthorized pairing of certain Bluetooth devices without any -form of authentication. - -CVE: CVE-2018-10910 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command -From: Luiz Augusto von Dentz -Date: 2018-07-25 10:20:32 -Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com -[Download RAW message or body] - -From: Luiz Augusto von Dentz - -This adds discoverable-timeout command which can be used to get/set -DiscoverableTimeout property: - -[bluetooth]# discoverable-timeout 180 -Changing discoverable-timeout 180 succeeded ---- - client/main.c | 82 +++++++++++++++++++++++++++++++++- - doc/adapter-api.txt | 6 +++ - src/adapter.c | 125 ++++++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 198 insertions(+), 15 deletions(-) - -diff --git a/client/main.c b/client/main.c -index 87323d8..1a66a3a 100644 ---- a/client/main.c -+++ b/client/main.c -@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[]) - print_property(proxy, "Class"); - print_property(proxy, "Powered"); - print_property(proxy, "Discoverable"); -+ print_property(proxy, "DiscoverableTimeout"); - print_property(proxy, "Pairable"); - print_uuids(proxy); - print_property(proxy, "Modalias"); -@@ -1061,6 +1062,47 @@ static void cmd_discoverable(int argc, char *argv[]) - return bt_shell_noninteractive_quit(EXIT_FAILURE); - } - -+static void cmd_discoverable_timeout(int argc, char *argv[]) -+{ -+ uint32_t value; -+ char *endptr = NULL; -+ char *str; -+ -+ if (argc < 2) { -+ DBusMessageIter iter; -+ -+ if (!g_dbus_proxy_get_property(default_ctrl->proxy, -+ "DiscoverableTimeout", &iter)) { -+ bt_shell_printf("Unable to get DiscoverableTimeout\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ dbus_message_iter_get_basic(&iter, &value); -+ -+ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value); -+ -+ return; -+ } -+ -+ value = strtol(argv[1], &endptr, 0); -+ if (!endptr || *endptr != '\0' || value > UINT32_MAX) { -+ bt_shell_printf("Invalid argument\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ str = g_strdup_printf("discoverable-timeout %d", value); -+ -+ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy, -+ "DiscoverableTimeout", -+ DBUS_TYPE_UINT32, &value, -+ generic_callback, str, g_free)) -+ return; -+ -+ g_free(str); -+ -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+} -+ - static void cmd_agent(int argc, char *argv[]) - { - dbus_bool_t enable; -@@ -1124,6 +1166,7 @@ static struct set_discovery_filter_args { - char **uuids; - size_t uuids_len; - dbus_bool_t duplicate; -+ dbus_bool_t discoverable; - bool set; - } filter = { - .rssi = DISTANCE_VAL_INVALID, -@@ -1163,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data) - DBUS_TYPE_BOOLEAN, - &args->duplicate); - -+ if (args->discoverable) -+ g_dbus_dict_append_entry(&dict, "Discoverable", -+ DBUS_TYPE_BOOLEAN, -+ &args->discoverable); -+ - dbus_message_iter_close_container(iter, &dict); - } - -@@ -1320,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[]) - filter.set = false; - } - -+static void cmd_scan_filter_discoverable(int argc, char *argv[]) -+{ -+ if (argc < 2 || !strlen(argv[1])) { -+ bt_shell_printf("Discoverable: %s\n", -+ filter.discoverable ? "on" : "off"); -+ return bt_shell_noninteractive_quit(EXIT_SUCCESS); -+ } -+ -+ if (!strcmp(argv[1], "on")) -+ filter.discoverable = true; -+ else if (!strcmp(argv[1], "off")) -+ filter.discoverable = false; -+ else { -+ bt_shell_printf("Invalid option: %s\n", argv[1]); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ filter.set = false; -+} -+ - static void filter_clear_uuids(void) - { - g_strfreev(filter.uuids); -@@ -1348,6 +1416,11 @@ static void filter_clear_duplicate(void) - filter.duplicate = false; - } - -+static void filter_clear_discoverable(void) -+{ -+ filter.discoverable = false; -+} -+ - struct clear_entry { - const char *name; - void (*clear) (void); -@@ -1359,6 +1432,7 @@ static const struct clear_entry filter_clear[] = { - { "pathloss", filter_clear_pathloss }, - { "transport", filter_clear_transport }, - { "duplicate-data", filter_clear_duplicate }, -+ { "discoverable", filter_clear_discoverable }, - {} - }; - -@@ -2468,7 +2542,11 @@ static const struct bt_shell_menu scan_menu = { - { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data, - "Set/Get duplicate data filter", - NULL }, -- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]", -+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable, -+ "Set/Get discoverable filter", -+ NULL }, -+ { "clear", -+ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]", - cmd_scan_filter_clear, - "Clears discovery filter.", - filter_clear_generator }, -@@ -2549,6 +2627,8 @@ static const struct bt_shell_menu main_menu = { - { "discoverable", "", cmd_discoverable, - "Set controller discoverable mode", - NULL }, -+ { "discoverable-timeout", "[value]", cmd_discoverable_timeout, -+ "Set discoverable timeout", NULL }, - { "agent", "", cmd_agent, - "Enable/disable agent with given capability", - capability_generator}, -diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt -index d14d0ca..4791af2 100644 ---- a/doc/adapter-api.txt -+++ b/doc/adapter-api.txt -@@ -113,6 +113,12 @@ Methods void StartDiscovery() - generated for either ManufacturerData and - ServiceData everytime they are discovered. - -+ bool Discoverable (Default: false) -+ -+ Make adapter discoverable while discovering, -+ if the adapter is already discoverable this -+ setting this filter won't do anything. -+ - When discovery filter is set, Device objects will be - created as new devices with matching criteria are - discovered regardless of they are connectable or -diff --git a/src/adapter.c b/src/adapter.c -index af340fd..822bd34 100644 ---- a/src/adapter.c -+++ b/src/adapter.c -@@ -157,6 +157,7 @@ struct discovery_filter { - int16_t rssi; - GSList *uuids; - bool duplicate; -+ bool discoverable; - }; - - struct watch_client { -@@ -196,6 +197,7 @@ struct btd_adapter { - char *name; /* controller device name */ - char *short_name; /* controller short name */ - uint32_t supported_settings; /* controller supported settings */ -+ uint32_t pending_settings; /* pending controller settings */ - uint32_t current_settings; /* current controller settings */ - - char *path; /* adapter object path */ -@@ -213,6 +215,7 @@ struct btd_adapter { - - bool discovering; /* discovering property state */ - bool filtered_discovery; /* we are doing filtered discovery */ -+ bool filtered_discoverable; /* we are doing filtered discovery */ - bool no_scan_restart_delay; /* when this flag is set, restart scan - * without delay */ - uint8_t discovery_type; /* current active discovery type */ -@@ -509,8 +512,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) - changed_mask = adapter->current_settings ^ settings; - - adapter->current_settings = settings; -+ adapter->pending_settings &= ~changed_mask; - - DBG("Changed settings: 0x%08x", changed_mask); -+ DBG("Pending settings: 0x%08x", adapter->pending_settings); - - if (changed_mask & MGMT_SETTING_POWERED) { - g_dbus_emit_property_changed(dbus_conn, adapter->path, -@@ -596,10 +601,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode, - uint8_t mode) - { - struct mgmt_mode cp; -+ uint32_t setting = 0; - - memset(&cp, 0, sizeof(cp)); - cp.val = mode; - -+ switch (mode) { -+ case MGMT_OP_SET_POWERED: -+ setting = MGMT_SETTING_POWERED; -+ break; -+ case MGMT_OP_SET_CONNECTABLE: -+ setting = MGMT_SETTING_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_FAST_CONNECTABLE: -+ setting = MGMT_SETTING_FAST_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_DISCOVERABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ case MGMT_OP_SET_BONDABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ } -+ -+ adapter->pending_settings |= setting; -+ - DBG("sending set mode command for index %u", adapter->dev_id); - - if (mgmt_send(adapter->mgmt, opcode, -@@ -1818,7 +1844,17 @@ static void discovery_free(void *user_data) - g_free(client); - } - --static void discovery_remove(struct watch_client *client) -+static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable) -+{ -+ if (adapter->filtered_discoverable == enable) -+ return true; -+ -+ adapter->filtered_discoverable = enable; -+ -+ return set_discoverable(adapter, enable, 0); -+} -+ -+static void discovery_remove(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - -@@ -1830,7 +1866,27 @@ static void discovery_remove(struct watch_client *client) - adapter->discovery_list = g_slist_remove(adapter->discovery_list, - client); - -- discovery_free(client); -+ if (adapter->filtered_discoverable && -+ client->discovery_filter->discoverable) { -+ GSList *l; -+ -+ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { -+ struct watch_client *client = l->data; -+ -+ if (client->discovery_filter->discoverable) -+ break; -+ } -+ -+ /* Disable filtered discoverable if there are no clients */ -+ if (!l) -+ set_filtered_discoverable(adapter, false); -+ } -+ -+ if (!exit && client->discovery_filter) -+ adapter->set_filter_list = g_slist_prepend( -+ adapter->set_filter_list, client); -+ else -+ discovery_free(client); - - /* - * If there are other client discoveries in progress, then leave -@@ -1859,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - goto done; - } - -- if (client->msg) -+ if (client->msg) { - g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); -+ dbus_message_unref(client->msg); -+ client->msg = NULL; -+ } - - adapter->discovery_type = 0x00; - adapter->discovery_enable = 0x00; -@@ -1873,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - trigger_passive_scanning(adapter); - - done: -- discovery_remove(client); -+ discovery_remove(client, false); - } - - static int compare_sender(gconstpointer a, gconstpointer b) -@@ -2094,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter) - return -EINPROGRESS; - } - --static int discovery_stop(struct watch_client *client) -+static int discovery_stop(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - struct mgmt_cp_stop_discovery cp; - - /* Check if there are more client discovering */ - if (g_slist_next(adapter->discovery_list)) { -- discovery_remove(client); -+ discovery_remove(client, exit); - update_discovery_filter(adapter); - return 0; - } -@@ -2111,7 +2170,7 @@ static int discovery_stop(struct watch_client *client) - * and so it is enough to send out the signal and just return. - */ - if (adapter->discovery_enable == 0x00) { -- discovery_remove(client); -+ discovery_remove(client, exit); - adapter->discovering = false; - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "Discovering"); -@@ -2136,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data) - - DBG("owner %s", client->owner); - -- discovery_stop(client); -+ discovery_stop(client, true); - } - - /* -@@ -2200,6 +2259,15 @@ static DBusMessage *start_discovery(DBusConnection *conn, - adapter->set_filter_list, client); - adapter->discovery_list = g_slist_prepend( - adapter->discovery_list, client); -+ -+ /* Reset discoverable filter if already set */ -+ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE) -+ goto done; -+ -+ /* Set discoverable if filter requires and it*/ -+ if (client->discovery_filter->discoverable) -+ set_filtered_discoverable(adapter, true); -+ - goto done; - } - -@@ -2324,6 +2392,17 @@ static bool parse_duplicate_data(DBusMessageIter *value, - return true; - } - -+static bool parse_discoverable(DBusMessageIter *value, -+ struct discovery_filter *filter) -+{ -+ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN) -+ return false; -+ -+ dbus_message_iter_get_basic(value, &filter->discoverable); -+ -+ return true; -+} -+ - struct filter_parser { - const char *name; - bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter); -@@ -2333,6 +2412,7 @@ struct filter_parser { - { "Pathloss", parse_pathloss }, - { "Transport", parse_transport }, - { "DuplicateData", parse_duplicate_data }, -+ { "Discoverable", parse_discoverable }, - { } - }; - -@@ -2372,6 +2452,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - (*filter)->rssi = DISTANCE_VAL_INVALID; - (*filter)->type = get_scan_type(adapter); - (*filter)->duplicate = false; -+ (*filter)->discoverable = false; - - dbus_message_iter_init(msg, &iter); - if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY || -@@ -2417,8 +2498,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - goto invalid_args; - - DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d " -- " duplicate data: %s ", (*filter)->type, (*filter)->rssi, -- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false"); -+ " duplicate data: %s discoverable %s", (*filter)->type, -+ (*filter)->rssi, (*filter)->pathloss, -+ (*filter)->duplicate ? "true" : "false", -+ (*filter)->discoverable ? "true" : "false"); - - return true; - -@@ -2510,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn, - if (client->msg) - return btd_error_busy(msg); - -- err = discovery_stop(client); -+ err = discovery_stop(client, false); - switch (err) { - case 0: - return dbus_message_new_method_return(msg); -@@ -2739,13 +2822,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - else - current_enable = FALSE; - -- if (enable == current_enable) { -+ if (enable == current_enable || adapter->pending_settings & setting) { - g_dbus_pending_property_success(id); - return; - } - - mode = (enable == TRUE) ? 0x01 : 0x00; - -+ adapter->pending_settings |= setting; -+ - switch (setting) { - case MGMT_SETTING_POWERED: - opcode = MGMT_OP_SET_POWERED; -@@ -2798,7 +2883,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - data->id = id; - - if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param, -- property_set_mode_complete, data, g_free) > 0) -+ property_set_mode_complete, data, g_free) > 0) - return; - - g_free(data); -@@ -2875,6 +2960,7 @@ static void property_set_discoverable_timeout( - GDBusPendingPropertySet id, void *user_data) - { - struct btd_adapter *adapter = user_data; -+ bool enabled; - dbus_uint32_t value; - - dbus_message_iter_get_basic(iter, &value); -@@ -2888,8 +2974,19 @@ static void property_set_discoverable_timeout( - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "DiscoverableTimeout"); - -+ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = false; -+ else -+ enabled = true; -+ } else { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = true; -+ else -+ enabled = false; -+ } - -- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ if (enabled) - set_discoverable(adapter, 0x01, adapter->discoverable_timeout); - } - --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch deleted file mode 100644 index ca678e601e..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch +++ /dev/null @@ -1,301 +0,0 @@ -Backported commit from upstream master branch (post 5.50 release), which -resolves assertion failures in several unit tests. - -https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=0be5246170 - -Upstream-Status: Backport -Signed-off-by: Ross Burton - -diff --git a/unit/test-avctp.c b/unit/test-avctp.c -index 3bc3569..24de663 100644 ---- a/unit/test-avctp.c -+++ b/unit/test-avctp.c -@@ -43,7 +43,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -66,7 +66,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -91,6 +91,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avdtp.c b/unit/test-avdtp.c -index dd8aed7..e2c951a 100644 ---- a/unit/test-avdtp.c -+++ b/unit/test-avdtp.c -@@ -47,7 +47,7 @@ - struct test_pdu { - bool valid; - bool fragmented; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -61,7 +61,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -69,7 +69,7 @@ struct test_data { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -81,7 +81,7 @@ struct test_data { - static struct test_data data; \ - data.test_name = g_strdup(name); \ - data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -- tester_add(name, &data, NULL, function, NULL); \ -+ tester_add(name, &data, NULL, function, NULL); \ - } while (0) - - struct context { -@@ -109,6 +109,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c -index 01307e6..f1aa353 100644 ---- a/unit/test-avrcp.c -+++ b/unit/test-avrcp.c -@@ -49,7 +49,7 @@ struct test_pdu { - bool fragmented; - bool continuing; - bool browse; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -74,7 +74,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -82,7 +82,7 @@ struct context { - { \ - .valid = true, \ - .browse = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -90,7 +90,7 @@ struct context { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -98,7 +98,7 @@ struct context { - { \ - .valid = true, \ - .continuing = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -123,6 +123,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index c7e28f8..d49f7a0 100644 ---- a/unit/test-gatt.c -+++ b/unit/test-gatt.c -@@ -48,7 +48,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -86,7 +86,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -306,6 +306,11 @@ static bt_uuid_t uuid_char_128 = { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -@@ -1911,6 +1916,8 @@ static void test_server(gconstpointer data) - g_assert_cmpint(len, ==, pdu.size); - - util_hexdump('<', pdu.data, len, test_debug, "GATT: "); -+ -+ g_free(pdu.data); - } - - static void test_search_primary(gconstpointer data) -diff --git a/unit/test-hfp.c b/unit/test-hfp.c -index f2b9622..890eee6 100644 ---- a/unit/test-hfp.c -+++ b/unit/test-hfp.c -@@ -43,7 +43,7 @@ struct context { - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - enum hfp_gw_cmd_type type; - bool fragmented; -@@ -63,7 +63,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -75,7 +75,7 @@ struct test_data { - #define type_pdu(cmd_type, args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .type = cmd_type, \ - } -@@ -83,7 +83,7 @@ struct test_data { - #define frg_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .fragmented = true, \ - } -@@ -119,6 +119,11 @@ struct test_data { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-hog.c b/unit/test-hog.c -index d117968..25bdb42 100644 ---- a/unit/test-hog.c -+++ b/unit/test-hog.c -@@ -68,11 +68,11 @@ struct context { - - #define data(args...) ((const unsigned char[]) { args }) - --#define raw_pdu(args...) \ --{ \ -- .valid = true, \ -- .data = data(args), \ -- .size = sizeof(data(args)),\ -+#define raw_pdu(args...) \ -+{ \ -+ .valid = true, \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ -+ .size = sizeof(data(args)), \ - } - - #define false_pdu() \ -diff --git a/unit/test-sdp.c b/unit/test-sdp.c -index ac921a9..c71ee1f 100644 ---- a/unit/test-sdp.c -+++ b/unit/test-sdp.c -@@ -59,14 +59,14 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - } - - #define raw_pdu_cont(cont, args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - .cont_len = cont, \ - } -@@ -103,7 +103,7 @@ struct test_data_de { - #define define_test_de_attr(name, input, exp) \ - do { \ - static struct test_data_de data; \ -- data.input_data = input; \ -+ data.input_data = g_memdup(input, sizeof(input)); \ - data.input_size = sizeof(input); \ - data.expected = exp; \ - tester_add("/sdp/DE/ATTR/" name, &data, NULL, \ diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch deleted file mode 100644 index 76ed779258..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Fri, 22 Apr 2016 15:40:37 +0100 -Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation - -In parallel out-of-tree builds it's possible that obexd/src/builtin.h is -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. - -Upstream-Status: Backport -Signed-off-by: Ross Burton ---- - Makefile.obexd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc..c8286f0 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h - obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources) -+ $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@ --- -2.8.0.rc3 - diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest index 21df00c327..0335e68e48 100644 --- a/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest @@ -6,7 +6,7 @@ failed=0 all=0 for f in test-*; do - "./$f" + "./$f" -q case "$?" in 0) echo "PASS: $f" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb deleted file mode 100644 index 4e443e5fb0..0000000000 --- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.50.bb +++ /dev/null @@ -1,68 +0,0 @@ -require bluez5.inc - -SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178" -SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911" - -# noinst programs in Makefile.tools that are conditional on READLINE -# support -NOINST_TOOLS_READLINE ?= " \ - ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ - tools/obex-client-tool \ - tools/obex-server-tool \ - tools/bluetooth-player \ - tools/obexctl \ - tools/btmgmt \ -" - -# noinst programs in Makefile.tools that are conditional on TESTING -# support -NOINST_TOOLS_TESTING ?= " \ - emulator/btvirt \ - emulator/b1ee \ - emulator/hfp \ - peripheral/btsensor \ - tools/3dsp \ - tools/mgmt-tester \ - tools/gap-tester \ - tools/l2cap-tester \ - tools/sco-tester \ - tools/smp-tester \ - tools/hci-tester \ - tools/rfcomm-tester \ - tools/bnep-tester \ - tools/userchan-tester \ -" - -# noinst programs in Makefile.tools that are conditional on TOOLS -# support -NOINST_TOOLS_BT ?= " \ - tools/bdaddr \ - tools/avinfo \ - tools/avtest \ - tools/scotest \ - tools/amptest \ - tools/hwdb \ - tools/hcieventmask \ - tools/hcisecfilter \ - tools/btinfo \ - tools/btsnoop \ - tools/btproxy \ - tools/btiotest \ - tools/bneptest \ - tools/mcaptest \ - tools/cltest \ - tools/oobtest \ - tools/advtest \ - tools/seq2bseq \ - tools/nokfw \ - tools/create-image \ - tools/eddystone \ - tools/ibeacon \ - tools/btgatt-client \ - tools/btgatt-server \ - tools/test-runner \ - tools/check-selftest \ - tools/gatt-service \ - profiles/iap/iapd \ - ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ -" diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb new file mode 100644 index 0000000000..260eee1402 --- /dev/null +++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.54.bb @@ -0,0 +1,68 @@ +require bluez5.inc + +SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c" +SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc" + +# noinst programs in Makefile.tools that are conditional on READLINE +# support +NOINST_TOOLS_READLINE ?= " \ + ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ + tools/obex-client-tool \ + tools/obex-server-tool \ + tools/bluetooth-player \ + tools/obexctl \ + tools/btmgmt \ +" + +# noinst programs in Makefile.tools that are conditional on TESTING +# support +NOINST_TOOLS_TESTING ?= " \ + emulator/btvirt \ + emulator/b1ee \ + emulator/hfp \ + peripheral/btsensor \ + tools/3dsp \ + tools/mgmt-tester \ + tools/gap-tester \ + tools/l2cap-tester \ + tools/sco-tester \ + tools/smp-tester \ + tools/hci-tester \ + tools/rfcomm-tester \ + tools/bnep-tester \ + tools/userchan-tester \ +" + +# noinst programs in Makefile.tools that are conditional on TOOLS +# support +NOINST_TOOLS_BT ?= " \ + tools/bdaddr \ + tools/avinfo \ + tools/avtest \ + tools/scotest \ + tools/amptest \ + tools/hwdb \ + tools/hcieventmask \ + tools/hcisecfilter \ + tools/btinfo \ + tools/btsnoop \ + tools/btproxy \ + tools/btiotest \ + tools/bneptest \ + tools/mcaptest \ + tools/cltest \ + tools/oobtest \ + tools/advtest \ + tools/seq2bseq \ + tools/nokfw \ + tools/create-image \ + tools/eddystone \ + tools/ibeacon \ + tools/btgatt-client \ + tools/btgatt-server \ + tools/test-runner \ + tools/check-selftest \ + tools/gatt-service \ + profiles/iap/iapd \ + ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ +" diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc index fb38ab4fc1..d3eeb3be1c 100644 --- a/poky/meta/recipes-connectivity/connman/connman.inc +++ b/poky/meta/recipes-connectivity/connman/connman.inc @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ inherit autotools pkgconfig systemd update-rc.d update-alternatives -DEPENDS = "dbus glib-2.0 ppp readline" +DEPENDS = "dbus glib-2.0 ppp" INC_PR = "r20" @@ -27,13 +27,11 @@ EXTRA_OECONF += "\ --enable-ethernet \ --enable-tools \ --disable-polkit \ - --enable-client \ " -PACKAGECONFIG ??= "wispr \ +PACKAGECONFIG ??= "wispr iptables client\ ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - iptables \ " # If you want ConnMan to support VPN, add following statement into @@ -51,9 +49,10 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" # WISPr support for logging into hotspots, requires TLS PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," -PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat" +PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat" PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables" PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" +PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" INITSCRIPT_NAME = "connman" INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." @@ -87,7 +86,6 @@ do_install_append() { if [ -e ${B}/tools/wispr ]; then install -m 0755 ${B}/tools/wispr ${D}${bindir} fi - install -m 0755 ${B}/client/connmanctl ${D}${bindir} # We don't need to package an empty directory rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc index c4697beaf1..d46130d49b 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc +++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc @@ -100,6 +100,7 @@ do_install_append () { PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" PACKAGES_remove = "${PN}" +RDEPENDS_${PN}-client += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'iproute2', '', d)}" RDEPENDS_${PN}-dev = "" RDEPENDS_${PN}-staticdev = "" FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch deleted file mode 100644 index f12a112fcf..0000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a59cb98a473caa2afd64d7ae368480b6e9f91b3f Mon Sep 17 00:00:00 2001 -From: Ming Liu -Date: Tue, 14 May 2019 11:07:15 +0200 -Subject: [PATCH] Fix a NSUPDATE compiling issue - -Upstream-Status: Pending [Patch sent to: https://gitlab.isc.org/isc-projects/dhcp/issues/16] - -A following error was observed when NSUPDATE is not defined: -| omapip/isclib.c: In function 'dns_client_init': -| omapip/isclib.c:356:18: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| if (dhcp_gbl_ctx.dnsclient == NULL) { -| ^ -| omapip/isclib.c:363:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| &dhcp_gbl_ctx.dnsclient, -| ^ -| omapip/isclib.c:364:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local4' -| (dhcp_gbl_ctx.use_local4 ? -| ^ -| omapip/isclib.c:365:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local4_sockaddr' -| &dhcp_gbl_ctx.local4_sockaddr -| ^ -| omapip/isclib.c:367:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local6' -| (dhcp_gbl_ctx.use_local6 ? -| ^ -| omapip/isclib.c:368:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local6_sockaddr' -| &dhcp_gbl_ctx.local6_sockaddr - -Fix it by adding NSUPDATE conditional checking. - -Signed-off-by: Ming Liu ---- - includes/omapip/isclib.h | 2 ++ - omapip/isclib.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 538b927..6c20584 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -141,6 +141,8 @@ void isclib_cleanup(void); - void dhcp_signal_handler(int signal); - extern int shutdown_signal; - -+#if defined (NSUPDATE) - isc_result_t dns_client_init(); -+#endif - - #endif /* ISCLIB_H */ -diff --git a/omapip/isclib.c b/omapip/isclib.c -index db3b895..ce4b4a1 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -351,6 +351,7 @@ void dhcp_signal_handler(int signal) { - } - } - -+#if defined (NSUPDATE) - isc_result_t dns_client_init() { - isc_result_t result; - if (dhcp_gbl_ctx.dnsclient == NULL) { -@@ -387,3 +388,4 @@ isc_result_t dns_client_init() { - - return ISC_R_SUCCESS; - } -+#endif --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch deleted file mode 100644 index 1bc1422475..0000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder -Date: Fri, 14 Sep 2018 13:41:41 -0400 -Subject: [master] Added includes of new BIND9 compatibility headers - - Merges in rt48072. - -Upstream-Status: Backport -Signed-off-by: Adrian Bunk - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 75a87ff6..538b927f 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -48,6 +48,9 @@ - #include - #include - -+#include -+#include -+ - #include - #include - #include -diff --git a/includes/omapip/result.h b/includes/omapip/result.h -index 91243e1b..860298f6 100644 ---- a/includes/omapip/result.h -+++ b/includes/omapip/result.h -@@ -26,6 +26,7 @@ - #ifndef DHCP_RESULT_H - #define DHCP_RESULT_H 1 - -+#include - #include - #include - #include -diff --git a/server/dhcpv6.c b/server/dhcpv6.c -index a7110f98..cde4f617 100644 ---- a/server/dhcpv6.c -+++ b/server/dhcpv6.c -@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply, - shared_name, - inet_ntop(AF_INET6, &lease->addr, - tmp_addr, sizeof(tmp_addr)), -- used, count); -+ (long long unsigned)(used), -+ (long long unsigned)(count)); - } - return; - } -@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply, - "address: %s; high threshold %d%% %llu/%llu.", - shared_name, - inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)), -- poolhigh, used, count); -+ poolhigh, (long long unsigned)(used), -+ (long long unsigned)(count)); - - /* handle the low threshold now, if we don't - * have one we default to 0. */ -@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply) - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - " 2^64-1 < total, %llu active, %llu abandoned", -- shared_name, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } else { - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - "%llu total, %llu active, %llu abandoned", -- shared_name, total, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(total), -+ (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } - - return ISC_R_NORESOURCES; - diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch index b71c93dd6d..7b57730ffb 100644 --- a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch +++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch @@ -85,9 +85,11 @@ Index: dhcp-4.4.1/relay/Makefile.am =================================================================== --- dhcp-4.4.1.orig/relay/Makefile.am +++ dhcp-4.4.1/relay/Makefile.am -@@ -1,4 +1,4 @@ +@@ -1,6 +1,6 @@ + SUBDIRS = . tests + -AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' +AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - + sbin_PROGRAMS = dhcrelay dhcrelay_SOURCES = dhcrelay.c diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb deleted file mode 100644 index 020777b8f2..0000000000 --- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ /dev/null @@ -1,23 +0,0 @@ -require dhcp.inc - -SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ - file://0002-dhclient-dbus.patch \ - file://0003-link-with-lcrypto.patch \ - file://0004-Fix-out-of-tree-builds.patch \ - file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ - file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ - file://0009-remove-dhclient-script-bash-dependency.patch \ - file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ - file://0013-fixup_use_libbind.patch \ - file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ - file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ - file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ -" - -SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" -SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608" - -LDFLAGS_append = " -pthread" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb new file mode 100644 index 0000000000..b56a204821 --- /dev/null +++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb @@ -0,0 +1,21 @@ +require dhcp.inc + +SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ + file://0002-dhclient-dbus.patch \ + file://0003-link-with-lcrypto.patch \ + file://0004-Fix-out-of-tree-builds.patch \ + file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ + file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ + file://0009-remove-dhclient-script-bash-dependency.patch \ + file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ + file://0013-fixup_use_libbind.patch \ + file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ +" + +SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" +SRC_URI[sha256sum] = "1a7ccd64a16e5e68f7b5e0f527fd07240a2892ea53fe245620f4f5f607004521" + +LDFLAGS_append = " -pthread" + +PACKAGECONFIG ?= "" +PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index 684fbe09e1..cc9410b94e 100644 --- a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute" ALTERNATIVE_${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" ALTERNATIVE_${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc index fc31b8444e..403d264308 100644 --- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc @@ -15,12 +15,19 @@ inherit update-alternatives bash-completion pkgconfig CLEANBROKEN = "1" -PACKAGECONFIG ??= "tipc elf" +PACKAGECONFIG ??= "tipc elf devlink" PACKAGECONFIG[tipc] = ",,libmnl," PACKAGECONFIG[elf] = ",,elfutils," +PACKAGECONFIG[devlink] = ",,libmnl," -EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" +EXTRA_OEMAKE = "\ + CC='${CC}' \ + KERNEL_INCLUDE=${STAGING_INCDIR} \ + DOCDIR=${docdir}/iproute2 \ + SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \ + SBINDIR='${base_sbindir}' \ + LIBDIR='${libdir}' \ +" do_configure_append () { sh configure ${STAGING_INCDIR} @@ -39,14 +46,18 @@ do_install () { # The .so files in iproute2-tc are modules, not traditional libraries INSANE_SKIP_${PN}-tc = "dev-so" -PACKAGES =+ "${PN}-tc \ - ${PN}-lnstat \ - ${PN}-ifstat \ - ${PN}-genl \ - ${PN}-rtacct \ - ${PN}-nstat \ - ${PN}-ss \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}" +PACKAGES =+ "\ + ${PN}-devlink \ + ${PN}-genl \ + ${PN}-ifstat \ + ${PN}-lnstat \ + ${PN}-nstat \ + ${PN}-rtacct \ + ${PN}-ss \ + ${PN}-tc \ + ${PN}-tipc \ +" + FILES_${PN}-tc = "${base_sbindir}/tc* \ ${libdir}/tc/*.so" FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ @@ -58,6 +69,7 @@ FILES_${PN}-rtacct = "${base_sbindir}/rtacct" FILES_${PN}-nstat = "${base_sbindir}/nstat" FILES_${PN}-ss = "${base_sbindir}/ss" FILES_${PN}-tipc = "${base_sbindir}/tipc" +FILES_${PN}-devlink = "${base_sbindir}/devlink" ALTERNATIVE_${PN} = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb deleted file mode 100644 index 8a86cbf78c..0000000000 --- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb +++ /dev/null @@ -1,12 +0,0 @@ -require iproute2.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ - file://0001-libc-compat.h-add-musl-workaround.patch \ - " - -SRC_URI[md5sum] = "227404413c8d6db649d6188ead1e5a6e" -SRC_URI[sha256sum] = "cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f" - -# CFLAGS are computed in Makefile and reference CCOPTS -# -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb new file mode 100644 index 0000000000..ad0ab13c9a --- /dev/null +++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.5.0.bb @@ -0,0 +1,12 @@ +require iproute2.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ + file://0001-libc-compat.h-add-musl-workaround.patch \ + " + +SRC_URI[md5sum] = "ee8e2cdb416d4a8ef39525d39ab7c2d0" +SRC_URI[sha256sum] = "bac543435cac208a11db44c9cc8e35aa902befef8750594654ee71941c388f7b" + +# CFLAGS are computed in Makefile and reference CCOPTS +# +EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS} -fcommon'" diff --git a/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch index eb01a5a14e..179fd90124 100644 --- a/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch @@ -1,3 +1,6 @@ +From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae +Date: Mon, 27 Jan 2020 22:48:03 +0100 Subject: [PATCH] Support separation of SRCDIR and OBJDIR Typical use of VPATH to locate the sources. @@ -11,12 +14,12 @@ Signed-off-by: Maxin B. John 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile -index 33aaf6a..9030796 100644 +index 90f2251..714cdb9 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,9 @@ MAKEFLAGS += --no-print-directory - + +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) +OBJDIR ?= $(PWD) +VPATH = $(SRCDIR) @@ -24,19 +27,24 @@ index 33aaf6a..9030796 100644 PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man -@@ -103,11 +107,11 @@ VERSION_OBJS := $(filter-out version.o, $(OBJS)) +@@ -92,7 +96,7 @@ all: $(ALL) version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ $(wildcard .git/index .git/refs/tags) @$(NQ) ' GEN ' $@ - $(Q)./version.sh $@ + $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ - - %.o: %.c iw.h nl80211.h + + nl80211-commands.inc: nl80211.h + @$(NQ) ' GEN ' $@ +@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h + + %.o: %.c iw.h nl80211.h nl80211-commands.inc @$(NQ) ' CC ' $@ - $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< + $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< - + ifeq ($(IW_ANDROID_BUILD),) iw: $(OBJS) --- -2.20.1 (Apple Git-117) +-- +2.23.0 + diff --git a/poky/meta/recipes-connectivity/iw/iw_5.3.bb b/poky/meta/recipes-connectivity/iw/iw_5.3.bb deleted file mode 100644 index f7f13f5a30..0000000000 --- a/poky/meta/recipes-connectivity/iw/iw_5.3.bb +++ /dev/null @@ -1,32 +0,0 @@ -SUMMARY = "nl80211 based CLI configuration utility for wireless devices" -DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ -wireless devices. It supports almost all new drivers that have been added \ -to the kernel recently. " -HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" -SECTION = "base" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" - -DEPENDS = "libnl" - -SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ - file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ - file://separate-objdir.patch \ -" - -SRC_URI[md5sum] = "6d4d1c0ee34f3a7bda0e6aafcd7aaf31" -SRC_URI[sha256sum] = "175abbfce86348c0b70e778c13a94c0bfc9abc7a506d2bd608261583aeedf64a" - -inherit pkgconfig - -EXTRA_OEMAKE = "\ - -f '${S}/Makefile' \ - \ - 'PREFIX=${prefix}' \ - 'SBINDIR=${sbindir}' \ - 'MANDIR=${mandir}' \ -" - -do_install() { - oe_runmake 'DESTDIR=${D}' install -} diff --git a/poky/meta/recipes-connectivity/iw/iw_5.4.bb b/poky/meta/recipes-connectivity/iw/iw_5.4.bb new file mode 100644 index 0000000000..9f58e49709 --- /dev/null +++ b/poky/meta/recipes-connectivity/iw/iw_5.4.bb @@ -0,0 +1,32 @@ +SUMMARY = "nl80211 based CLI configuration utility for wireless devices" +DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ +wireless devices. It supports almost all new drivers that have been added \ +to the kernel recently. " +HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" +SECTION = "base" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" + +DEPENDS = "libnl" + +SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ + file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ + file://separate-objdir.patch \ +" + +SRC_URI[md5sum] = "08a4f581a39dc62fa85d3af796d844b6" +SRC_URI[sha256sum] = "943cd2446a6c7242fded3766d054ab2a214a3514b9a8b7e942fed8fb13c1370c" + +inherit pkgconfig + +EXTRA_OEMAKE = "\ + -f '${S}/Makefile' \ + \ + 'PREFIX=${prefix}' \ + 'SBINDIR=${sbindir}' \ + 'MANDIR=${mandir}' \ +" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb deleted file mode 100644 index 953505971a..0000000000 --- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb +++ /dev/null @@ -1,46 +0,0 @@ -SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" -HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/" -SECTION = "libs" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" - -DEPENDS = "avahi" -PR = "r7" - -SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \ - " - -SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7" -SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d" - -S = "${WORKDIR}/nss-mdns-${PV}" - -localstatedir = "/" - -inherit autotools - -COMPATIBLE_HOST_libc-musl = 'null' - -EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" - -# suppress warning, but don't bother with autonamer -LEAD_SONAME = "libnss_mdns.so" -DEBIANNAME_${PN} = "libnss-mdns" - -RDEPENDS_${PN} = "avahi-daemon" - -pkg_postinst_${PN} () { - sed ' - /^hosts:/ !b - /\/ b - s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g - ' -i $D${sysconfdir}/nsswitch.conf -} - -pkg_prerm_${PN} () { - sed ' - /^hosts:/ !b - s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g - ' -i $D${sysconfdir}/nsswitch.conf -} diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb new file mode 100644 index 0000000000..5e4460045b --- /dev/null +++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb @@ -0,0 +1,38 @@ +SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" +HOMEPAGE = "https://github.com/lathiat/nss-mdns" +SECTION = "libs" + +LICENSE = "LGPLv2.1+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" + +DEPENDS = "avahi" + +SRC_URI = "git://github.com/lathiat/nss-mdns \ + " + +SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +COMPATIBLE_HOST_libc-musl = 'null' + +EXTRA_OECONF = "--libdir=${base_libdir}" + +RDEPENDS_${PN} = "avahi-daemon" + +pkg_postinst_${PN} () { + sed ' + /^hosts:/ !b + /\/ b + s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g + ' -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm_${PN} () { + sed ' + /^hosts:/ !b + s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g + ' -i $D${sysconfdir}/nsswitch.conf +} diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch deleted file mode 100644 index 23bc3eaf72..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001 -From: Pascal Bach -Date: Wed, 13 Feb 2019 09:28:07 +0100 -Subject: [PATCH] Don't build tools with CC_FOR_BUILD - -The tools are intended for the target not for the host. - -Upstream-Status: Pending - -Signed-off-by: Pascal Bach ---- - tools/locktest/Makefile.am | 1 - - tools/rpcgen/Makefile.am | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index 3156815..87d0bac 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = testlk -diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am -index 8a9ec89..3e092c9 100644 ---- a/tools/rpcgen/Makefile.am -+++ b/tools/rpcgen/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = rpcgen --- -2.11.0 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch deleted file mode 100644 index 7b0f93535f..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 2fbc62e2a13fc22b6ae4910e295a2c10fb790486 Mon Sep 17 00:00:00 2001 -From: Zoltan Karcagi -Date: Mon, 12 Aug 2019 13:27:16 -0400 -Subject: [PATCH] Fix include order between config.h and stat.h - -At least on Arch linux ARM, the definition of struct stat in stat.h depends -on __USE_FILE_OFFSET64. This symbol comes from config.h when defined, -therefore config.h must always be included before stat.h. Fix all -occurrences where the order is wrong by moving config.h to the top. - -This fixes the client side error "Stale file handle" when mounting from -a server running Arch Linux ARM. - -Signed-off-by: Zoltan Karcagi -Signed-off-by: Steve Dickson - -Upstream-Status: Backport -[http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=2fbc62e2a13fc22b6ae4910e295a2c10fb790486] - -Signed-off-by: Yi Zhao ---- - support/misc/nfsd_path.c | 5 ++++- - support/misc/xstat.c | 5 ++++- - support/nfs/conffile.c | 8 +++++++- - utils/blkmapd/device-discovery.c | 8 ++++---- - utils/idmapd/idmapd.c | 8 ++++---- - 5 files changed, 23 insertions(+), 11 deletions(-) - -diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c -index 84e4802..f078a66 100644 ---- a/support/misc/nfsd_path.c -+++ b/support/misc/nfsd_path.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ - #include - #include - #include -@@ -5,7 +9,6 @@ - #include - #include - --#include "config.h" - #include "conffile.h" - #include "xmalloc.h" - #include "xlog.h" -diff --git a/support/misc/xstat.c b/support/misc/xstat.c -index fa04788..4c997ee 100644 ---- a/support/misc/xstat.c -+++ b/support/misc/xstat.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ - #include - #include - #include -@@ -5,7 +9,6 @@ - #include - #include - --#include "config.h" - #include "xstat.h" - - #ifdef HAVE_FSTATAT -diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c -index b6400be..6ba8a35 100644 ---- a/support/nfs/conffile.c -+++ b/support/nfs/conffile.c -@@ -500,7 +500,7 @@ conf_readfile(const char *path) - - if ((stat (path, &sb) == 0) || (errno != ENOENT)) { - char *new_conf_addr = NULL; -- size_t sz = sb.st_size; -+ off_t sz; - int fd = open (path, O_RDONLY, 0); - - if (fd == -1) { -@@ -517,6 +517,11 @@ conf_readfile(const char *path) - - /* only after we have the lock, check the file size ready to read it */ - sz = lseek(fd, 0, SEEK_END); -+ if (sz < 0) { -+ xlog_warn("conf_readfile: unable to determine file size: %s", -+ strerror(errno)); -+ goto fail; -+ } - lseek(fd, 0, SEEK_SET); - - new_conf_addr = malloc(sz+1); -@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg, - ret = 0; - - cleanup: -+ flush_outqueue(&inqueue, NULL); - flush_outqueue(&outqueue, NULL); - - if (buff) -diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c -index e811703..f5f9b10 100644 ---- a/utils/blkmapd/device-discovery.c -+++ b/utils/blkmapd/device-discovery.c -@@ -26,6 +26,10 @@ - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include - #include - #include -@@ -51,10 +55,6 @@ - #include - #include - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "device-discovery.h" - #include "xcommon.h" - #include "nfslib.h" -diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c -index 62e37b8..267acea 100644 ---- a/utils/idmapd/idmapd.c -+++ b/utils/idmapd/idmapd.c -@@ -34,6 +34,10 @@ - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include - #include - #include -@@ -62,10 +66,6 @@ - #include - #include - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "xlog.h" - #include "conffile.h" - #include "queue.h" --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index fcb0e99b33..bd350144e3 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -28,10 +28,10 @@ Rebase it. Signed-off-by: Robert Yang --- support/misc/Makefile.am | 2 +- - support/misc/file.c | 111 --------------------------------------------------------------------------------------------------------------- + support/misc/file.c | 115 --------------------------------------------------------------------------------------------------------------- support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ support/nsm/Makefile.am | 2 +- - 4 files changed, 113 insertions(+), 113 deletions(-) + 4 files changed, 113 insertions(+), 117 deletions(-) diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am index f9993e3..8b0e9db 100644 @@ -48,10 +48,10 @@ index f9993e3..8b0e9db 100644 MAINTAINERCLEANFILES = Makefile.in diff --git a/support/misc/file.c b/support/misc/file.c deleted file mode 100644 -index e7c3819..0000000 +index 06f6bb2..0000000 --- a/support/misc/file.c +++ /dev/null -@@ -1,111 +0,0 @@ +@@ -1,115 +0,0 @@ -/* - * Copyright 2009 Oracle. All rights reserved. - * Copyright 2017 Red Hat, Inc. All rights reserved. @@ -72,6 +72,10 @@ index e7c3819..0000000 - * along with nfs-utils. If not, see . - */ - +-#ifdef HAVE_CONFIG_H +-#include +-#endif +- -#include - -#include diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch deleted file mode 100644 index d14f0789ff..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001 -From: Mingli Yu -Date: Mon, 17 Dec 2018 15:29:47 +0800 -Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes - -There comes below error when run "make -C tests/nsm_client nsm_client" -| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes] - -It is because rpcgen doesn't generate -Wmissing-prototypes -free code for nlm_sm_inter_svc.c with below logic -in tests/nsm_client/Makefile.am -[snip] -GENFILES_SVC = nlm_sm_inter_svc.c -[snip] -$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN) - test -f $@ && rm -rf $@ || true - $(RPCGEN) -m -o $@ $< - -So add the logic not to fatalize -Wmissing-prototypes. - -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2] - -Signed-off-by: Mingli Yu ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..aebff01 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,7 +582,7 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -+ -Wmissing-prototypes \ - -Werror=missing-declarations \ - -Werror=format=2 \ - -Werror=undef \ diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch deleted file mode 100644 index 1d693e4142..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch +++ /dev/null @@ -1,183 +0,0 @@ -Clang comes up with more printf format warnings -Correcting “format string is not a string literal” warning -requires us to declare that parameter is a printf style -format using the attribute flag - -Upstream-Status: Pending - -Signed-off-by: Khem Raj - -Index: nfs-utils-2.3.3/support/include/xcommon.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xcommon.h -+++ nfs-utils-2.3.3/support/include/xcommon.h -@@ -27,7 +27,7 @@ - - /* Functions in sundries.c that are used in mount.c and umount.c */ - char *canonicalize (const char *path); --void nfs_error (const char *fmt, ...); -+void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); - void *xmalloc (size_t size); - void *xrealloc(void *p, size_t size); - void xfree(void *); -@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n); - char *xstrconcat2 (const char *, const char *); - char *xstrconcat3 (const char *, const char *, const char *); - char *xstrconcat4 (const char *, const char *, const char *, const char *); --void die (int errcode, const char *fmt, ...); -+void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - --extern void die(int err, const char *fmt, ...); -+extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - extern void (*at_die)(void); - - /* exit status - bits below are ORed */ -Index: nfs-utils-2.3.3/support/include/xlog.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xlog.h -+++ nfs-utils-2.3.3/support/include/xlog.h -@@ -43,10 +43,10 @@ void xlog_config(int fac, int on); - void xlog_sconfig(char *, int on); - void xlog_from_conffile(char *); - int xlog_enabled(int fac); --void xlog(int fac, const char *fmt, ...); --void xlog_warn(const char *fmt, ...); --void xlog_err(const char *fmt, ...); --void xlog_errno(int err, const char *fmt, ...); --void xlog_backend(int fac, const char *fmt, va_list args); -+void xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0))); - - #endif /* XLOG_H */ -Index: nfs-utils-2.3.3/support/nfs/xcommon.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/xcommon.c -+++ nfs-utils-2.3.3/support/nfs/xcommon.c -@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) { - - fmt2 = xstrconcat2 (fmt, "\n"); - va_start (args, fmt); -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wformat-nonliteral" - vfprintf (stderr, fmt2, args); -+#pragma clang diagnostic pop - va_end (args); - free (fmt2); - } -Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c -+++ nfs-utils-2.3.3/utils/exportfs/exportfs.c -@@ -644,6 +644,7 @@ out: - return result; - } - -+__attribute__((__format__ (__printf__, 2, 3))) - static char - dumpopt(char c, char *fmt, ...) - { -Index: nfs-utils-2.3.3/utils/statd/statd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/statd.c -+++ nfs-utils-2.3.3/utils/statd/statd.c -@@ -136,7 +136,7 @@ static void log_modes(void) - strcat(buf, "TI-RPC "); - #endif - -- xlog_warn(buf); -+ xlog_warn("%s", buf); - } - - /* -Index: nfs-utils-2.3.3/support/nfs/svc_create.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/svc_create.c -+++ nfs-utils-2.3.3/support/nfs/svc_create.c -@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s - type = SOCK_STREAM; - break; - default: -- xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u", -+ xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu", - __func__, nconf->nc_semantics); - return -1; - } -Index: nfs-utils-2.3.3/support/nsm/rpc.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nsm/rpc.c -+++ nfs-utils-2.3.3/support/nsm/rpc.c -@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s - uint32_t xid; - XDR xdr; - -- xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version); -+ xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version); - - nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr); - xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS, -Index: nfs-utils-2.3.3/utils/mountd/cache.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/cache.c -+++ nfs-utils-2.3.3/utils/mountd/cache.c -@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str - } else if (found_type == i && found->m_warned == 0) { - xlog(L_WARNING, "%s exported to both %s and %s, " - "arbitrarily choosing options from first", -- path, found->m_client->m_hostname, exp->m_client->m_hostname, -- dom); -+ path, found->m_client->m_hostname, exp->m_client->m_hostname); - found->m_warned = 1; - } - } -Index: nfs-utils-2.3.3/utils/mountd/mountd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/mountd.c -+++ nfs-utils-2.3.3/utils/mountd/mountd.c -@@ -213,7 +213,7 @@ static void - sig_hup (int sig) - { - /* don't exit on SIGHUP */ -- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig); -+ xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig); - return; - } - -Index: nfs-utils-2.3.3/utils/statd/rmtcall.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c -+++ nfs-utils-2.3.3/utils/statd/rmtcall.c -@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds) - xlog_warn("%s: service %d not registered on localhost", - __func__, NL_MY_PROG(lp)); - } else { -- xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded", -+ xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded", - __func__, NL_MY_NAME(lp), NL_MON_NAME(lp)); - } - nlist_free(¬ify, lp); -Index: nfs-utils-2.3.3/utils/statd/svc_run.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/svc_run.c -+++ nfs-utils-2.3.3/utils/statd/svc_run.c -@@ -53,6 +53,7 @@ - - #include - #include -+#include - #include "statd.h" - #include "notlist.h" - -@@ -104,8 +105,8 @@ my_svc_run(int sockfd) - - tv.tv_sec = NL_WHEN(notify) - now; - tv.tv_usec = 0; -- xlog(D_GENERAL, "Waiting for reply... (timeo %d)", -- tv.tv_sec); -+ xlog(D_GENERAL, "Waiting for reply... (timeo %jd)", -+ (intmax_t)tv.tv_sec); - selret = select(FD_SETSIZE, &readfds, - (void *) 0, (void *) 0, &tv); - } else { diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch new file mode 100644 index 0000000000..20400fef67 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch @@ -0,0 +1,61 @@ +Detect warning options during configure + +Certain options maybe compiler specific therefore its better +to detect them before use. + +nfs_error copies the format string and appends newline to it +but compiler can forget that it was format string since its not +same fmt string that was passed. Ignore the warning + +Wdiscarded-qualifiers is gcc specific and this is no longer needed + +Upstream-Status: Pending +Signed-off-by: Khem Raj + +--- a/configure.ac ++++ b/configure.ac +@@ -599,7 +599,6 @@ my_am_cflags="\ + -Werror=parentheses \ + -Werror=aggregate-return \ + -Werror=unused-result \ +- -Wno-cast-function-type \ + -fno-strict-aliasing \ + " + +@@ -619,9 +618,10 @@ CHECK_CCSUPPORT([-Werror=format-overflow + CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) + CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) + CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) ++CHECK_CCSUPPORT([-Wno-cast-function-type], [flg5]) + AX_GCC_FUNC_ATTRIBUTE([format]) + +-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) ++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4 $flg5"]) + + # Make sure that $ACLOCAL_FLAGS are used during a rebuild + AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) +--- a/support/nfs/xcommon.c ++++ b/support/nfs/xcommon.c +@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) { + + fmt2 = xstrconcat2 (fmt, "\n"); + va_start (args, fmt); ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-nonliteral" + vfprintf (stderr, fmt2, args); ++#pragma GCC diagnostic pop + va_end (args); + free (fmt2); + } +--- a/utils/mount/stropts.c ++++ b/utils/mount/stropts.c +@@ -1094,9 +1094,7 @@ static int nfsmount_fg(struct nfsmount_i + if (nfs_try_mount(mi)) + return EX_SUCCESS; + +-#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers" + if (errno == EBUSY && is_mountpoint(mi->node)) { +-#pragma GCC diagnostic warning "-Wdiscarded-qualifiers" + /* + * EBUSY can happen when mounting a filesystem that + * is already mounted or when the context= are diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch deleted file mode 100644 index 921f5edc82..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch +++ /dev/null @@ -1,46 +0,0 @@ -From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001 -From: Robert Yang -Date: Tue, 26 Jun 2018 15:59:00 +0800 -Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1 - -Fixed: -configure: error: res_querydomain needed - -Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch] - -Signed-off-by: Robert Yang - ---- - configure.ac | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..dcadb23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,10 +582,10 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -- -Werror=missing-declarations \ -+ -Wmissing-prototypes \ -+ -Wmissing-declarations \ - -Werror=format=2 \ -- -Werror=undef \ -+ -Wundef \ - -Werror=missing-include-dirs \ - -Werror=strict-aliasing=2 \ - -Werror=init-self \ -@@ -614,10 +614,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [ - - CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1]) - CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) --CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) - CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) - --AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) -+AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"]) - - # Make sure that $ACLOCAL_FLAGS are used during a rebuild - AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb deleted file mode 100644 index eb32bccb57..0000000000 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ /dev/null @@ -1,152 +0,0 @@ -SUMMARY = "userspace utilities for kernel nfs" -DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ -NFS server and related tools." -HOMEPAGE = "http://nfs.sourceforge.net/" -SECTION = "console/network" - -LICENSE = "MIT & GPLv2+ & BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" - -# util-linux for libblkid -DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client" -RRECOMMENDS_${PN} = "kernel-module-nfsd" - -inherit useradd - -USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ - --shell /bin/false --user-group rpcuser" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ - file://nfsserver \ - file://nfscommon \ - file://nfs-utils.conf \ - file://nfs-server.service \ - file://nfs-mountd.service \ - file://nfs-statd.service \ - file://proc-fs-nfsd.mount \ - file://nfs-utils-debianize-start-statd.patch \ - file://bugfix-adjust-statd-service-name.patch \ - file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \ - file://clang-format-string.patch \ - file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ - file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ - file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ -" -SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" -SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" - -SRC_URI[md5sum] = "161efe469ec1b06f1c750bd87f8ba6dd" -SRC_URI[sha256sum] = "85274ada94479b1beba9f8eeffd19f477c53a6710b9998d1192c807854087736" - -# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will -# pull in the remainder of the dependencies. - -INITSCRIPT_PACKAGES = "${PN} ${PN}-client" -INITSCRIPT_NAME = "nfsserver" -INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" - -inherit autotools-brokensep update-rc.d systemd pkgconfig - -SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" - -# --enable-uuid is need for cross-compiling -EXTRA_OECONF = "--with-statduser=rpcuser \ - --enable-mountconfig \ - --enable-libmount-mount \ - --enable-uuid \ - --disable-gss \ - --disable-nfsdcltrack \ - --with-statdpath=/var/lib/nfs/statd \ - " - -CFLAGS += "-Wno-error=format-overflow" - -PACKAGECONFIG ??= "tcp-wrappers \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" -PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -# libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" -# keyutils is available in meta-security -PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" - -PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" - -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ - ${localstatedir}/lib/nfs/rmtab \ - ${localstatedir}/lib/nfs/xtab \ - ${localstatedir}/lib/nfs/statd/state \ - ${sysconfdir}/nfsmount.conf" - -FILES_${PN}-client = "${sbindir}/*statd \ - ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ - ${sbindir}/showmount ${sbindir}/nfsstat \ - ${localstatedir}/lib/nfs \ - ${sysconfdir}/nfs-utils.conf \ - ${sysconfdir}/nfsmount.conf \ - ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" - -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" - -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" -RDEPENDS_${PN}-stats = "python3-core" - -FILES_${PN} += "${systemd_unitdir}" - -do_configure_prepend() { - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/mount/Makefile.am -} - -# Make clean needed because the package comes with -# precompiled 64-bit objects that break the build -do_compile_prepend() { - make clean -} - -# Works on systemd only -HIGH_RLIMIT_NOFILE ??= "4096" - -do_install_append () { - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver - install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon - - install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} - install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ - ${D}${systemd_unitdir}/system/*.service - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount - fi - - # kernel code as of 3.8 hard-codes this path as a default - install -d ${D}/var/lib/nfs/v4recovery - - # chown the directories and files - chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd - chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state - - # Make python tools use python 3 - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat - -} diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb new file mode 100644 index 0000000000..9bdb6f4ae4 --- /dev/null +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.3.bb @@ -0,0 +1,147 @@ +SUMMARY = "userspace utilities for kernel nfs" +DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ +NFS server and related tools." +HOMEPAGE = "http://nfs.sourceforge.net/" +SECTION = "console/network" + +LICENSE = "MIT & GPLv2+ & BSD" +LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" + +# util-linux for libblkid +DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" +RDEPENDS_${PN} = "${PN}-client" +RRECOMMENDS_${PN} = "kernel-module-nfsd" + +inherit useradd + +USERADD_PACKAGES = "${PN}-client" +USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ + --shell /bin/false --user-group rpcuser" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ + file://nfsserver \ + file://nfscommon \ + file://nfs-utils.conf \ + file://nfs-server.service \ + file://nfs-mountd.service \ + file://nfs-statd.service \ + file://proc-fs-nfsd.mount \ + file://nfs-utils-debianize-start-statd.patch \ + file://bugfix-adjust-statd-service-name.patch \ + file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \ + file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ + file://clang-warnings.patch \ + " +SRC_URI[md5sum] = "06020c76f531ed97f3145514901e0e7c" +SRC_URI[sha256sum] = "af65fce5dd8370cff9ead67baac5a6cd69c376dcadfef264dc2c78c904f26599" + +# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will +# pull in the remainder of the dependencies. + +INITSCRIPT_PACKAGES = "${PN} ${PN}-client" +INITSCRIPT_NAME = "nfsserver" +INITSCRIPT_PARAMS = "defaults" +INITSCRIPT_NAME_${PN}-client = "nfscommon" +INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" + +inherit autotools-brokensep update-rc.d systemd pkgconfig + +SYSTEMD_PACKAGES = "${PN} ${PN}-client" +SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" + +# --enable-uuid is need for cross-compiling +EXTRA_OECONF = "--with-statduser=rpcuser \ + --enable-mountconfig \ + --enable-libmount-mount \ + --enable-uuid \ + --disable-gss \ + --disable-nfsdcltrack \ + --with-statdpath=/var/lib/nfs/statd \ + " + +PACKAGECONFIG ??= "tcp-wrappers \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +# libdevmapper is available in meta-oe +PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" +# keyutils is available in meta-oe +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" + +PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" + +CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ + ${localstatedir}/lib/nfs/rmtab \ + ${localstatedir}/lib/nfs/xtab \ + ${localstatedir}/lib/nfs/statd/state \ + ${sysconfdir}/nfsmount.conf" + +FILES_${PN}-client = "${sbindir}/*statd \ + ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ + ${sbindir}/showmount ${sbindir}/nfsstat \ + ${localstatedir}/lib/nfs \ + ${sysconfdir}/nfs-utils.conf \ + ${sysconfdir}/nfsmount.conf \ + ${sysconfdir}/init.d/nfscommon \ + ${systemd_unitdir}/system/nfs-statd.service" +RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + +FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" + +FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" +RDEPENDS_${PN}-stats = "python3-core" + +FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" + +FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" + +do_configure_prepend() { + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/mount/Makefile.am +} + +# Make clean needed because the package comes with +# precompiled 64-bit objects that break the build +do_compile_prepend() { + make clean +} + +# Works on systemd only +HIGH_RLIMIT_NOFILE ??= "4096" + +do_install_append () { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver + install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon + + install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} + install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ + ${D}${systemd_unitdir}/system/*.service + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + fi + + # kernel code as of 3.8 hard-codes this path as a default + install -d ${D}/var/lib/nfs/v4recovery + + # chown the directories and files + chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd + chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state + + # Make python tools use python 3 + sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat + +} diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch deleted file mode 100644 index 3265be3485..0000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2014fad3d28090b59d2f8a0971166c06e5fa6da6 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Fri, 18 Oct 2019 14:56:58 +0800 -Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing. - -Reported by Adam Zabrocki via SecuriTeam's SSH program. - -Note that this code is experimental and not compiled by default. - -ok markus@ - -OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 - -Signed-off-by: "djm@openbsd.org" - -Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a] -CVE: CVE-2019-16905 - -Signed-off-by: Hongxu Jia ---- - sshkey-xmss.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/sshkey-xmss.c b/sshkey-xmss.c -index aaae702..c57681a 100644 ---- a/sshkey-xmss.c -+++ b/sshkey-xmss.c -@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, - goto out; - } - /* check that an appropriate amount of auth data is present */ -- if (sshbuf_len(encoded) < encrypted_len + authlen) { -+ if (sshbuf_len(encoded) < authlen || -+ sshbuf_len(encoded) - authlen < encrypted_len) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } --- -2.7.4 - diff --git a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest index daf62cca5b..ae03e929b2 100755 --- a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -1,6 +1,7 @@ #!/bin/sh export TEST_SHELL=sh +export SKIP_UNIT=1 cd regress sed -i "/\t\tagent-ptrace /d" Makefile diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket index 12c39b26b5..8d76d62309 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,5 +1,6 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service index 9d83dfb2bb..422450c7a1 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,13 +1,11 @@ [Unit] Description=OpenSSH Per-Connection Daemon -Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] Environment="SSHD_OPTS=" EnvironmentFile=-/etc/default/ssh ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket StandardError=syslog KillMode=process diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb deleted file mode 100644 index 2ffbc9a95f..0000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb +++ /dev/null @@ -1,165 +0,0 @@ -SUMMARY = "A suite of security-related network utilities based on \ -the SSH protocol including the ssh client and sshd server" -DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ -Ssh (Secure Shell) is a program for logging into a remote machine \ -and for executing commands on a remote machine." -HOMEPAGE = "http://www.openssh.com/" -SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" - -DEPENDS = "zlib openssl virtual/crypt" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ - file://sshd_config \ - file://ssh_config \ - file://init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://sshd.socket \ - file://sshd@.service \ - file://sshdgenkeys.service \ - file://volatiles.99_sshd \ - file://run-ptest \ - file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ - file://sshd_check_keys \ - file://add-test-support-for-busybox.patch \ - file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ - " -SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" -SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" - -PAM_SRC_URI = "file://sshd" - -inherit useradd update-rc.d update-alternatives systemd - -USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" -INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" - -inherit autotools-brokensep ptest - -EXTRA_AUTORECONF += "--exclude=aclocal" - -# login path is hardcoded in sshd -EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - --without-zlib-version-check \ - --with-privsep-path=${localstatedir}/run/sshd \ - --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=${bindir}/xauth \ - --disable-strip \ - " - -# musl doesn't implement wtmp/utmp -EXTRA_OECONF_append_libc-musl = " --disable-wtmp" - -# Since we do not depend on libbsd, we do not want configure to use it -# just because it finds libutil.h. But, specifying --disable-libutil -# causes compile errors, so... -CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" - -# passwd path is hardcoded in sshd -CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" - -# We don't want to depend on libblockfile -CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" - -do_configure_prepend () { - export LD="${CC}" - install -m 0644 ${WORKDIR}/sshd_config ${B}/ - install -m 0644 ${WORKDIR}/ssh_config ${B}/ -} - -do_compile_ptest() { - # skip regress/unittests/ binaries: this will silently skip - # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ - regress/check-perm regress/mkdtemp -} - -do_install_append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd - rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin - rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} - install -d ${D}/${sysconfdir}/default/volatiles - install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} - - # Create config files for read-only rootfs - install -d ${D}${sysconfdir}/ssh - install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service - - sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${sysconfdir}/init.d/sshd - - install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys -} - -do_install_ptest () { - sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh - cp -r regress ${D}${PTEST_PATH} -} - -ALLOW_EMPTY_${PN} = "1" - -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" -# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" - -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" - -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" - -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" - -ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" - -BBCLASSEXTEND += "nativesdk" diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb new file mode 100644 index 0000000000..d879efc201 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -0,0 +1,170 @@ +SUMMARY = "A suite of security-related network utilities based on \ +the SSH protocol including the ssh client and sshd server" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine." +HOMEPAGE = "http://www.openssh.com/" +SECTION = "console/network" +LICENSE = "BSD & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" + +DEPENDS = "zlib openssl virtual/crypt" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://sshd_config \ + file://ssh_config \ + file://init \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.socket \ + file://sshd@.service \ + file://sshdgenkeys.service \ + file://volatiles.99_sshd \ + file://run-ptest \ + file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://sshd_check_keys \ + file://add-test-support-for-busybox.patch \ + " +SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" +SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" + +PAM_SRC_URI = "file://sshd" + +inherit manpages useradd update-rc.d update-alternatives systemd + +USERADD_PACKAGES = "${PN}-sshd" +USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +INITSCRIPT_PACKAGES = "${PN}-sshd" +INITSCRIPT_NAME_${PN}-sshd = "sshd" +INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}-sshd" +SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" + +inherit autotools-brokensep ptest + +PACKAGECONFIG ??= "" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" + +EXTRA_AUTORECONF += "--exclude=aclocal" + +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + --without-zlib-version-check \ + --with-privsep-path=${localstatedir}/run/sshd \ + --sysconfdir=${sysconfdir}/ssh \ + --with-xauth=${bindir}/xauth \ + --disable-strip \ + " + +# musl doesn't implement wtmp/utmp +EXTRA_OECONF_append_libc-musl = " --disable-wtmp" + +# Since we do not depend on libbsd, we do not want configure to use it +# just because it finds libutil.h. But, specifying --disable-libutil +# causes compile errors, so... +CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" + +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + +# We don't want to depend on libblockfile +CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" + +do_configure_prepend () { + export LD="${CC}" + install -m 0644 ${WORKDIR}/sshd_config ${B}/ + install -m 0644 ${WORKDIR}/ssh_config ${B}/ +} + +do_compile_ptest() { + # skip regress/unittests/ binaries: this will silently skip + # unittests in run-ptests which is good because they are so slow. + oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ + regress/check-perm regress/mkdtemp +} + +do_install_append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd + rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin + rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} + install -d ${D}/${sysconfdir}/default/volatiles + install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd + install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} + + # Create config files for read-only rootfs + install -d ${D}${sysconfdir}/ssh + install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly + sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + + install -d ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + + sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${sysconfdir}/init.d/sshd + + install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys +} + +do_install_ptest () { + sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh + cp -r regress ${D}${PTEST_PATH} +} + +ALLOW_EMPTY_${PN} = "1" + +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" +FILES_${PN}-scp = "${bindir}/scp.${BPN}" +FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" +FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES_${PN}-sftp = "${bindir}/sftp" +FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES_${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" +# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies +RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" + +RPROVIDES_${PN}-ssh = "ssh" +RPROVIDES_${PN}-sshd = "sshd" + +RCONFLICTS_${PN} = "dropbear" +RCONFLICTS_${PN}-sshd = "dropbear" + +CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" + +ALTERNATIVE_PRIORITY = "90" +ALTERNATIVE_${PN}-scp = "scp" +ALTERNATIVE_${PN}-ssh = "ssh" + +BBCLASSEXTEND += "nativesdk" diff --git a/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch new file mode 100644 index 0000000000..a24260c95d --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/reproducible.patch @@ -0,0 +1,32 @@ +The value for perl_archname can vary depending on the host, e.g. +x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which +makes the ptest package non-reproducible. Its unused other than +these references so drop it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie + +Index: openssl-1.1.1d/Configure +=================================================================== +--- openssl-1.1.1d.orig/Configure ++++ openssl-1.1.1d/Configure +@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) + # Save away perl command information + $config{perl_cmd} = $^X; + $config{perl_version} = $Config{version}; +-$config{perl_archname} = $Config{archname}; ++#$config{perl_archname} = $Config{archname}; + + $config{prefix}=""; + $config{openssldir}=""; +@@ -2517,7 +2517,7 @@ _____ + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; +- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; ++ print ' ',$config{perl_version},"\n"; + } + if ($dump || $options) { + my $longest = 0; diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb deleted file mode 100644 index 8819e19ec4..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ /dev/null @@ -1,204 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" - -inherit lib_package multilib_header multilib_script ptest -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target - perl ${B}/configdata.pm --dump -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb new file mode 100644 index 0000000000..3fa2b41fb9 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb @@ -0,0 +1,211 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-skip-test_symbol_presence.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://reproducible.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35" + +inherit lib_package multilib_header multilib_script ptest +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-1.1 +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch new file mode 100644 index 0000000000..b7ba7ba643 --- /dev/null +++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch @@ -0,0 +1,47 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel +Signed-off-by: Paul Mackerras + +Upstream-Status: Backport +[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] + +CVE: CVE-2020-8597 + +Signed-off-by: Yi Zhao +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +-- +2.17.1 + diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb deleted file mode 100644 index 8550177288..0000000000 --- a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb +++ /dev/null @@ -1,67 +0,0 @@ -SUMMARY = "name server information handler" -DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \ -information about currently available nameservers. It sets \ -itself up as the intermediary between programs that supply \ -nameserver information and programs that need nameserver \ -information." -SECTION = "console/network" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" -AUTHOR = "Thomas Hood" -HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS_${PN} = "bash" - -SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \ - file://fix-path-for-busybox.patch \ - file://99_resolvconf \ - " - -SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300" -SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0" - -# the package is taken from snapshots.debian.org; that source is static and goes stale -# so we check the latest upstream from a directory that does get updated -UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" - -inherit allarch - -do_compile () { - : -} - -do_install () { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/${BPN}/interface - - - -" \ - > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf - fi - install -d ${D}${base_libdir}/${BPN} - install -d ${D}${sysconfdir}/${BPN} - ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run - install -d ${D}${sysconfdir} ${D}${base_sbindir} - install -d ${D}${mandir}/man8 ${D}${docdir}/${P} - cp -pPR etc/* ${D}${sysconfdir}/ - chown -R root:root ${D}${sysconfdir}/ - install -m 0755 bin/resolvconf ${D}${base_sbindir}/ - install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} - install -d ${D}/${sysconfdir}/network/if-up.d - install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf - install -d ${D}/${sysconfdir}/network/if-down.d - install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf - install -m 0644 README ${D}${docdir}/${P}/ - install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ -} - -pkg_postinst_${PN} () { - if [ -z "$D" ]; then - if command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf - elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - fi -} - -FILES_${PN} += "${base_libdir}/${BPN}" diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb new file mode 100644 index 0000000000..67959576e8 --- /dev/null +++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb @@ -0,0 +1,68 @@ +SUMMARY = "name server information handler" +DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \ +information about currently available nameservers. It sets \ +itself up as the intermediary between programs that supply \ +nameserver information and programs that need nameserver \ +information." +SECTION = "console/network" +LICENSE = "GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" +AUTHOR = "Thomas Hood" +HOMEPAGE = "http://packages.debian.org/resolvconf" +RDEPENDS_${PN} = "bash" + +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ + file://fix-path-for-busybox.patch \ + file://99_resolvconf \ + " + +SRCREV = "cb19bbfbe7e52174332f68bf2f295b39d119fad3" + +S = "${WORKDIR}/git" + +# the package is taken from snapshots.debian.org; that source is static and goes stale +# so we check the latest upstream from a directory that does get updated +UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" + +inherit allarch + +do_compile () { + : +} + +do_install () { + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/${BPN}/interface - - - -" \ + > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf + fi + install -d ${D}${base_libdir}/${BPN} + install -d ${D}${sysconfdir}/${BPN} + ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run + install -d ${D}${sysconfdir} ${D}${base_sbindir} + install -d ${D}${mandir}/man8 ${D}${docdir}/${P} + cp -pPR etc/* ${D}${sysconfdir}/ + chown -R root:root ${D}${sysconfdir}/ + install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} + install -d ${D}/${sysconfdir}/network/if-up.d + install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf + install -d ${D}/${sysconfdir}/network/if-down.d + install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf + install -m 0644 README ${D}${docdir}/${P}/ + install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ +} + +pkg_postinst_${PN} () { + if [ -z "$D" ]; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} + +FILES_${PN} += "${base_libdir}/${BPN}" diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb deleted file mode 100644 index 1dbbe5cd55..0000000000 --- a/poky/meta/recipes-connectivity/socat/socat_1.7.3.3.bb +++ /dev/null @@ -1,52 +0,0 @@ -SUMMARY = "Multipurpose relay for bidirectional data transfer" -DESCRIPTION = "Socat is a relay for bidirectional data \ -transfer between two independent data channels." -HOMEPAGE = "http://www.dest-unreach.org/socat/" - -SECTION = "console/network" - -DEPENDS = "openssl" - -LICENSE = "GPL-2.0-with-OpenSSL-exception" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" - -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ -" - -SRC_URI[md5sum] = "b2a032a47b8b89a18485697fa975154f" -SRC_URI[sha256sum] = "0dd63ffe498168a4aac41d307594c5076ff307aa0ac04b141f8f1cec6594d04a" - -inherit autotools - -EXTRA_AUTORECONF += "--exclude=autoheader" - -EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ - ac_cv_header_bsd_libutil_h=no \ - sc_cv_termios_ispeed=no \ - ${TERMBITS_SHIFTS} \ -" - -TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ - sc_cv_sys_tabdly_shift=11 \ - sc_cv_sys_csize_shift=4" - -TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ - sc_cv_sys_tabdly_shift=10 \ - sc_cv_sys_csize_shift=8" - -TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ - sc_cv_sys_tabdly_shift=10 \ - sc_cv_sys_csize_shift=8" - -PACKAGECONFIG_class-target ??= "tcp-wrappers readline" -PACKAGECONFIG ??= "readline" -PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" -PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" - -do_install_prepend () { - mkdir -p ${D}${bindir} - install -d ${D}${bindir} ${D}${mandir}/man1 -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb new file mode 100644 index 0000000000..9b0d4071ac --- /dev/null +++ b/poky/meta/recipes-connectivity/socat/socat_1.7.3.4.bb @@ -0,0 +1,54 @@ +SUMMARY = "Multipurpose relay for bidirectional data transfer" +DESCRIPTION = "Socat is a relay for bidirectional data \ +transfer between two independent data channels." +HOMEPAGE = "http://www.dest-unreach.org/socat/" + +SECTION = "console/network" + +DEPENDS = "openssl" + +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" + +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ +" + +SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9" +SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc" + +inherit autotools + +EXTRA_AUTORECONF += "--exclude=autoheader" + +EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ + ac_cv_header_bsd_libutil_h=no \ + sc_cv_termios_ispeed=no \ + ${TERMBITS_SHIFTS} \ +" + +TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ + sc_cv_sys_tabdly_shift=11 \ + sc_cv_sys_csize_shift=4" + +TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + +TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + +PACKAGECONFIG_class-target ??= "tcp-wrappers readline" +PACKAGECONFIG ??= "readline" +PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" +PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" + +CFLAGS += "-fcommon" + +do_install_prepend () { + mkdir -p ${D}${bindir} + install -d ${D}${bindir} ${D}${mandir}/man1 +} + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3