reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc
index 1184684..8339e45 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi.inc
+++ b/poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -19,7 +19,9 @@
file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+ file://fix-CVE-2017-6519.patch \
+ "
UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
diff --git a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
new file mode 100644
index 0000000..7461fe1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
+
+CVE: CVE-2017-6519
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-1000845
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+
+ if (avahi_dns_packet_is_query(p)) {
+ int legacy_unicast = 0;
++ char t[AVAHI_ADDRESS_STR_MAX];
+
+ /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+ * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ legacy_unicast = 1;
+ }
+
++ if (!is_mdns_mcast_address(dst_address) &&
++ !avahi_interface_address_on_link(i, src_address)) {
++
++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++ return;
++ }
++
+ if (legacy_unicast)
+ reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
deleted file mode 100644
index 1e23c0f..0000000
--- a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-xml2-config is disabled, so change the configure script to use pkgconfig to find
-libxml2.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Update context for version 9.10.3-P2.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-Update context for version 9.10.5-P3.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
- configure.in | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 4da73a4..6f2a754 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2282,26 +2282,9 @@ case "$use_libxml2" in
- DST_LIBXML2_INC=""
- ;;
- auto|yes)
-- case X`(xml2-config --version) 2>/dev/null` in
-- X2.[[6789]].*)
-- libxml2_libs=`xml2-config --libs`
-- libxml2_cflags=`xml2-config --cflags`
-- ;;
-- *)
-- if test "yes" = "$use_libxml2" ; then
-- AC_MSG_RESULT(no)
-- AC_MSG_ERROR(required libxml2 version not available)
-- else
-- libxml2_libs=
-- libxml2_cflags=
-- fi
-- ;;
-- esac
-- ;;
-- *)
-- if test -f "$use_libxml2/bin/xml2-config" ; then
-- libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
-- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
-+ if pkg-config --exists libxml-2.0 ; then
-+ libxml2_libs=`pkg-config libxml-2.0 --libs`
-+ libxml2_cflags=`pkg-config libxml-2.0 --cflags`
- fi
- ;;
- esac
---
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
deleted file mode 100644
index 7a2ba7e..0000000
--- a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
-
-CVE: CVE-2018-5740
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-diff --git a/CHANGES b/CHANGES
-index 750b600..3d8d655 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,9 @@
-+ --- 9.11.4-P1 released ---
-+
-+4997. [security] named could crash during recursive processing
-+ of DNAME records when "deny-answer-aliases" was
-+ in use. (CVE-2018-5740) [GL #387]
-+
- --- 9.11.4 released ---
-
- --- 9.11.4rc2 released ---
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 8f674a2..41d1385 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- unsigned int nlabels;
- dns_fixedname_t fixed;
- dns_name_t prefix;
-+ int order;
-
- REQUIRE(rdataset != NULL);
- REQUIRE(rdataset->type == dns_rdatatype_cname ||
-@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- tname = &cname.cname;
- break;
- case dns_rdatatype_dname:
-+ if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
-+ dns_namereln_subdomain)
-+ {
-+ return (ISC_TRUE);
-+ }
- result = dns_rdata_tostruct(&rdata, &dname, NULL);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- dns_name_init(&prefix, NULL);
- tname = dns_fixedname_initname(&fixed);
-- nlabels = dns_name_countlabels(qname) -
-- dns_name_countlabels(rname);
-+ nlabels = dns_name_countlabels(rname);
- dns_name_split(qname, nlabels, &prefix, NULL);
- result = dns_name_concatenate(&prefix, &dname.dname, tname,
- NULL);
-- if (result == DNS_R_NAMETOOLONG)
-+ if (result == DNS_R_NAMETOOLONG) {
-+ if (chainingp != NULL) {
-+ *chainingp = ISC_TRUE;
-+ }
- return (ISC_TRUE);
-+ }
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
- break;
- default:
-@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
- }
- if ((ardataset->type == dns_rdatatype_cname ||
- ardataset->type == dns_rdatatype_dname) &&
-- !is_answertarget_allowed(fctx, qname, aname, ardataset,
-+ type != ardataset->type &&
-+ type != dns_rdatatype_any &&
-+ !is_answertarget_allowed(fctx, qname, aname, ardataset,
- NULL))
- {
- return (DNS_R_SERVFAIL);
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb
similarity index 93%
rename from poky/meta/recipes-connectivity/bind/bind_9.11.4.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.11.5.bb
index cb4a21a..6767279 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb
@@ -20,14 +20,14 @@
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
- file://CVE-2018-5740.patch \
"
-SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"
-SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617"
+SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157"
+SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
@@ -73,8 +73,6 @@
do_install_append() {
- rm "${D}${bindir}/nslookup"
- rm "${D}${mandir}/man1/nslookup.1"
rmdir "${D}${localstatedir}/run"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
install -d -o bind "${D}${localstatedir}/cache/bind"
@@ -118,8 +116,12 @@
${sysconfdir}/bind/db.root \
"
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
FILES_${PN}-dev += "${bindir}/isc-config.h"
FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index edb44b2..aaf2af9 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -41,7 +41,7 @@
PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
SRC_URI = "\
@@ -53,6 +53,7 @@
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
+ file://CVE-2018-10910.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
new file mode 100644
index 0000000..b4b1846
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
@@ -0,0 +1,705 @@
+A bug in Bluez may allow for the Bluetooth Discoverable state being set to on
+when no Bluetooth agent is registered with the system. This situation could
+lead to the unauthorized pairing of certain Bluetooth devices without any
+form of authentication.
+
+CVE: CVE-2018-10910
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:32
+Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable-timeout command which can be used to get/set
+DiscoverableTimeout property:
+
+[bluetooth]# discoverable-timeout 180
+Changing discoverable-timeout 180 succeeded
+---
+ client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 87323d8f7..59820c6d9 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[])
+ return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
+
++static void cmd_discoverable_timeout(int argc, char *argv[])
++{
++ uint32_t value;
++ char *endptr = NULL;
++ char *str;
++
++ if (argc < 2) {
++ DBusMessageIter iter;
++
++ if (!g_dbus_proxy_get_property(default_ctrl->proxy,
++ "DiscoverableTimeout", &iter)) {
++ bt_shell_printf("Unable to get DiscoverableTimeout\n");
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ dbus_message_iter_get_basic(&iter, &value);
++
++ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value);
++
++ return;
++ }
++
++ value = strtol(argv[1], &endptr, 0);
++ if (!endptr || *endptr != '\0' || value > UINT32_MAX) {
++ bt_shell_printf("Invalid argument\n");
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ str = g_strdup_printf("discoverable-timeout %d", value);
++
++ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy,
++ "DiscoverableTimeout",
++ DBUS_TYPE_UINT32, &value,
++ generic_callback, str, g_free))
++ return;
++
++ g_free(str);
++
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++}
++
+ static void cmd_agent(int argc, char *argv[])
+ {
+ dbus_bool_t enable;
+@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = {
+ { "discoverable", "<on/off>", cmd_discoverable,
+ "Set controller discoverable mode",
+ NULL },
++ { "discoverable-timeout", "[value]", cmd_discoverable_timeout,
++ "Set discoverable timeout", NULL },
+ { "agent", "<on/off/capability>", cmd_agent,
+ "Enable/disable agent with given capability",
+ capability_generator},
+--
+2.17.1
+
+Subject: [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:33
+Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+Controller XX:XX:XX:XX:XX:XX (public)
+ Name: Vudentz's T460s
+ Alias: Intel-1
+ Class: 0x004c010c
+ Powered: yes
+ Discoverable: no
+ DiscoverableTimeout: 0x00000000
+ Pairable: yes
+ UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb)
+ UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
+ UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
+ UUID: SIM Access (0000112d-0000-1000-8000-00805f9b34fb)
+ UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
+ UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
+ UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
+ UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
+ UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb)
+ UUID: Headset (00001108-0000-1000-8000-00805f9b34fb)
+ Modalias: usb:v1D6Bp0246d0532
+ Discovering: no
+---
+ client/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/client/main.c b/client/main.c
+index 59820c6d9..6f472d050 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[])
+ print_property(proxy, "Class");
+ print_property(proxy, "Powered");
+ print_property(proxy, "Discoverable");
++ print_property(proxy, "DiscoverableTimeout");
+ print_property(proxy, "Pairable");
+ print_uuids(proxy);
+ print_property(proxy, "Modalias");
+--
+2.17.1
+Subject: [PATCH BlueZ 3/4] adapter: Track pending settings
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:34
+Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This tracks settings being changed and in case the settings is already
+pending considered it to be done.
+---
+ src/adapter.c | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index af340fd6e..20c20f9e9 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -196,6 +196,7 @@ struct btd_adapter {
+ char *name; /* controller device name */
+ char *short_name; /* controller short name */
+ uint32_t supported_settings; /* controller supported settings */
++ uint32_t pending_settings; /* pending controller settings */
+ uint32_t current_settings; /* current controller settings */
+
+ char *path; /* adapter object path */
+@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
+ changed_mask = adapter->current_settings ^ settings;
+
+ adapter->current_settings = settings;
++ adapter->pending_settings &= ~changed_mask;
+
+ DBG("Changed settings: 0x%08x", changed_mask);
++ DBG("Pending settings: 0x%08x", adapter->pending_settings);
+
+ if (changed_mask & MGMT_SETTING_POWERED) {
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode,
+ uint8_t mode)
+ {
+ struct mgmt_mode cp;
++ uint32_t setting = 0;
+
+ memset(&cp, 0, sizeof(cp));
+ cp.val = mode;
+
++ switch (mode) {
++ case MGMT_OP_SET_POWERED:
++ setting = MGMT_SETTING_POWERED;
++ break;
++ case MGMT_OP_SET_CONNECTABLE:
++ setting = MGMT_SETTING_CONNECTABLE;
++ break;
++ case MGMT_OP_SET_FAST_CONNECTABLE:
++ setting = MGMT_SETTING_FAST_CONNECTABLE;
++ break;
++ case MGMT_OP_SET_DISCOVERABLE:
++ setting = MGMT_SETTING_DISCOVERABLE;
++ break;
++ case MGMT_OP_SET_BONDABLE:
++ setting = MGMT_SETTING_DISCOVERABLE;
++ break;
++ }
++
++ adapter->pending_settings |= setting;
++
+ DBG("sending set mode command for index %u", adapter->dev_id);
+
+ if (mgmt_send(adapter->mgmt, opcode,
+@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ else
+ current_enable = FALSE;
+
+- if (enable == current_enable) {
++ if (enable == current_enable || adapter->pending_settings & setting) {
+ g_dbus_pending_property_success(id);
+ return;
+ }
+
+ mode = (enable == TRUE) ? 0x01 : 0x00;
+
++ adapter->pending_settings |= setting;
++
+ switch (setting) {
+ case MGMT_SETTING_POWERED:
+ opcode = MGMT_OP_SET_POWERED;
+@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ data->id = id;
+
+ if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
+- property_set_mode_complete, data, g_free) > 0)
++ property_set_mode_complete, data, g_free) > 0)
+ return;
+
+ g_free(data);
+--
+2.17.1
+Subject: [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-25 10:20:35
+Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This makes DiscoverableTimeout check if discoverable is already pending
+and don't attempt to set it once again which may cause discoverable to
+be re-enabled when in fact the application just want to set the timeout
+alone.
+---
+ src/adapter.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 20c20f9e9..f92c897c7 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout(
+ GDBusPendingPropertySet id, void *user_data)
+ {
+ struct btd_adapter *adapter = user_data;
++ bool enabled;
+ dbus_uint32_t value;
+
+ dbus_message_iter_get_basic(iter, &value);
+@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout(
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ ADAPTER_INTERFACE, "DiscoverableTimeout");
+
++ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) {
++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ enabled = false;
++ else
++ enabled = true;
++ } else {
++ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ enabled = true;
++ else
++ enabled = false;
++ }
+
+- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++ if (enabled)
+ set_discoverable(adapter, 0x01, adapter->discoverable_timeout);
+ }
+
+--
+2.17.1
+Subject: [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:19
+Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This enables the client to set its discoverable setting while
+discovering which is very typical situation as usually the setings
+application would allow incoming pairing request while scanning, so
+this would reduce the number of calls setting Discoverable and
+DiscoverableTimeout and restoring after done with discovery.
+---
+ doc/adapter-api.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt
+index d14d0ca50..4791af2c7 100644
+--- a/doc/adapter-api.txt
++++ b/doc/adapter-api.txt
+@@ -113,6 +113,12 @@ Methods void StartDiscovery()
+ generated for either ManufacturerData and
+ ServiceData everytime they are discovered.
+
++ bool Discoverable (Default: false)
++
++ Make adapter discoverable while discovering,
++ if the adapter is already discoverable this
++ setting this filter won't do anything.
++
+ When discovery filter is set, Device objects will be
+ created as new devices with matching criteria are
+ discovered regardless of they are connectable or
+--
+2.17.1
+Subject: [PATCH BlueZ 2/5] adapter: Discovery filter discoverable
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:20
+Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements the discovery filter discoverable and tracks which
+clients had enabled it and restores the settings when the last client
+enabling it exits.
+---
+ src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 54 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index f92c897c7..bd9edddc6 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -157,6 +157,7 @@ struct discovery_filter {
+ int16_t rssi;
+ GSList *uuids;
+ bool duplicate;
++ bool discoverable;
+ };
+
+ struct watch_client {
+@@ -214,6 +215,7 @@ struct btd_adapter {
+
+ bool discovering; /* discovering property state */
+ bool filtered_discovery; /* we are doing filtered discovery */
++ bool filtered_discoverable; /* we are doing filtered discovery */
+ bool no_scan_restart_delay; /* when this flag is set, restart scan
+ * without delay */
+ uint8_t discovery_type; /* current active discovery type */
+@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data)
+ g_free(client);
+ }
+
++static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
++{
++ if (adapter->filtered_discoverable == enable)
++ return true;
++
++ adapter->filtered_discoverable = enable;
++
++ return set_discoverable(adapter, enable, 0);
++}
++
+ static void discovery_remove(struct watch_client *client)
+ {
+ struct btd_adapter *adapter = client->adapter;
+@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client)
+ adapter->discovery_list = g_slist_remove(adapter->discovery_list,
+ client);
+
++ if (adapter->filtered_discoverable &&
++ client->discovery_filter->discoverable) {
++ GSList *l;
++
++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
++ struct watch_client *client = l->data;
++
++ if (client->discovery_filter->discoverable)
++ break;
++ }
++
++ /* Disable filtered discoverable if there are no clients */
++ if (!l)
++ set_filtered_discoverable(adapter, false);
++ }
++
+ discovery_free(client);
+
+ /*
+@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn,
+ adapter->set_filter_list, client);
+ adapter->discovery_list = g_slist_prepend(
+ adapter->discovery_list, client);
++
++ /* Reset discoverable filter if already set */
++ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)
++ goto done;
++
++ /* Set discoverable if filter requires and it*/
++ if (client->discovery_filter->discoverable)
++ set_filtered_discoverable(adapter, true);
++
+ goto done;
+ }
+
+@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value,
+ return true;
+ }
+
++static bool parse_discoverable(DBusMessageIter *value,
++ struct discovery_filter *filter)
++{
++ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN)
++ return false;
++
++ dbus_message_iter_get_basic(value, &filter->discoverable);
++
++ return true;
++}
++
+ struct filter_parser {
+ const char *name;
+ bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter);
+@@ -2357,6 +2405,7 @@ struct filter_parser {
+ { "Pathloss", parse_pathloss },
+ { "Transport", parse_transport },
+ { "DuplicateData", parse_duplicate_data },
++ { "Discoverable", parse_discoverable },
+ { }
+ };
+
+@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ (*filter)->rssi = DISTANCE_VAL_INVALID;
+ (*filter)->type = get_scan_type(adapter);
+ (*filter)->duplicate = false;
++ (*filter)->discoverable = false;
+
+ dbus_message_iter_init(msg, &iter);
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
+@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ goto invalid_args;
+
+ DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d "
+- " duplicate data: %s ", (*filter)->type, (*filter)->rssi,
+- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false");
++ " duplicate data: %s discoverable %s", (*filter)->type,
++ (*filter)->rssi, (*filter)->pathloss,
++ (*filter)->duplicate ? "true" : "false",
++ (*filter)->discoverable ? "true" : "false");
+
+ return true;
+
+--
+2.17.1
+Subject: [PATCH BlueZ 3/5] client: Add scan.discoverable command
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:21
+Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable command to scan menu which can be used to set
+if adapter should become discoverable while scanning:
+
+[bluetooth]# scan.discoverable on
+[bluetooth]# scan on
+SetDiscoveryFilter success
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
+Discovery started
+[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
+[bluetooth]# scan off
+Discovery stopped
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
+---
+ client/main.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 6f472d050..6e6f6d2fb 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args {
+ char **uuids;
+ size_t uuids_len;
+ dbus_bool_t duplicate;
++ dbus_bool_t discoverable;
+ bool set;
+ } filter = {
+ .rssi = DISTANCE_VAL_INVALID,
+@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data)
+ DBUS_TYPE_BOOLEAN,
+ &args->duplicate);
+
++ if (args->discoverable)
++ g_dbus_dict_append_entry(&dict, "Discoverable",
++ DBUS_TYPE_BOOLEAN,
++ &args->discoverable);
++
+ dbus_message_iter_close_container(iter, &dict);
+ }
+
+@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[])
+ filter.set = false;
+ }
+
++static void cmd_scan_filter_discoverable(int argc, char *argv[])
++{
++ if (argc < 2 || !strlen(argv[1])) {
++ bt_shell_printf("Discoverable: %s\n",
++ filter.discoverable ? "on" : "off");
++ return bt_shell_noninteractive_quit(EXIT_SUCCESS);
++ }
++
++ if (!strcmp(argv[1], "on"))
++ filter.discoverable = true;
++ else if (!strcmp(argv[1], "off"))
++ filter.discoverable = false;
++ else {
++ bt_shell_printf("Invalid option: %s\n", argv[1]);
++ return bt_shell_noninteractive_quit(EXIT_FAILURE);
++ }
++
++ filter.set = false;
++}
++
+ static void filter_clear_uuids(void)
+ {
+ g_strfreev(filter.uuids);
+@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = {
+ { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data,
+ "Set/Get duplicate data filter",
+ NULL },
++ { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
++ "Set/Get discoverable filter",
++ NULL },
+ { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
+ cmd_scan_filter_clear,
+ "Clears discovery filter.",
+--
+2.17.1
+Subject: [PATCH BlueZ 4/5] client: Add scan.clear discoverable
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:22
+Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements scan.clear for discoverable filter.
+---
+ client/main.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/client/main.c b/client/main.c
+index 6e6f6d2fb..1a66a3ab4 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void)
+ filter.duplicate = false;
+ }
+
++static void filter_clear_discoverable(void)
++{
++ filter.discoverable = false;
++}
++
+ struct clear_entry {
+ const char *name;
+ void (*clear) (void);
+@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = {
+ { "pathloss", filter_clear_pathloss },
+ { "transport", filter_clear_transport },
+ { "duplicate-data", filter_clear_duplicate },
++ { "discoverable", filter_clear_discoverable },
+ {}
+ };
+
+@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = {
+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable,
+ "Set/Get discoverable filter",
+ NULL },
+- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
++ { "clear",
++ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]",
+ cmd_scan_filter_clear,
+ "Clears discovery filter.",
+ filter_clear_generator },
+--
+2.17.1
+Subject: [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters
+From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date: 2018-07-26 14:17:23
+Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+If the discovery has been stopped and the client has set filters those
+should be put back into filter list since the client may still be
+interested in using them the next time it start a scanning.
+---
+ src/adapter.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index bd9edddc6..822bd3472 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
+ return set_discoverable(adapter, enable, 0);
+ }
+
+-static void discovery_remove(struct watch_client *client)
++static void discovery_remove(struct watch_client *client, bool exit)
+ {
+ struct btd_adapter *adapter = client->adapter;
+
+@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client)
+ set_filtered_discoverable(adapter, false);
+ }
+
+- discovery_free(client);
++ if (!exit && client->discovery_filter)
++ adapter->set_filter_list = g_slist_prepend(
++ adapter->set_filter_list, client);
++ else
++ discovery_free(client);
+
+ /*
+ * If there are other client discoveries in progress, then leave
+@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ goto done;
+ }
+
+- if (client->msg)
++ if (client->msg) {
+ g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID);
++ dbus_message_unref(client->msg);
++ client->msg = NULL;
++ }
+
+ adapter->discovery_type = 0x00;
+ adapter->discovery_enable = 0x00;
+@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ trigger_passive_scanning(adapter);
+
+ done:
+- discovery_remove(client);
++ discovery_remove(client, false);
+ }
+
+ static int compare_sender(gconstpointer a, gconstpointer b)
+@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter)
+ return -EINPROGRESS;
+ }
+
+-static int discovery_stop(struct watch_client *client)
++static int discovery_stop(struct watch_client *client, bool exit)
+ {
+ struct btd_adapter *adapter = client->adapter;
+ struct mgmt_cp_stop_discovery cp;
+
+ /* Check if there are more client discovering */
+ if (g_slist_next(adapter->discovery_list)) {
+- discovery_remove(client);
++ discovery_remove(client, exit);
+ update_discovery_filter(adapter);
+ return 0;
+ }
+@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client)
+ * and so it is enough to send out the signal and just return.
+ */
+ if (adapter->discovery_enable == 0x00) {
+- discovery_remove(client);
++ discovery_remove(client, exit);
+ adapter->discovering = false;
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ ADAPTER_INTERFACE, "Discovering");
+@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data)
+
+ DBG("owner %s", client->owner);
+
+- discovery_stop(client);
++ discovery_stop(client, true);
+ }
+
+ /*
+@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn,
+ if (client->msg)
+ return btd_error_busy(msg);
+
+- err = discovery_stop(client);
++ err = discovery_stop(client, false);
+ switch (err) {
+ case 0:
+ return dbus_message_new_method_return(msg);
+--
+2.17.1
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/init b/poky/meta/recipes-connectivity/bluez5/bluez5/init
index d7972f2..ca9fa18 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/init
@@ -1,5 +1,8 @@
#!/bin/sh
+# Source function library
+. /etc/init.d/functions
+
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DESC=bluetooth
@@ -44,14 +47,7 @@
$0 start
;;
status)
- pidof ${DAEMON} >/dev/null
- status=$?
- if [ $status -eq 0 ]; then
- echo "bluetooth is running."
- else
- echo "bluetooth is not running"
- fi
- exit $status
+ status ${DAEMON} || exit $?
;;
*)
N=/etc/init.d/bluetooth
diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc
index 2b03f9c..0a117e4 100644
--- a/poky/meta/recipes-connectivity/connman/connman.inc
+++ b/poky/meta/recipes-connectivity/connman/connman.inc
@@ -133,14 +133,14 @@
add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
plugin_dir = d.expand('${libdir}/connman/plugins/')
plugin_name = d.expand('${PN}-plugin-%s')
- do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
'${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
hook = lambda file,pkg,x,y,z: \
add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
plugin_name = d.expand('${PN}-plugin-vpn-%s')
- do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
'${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
}
@@ -156,7 +156,7 @@
FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
${libdir}/connman/plugins \
- ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+ ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
${datadir}/dbus-1/system-services/* \
${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
diff --git a/poky/meta/recipes-connectivity/connman/connman/includes.patch b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
similarity index 68%
rename from poky/meta/recipes-connectivity/connman/connman/includes.patch
rename to poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
index 9f7395c..f344fea 100644
--- a/poky/meta/recipes-connectivity/connman/connman/includes.patch
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
@@ -1,36 +1,43 @@
-Fix various issues which cause problems under musl.
-
-Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
+From 181ff3439783c6920f5211730672685a210c318f Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 16:22:36 +0100
-Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
+Date: Mon, 8 Oct 2018 22:12:56 +0200
+Subject: [PATCH] Fix various issues which cause problems under musl
-Instead of using #define _GNU_SOURCE in some source files which causes problems
-when building with musl as more files need the define, simply use
-AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
+Instead of using #define _GNU_SOURCE in some source files which causes
+problems when building with musl as more files need the define, simply
+use AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
+
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
---
- configure.ac | 1 +
- gdhcp/client.c | 1 -
- plugins/tist.c | 1 -
- src/backtrace.c | 1 -
- src/inet.c | 1 -
- src/log.c | 1 -
- src/ntp.c | 1 -
- src/resolver.c | 1 -
- src/rfkill.c | 1 -
- src/stats.c | 1 -
- src/timezone.c | 1 -
- tools/stats-tool.c | 1 -
- tools/tap-test.c | 1 -
- tools/wispr.c | 1 -
- vpn/plugins/vpn.c | 1 -
- 15 files changed, 1 insertion(+), 14 deletions(-)
+ configure.ac | 3 +++
+ gdhcp/client.c | 1 -
+ gdhcp/common.h | 5 +++--
+ gweb/gresolv.c | 1 +
+ plugins/tist.c | 1 -
+ plugins/wifi.c | 3 +--
+ src/backtrace.c | 1 -
+ src/inet.c | 1 -
+ src/ippool.c | 1 -
+ src/iptables.c | 2 +-
+ src/log.c | 1 -
+ src/ntp.c | 1 -
+ src/resolver.c | 1 -
+ src/rfkill.c | 1 -
+ src/stats.c | 1 -
+ src/tethering.c | 2 --
+ src/timezone.c | 1 -
+ tools/dhcp-test.c | 1 -
+ tools/dnsproxy-test.c | 1 +
+ tools/private-network-test.c | 2 +-
+ tools/stats-tool.c | 1 -
+ tools/tap-test.c | 3 +--
+ tools/wispr.c | 1 -
+ vpn/plugins/vpn.c | 1 -
+ 24 files changed, 12 insertions(+), 25 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 6e66ab3..bacf5ec 100644
+index 39745f76..984126c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
@@ -41,8 +48,17 @@
AC_PROG_CC
AM_PROG_CC_C_O
+@@ -185,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
+ AC_CHECK_HEADERS([execinfo.h])
+ AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
+
++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
++
+ AC_CHECK_FUNC(signalfd, dummy=yes,
+ AC_MSG_ERROR(signalfd support is required))
+
diff --git a/gdhcp/client.c b/gdhcp/client.c
-index fbb40ab..3aeb089 100644
+index 67357782..c7db76f0 100644
--- a/gdhcp/client.c
+++ b/gdhcp/client.c
@@ -23,7 +23,6 @@
@@ -53,195 +69,8 @@
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
-diff --git a/plugins/tist.c b/plugins/tist.c
-index ad5ef79..cc2800a 100644
---- a/plugins/tist.c
-+++ b/plugins/tist.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <stdbool.h>
- #include <stdlib.h>
-diff --git a/src/backtrace.c b/src/backtrace.c
-index 6a66c0a..4dbdda8 100644
---- a/src/backtrace.c
-+++ b/src/backtrace.c
-@@ -24,7 +24,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
-diff --git a/src/inet.c b/src/inet.c
-index 69ded19..81d92c2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -25,7 +25,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/src/log.c b/src/log.c
-index 9bae4a3..f7e82e5 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdarg.h>
-diff --git a/src/ntp.c b/src/ntp.c
-index dd246eb..db8ae96 100644
---- a/src/ntp.c
-+++ b/src/ntp.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/src/resolver.c b/src/resolver.c
-index fbe4be7..ef61f92 100644
---- a/src/resolver.c
-+++ b/src/resolver.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/rfkill.c b/src/rfkill.c
-index 2bfb092..af49d12 100644
---- a/src/rfkill.c
-+++ b/src/rfkill.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/stats.c b/src/stats.c
-index 26343b1..cfcdc94 100644
---- a/src/stats.c
-+++ b/src/stats.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <sys/mman.h>
- #include <sys/types.h>
-diff --git a/src/timezone.c b/src/timezone.c
-index e346b11..8e91267 100644
---- a/src/timezone.c
-+++ b/src/timezone.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
-diff --git a/tools/stats-tool.c b/tools/stats-tool.c
-index b076478..428d94b 100644
---- a/tools/stats-tool.c
-+++ b/tools/stats-tool.c
-@@ -22,7 +22,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index fdc098a..57917f5 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/tools/wispr.c b/tools/wispr.c
-index d5f9341..e56dfc1 100644
---- a/tools/wispr.c
-+++ b/tools/wispr.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
-index 9a42385..479c3a7 100644
---- a/vpn/plugins/vpn.c
-+++ b/vpn/plugins/vpn.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
-
--#define _GNU_SOURCE
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
---
-2.8.1
-
-
-From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:37:50 +0100
-Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
-
-Instead of assuming that just glibc has this structure, check for it at
-configure as musl also has it.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- configure.ac | 2 ++
- gdhcp/common.h | 5 +++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index bacf5ec..ad00456 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
- AC_CHECK_HEADERS([execinfo.h])
- AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
-
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_FUNC(signalfd, dummy=yes,
- AC_MSG_ERROR(signalfd support is required))
-
diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 75abc18..6899499 100644
+index 75abc183..6899499e 100644
--- a/gdhcp/common.h
+++ b/gdhcp/common.h
@@ -19,6 +19,7 @@
@@ -263,41 +92,8 @@
struct in6_pktinfo {
struct in6_addr ipi6_addr; /* src/dst IPv6 address */
unsigned int ipi6_ifindex; /* send/recv interface index */
---
-2.8.1
-
-
-From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:19:23 +0100
-Subject: [PATCH 3/3] Rationalise includes
-
-gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
-ctype.h.
-
-tools/dnsproxy-test uses functions from stdio.h.
-
-musl warns when sys/ headers are included when the non-sys form should be used,
-so switch sys/errno.h and so on to errno.h.
-
-musl also causes redefinition errors when pieces of the networking headers are
-included, so remove the redundant includes.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- gweb/gresolv.c | 2 ++
- plugins/wifi.c | 3 +--
- src/ippool.c | 1 -
- src/iptables.c | 2 +-
- src/tethering.c | 2 --
- tools/dhcp-test.c | 1 -
- tools/dnsproxy-test.c | 1 +
- tools/private-network-test.c | 2 +-
- tools/tap-test.c | 2 +-
- 9 files changed, 7 insertions(+), 9 deletions(-)
-
diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 8a51a9f..d55027c 100644
+index 81c79b6c..b06f8932 100644
--- a/gweb/gresolv.c
+++ b/gweb/gresolv.c
@@ -29,6 +29,7 @@
@@ -308,8 +104,20 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
+diff --git a/plugins/tist.c b/plugins/tist.c
+index ad5ef79e..cc2800a1 100644
+--- a/plugins/tist.c
++++ b/plugins/tist.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdbool.h>
+ #include <stdlib.h>
diff --git a/plugins/wifi.c b/plugins/wifi.c
-index 9d56671..148131d 100644
+index dc08c6af..46e4cca4 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -30,9 +30,8 @@
@@ -323,8 +131,32 @@
#ifndef IFF_LOWER_UP
#define IFF_LOWER_UP 0x10000
+diff --git a/src/backtrace.c b/src/backtrace.c
+index e8d7f432..bede6698 100644
+--- a/src/backtrace.c
++++ b/src/backtrace.c
+@@ -24,7 +24,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+diff --git a/src/inet.c b/src/inet.c
+index a31372b5..a58ce7c1 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -25,7 +25,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
diff --git a/src/ippool.c b/src/ippool.c
-index cea1dcc..8a645da 100644
+index cea1dccd..8a645da2 100644
--- a/src/ippool.c
+++ b/src/ippool.c
@@ -28,7 +28,6 @@
@@ -336,7 +168,7 @@
#include "connman.h"
diff --git a/src/iptables.c b/src/iptables.c
-index 5ef757a..82e3ac4 100644
+index f3670e77..469effed 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -28,7 +28,7 @@
@@ -348,23 +180,93 @@
#include <sys/socket.h>
#include <xtables.h>
#include <inttypes.h>
+diff --git a/src/log.c b/src/log.c
+index 9bae4a3d..f7e82e5d 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdarg.h>
+diff --git a/src/ntp.c b/src/ntp.c
+index 51ba9aac..724ca188 100644
+--- a/src/ntp.c
++++ b/src/ntp.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/src/resolver.c b/src/resolver.c
+index 76f0a8e1..10121aa5 100644
+--- a/src/resolver.c
++++ b/src/resolver.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/rfkill.c b/src/rfkill.c
+index d9bed4d2..b2514c41 100644
+--- a/src/rfkill.c
++++ b/src/rfkill.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/stats.c b/src/stats.c
+index 663bc382..c9ddc2e8 100644
+--- a/src/stats.c
++++ b/src/stats.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <sys/mman.h>
+ #include <sys/types.h>
diff --git a/src/tethering.c b/src/tethering.c
-index 3153349..ad062d5 100644
+index 4b202369..f3cb36f4 100644
--- a/src/tethering.c
+++ b/src/tethering.c
-@@ -31,10 +31,8 @@
- #include <stdio.h>
- #include <sys/ioctl.h>
- #include <net/if.h>
--#include <linux/sockios.h>
+@@ -34,8 +34,6 @@
#include <string.h>
#include <fcntl.h>
--#include <linux/if_tun.h>
#include <netinet/in.h>
+-#include <linux/sockios.h>
+-#include <linux/if_tun.h>
#include <linux/if_bridge.h>
+ #include "connman.h"
+diff --git a/src/timezone.c b/src/timezone.c
+index e346b11a..8e912670 100644
+--- a/src/timezone.c
++++ b/src/timezone.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <stdio.h>
+ #include <fcntl.h>
diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
-index c34e10a..eae66fc 100644
+index c34e10a8..eae66fc2 100644
--- a/tools/dhcp-test.c
+++ b/tools/dhcp-test.c
@@ -33,7 +33,6 @@
@@ -376,7 +278,7 @@
#include <gdhcp/gdhcp.h>
diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
-index 551cae9..371e2e2 100644
+index 551cae91..371e2e23 100644
--- a/tools/dnsproxy-test.c
+++ b/tools/dnsproxy-test.c
@@ -24,6 +24,7 @@
@@ -388,7 +290,7 @@
#include <string.h>
#include <unistd.h>
diff --git a/tools/private-network-test.c b/tools/private-network-test.c
-index 3dd115b..2828bb3 100644
+index 3dd115ba..2828bb30 100644
--- a/tools/private-network-test.c
+++ b/tools/private-network-test.c
@@ -32,7 +32,7 @@
@@ -400,11 +302,29 @@
#include <sys/signalfd.h>
#include <unistd.h>
+diff --git a/tools/stats-tool.c b/tools/stats-tool.c
+index efa39de2..5695048f 100644
+--- a/tools/stats-tool.c
++++ b/tools/stats-tool.c
+@@ -22,7 +22,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <sys/mman.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
diff --git a/tools/tap-test.c b/tools/tap-test.c
-index 57917f5..cb3ee62 100644
+index fdc098aa..cb3ee622 100644
--- a/tools/tap-test.c
+++ b/tools/tap-test.c
-@@ -28,7 +28,7 @@
+@@ -23,13 +23,12 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
@@ -413,5 +333,30 @@
#include <sys/ioctl.h>
#include <netinet/in.h>
+diff --git a/tools/wispr.c b/tools/wispr.c
+index d5f9341f..e56dfc16 100644
+--- a/tools/wispr.c
++++ b/tools/wispr.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
+index 10548aaf..6e3f640c 100644
+--- a/vpn/plugins/vpn.c
++++ b/vpn/plugins/vpn.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <string.h>
+ #include <fcntl.h>
+ #include <unistd.h>
--
-2.8.1
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch b/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
deleted file mode 100644
index f9080d4..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 929fc9b7068100444e0ffcccd25841f78791e619 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 15 Sep 2017 06:40:08 -0400
-Subject: [PATCH] gweb: Fix a crash using wispr over TLS
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When gnutls_channel is instantiated, the gnutls_channel->established
-has to be initiated as FALSE. Otherwise, check_handshake function
-won't work. A random initial value 1 of gnutls_channel->established
-will make check_handshake return G_IO_STATUS_NORMAL, when the channel
-is actually not ready to be used. The observed behaviours are,
-
-- wispr is getting random errors in wispr_portal_web_result
-- ConnMan crashes on exit after those random errors
-- when wispr is luckly working, ConnMan doesn't crash on exit
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=73e53f3bd9e7debae86341f1eee7b97862a56a5e]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- gweb/giognutls.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gweb/giognutls.c b/gweb/giognutls.c
-index 09dc9e7..c029a8b 100644
---- a/gweb/giognutls.c
-+++ b/gweb/giognutls.c
-@@ -421,7 +421,7 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
-
- DBG("");
-
-- gnutls_channel = g_new(GIOGnuTLSChannel, 1);
-+ gnutls_channel = g_new0(GIOGnuTLSChannel, 1);
-
- channel = (GIOChannel *) gnutls_channel;
-
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch b/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
deleted file mode 100644
index dd7b356..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 508dc60a1f0758ebc586b6b086478a176d493086 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:34:41 +0100
-Subject: [PATCH 1/4] inet: Add prefixlen to iproute_default_function
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Add prefixlen parameter to this function in preparation for using
-it also in creating subnet route later, e.g.
-
-default via 192.168.100.1 dev eth0
-192.168.100.0/24 dev eth0
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=edda5b695de2ee79f02314abc9b46fdd46b388e1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index b887aa0..ab8aec8 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2796,7 +2796,7 @@ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmar
- }
-
- static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
-- const char *gateway)
-+ const char *gateway, unsigned char prefixlen)
- {
- struct __connman_inet_rtnl_handle rth;
- unsigned char buf[sizeof(struct in6_addr)];
-@@ -2829,6 +2829,7 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT;
- rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE;
- rth.req.u.r.rt.rtm_type = RTN_UNICAST;
-+ rth.req.u.r.rt.rtm_dst_len = prefixlen;
-
- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
- buf, len);
-@@ -2860,7 +2861,7 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- {
- /* ip route add default via 1.2.3.4 dev wlan0 table 1234 */
-
-- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway);
-+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
-
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
-@@ -2868,7 +2869,7 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- {
- /* ip route del default via 1.2.3.4 dev wlan0 table 1234 */
-
-- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway);
-+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
-
- int __connman_inet_get_interface_ll_address(int index, int family,
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch b/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
deleted file mode 100644
index f1b4d0a..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From b5fd5945886fa1845db5c969424b63d894fe0376 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 25 Aug 2017 10:02:16 -0400
-Subject: [PATCH 1/2] session: Keep track of addr in fw_snat & session
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When there is more than one session in fw_snat's list of sessions,
-fw_snat failed to be re-created when update-session-state is triggered
-with new IP address. This is because index alone is not sufficient to
-decide if fw_snat needs to be re-created. The solution here is to keep
-a track of IP addr and use it to avoid false lookup of fw_snat.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=f9e27d4abfcab5c80a38e0850b5ddb26277f97c1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 19 +++++++++++++++----
- 1 file changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 9e3c559..965ac06 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -65,6 +65,7 @@ struct connman_session {
- struct firewall_context *fw;
- uint32_t mark;
- int index;
-+ char *addr;
- char *gateway;
- bool policy_routing;
- bool snat_enabled;
-@@ -79,6 +80,7 @@ struct fw_snat {
- GSList *sessions;
- int id;
- int index;
-+ char *addr;
- struct firewall_context *fw;
- };
-
-@@ -200,7 +202,7 @@ static char *service2bearer(enum connman_service_type type)
- return "";
- }
-
--static struct fw_snat *fw_snat_lookup(int index)
-+static struct fw_snat *fw_snat_lookup(int index, const char *addr)
- {
- struct fw_snat *fw_snat;
- GSList *list;
-@@ -208,8 +210,11 @@ static struct fw_snat *fw_snat_lookup(int index)
- for (list = fw_snat_list; list; list = list->next) {
- fw_snat = list->data;
-
-- if (fw_snat->index == index)
-+ if (fw_snat->index == index) {
-+ if (g_strcmp0(addr, fw_snat->addr) != 0)
-+ continue;
- return fw_snat;
-+ }
- }
- return NULL;
- }
-@@ -224,6 +229,7 @@ static int fw_snat_create(struct connman_session *session,
-
- fw_snat->fw = __connman_firewall_create();
- fw_snat->index = index;
-+ fw_snat->addr = g_strdup(addr);
-
- fw_snat->id = __connman_firewall_enable_snat(fw_snat->fw,
- index, ifname, addr);
-@@ -238,6 +244,7 @@ static int fw_snat_create(struct connman_session *session,
- return 0;
- err:
- __connman_firewall_destroy(fw_snat->fw);
-+ g_free(fw_snat->addr);
- g_free(fw_snat);
- return err;
- }
-@@ -393,7 +400,7 @@ static void del_nat_rules(struct connman_session *session)
- return;
-
- session->snat_enabled = false;
-- fw_snat = fw_snat_lookup(session->index);
-+ fw_snat = fw_snat_lookup(session->index, session->addr);
-
- if (!fw_snat)
- return;
-@@ -420,8 +427,11 @@ static void add_nat_rules(struct connman_session *session)
- if (!addr)
- return;
-
-+ g_free(session->addr);
-+ session->addr = g_strdup(addr);
-+
- session->snat_enabled = true;
-- fw_snat = fw_snat_lookup(index);
-+ fw_snat = fw_snat_lookup(index, session->addr);
- if (fw_snat) {
- fw_snat_ref(session, fw_snat);
- return;
-@@ -502,6 +512,7 @@ static void free_session(struct connman_session *session)
- g_free(session->info);
- g_free(session->info_last);
- g_free(session->gateway);
-+ g_free(session->addr);
-
- g_free(session);
- }
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch b/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
deleted file mode 100644
index 9c953e5..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 08cda4004491d3971a8b9df937426c43800d15b1 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:37:06 +0100
-Subject: [PATCH 2/4] inet: Implement subnet route creation/deletion in
- iproute_default_modify
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-- Calculate subnet address base on gateway address and prefixlen
-- Differentiate creation of routes to gateway and subnet
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ff7dcf91f12a2a237feebc6e606d0a8e92975528]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index ab8aec8..0ddb030 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2802,6 +2802,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- unsigned char buf[sizeof(struct in6_addr)];
- int ret, len;
- int family = connman_inet_check_ipaddress(gateway);
-+ char *dst = NULL;
-+
-+ DBG("gateway %s/%u table %u", gateway, prefixlen, table_id);
-
- switch (family) {
- case AF_INET:
-@@ -2814,7 +2817,19 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- return -EINVAL;
- }
-
-- ret = inet_pton(family, gateway, buf);
-+ if (prefixlen) {
-+ struct in_addr ipv4_subnet_addr, ipv4_mask;
-+
-+ memset(&ipv4_subnet_addr, 0, sizeof(ipv4_subnet_addr));
-+ ipv4_mask.s_addr = htonl((0xffffffff << (32 - prefixlen)) & 0xffffffff);
-+ ipv4_subnet_addr.s_addr = inet_addr(gateway);
-+ ipv4_subnet_addr.s_addr &= ipv4_mask.s_addr;
-+
-+ dst = g_strdup(inet_ntoa(ipv4_subnet_addr));
-+ }
-+
-+ ret = inet_pton(family, dst ? dst : gateway, buf);
-+ g_free(dst);
- if (ret <= 0)
- return -EINVAL;
-
-@@ -2831,8 +2846,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- rth.req.u.r.rt.rtm_type = RTN_UNICAST;
- rth.req.u.r.rt.rtm_dst_len = prefixlen;
-
-- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
-- buf, len);
-+ __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req),
-+ prefixlen > 0 ? RTA_DST : RTA_GATEWAY, buf, len);
-+
- if (table_id < 256) {
- rth.req.u.r.rt.rtm_table = table_id;
- } else {
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch b/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
deleted file mode 100644
index 56ba5c3..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From a9243f13d6e1aadd69bfcc27f75f69c38be51677 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Wed, 4 Oct 2017 17:30:17 +0100
-Subject: [PATCH 3/4] inet: Implement APIs for creating and deleting subnet
- route
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=3a15b0b7fccd053aff91da2cc68585509d0c509b]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/connman.h | 4 ++++
- src/inet.c | 14 ++++++++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/src/connman.h b/src/connman.h
-index 21b7080..da4446a 100644
---- a/src/connman.h
-+++ b/src/connman.h
-@@ -240,7 +240,11 @@ int __connman_inet_rtnl_addattr32(struct nlmsghdr *n, size_t maxlen,
- int __connman_inet_add_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen);
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen);
- int __connman_inet_get_address_netmask(int ifindex,
- struct sockaddr_in *address, struct sockaddr_in *netmask);
-
-diff --git a/src/inet.c b/src/inet.c
-index 0ddb030..dcd1ab2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2880,6 +2880,13 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
-
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen)
-+{
-+ /* ip route add 1.2.3.4/24 dev eth0 table 1234 */
-+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- const char *gateway)
- {
-@@ -2888,6 +2895,13 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
-
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+ const char *gateway, unsigned char prefixlen)
-+{
-+ /* ip route del 1.2.3.4/24 dev eth0 table 1234 */
-+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_get_interface_ll_address(int index, int family,
- void *address)
- {
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch b/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
deleted file mode 100644
index ca213eb..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From deb9372db8396da4f7cd20555ce7c9a8b3ad96bd Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 6 Oct 2017 11:40:16 +0100
-Subject: [PATCH 4/4] session: Use subnet route creation and deletion APIs
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-As subnet route is address and session specific in this case, so add
-prefixlen into struct connman_session, and update it along with ipconfig.
-Then use it in subnet route related APIs.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=285f25ef6cc9e4a43dab83523f3e2eab4365ac26]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 965ac06..7b7a14b 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -67,6 +67,7 @@ struct connman_session {
- int index;
- char *addr;
- char *gateway;
-+ unsigned char prefixlen;
- bool policy_routing;
- bool snat_enabled;
- };
-@@ -357,13 +358,17 @@ static void del_default_route(struct connman_session *session)
- if (!session->gateway)
- return;
-
-- DBG("index %d routing table %d default gateway %s",
-- session->index, session->mark, session->gateway);
-+ DBG("index %d routing table %d default gateway %s/%u",
-+ session->index, session->mark, session->gateway, session->prefixlen);
-+
-+ __connman_inet_del_subnet_from_table(session->mark,
-+ session->index, session->gateway, session->prefixlen);
-
- __connman_inet_del_default_from_table(session->mark,
- session->index, session->gateway);
- g_free(session->gateway);
- session->gateway = NULL;
-+ session->prefixlen = 0;
- session->index = -1;
- }
-
-@@ -383,13 +388,20 @@ static void add_default_route(struct connman_session *session)
- if (!session->gateway)
- session->gateway = g_strdup(inet_ntoa(addr));
-
-- DBG("index %d routing table %d default gateway %s",
-- session->index, session->mark, session->gateway);
-+ session->prefixlen = __connman_ipconfig_get_prefixlen(ipconfig);
-+
-+ DBG("index %d routing table %d default gateway %s/%u",
-+ session->index, session->mark, session->gateway, session->prefixlen);
-
- err = __connman_inet_add_default_to_table(session->mark,
- session->index, session->gateway);
- if (err < 0)
- DBG("session %p %s", session, strerror(-err));
-+
-+ err = __connman_inet_add_subnet_to_table(session->mark,
-+ session->index, session->gateway, session->prefixlen);
-+ if (err < 0)
-+ DBG("session add subnet route %p %s", session, strerror(-err));
- }
-
- static void del_nat_rules(struct connman_session *session)
---
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.35.bb b/poky/meta/recipes-connectivity/connman/connman_1.35.bb
deleted file mode 100644
index ff21181..0000000
--- a/poky/meta/recipes-connectivity/connman/connman_1.35.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require connman.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
- file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
- file://connman \
- file://no-version-scripts.patch \
- file://includes.patch \
- file://0001-session-Keep-track-of-addr-in-fw_snat-session.patch \
- file://0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch \
- file://0001-inet-Add-prefixlen-to-iproute_default_function.patch \
- file://0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch \
- file://0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch \
- file://0004-session-Use-subnet-route-creation-and-deletion-APIs.patch \
- "
-SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
- "
-
-SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
-SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
-
-RRECOMMENDS_${PN} = "connman-conf"
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.36.bb b/poky/meta/recipes-connectivity/connman/connman_1.36.bb
new file mode 100644
index 0000000..6e4dbdf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman_1.36.bb
@@ -0,0 +1,16 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+ file://connman \
+ file://no-version-scripts.patch \
+ file://0001-Fix-various-issues-which-cause-problems-under-musl.patch \
+"
+
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[md5sum] = "dae77d9c904d2c223ae849e32079d57e"
+SRC_URI[sha256sum] = "c789db41cc443fa41e661217ea321492ad59a004bebcd1aa013f3bc10a6e0074"
+
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
new file mode 100644
index 0000000..d2e5771
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
@@ -0,0 +1,2882 @@
+From ffb1d1325bd6503df9a324befac5f5039ac77432 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Tue, 23 Oct 2018 10:36:56 +0000
+Subject: [PATCH] dhcpd: fix Replace custom isc_boolean_t with C standard bool
+ type
+
+
+Upstream-Status: Pending
+
+Fixes issues introduced by bind when they changed their headers.
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ includes/dhcpd.h | 34 +++++++++++++++++-----------------
+ includes/heap.h | 2 +-
+ includes/omapip/omapip.h | 2 +-
+ includes/omapip/omapip_p.h | 6 +++---
+ includes/tree.h | 2 +-
+ 5 files changed, 23 insertions(+), 23 deletions(-)
+
+Index: dhcp-4.4.1/includes/dhcpd.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/dhcpd.h
++++ dhcp-4.4.1/includes/dhcpd.h
+@@ -461,20 +461,20 @@ struct packet {
+ * options we got in a previous exchange were still there, we need
+ * to signal this in a reliable way.
+ */
+- isc_boolean_t agent_options_stashed;
++ bool agent_options_stashed;
+
+ /*
+ * ISC_TRUE if packet received unicast (as opposed to multicast).
+ * Only used in DHCPv6.
+ */
+- isc_boolean_t unicast;
++ bool unicast;
+
+ /* Propagates server value SV_ECHO_CLIENT_ID so it is available
+ * in cons_options() */
+ int sv_echo_client_id;
+
+ /* Relay port check */
+- isc_boolean_t relay_source_port;
++ bool relay_source_port;
+ };
+
+ /*
+@@ -1174,7 +1174,7 @@ struct dhc6_lease {
+ struct dhc6_lease *next;
+ struct data_string server_id;
+
+- isc_boolean_t released;
++ bool released;
+ int score;
+ u_int8_t pref;
+
+@@ -1695,8 +1695,8 @@ struct ipv6_pool {
+ int bits; /* number of bits, CIDR style */
+ int units; /* allocation unit in bits */
+ iasubopt_hash_t *leases; /* non-free leases */
+- isc_uint64_t num_active; /* count of active leases */
+- isc_uint64_t num_abandoned; /* count of abandoned leases */
++ uint64_t num_active; /* count of active leases */
++ uint64_t num_abandoned; /* count of abandoned leases */
+ isc_heap_t *active_timeouts; /* timeouts for active leases */
+ int num_inactive; /* count of inactive leases */
+ isc_heap_t *inactive_timeouts; /* timeouts for expired or
+@@ -1732,11 +1732,11 @@ struct ipv6_pond {
+ struct ipv6_pool **ipv6_pools; /* NULL-terminated array */
+ int last_ipv6_pool; /* offset of last IPv6 pool
+ used to issue a lease */
+- isc_uint64_t num_total; /* Total number of elements in the pond */
+- isc_uint64_t num_active; /* Number of elements in the pond in use */
+- isc_uint64_t num_abandoned; /* count of abandoned leases */
++ uint64_t num_total; /* Total number of elements in the pond */
++ uint64_t num_active; /* Number of elements in the pond in use */
++ uint64_t num_abandoned; /* count of abandoned leases */
+ int logged; /* already logged a message */
+- isc_uint64_t low_threshold; /* low threshold to restart logging */
++ uint64_t low_threshold; /* low threshold to restart logging */
+ int jumbo_range;
+ #ifdef EUI_64
+ int use_eui_64; /* use EUI-64 address assignment when true */
+@@ -1745,9 +1745,9 @@ struct ipv6_pond {
+
+ /*
+ * Max addresses in a pond that can be supported by log threshold
+- * Currently based on max value supported by isc_uint64_t.
++ * Currently based on max value supported by uint64_t.
+ */
+-#define POND_TRACK_MAX ISC_UINT64_MAX
++#define POND_TRACK_MAX UINT64_MAX
+
+ /* Flags for dhcp_ddns_cb_t */
+ #define DDNS_UPDATE_ADDR 0x0001
+@@ -1868,7 +1868,7 @@ lookup_fqdn6_option(struct universe *uni
+ unsigned code);
+ void
+ save_fqdn6_option(struct universe *universe, struct option_state *options,
+- struct option_cache *oc, isc_boolean_t appendp);
++ struct option_cache *oc, bool appendp);
+ void
+ delete_fqdn6_option(struct universe *universe, struct option_state *options,
+ int code);
+@@ -1953,7 +1953,7 @@ void save_option(struct universe *, stru
+ void also_save_option(struct universe *, struct option_state *,
+ struct option_cache *);
+ void save_hashed_option(struct universe *, struct option_state *,
+- struct option_cache *, isc_boolean_t appendp);
++ struct option_cache *, bool appendp);
+ void delete_option (struct universe *, struct option_state *, int);
+ void delete_hashed_option (struct universe *,
+ struct option_state *, int);
+@@ -2041,7 +2041,7 @@ int linked_option_state_dereference (str
+ struct option_state *,
+ const char *, int);
+ void save_linked_option(struct universe *, struct option_state *,
+- struct option_cache *, isc_boolean_t appendp);
++ struct option_cache *, bool appendp);
+ void linked_option_space_foreach (struct packet *, struct lease *,
+ struct client_state *,
+ struct option_state *,
+@@ -2069,7 +2069,7 @@ void do_packet (struct interface_info *,
+ struct dhcp_packet *, unsigned,
+ unsigned int, struct iaddr, struct hardware *);
+ void do_packet6(struct interface_info *, const char *,
+- int, int, const struct iaddr *, isc_boolean_t);
++ int, int, const struct iaddr *, bool);
+ int packet6_len_okay(const char *, int);
+
+ int validate_packet(struct packet *);
+@@ -2224,7 +2224,7 @@ uint32_t parse_byte_order_uint32(const v
+ int ddns_updates(struct packet *, struct lease *, struct lease *,
+ struct iasubopt *, struct iasubopt *, struct option_state *);
+ isc_result_t ddns_removals(struct lease *, struct iasubopt *,
+- struct dhcp_ddns_cb *, isc_boolean_t);
++ struct dhcp_ddns_cb *, bool);
+ u_int16_t get_conflict_mask(struct option_state *input_options);
+ #if defined (TRACING)
+ void trace_ddns_init(void);
+@@ -2450,7 +2450,7 @@ void dhcpleasequery (struct packet *, in
+ void dhcpv6_leasequery (struct data_string *, struct packet *);
+
+ /* dhcpv6.c */
+-isc_boolean_t server_duid_isset(void);
++bool server_duid_isset(void);
+ void copy_server_duid(struct data_string *ds, const char *file, int line);
+ void set_server_duid(struct data_string *new_duid);
+ isc_result_t set_server_duid_from_option(void);
+@@ -2852,7 +2852,7 @@ extern void (*bootp_packet_handler) (str
+ struct iaddr, struct hardware *);
+ extern void (*dhcpv6_packet_handler)(struct interface_info *,
+ const char *, int,
+- int, const struct iaddr *, isc_boolean_t);
++ int, const struct iaddr *, bool);
+ extern struct timeout *timeouts;
+ extern omapi_object_type_t *dhcp_type_interface;
+ #if defined (TRACING)
+@@ -2943,7 +2943,7 @@ int addr_or(struct iaddr *result,
+ const struct iaddr *a1, const struct iaddr *a2);
+ int addr_and(struct iaddr *result,
+ const struct iaddr *a1, const struct iaddr *a2);
+-isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits);
++bool is_cidr_mask_valid(const struct iaddr *addr, int bits);
+ isc_result_t range2cidr(struct iaddrcidrnetlist **result,
+ const struct iaddr *lo, const struct iaddr *hi);
+ isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result);
+@@ -3787,7 +3787,7 @@ isc_result_t ia_add_iasubopt(struct ia_x
+ const char *file, int line);
+ void ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
+ const char *file, int line);
+-isc_boolean_t ia_equal(const struct ia_xx *a, const struct ia_xx *b);
++bool ia_equal(const struct ia_xx *a, const struct ia_xx *b);
+
+ isc_result_t ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
+ const struct in6_addr *start_addr,
+@@ -3820,9 +3820,9 @@ isc_result_t expire_lease6(struct iasubo
+ struct ipv6_pool *pool, time_t now);
+ isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
+ isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
+-isc_boolean_t lease6_exists(const struct ipv6_pool *pool,
++bool lease6_exists(const struct ipv6_pool *pool,
+ const struct in6_addr *addr);
+-isc_boolean_t lease6_usable(struct iasubopt *lease);
++bool lease6_usable(struct iasubopt *lease);
+ isc_result_t cleanup_lease6(ia_hash_t *ia_table,
+ struct ipv6_pool *pool,
+ struct iasubopt *lease,
+@@ -3834,13 +3834,13 @@ isc_result_t create_prefix6(struct ipv6_
+ unsigned int *attempts,
+ const struct data_string *uid,
+ time_t soft_lifetime_end_time);
+-isc_boolean_t prefix6_exists(const struct ipv6_pool *pool,
++bool prefix6_exists(const struct ipv6_pool *pool,
+ const struct in6_addr *pref, u_int8_t plen);
+
+ isc_result_t add_ipv6_pool(struct ipv6_pool *pool);
+ isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type,
+ const struct in6_addr *addr);
+-isc_boolean_t ipv6_in_pool(const struct in6_addr *addr,
++bool ipv6_in_pool(const struct in6_addr *addr,
+ const struct ipv6_pool *pool);
+ isc_result_t ipv6_pond_allocate(struct ipv6_pond **pond,
+ const char *file, int line);
+Index: dhcp-4.4.1/includes/heap.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/heap.h
++++ dhcp-4.4.1/includes/heap.h
+@@ -26,7 +26,7 @@
+ * The comparision function returns ISC_TRUE if the first argument has
+ * higher priority than the second argument, and ISC_FALSE otherwise.
+ */
+-typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *);
++typedef bool (*isc_heapcompare_t)(void *, void *);
+
+ /*%
+ * The index function allows the client of the heap to receive a callback
+Index: dhcp-4.4.1/includes/omapip/omapip.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/omapip/omapip.h
++++ dhcp-4.4.1/includes/omapip/omapip.h
+@@ -264,7 +264,7 @@ isc_result_t omapi_protocol_connect (oma
+ isc_result_t omapi_connect_list (omapi_object_t *, omapi_addr_list_t *,
+ omapi_addr_t *);
+ isc_result_t omapi_protocol_listen (omapi_object_t *, unsigned, int);
+-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *);
++bool omapi_protocol_authenticated (omapi_object_t *);
+ isc_result_t omapi_protocol_configure_security (omapi_object_t *,
+ isc_result_t (*)
+ (omapi_object_t *,
+Index: dhcp-4.4.1/includes/omapip/omapip_p.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/omapip/omapip_p.h
++++ dhcp-4.4.1/includes/omapip/omapip_p.h
+@@ -149,7 +149,7 @@ typedef struct __omapi_protocol_object {
+ omapi_remote_auth_t *remote_auth_list; /* Authenticators active on
+ this connection. */
+
+- isc_boolean_t insecure; /* Set to allow unauthenticated
++ bool insecure; /* Set to allow unauthenticated
+ messages. */
+
+ isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
+@@ -158,7 +158,7 @@ typedef struct __omapi_protocol_object {
+ typedef struct {
+ OMAPI_OBJECT_PREAMBLE;
+
+- isc_boolean_t insecure; /* Set to allow unauthenticated
++ bool insecure; /* Set to allow unauthenticated
+ messages. */
+
+ isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
+@@ -208,7 +208,7 @@ typedef struct __omapi_io_object {
+ isc_result_t (*writer) (omapi_object_t *);
+ isc_result_t (*reaper) (omapi_object_t *);
+ isc_socket_t *fd;
+- isc_boolean_t closed; /* ISC_TRUE = closed, do not use */
++ bool closed; /* ISC_TRUE = closed, do not use */
+ } omapi_io_object_t;
+
+ typedef struct __omapi_generic_object {
+Index: dhcp-4.4.1/includes/tree.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/tree.h
++++ dhcp-4.4.1/includes/tree.h
+@@ -304,7 +304,7 @@ struct universe {
+ struct option_state *,
+ unsigned);
+ void (*save_func) (struct universe *, struct option_state *,
+- struct option_cache *, isc_boolean_t);
++ struct option_cache *, bool );
+ void (*foreach) (struct packet *,
+ struct lease *, struct client_state *,
+ struct option_state *, struct option_state *,
+Index: dhcp-4.4.1/common/conflex.c
+===================================================================
+--- dhcp-4.4.1.orig/common/conflex.c
++++ dhcp-4.4.1/common/conflex.c
+@@ -322,7 +322,7 @@ get_raw_token(struct parse *cfile) {
+
+ static enum dhcp_token
+ get_next_token(const char **rval, unsigned *rlen,
+- struct parse *cfile, isc_boolean_t raw) {
++ struct parse *cfile, bool raw) {
+ int rv;
+
+ if (cfile -> token) {
+@@ -367,7 +367,7 @@ get_next_token(const char **rval, unsign
+
+ enum dhcp_token
+ next_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+- return get_next_token(rval, rlen, cfile, ISC_FALSE);
++ return get_next_token(rval, rlen, cfile, false);
+ }
+
+
+@@ -378,7 +378,7 @@ next_token(const char **rval, unsigned *
+
+ enum dhcp_token
+ next_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+- return get_next_token(rval, rlen, cfile, ISC_TRUE);
++ return get_next_token(rval, rlen, cfile, true);
+ }
+
+
+@@ -393,7 +393,7 @@ next_raw_token(const char **rval, unsign
+
+ enum dhcp_token
+ do_peek_token(const char **rval, unsigned int *rlen,
+- struct parse *cfile, isc_boolean_t raw) {
++ struct parse *cfile, bool raw) {
+ int x;
+
+ if (!cfile->token || (!raw && (cfile->token == WHITESPACE))) {
+@@ -441,7 +441,7 @@ do_peek_token(const char **rval, unsigne
+
+ enum dhcp_token
+ peek_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+- return do_peek_token(rval, rlen, cfile, ISC_FALSE);
++ return do_peek_token(rval, rlen, cfile, false);
+ }
+
+
+@@ -452,7 +452,7 @@ peek_token(const char **rval, unsigned *
+
+ enum dhcp_token
+ peek_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+- return do_peek_token(rval, rlen, cfile, ISC_TRUE);
++ return do_peek_token(rval, rlen, cfile, true);
+ }
+
+ static void skip_to_eol (cfile)
+Index: dhcp-4.4.1/common/discover.c
+===================================================================
+--- dhcp-4.4.1.orig/common/discover.c
++++ dhcp-4.4.1/common/discover.c
+@@ -73,7 +73,7 @@ void (*bootp_packet_handler) (struct int
+ void (*dhcpv6_packet_handler)(struct interface_info *,
+ const char *, int,
+ int, const struct iaddr *,
+- isc_boolean_t);
++ bool);
+ #endif /* DHCPv6 */
+
+
+@@ -236,7 +236,7 @@ struct iface_conf_list {
+ struct iface_info {
+ char name[IF_NAMESIZE+1]; /* name of the interface, e.g. "bge0" */
+ struct sockaddr_storage addr; /* address information */
+- isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
++ uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
+ };
+
+ /*
+@@ -312,14 +312,14 @@ int
+ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
+ struct LIFREQ *p;
+ struct LIFREQ tmp;
+- isc_boolean_t foundif;
++ bool foundif;
+ #if defined(sun) || defined(__linux)
+ /* Pointer used to remove interface aliases. */
+ char *s;
+ #endif
+
+ do {
+- foundif = ISC_FALSE;
++ foundif = false;
+
+ if (ifaces->next >= ifaces->num) {
+ *err = 0;
+@@ -353,8 +353,8 @@ next_iface(struct iface_info *info, int
+ }
+ #endif /* defined(sun) || defined(__linux) */
+
+- foundif = ISC_TRUE;
+- } while ((foundif == ISC_FALSE) ||
++ foundif = true;
++ } while ((foundif == false) ||
+ (strncmp(info->name, "dummy", 5) == 0));
+
+ memset(&tmp, 0, sizeof(tmp));
+@@ -410,7 +410,7 @@ struct iface_conf_list {
+ struct iface_info {
+ char name[IFNAMSIZ]; /* name of the interface, e.g. "bge0" */
+ struct sockaddr_storage addr; /* address information */
+- isc_uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
++ uint64_t flags; /* interface flags, e.g. IFF_LOOPBACK */
+ };
+
+ /*
+@@ -1190,9 +1190,9 @@ got_one_v6(omapi_object_t *h) {
+ * If a packet is not multicast, we assume it is unicast.
+ */
+ if (IN6_IS_ADDR_MULTICAST(&to)) {
+- is_unicast = ISC_FALSE;
++ is_unicast = false;
+ } else {
+- is_unicast = ISC_TRUE;
++ is_unicast = true;
+ }
+
+ ifrom.len = 16;
+Index: dhcp-4.4.1/omapip/iscprint.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/iscprint.c
++++ dhcp-4.4.1/omapip/iscprint.c
+@@ -59,8 +59,8 @@ isc_print_vsnprintf(char *str, size_t si
+ int plus;
+ int space;
+ int neg;
+- isc_int64_t tmpi;
+- isc_uint64_t tmpui;
++ int64_t tmpi;
++ uint64_t tmpui;
+ unsigned long width;
+ unsigned long precision;
+ unsigned int length;
+@@ -234,7 +234,7 @@ isc_print_vsnprintf(char *str, size_t si
+ goto printint;
+ case 'o':
+ if (q)
+- tmpui = va_arg(ap, isc_uint64_t);
++ tmpui = va_arg(ap, uint64_t);
+ else if (l)
+ tmpui = va_arg(ap, long int);
+ else
+@@ -244,7 +244,7 @@ isc_print_vsnprintf(char *str, size_t si
+ goto printint;
+ case 'u':
+ if (q)
+- tmpui = va_arg(ap, isc_uint64_t);
++ tmpui = va_arg(ap, uint64_t);
+ else if (l)
+ tmpui = va_arg(ap, unsigned long int);
+ else
+@@ -253,7 +253,7 @@ isc_print_vsnprintf(char *str, size_t si
+ goto printint;
+ case 'x':
+ if (q)
+- tmpui = va_arg(ap, isc_uint64_t);
++ tmpui = va_arg(ap, uint64_t);
+ else if (l)
+ tmpui = va_arg(ap, unsigned long int);
+ else
+@@ -267,7 +267,7 @@ isc_print_vsnprintf(char *str, size_t si
+ goto printint;
+ case 'X':
+ if (q)
+- tmpui = va_arg(ap, isc_uint64_t);
++ tmpui = va_arg(ap, uint64_t);
+ else if (l)
+ tmpui = va_arg(ap, unsigned long int);
+ else
+Index: dhcp-4.4.1/server/confpars.c
+===================================================================
+--- dhcp-4.4.1.orig/server/confpars.c
++++ dhcp-4.4.1/server/confpars.c
+@@ -4005,15 +4005,15 @@ add_ipv6_pool_to_subnet(struct subnet *s
+
+ /* Only bother if we aren't already flagged as jumbo */
+ if (pond->jumbo_range == 0) {
+- if ((units - bits) > (sizeof(isc_uint64_t) * 8)) {
++ if ((units - bits) > (sizeof(uint64_t) * 8)) {
+ pond->jumbo_range = 1;
+ pond->num_total = POND_TRACK_MAX;
+ }
+ else {
+- isc_uint64_t space_left
++ uint64_t space_left
+ = POND_TRACK_MAX - pond->num_total;
+- isc_uint64_t addon
+- = (isc_uint64_t)(1) << (units - bits);
++ uint64_t addon
++ = (uint64_t)(1) << (units - bits);
+
+ if (addon > space_left) {
+ pond->jumbo_range = 1;
+@@ -4739,7 +4739,7 @@ parse_ia_na_declaration(struct parse *cf
+ struct iasubopt *iaaddr;
+ struct ipv6_pool *pool;
+ char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+- isc_boolean_t newbinding;
++ bool newbinding;
+ struct binding_scope *scope = NULL;
+ struct binding *bnd;
+ struct binding_value *nv = NULL;
+@@ -4959,9 +4959,9 @@ parse_ia_na_declaration(struct parse *cf
+ }
+ strcpy(bnd->name, val);
+
+- newbinding = ISC_TRUE;
++ newbinding = true;
+ } else {
+- newbinding = ISC_FALSE;
++ newbinding = false;
+ }
+
+ if (!binding_value_allocate(&nv, MDL)) {
+@@ -5186,7 +5186,7 @@ parse_ia_ta_declaration(struct parse *cf
+ struct iasubopt *iaaddr;
+ struct ipv6_pool *pool;
+ char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+- isc_boolean_t newbinding;
++ bool newbinding;
+ struct binding_scope *scope = NULL;
+ struct binding *bnd;
+ struct binding_value *nv = NULL;
+@@ -5406,9 +5406,9 @@ parse_ia_ta_declaration(struct parse *cf
+ }
+ strcpy(bnd->name, val);
+
+- newbinding = ISC_TRUE;
++ newbinding = true;
+ } else {
+- newbinding = ISC_FALSE;
++ newbinding = false;
+ }
+
+ if (!binding_value_allocate(&nv, MDL)) {
+@@ -5623,7 +5623,7 @@ parse_ia_pd_declaration(struct parse *cf
+ struct iasubopt *iapref;
+ struct ipv6_pool *pool;
+ char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+- isc_boolean_t newbinding;
++ bool newbinding;
+ struct binding_scope *scope = NULL;
+ struct binding *bnd;
+ struct binding_value *nv = NULL;
+@@ -5843,9 +5843,9 @@ parse_ia_pd_declaration(struct parse *cf
+ }
+ strcpy(bnd->name, val);
+
+- newbinding = ISC_TRUE;
++ newbinding = true;
+ } else {
+- newbinding = ISC_FALSE;
++ newbinding = false;
+ }
+
+ if (!binding_value_allocate(&nv, MDL)) {
+Index: dhcp-4.4.1/server/dhcpv6.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcpv6.c
++++ dhcp-4.4.1/server/dhcpv6.c
+@@ -71,8 +71,8 @@ struct reply_state {
+ unsigned ia_count;
+ unsigned pd_count;
+ unsigned client_resources;
+- isc_boolean_t resources_included;
+- isc_boolean_t static_lease;
++ bool resources_included;
++ bool static_lease;
+ unsigned static_prefixes;
+ struct ia_xx *ia;
+ struct ia_xx *old_ia;
+@@ -123,7 +123,7 @@ static isc_result_t shared_network_from_
+ struct packet *packet);
+ static void seek_shared_host(struct host_decl **hp,
+ struct shared_network *shared);
+-static isc_boolean_t fixed_matches_shared(struct host_decl *host,
++static bool fixed_matches_shared(struct host_decl *host,
+ struct shared_network *shared);
+ static isc_result_t reply_process_ia_na(struct reply_state *reply,
+ struct option_cache *ia);
+@@ -131,9 +131,9 @@ static isc_result_t reply_process_ia_ta(
+ struct option_cache *ia);
+ static isc_result_t reply_process_addr(struct reply_state *reply,
+ struct option_cache *addr);
+-static isc_boolean_t address_is_owned(struct reply_state *reply,
++static bool address_is_owned(struct reply_state *reply,
+ struct iaddr *addr);
+-static isc_boolean_t temporary_is_available(struct reply_state *reply,
++static bool temporary_is_available(struct reply_state *reply,
+ struct iaddr *addr);
+ static isc_result_t find_client_temporaries(struct reply_state *reply);
+ static isc_result_t reply_process_try_addr(struct reply_state *reply,
+@@ -151,7 +151,7 @@ static isc_result_t reply_process_ia_pd(
+ static struct group *find_group_by_prefix(struct reply_state *reply);
+ static isc_result_t reply_process_prefix(struct reply_state *reply,
+ struct option_cache *pref);
+-static isc_boolean_t prefix_is_owned(struct reply_state *reply,
++static bool prefix_is_owned(struct reply_state *reply,
+ struct iaddrcidrnet *pref);
+ static isc_result_t find_client_prefix(struct reply_state *reply);
+ static isc_result_t reply_process_try_prefix(struct reply_state *reply,
+@@ -174,7 +174,7 @@ static void unicast_reject(struct data_s
+ const struct data_string *client_id,
+ const struct data_string *server_id);
+
+-static isc_boolean_t is_unicast_option_defined(struct packet *packet);
++static bool is_unicast_option_defined(struct packet *packet);
+ static isc_result_t shared_network_from_requested_addr (struct shared_network
+ **shared,
+ struct packet* packet);
+@@ -363,7 +363,7 @@ static struct data_string server_duid;
+ /*
+ * Check if the server_duid has been set.
+ */
+-isc_boolean_t
++bool
+ server_duid_isset(void) {
+ return (server_duid.data != NULL);
+ }
+@@ -992,7 +992,7 @@ void check_pool6_threshold(struct reply_
+ struct iasubopt *lease)
+ {
+ struct ipv6_pond *pond;
+- isc_uint64_t used, count, high_threshold;
++ uint64_t used, count, high_threshold;
+ int poolhigh = 0, poollow = 0;
+ char *shared_name = "no name";
+ char tmp_addr[INET6_ADDRSTRLEN];
+@@ -1310,9 +1310,9 @@ pick_v6_address(struct reply_state *repl
+ unsigned int attempts;
+ char tmp_buf[INET6_ADDRSTRLEN];
+ struct iasubopt **addr = &reply->lease;
+- isc_uint64_t total = 0;
+- isc_uint64_t active = 0;
+- isc_uint64_t abandoned = 0;
++ uint64_t total = 0;
++ uint64_t active = 0;
++ uint64_t abandoned = 0;
+ int jumbo_range = 0;
+ char *shared_name = (reply->shared->name ?
+ reply->shared->name : "(no name)");
+@@ -1825,7 +1825,7 @@ lease_to_client(struct data_string *repl
+
+ /* Start counting resources (addresses) offered. */
+ reply.client_resources = 0;
+- reply.resources_included = ISC_FALSE;
++ reply.resources_included = false;
+
+ status = reply_process_ia_na(&reply, oc);
+
+@@ -1843,7 +1843,7 @@ lease_to_client(struct data_string *repl
+
+ /* Start counting resources (addresses) offered. */
+ reply.client_resources = 0;
+- reply.resources_included = ISC_FALSE;
++ reply.resources_included = false;
+
+ status = reply_process_ia_ta(&reply, oc);
+
+@@ -1864,7 +1864,7 @@ lease_to_client(struct data_string *repl
+
+ /* Start counting resources (prefixes) offered. */
+ reply.client_resources = 0;
+- reply.resources_included = ISC_FALSE;
++ reply.resources_included = false;
+
+ status = reply_process_ia_pd(&reply, oc);
+
+@@ -2077,9 +2077,9 @@ reply_process_ia_na(struct reply_state *
+ tmp_addr, MDL) == 0)
+ log_fatal("Impossible condition at %s:%d.", MDL);
+
+- reply->static_lease = ISC_TRUE;
++ reply->static_lease = true;
+ } else
+- reply->static_lease = ISC_FALSE;
++ reply->static_lease = false;
+
+ /*
+ * Save the cursor position at the start of the IA, so we can
+@@ -2778,7 +2778,7 @@ reply_process_addr(struct reply_state *r
+ * (fault out all else). Otherwise it's a dynamic address, so lookup
+ * that address and make sure it belongs to this DUID:IAID pair.
+ */
+-static isc_boolean_t
++static bool
+ address_is_owned(struct reply_state *reply, struct iaddr *addr) {
+ int i;
+ struct ipv6_pond *pond;
+@@ -2791,13 +2791,13 @@ address_is_owned(struct reply_state *rep
+ log_fatal("Impossible condition at %s:%d.", MDL);
+
+ if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
+- return (ISC_TRUE);
++ return (true);
+
+- return (ISC_FALSE);
++ return (false);
+ }
+
+ if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
+- return (ISC_FALSE);
++ return (false);
+
+ for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+ struct iasubopt *tmp;
+@@ -2805,8 +2805,8 @@ address_is_owned(struct reply_state *rep
+ tmp = reply->old_ia->iasubopt[i];
+
+ if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
+- if (lease6_usable(tmp) == ISC_FALSE) {
+- return (ISC_FALSE);
++ if (lease6_usable(tmp) == false) {
++ return (false);
+ }
+
+ pond = tmp->ipv6_pool->ipv6_pond;
+@@ -2814,15 +2814,15 @@ address_is_owned(struct reply_state *rep
+ (permitted(reply->packet, pond->prohibit_list))) ||
+ ((pond->permit_list != NULL) &&
+ (!permitted(reply->packet, pond->permit_list))))
+- return (ISC_FALSE);
++ return (false);
+
+ iasubopt_reference(&reply->lease, tmp, MDL);
+
+- return (ISC_TRUE);
++ return (true);
+ }
+ }
+
+- return (ISC_FALSE);
++ return (false);
+ }
+
+ /* Process a client-supplied IA_TA. This may append options to the tail of
+@@ -2890,7 +2890,7 @@ reply_process_ia_ta(struct reply_state *
+ /*
+ * Temporary leases are dynamic by definition.
+ */
+- reply->static_lease = ISC_FALSE;
++ reply->static_lease = false;
+
+ /*
+ * Save the cursor position at the start of the IA, so we can
+@@ -2972,7 +2972,7 @@ reply_process_ia_ta(struct reply_state *
+ }
+ status = ISC_R_CANCELED;
+ reply->client_resources = 0;
+- reply->resources_included = ISC_FALSE;
++ reply->resources_included = false;
+ if (reply->lease != NULL)
+ iasubopt_dereference(&reply->lease, MDL);
+ }
+@@ -3364,7 +3364,7 @@ void shorten_lifetimes(struct reply_stat
+ /*
+ * Verify the temporary address is available.
+ */
+-static isc_boolean_t
++static bool
+ temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
+ struct in6_addr tmp_addr;
+ struct subnet *subnet;
+@@ -3379,7 +3379,7 @@ temporary_is_available(struct reply_stat
+ * So this is not a request for this address.
+ */
+ if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
+- return ISC_FALSE;
++ return false;
+
+ /*
+ * Verify that this address is on the client's network.
+@@ -3393,13 +3393,13 @@ temporary_is_available(struct reply_stat
+
+ /* Address not found on shared network. */
+ if (subnet == NULL)
+- return ISC_FALSE;
++ return false;
+
+ /*
+ * Check if this address is owned (must be before next step).
+ */
+ if (address_is_owned(reply, addr))
+- return ISC_TRUE;
++ return true;
+
+ /*
+ * Verify that this address is in a temporary pool and try to get it.
+@@ -3424,18 +3424,18 @@ temporary_is_available(struct reply_stat
+ }
+
+ if (pool == NULL)
+- return ISC_FALSE;
++ return false;
+ if (lease6_exists(pool, &tmp_addr))
+- return ISC_FALSE;
++ return false;
+ if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+ reply->lease->addr = tmp_addr;
+ reply->lease->plen = 0;
+ /* Default is soft binding for 2 minutes. */
+ if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+
+- return ISC_TRUE;
++ return true;
+ }
+
+ /*
+@@ -3652,7 +3652,7 @@ find_client_address(struct reply_state *
+ */
+
+ if ((candidate_shared != reply->shared) ||
+- (lease6_usable(lease) != ISC_TRUE))
++ (lease6_usable(lease) != true))
+ continue;
+
+ if (((pond->prohibit_list != NULL) &&
+@@ -3971,7 +3971,7 @@ reply_process_send_addr(struct reply_sta
+ goto cleanup;
+ }
+
+- reply->resources_included = ISC_TRUE;
++ reply->resources_included = true;
+
+ cleanup:
+ if (data.data != NULL)
+@@ -4722,7 +4722,7 @@ reply_process_prefix(struct reply_state
+ * (fault out all else). Otherwise it's a dynamic prefix, so lookup
+ * that prefix and make sure it belongs to this DUID:IAID pair.
+ */
+-static isc_boolean_t
++static bool
+ prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
+ struct iaddrcidrnetlist *l;
+ int i;
+@@ -4736,14 +4736,14 @@ prefix_is_owned(struct reply_state *repl
+ if ((pref->bits == l->cidrnet.bits) &&
+ (memcmp(pref->lo_addr.iabuf,
+ l->cidrnet.lo_addr.iabuf, 16) == 0))
+- return (ISC_TRUE);
++ return (true);
+ }
+- return (ISC_FALSE);
++ return (false);
+ }
+
+ if ((reply->old_ia == NULL) ||
+ (reply->old_ia->num_iasubopt == 0))
+- return (ISC_FALSE);
++ return (false);
+
+ for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+ struct iasubopt *tmp;
+@@ -4752,8 +4752,8 @@ prefix_is_owned(struct reply_state *repl
+
+ if ((pref->bits == (int) tmp->plen) &&
+ (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
+- if (lease6_usable(tmp) == ISC_FALSE) {
+- return (ISC_FALSE);
++ if (lease6_usable(tmp) == false) {
++ return (false);
+ }
+
+ pond = tmp->ipv6_pool->ipv6_pond;
+@@ -4761,14 +4761,14 @@ prefix_is_owned(struct reply_state *repl
+ (permitted(reply->packet, pond->prohibit_list))) ||
+ ((pond->permit_list != NULL) &&
+ (!permitted(reply->packet, pond->permit_list))))
+- return (ISC_FALSE);
++ return (false);
+
+ iasubopt_reference(&reply->lease, tmp, MDL);
+- return (ISC_TRUE);
++ return (true);
+ }
+ }
+
+- return (ISC_FALSE);
++ return (false);
+ }
+
+ /*
+@@ -4914,7 +4914,7 @@ find_client_prefix(struct reply_state *r
+ */
+ if (((candidate_shared != NULL) &&
+ (candidate_shared != reply->shared)) ||
+- (lease6_usable(prefix) != ISC_TRUE))
++ (lease6_usable(prefix) != true))
+ continue;
+
+ /*
+@@ -5233,7 +5233,7 @@ reply_process_send_prefix(struct reply_s
+ goto cleanup;
+ }
+
+- reply->resources_included = ISC_TRUE;
++ reply->resources_included = true;
+
+ cleanup:
+ if (data.data != NULL)
+@@ -5383,8 +5383,8 @@ dhcpv6_request(struct data_string *reply
+
+ /* If the REQUEST arrived via unicast and unicast option isn't set,
+ * reject it per RFC 3315, Sec 18.2.1 */
+- if (packet->unicast == ISC_TRUE &&
+- is_unicast_option_defined(packet) == ISC_FALSE) {
++ if (packet->unicast == true &&
++ is_unicast_option_defined(packet) == false) {
+ unicast_reject(reply_ret, packet, &client_id, &server_id);
+ } else {
+ /*
+@@ -5505,7 +5505,7 @@ dhcpv6_confirm(struct data_string *reply
+ struct option_state *cli_enc_opt_state, *opt_state;
+ struct iaddr cli_addr;
+ int pass;
+- isc_boolean_t inappropriate, has_addrs;
++ bool inappropriate, has_addrs;
+ char reply_data[65536];
+ struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
+ int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
+@@ -5556,7 +5556,7 @@ dhcpv6_confirm(struct data_string *reply
+ goto exit;
+
+ /* Are the addresses in all the IA's appropriate for that link? */
+- has_addrs = inappropriate = ISC_FALSE;
++ has_addrs = inappropriate = false;
+ pass = D6O_IA_NA;
+ while(!inappropriate) {
+ /* If we've reached the end of the IA_NA pass, move to the
+@@ -5602,7 +5602,7 @@ dhcpv6_confirm(struct data_string *reply
+ data_string_forget(&iaaddr, MDL);
+
+ /* Record that we've processed at least one address. */
+- has_addrs = ISC_TRUE;
++ has_addrs = true;
+
+ /* Find out if any subnets cover this address. */
+ for (subnet = shared->subnets ; subnet != NULL ;
+@@ -5621,7 +5621,7 @@ dhcpv6_confirm(struct data_string *reply
+ * continue searching.
+ */
+ if (subnet == NULL) {
+- inappropriate = ISC_TRUE;
++ inappropriate = true;
+ break;
+ }
+ }
+@@ -5719,8 +5719,8 @@ dhcpv6_renew(struct data_string *reply,
+
+ /* If the RENEW arrived via unicast and unicast option isn't set,
+ * reject it per RFC 3315, Sec 18.2.3 */
+- if (packet->unicast == ISC_TRUE &&
+- is_unicast_option_defined(packet) == ISC_FALSE) {
++ if (packet->unicast == true &&
++ is_unicast_option_defined(packet) == false) {
+ unicast_reject(reply, packet, &client_id, &server_id);
+ } else {
+ /*
+@@ -6142,8 +6142,8 @@ dhcpv6_decline(struct data_string *reply
+
+ /* If the DECLINE arrived via unicast and unicast option isn't set,
+ * reject it per RFC 3315, Sec 18.2.7 */
+- if (packet->unicast == ISC_TRUE &&
+- is_unicast_option_defined(packet) == ISC_FALSE) {
++ if (packet->unicast == true &&
++ is_unicast_option_defined(packet) == false) {
+ unicast_reject(reply, packet, &client_id, &server_id);
+ } else {
+ /*
+@@ -6597,8 +6597,8 @@ dhcpv6_release(struct data_string *reply
+
+ /* If the RELEASE arrived via unicast and unicast option isn't set,
+ * reject it per RFC 3315, Sec 18.2.6 */
+- if (packet->unicast == ISC_TRUE &&
+- is_unicast_option_defined(packet) == ISC_FALSE) {
++ if (packet->unicast == true &&
++ is_unicast_option_defined(packet) == false) {
+ unicast_reject(reply, packet, &client_id, &server_id);
+ } else {
+ /*
+@@ -6897,7 +6897,7 @@ dhcpv6_relay_forw(struct data_string *re
+ }
+ data_string_forget(&a_opt, MDL);
+
+- packet->relay_source_port = ISC_TRUE;
++ packet->relay_source_port = true;
+ }
+ #endif
+
+@@ -7219,7 +7219,7 @@ dhcp4o6_relay_forw(struct data_string *r
+ }
+ data_string_forget(&a_opt, MDL);
+
+- packet->relay_source_port = ISC_TRUE;
++ packet->relay_source_port = true;
+ }
+ #endif
+
+@@ -8036,35 +8036,35 @@ seek_shared_host(struct host_decl **hp,
+ host_reference(hp, seek, MDL);
+ }
+
+-static isc_boolean_t
++static bool
+ fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
+ struct subnet *subnet;
+ struct data_string addr;
+- isc_boolean_t matched;
++ bool matched;
+ struct iaddr fixed;
+
+ if (host->fixed_addr == NULL)
+- return ISC_FALSE;
++ return false;
+
+ memset(&addr, 0, sizeof(addr));
+ if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
+ &global_scope, host->fixed_addr, MDL))
+- return ISC_FALSE;
++ return false;
+
+ if (addr.len < 16) {
+ data_string_forget(&addr, MDL);
+- return ISC_FALSE;
++ return false;
+ }
+
+ fixed.len = 16;
+ memcpy(fixed.iabuf, addr.data, 16);
+
+- matched = ISC_FALSE;
++ matched = false;
+ for (subnet = shared->subnets ; subnet != NULL ;
+ subnet = subnet->next_sibling) {
+ if (addr_eq(subnet_number(fixed, subnet->netmask),
+ subnet->net)) {
+- matched = ISC_TRUE;
++ matched = true;
+ break;
+ }
+ }
+@@ -8167,15 +8167,15 @@ unicast_reject(struct data_string *reply
+ * statements from the network's group outward into a local option cache.
+ * The option cache is then scanned for the presence of unicast option. If
+ * the packet cannot be mapped to a shared network, the function returns
+- * ISC_FALSE.
++ * false.
+ * \param packet inbound packet from the client
+ *
+- * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise.
++ * \return true if the dhcp6.unicast option is defined, false otherwise.
+ *
+ */
+-isc_boolean_t
++bool
+ is_unicast_option_defined(struct packet *packet) {
+- isc_boolean_t is_defined = ISC_FALSE;
++ bool is_defined = false;
+ struct option_state *opt_state = NULL;
+ struct option_cache *oc = NULL;
+ struct shared_network *shared = NULL;
+@@ -8195,7 +8195,7 @@ is_unicast_option_defined(struct packet
+ * logic will catch it */
+ log_error("is_unicast_option_defined:"
+ "cannot attribute packet to a network.");
+- return (ISC_FALSE);
++ return (false);
+ }
+
+ /* Now that we've mapped it to a network, execute statments to that
+@@ -8205,7 +8205,7 @@ is_unicast_option_defined(struct packet
+ &global_scope, shared->group, NULL, NULL);
+
+ oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
+- is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
++ is_defined = (oc != NULL ? true : false);
+ log_debug("is_unicast_option_defined: option found : %d", is_defined);
+
+ if (shared != NULL) {
+Index: dhcp-4.4.1/client/clparse.c
+===================================================================
+--- dhcp-4.4.1.orig/client/clparse.c
++++ dhcp-4.4.1/client/clparse.c
+@@ -1527,7 +1527,7 @@ parse_client6_lease_statement(struct par
+
+ case TOKEN_RELEASED:
+ case TOKEN_ABANDONED:
+- lease->released = ISC_TRUE;
++ lease->released = true;
+ break;
+
+ default:
+Index: dhcp-4.4.1/client/dhc6.c
+===================================================================
+--- dhcp-4.4.1.orig/client/dhc6.c
++++ dhcp-4.4.1/client/dhc6.c
+@@ -109,7 +109,7 @@ static isc_result_t dhc6_add_ia_pd(struc
+ u_int8_t message,
+ int wanted,
+ int *added);
+-static isc_boolean_t stopping_finished(void);
++static bool stopping_finished(void);
+ static void dhc6_merge_lease(struct dhc6_lease *src, struct dhc6_lease *dst);
+ void do_select6(void *input);
+ void do_refresh6(void *input);
+@@ -131,7 +131,7 @@ static void script_write_params6(struct
+ const char *prefix,
+ struct option_state *options);
+ static void script_write_requested6(struct client_state *client);
+-static isc_boolean_t active_prefix(struct client_state *client);
++static bool active_prefix(struct client_state *client);
+
+ static int check_timing6(struct client_state *client, u_int8_t msg_type,
+ char *msg_str, struct dhc6_lease *lease,
+@@ -149,7 +149,7 @@ static isc_result_t dhc6_add_ia_na_decli
+ struct data_string *packet,
+ struct dhc6_lease *lease);
+ static int drop_declined_addrs(struct dhc6_lease *lease);
+-static isc_boolean_t unexpired_address_in_lease(struct dhc6_lease *lease);
++static bool unexpired_address_in_lease(struct dhc6_lease *lease);
+
+ extern int onetry;
+ extern int stateless;
+@@ -418,14 +418,14 @@ valid_reply(struct packet *packet, struc
+ {
+ struct data_string sid, cid;
+ struct option_cache *oc;
+- int rval = ISC_TRUE;
++ int rval = true;
+
+ memset(&sid, 0, sizeof(sid));
+ memset(&cid, 0, sizeof(cid));
+
+ if (!lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID)) {
+ log_error("Response without a server identifier received.");
+- rval = ISC_FALSE;
++ rval = false;
+ }
+
+ oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID);
+@@ -434,7 +434,7 @@ valid_reply(struct packet *packet, struc
+ client->sent_options, &global_scope, oc,
+ MDL)) {
+ log_error("Response without a client identifier.");
+- rval = ISC_FALSE;
++ rval = false;
+ }
+
+ oc = lookup_option(&dhcpv6_universe, client->sent_options,
+@@ -444,7 +444,7 @@ valid_reply(struct packet *packet, struc
+ client->sent_options, NULL, &global_scope,
+ oc, MDL)) {
+ log_error("Local client identifier is missing!");
+- rval = ISC_FALSE;
++ rval = false;
+ }
+
+ if (sid.len == 0 ||
+@@ -452,7 +452,7 @@ valid_reply(struct packet *packet, struc
+ memcmp(sid.data, cid.data, sid.len)) {
+ log_error("Advertise with matching transaction ID, but "
+ "mismatching client id.");
+- rval = ISC_FALSE;
++ rval = false;
+ }
+
+ /* clean up pointers to the strings */
+@@ -2375,7 +2375,7 @@ start_release6(struct client_state *clie
+ /* Note this in the lease file. */
+ if (client->active_lease == NULL)
+ return;
+- client->active_lease->released = ISC_TRUE;
++ client->active_lease->released = true;
+ write_client6_lease(client, client->active_lease, 0, 1);
+
+ /* Set timers per RFC3315 section 18.1.6. */
+@@ -2612,7 +2612,7 @@ dhc6_check_advertise(struct dhc6_lease *
+ {
+ struct dhc6_ia *ia;
+ isc_result_t rval = ISC_R_SUCCESS;
+- int have_addrs = ISC_FALSE;
++ int have_addrs = false;
+ unsigned code;
+ const char *scope;
+ int got_na = 0, got_ta = 0, got_pd = 0;
+@@ -2650,14 +2650,14 @@ dhc6_check_advertise(struct dhc6_lease *
+ * Should we check the addr itself for usability?
+ */
+ if (ia->addrs != NULL) {
+- have_addrs = ISC_TRUE;
++ have_addrs = true;
+ }
+ }
+
+ /* If we didn't get some addrs or the user required us to
+ * get all of the requested IAs and we didn't return an error
+ */
+- if ((have_addrs != ISC_TRUE) ||
++ if ((have_addrs != true) ||
+ ((require_all_ias != 0) &&
+ ((got_na < wanted_ia_na) ||
+ (got_ta < wanted_ia_ta) ||
+@@ -2670,7 +2670,7 @@ dhc6_check_advertise(struct dhc6_lease *
+ /* status code <-> action matrix for the client in INIT state
+ * (rapid/commit). Returns always false as no action is defined.
+ */
+-static isc_boolean_t
++static bool
+ dhc6_init_action(struct client_state *client, isc_result_t *rvalp,
+ unsigned code)
+ {
+@@ -2679,21 +2679,21 @@ dhc6_init_action(struct client_state *cl
+
+ if (client == NULL) {
+ *rvalp = DHCP_R_INVALIDARG;
+- return ISC_FALSE;
++ return false;
+ }
+
+ if (*rvalp == ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+
+ /* No possible action in any case... */
+- return ISC_FALSE;
++ return false;
+ }
+
+ /* status code <-> action matrix for the client in SELECT state
+ * (request/reply). Returns true if action was taken (and the
+ * packet should be ignored), or false if no action was taken.
+ */
+-static isc_boolean_t
++static bool
+ dhc6_select_action(struct client_state *client, isc_result_t *rvalp,
+ unsigned code)
+ {
+@@ -2705,12 +2705,12 @@ dhc6_select_action(struct client_state *
+
+ if (client == NULL) {
+ *rvalp = DHCP_R_INVALIDARG;
+- return ISC_FALSE;
++ return false;
+ }
+ rval = *rvalp;
+
+ if (rval == ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+
+ switch (code) {
+ /* We may have an earlier failure status code (so no
+@@ -2723,7 +2723,7 @@ dhc6_select_action(struct client_state *
+ case STATUS_NoBinding:
+ case STATUS_UseMulticast:
+ /* Take no action. */
+- return ISC_FALSE;
++ return false;
+
+ /* If the server can't deal with us, either try the
+ * next advertised server, or continue retrying if there
+@@ -2739,7 +2739,7 @@ dhc6_select_action(struct client_state *
+
+ break;
+ } else /* Take no action - continue to retry. */
+- return ISC_FALSE;
++ return false;
+
+ /* If the server has no addresses, try other servers if
+ * we got some, otherwise go to INIT to hope for more
+@@ -2748,7 +2748,7 @@ dhc6_select_action(struct client_state *
+ case STATUS_NoAddrsAvail:
+ case STATUS_NoPrefixAvail:
+ if (client->state == S_REBOOTING)
+- return ISC_FALSE;
++ return false;
+
+ if (client->selected_lease == NULL)
+ log_fatal("Impossible case at %s:%d.", MDL);
+@@ -2794,7 +2794,7 @@ dhc6_select_action(struct client_state *
+ break;
+ }
+
+- return ISC_TRUE;
++ return true;
+ }
+
+ static void
+@@ -2821,7 +2821,7 @@ dhc6_withdraw_lease(struct client_state
+ * (request/reply). Returns true if action was taken (and the
+ * packet should be ignored), or false if no action was taken.
+ */
+-static isc_boolean_t
++static bool
+ dhc6_reply_action(struct client_state *client, isc_result_t *rvalp,
+ unsigned code)
+ {
+@@ -2832,12 +2832,12 @@ dhc6_reply_action(struct client_state *c
+
+ if (client == NULL) {
+ *rvalp = DHCP_R_INVALIDARG;
+- return ISC_FALSE;
++ return false;
+ }
+ rval = *rvalp;
+
+ if (rval == ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+
+ switch (code) {
+ /* It's possible an earlier status code set rval to a failure
+@@ -2852,7 +2852,7 @@ dhc6_reply_action(struct client_state *c
+ case STATUS_UnspecFail:
+ /* For unknown codes...it's a soft (retryable) error. */
+ default:
+- return ISC_FALSE;
++ return false;
+
+ /* The server is telling us to use a multicast address, so
+ * we have to delete the unicast option from the active
+@@ -2865,7 +2865,7 @@ dhc6_reply_action(struct client_state *c
+ delete_option(&dhcp_universe,
+ client->active_lease->options,
+ D6O_UNICAST);
+- return ISC_FALSE;
++ return false;
+
+ /* "When the client receives a NotOnLink status from the
+ * server in response to a Request, the client can either
+@@ -2914,7 +2914,7 @@ dhc6_reply_action(struct client_state *c
+ break;
+ }
+
+- return ISC_TRUE;
++ return true;
+ }
+
+ /* status code <-> action matrix for the client in STOPPED state
+@@ -2922,7 +2922,7 @@ dhc6_reply_action(struct client_state *c
+ * packet should be ignored), or false if no action was taken.
+ * NoBinding is translated into Success.
+ */
+-static isc_boolean_t
++static bool
+ dhc6_stop_action(struct client_state *client, isc_result_t *rvalp,
+ unsigned code)
+ {
+@@ -2933,12 +2933,12 @@ dhc6_stop_action(struct client_state *cl
+
+ if (client == NULL) {
+ *rvalp = DHCP_R_INVALIDARG;
+- return ISC_FALSE;
++ return false;
+ }
+ rval = *rvalp;
+
+ if (rval == ISC_R_SUCCESS)
+- return ISC_FALSE;
++ return false;
+
+ switch (code) {
+ /* It's possible an earlier status code set rval to a failure
+@@ -2948,13 +2948,13 @@ dhc6_stop_action(struct client_state *cl
+ /* For unknown codes...it's a soft (retryable) error. */
+ case STATUS_UnspecFail:
+ default:
+- return ISC_FALSE;
++ return false;
+
+ /* NoBinding is not an error */
+ case STATUS_NoBinding:
+ if (rval == ISC_R_FAILURE)
+ *rvalp = ISC_R_SUCCESS;
+- return ISC_FALSE;
++ return false;
+
+ /* Should not happen */
+ case STATUS_NoAddrsAvail:
+@@ -2976,13 +2976,13 @@ dhc6_stop_action(struct client_state *cl
+ delete_option(&dhcp_universe,
+ client->active_lease->options,
+ D6O_UNICAST);
+- return ISC_FALSE;
++ return false;
+ }
+
+- return ISC_TRUE;
++ return true;
+ }
+
+-static isc_boolean_t
++static bool
+ dhc6_decline_action(struct client_state *client, isc_result_t *rvalp,
+ unsigned code)
+ {
+@@ -2993,12 +2993,12 @@ dhc6_decline_action(struct client_state
+
+ if (client == NULL) {
+ *rvalp = DHCP_R_INVALIDARG;
+- return ISC_FALSE;
++ return false;
+ }
+ rval = *rvalp;
+
+ if (rval == ISC_R_SUCCESS) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ switch (code) {
+@@ -3013,13 +3013,13 @@ dhc6_decline_action(struct client_state
+ delete_option(&dhcp_universe,
+ client->active_lease->options,
+ D6O_UNICAST);
+- return ISC_FALSE;
++ return false;
+ default:
+ /* Anything else is basically meaningless */
+ break;
+ }
+
+- return ISC_TRUE;
++ return true;
+ }
+
+
+@@ -3029,14 +3029,14 @@ dhc6_decline_action(struct client_state
+ static isc_result_t
+ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new)
+ {
+- isc_boolean_t (*action)(struct client_state *,
++ bool (*action)(struct client_state *,
+ isc_result_t *, unsigned);
+ struct dhc6_ia *ia;
+ isc_result_t rval = ISC_R_SUCCESS;
+ unsigned code;
+ const char *scope;
+ int nscore, sscore;
+- int have_addrs = ISC_FALSE;
++ int have_addrs = false;
+ int got_na = 0, got_ta = 0, got_pd = 0;
+
+ if ((client == NULL) || (new == NULL))
+@@ -3102,7 +3102,7 @@ dhc6_check_reply(struct client_state *cl
+ return ISC_R_CANCELED;
+
+ if (ia->addrs != NULL) {
+- have_addrs = ISC_TRUE;
++ have_addrs = true;
+ }
+ }
+
+@@ -3119,13 +3119,13 @@ dhc6_check_reply(struct client_state *cl
+ * check in and commented it as I eventually do want
+ * us to check for TAs as well. SAR
+ */
+- if ((have_addrs != ISC_TRUE) ||
++ if ((have_addrs != true) ||
+ ((require_all_ias != 0) &&
+ ((got_na < wanted_ia_na) ||
+ /*(got_ta < wanted_ia_ta) ||*/
+ (got_pd < wanted_ia_pd)))) {
+ rval = ISC_R_FAILURE;
+- if (action(client, &rval, STATUS_NoAddrsAvail) == ISC_TRUE) {
++ if (action(client, &rval, STATUS_NoAddrsAvail) == true) {
+ return ISC_R_CANCELED;
+ }
+ }
+@@ -4256,7 +4256,7 @@ dhc6_add_ia_pd(struct client_state *clie
+
+ /* stopping_finished() checks if there is a remaining work to do.
+ */
+-static isc_boolean_t
++static bool
+ stopping_finished(void)
+ {
+ struct interface_info *ip;
+@@ -4265,12 +4265,12 @@ stopping_finished(void)
+ for (ip = interfaces; ip; ip = ip -> next) {
+ for (client = ip -> client; client; client = client -> next) {
+ if (client->state != S_STOPPED)
+- return ISC_FALSE;
++ return false;
+ if (client->active_lease != NULL)
+- return ISC_FALSE;
++ return false;
+ }
+ }
+- return ISC_TRUE;
++ return true;
+ }
+
+ /* reply_handler() accepts a Reply while we're attempting Select or Renew or
+@@ -4474,8 +4474,8 @@ dhc6_check_times(struct client_state *cl
+ struct dhc6_addr *addr;
+ TIME renew=MAX_TIME, rebind=MAX_TIME, depref=MAX_TIME,
+ lo_expire=MAX_TIME, hi_expire=0, max_ia_starts = 0, tmp;
+- int has_addrs = ISC_FALSE;
+- int has_preferred_addrs = ISC_FALSE;
++ int has_addrs = false;
++ int has_preferred_addrs = false;
+ struct timeval tv;
+
+ lease = client->active_lease;
+@@ -4506,7 +4506,7 @@ dhc6_check_times(struct client_state *cl
+ depref = tmp;
+
+ if (!(addr->flags & DHC6_ADDR_EXPIRED)) {
+- has_preferred_addrs = ISC_TRUE;
++ has_preferred_addrs = true;
+ }
+ }
+
+@@ -4525,7 +4525,7 @@ dhc6_check_times(struct client_state *cl
+ if (tmp < this_ia_lo_expire)
+ this_ia_lo_expire = tmp;
+
+- has_addrs = ISC_TRUE;
++ has_addrs = true;
+ }
+ }
+
+@@ -4603,7 +4603,7 @@ dhc6_check_times(struct client_state *cl
+ * In the future, we may decide that we're done here, or to
+ * schedule a future request (using 4-pkt info-request model).
+ */
+- if (has_addrs == ISC_FALSE) {
++ if (has_addrs == false) {
+ dhc6_lease_destroy(&client->active_lease, MDL);
+ client->active_lease = NULL;
+
+@@ -4855,7 +4855,7 @@ start_bound(struct client_state *client)
+ "is selected.");
+ return;
+ }
+- lease->released = ISC_FALSE;
++ lease->released = false;
+ old = client->old_lease;
+
+ client->v6_handler = bound_handler;
+@@ -5448,8 +5448,8 @@ do_expire(void *input)
+ struct dhc6_lease *lease;
+ struct dhc6_ia *ia, **tia;
+ struct dhc6_addr *addr;
+- int has_addrs = ISC_FALSE;
+- int ia_has_addrs = ISC_FALSE;
++ int has_addrs = false;
++ int ia_has_addrs = false;
+
+ client = (struct client_state *)input;
+
+@@ -5458,7 +5458,7 @@ do_expire(void *input)
+ return;
+
+ for (ia = lease->bindings, tia = &lease->bindings; ia != NULL ; ) {
+- ia_has_addrs = ISC_FALSE;
++ ia_has_addrs = false;
+ for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
+ if (addr->flags & DHC6_ADDR_EXPIRED)
+ continue;
+@@ -5495,14 +5495,14 @@ do_expire(void *input)
+ continue;
+ }
+
+- ia_has_addrs = ISC_TRUE;
+- has_addrs = ISC_TRUE;
++ ia_has_addrs = true;
++ has_addrs = true;
+ }
+
+ /* Update to the next ia and git rid of this ia
+ * if it doesn't have any leases.
+ */
+- if (ia_has_addrs == ISC_TRUE) {
++ if (ia_has_addrs == true) {
+ /* leases, just advance the list pointer */
+ tia = &(*tia)->next;
+ } else {
+@@ -5517,7 +5517,7 @@ do_expire(void *input)
+ }
+
+ /* Clean up empty leases. */
+- if (has_addrs == ISC_FALSE) {
++ if (has_addrs == false) {
+ log_info("PRC: Bound lease is devoid of active addresses."
+ " Re-initializing.");
+
+@@ -5596,14 +5596,14 @@ dhc6_check_irt(struct client_state *clie
+ TIME expire = MAX_TIME;
+ struct timeval tv;
+ int i;
+- isc_boolean_t found = ISC_FALSE;
++ bool found = false;
+
+ cancel_timeout(refresh_info_request6, client);
+
+ req = client->config->requested_options;
+ for (i = 0; req[i] != NULL; i++) {
+ if (req[i] == irt_option) {
+- found = ISC_TRUE;
++ found = true;
+ break;
+ }
+ }
+@@ -5924,7 +5924,7 @@ static void script_write_requested6(clie
+ /*
+ * Check if there is something not fully defined in the active lease.
+ */
+-static isc_boolean_t
++static bool
+ active_prefix(struct client_state *client)
+ {
+ struct dhc6_lease *lease;
+@@ -5934,21 +5934,21 @@ active_prefix(struct client_state *clien
+
+ lease = client->active_lease;
+ if (lease == NULL)
+- return ISC_FALSE;
++ return false;
+ memset(zeros, 0, 16);
+ for (ia = lease->bindings; ia != NULL; ia = ia->next) {
+ if (ia->ia_type != D6O_IA_PD)
+ continue;
+ for (pref = ia->addrs; pref != NULL; pref = pref->next) {
+ if (pref->plen == 0)
+- return ISC_FALSE;
++ return false;
+ if (pref->address.len != 16)
+- return ISC_FALSE;
++ return false;
+ if (memcmp(pref->address.iabuf, zeros, 16) == 0)
+- return ISC_FALSE;
++ return false;
+ }
+ }
+- return ISC_TRUE;
++ return true;
+ }
+
+ /* Adds a leases's declined addreses to the outbound packet
+@@ -6111,26 +6111,26 @@ int drop_declined_addrs(struct dhc6_leas
+ /* Run through the addresses in lease and return true if there's any unexpired.
+ * Return false otherwise.
+ */
+-static isc_boolean_t
++static bool
+ unexpired_address_in_lease(struct dhc6_lease *lease)
+ {
+ struct dhc6_ia *ia;
+ struct dhc6_addr *addr;
+
+ if (lease == NULL) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ for (ia = lease->bindings ; ia != NULL ; ia = ia->next) {
+ for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
+ if (!(addr->flags & DHC6_ADDR_EXPIRED) &&
+ (addr->starts + addr->max_life > cur_time)) {
+- return ISC_TRUE;
++ return true;
+ }
+ }
+ }
+
+ log_debug("PRC: Previous lease is devoid of active addresses.");
+- return ISC_FALSE;
++ return false;
+ }
+ #endif /* DHCPv6 */
+Index: dhcp-4.4.1/client/dhclient.c
+===================================================================
+--- dhcp-4.4.1.orig/client/dhclient.c
++++ dhcp-4.4.1/client/dhclient.c
+@@ -52,7 +52,7 @@ char *path_dhclient_script = path_dhclie
+ const char *path_dhclient_duid = NULL;
+
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+
+ int dhcp_max_agent_option_packet_length = 0;
+
+@@ -397,7 +397,7 @@ main(int argc, char **argv) {
+ path_dhclient_pid = argv[i];
+ no_dhclient_pid = 1;
+ } else if (!strcmp(argv[i], "--no-pid")) {
+- no_pid_file = ISC_TRUE;
++ no_pid_file = true;
+ } else if (!strcmp(argv[i], "-cf")) {
+ if (++i == argc)
+ usage(use_noarg, argv[i-1]);
+@@ -652,7 +652,7 @@ main(int argc, char **argv) {
+ * to write a pid file - we assume they are controlling
+ * the process in some other fashion.
+ */
+- if ((release_mode || exit_mode) && (no_pid_file == ISC_FALSE)) {
++ if ((release_mode || exit_mode) && (no_pid_file == false)) {
+ FILE *pidfd;
+ pid_t oldpid;
+ long temp;
+@@ -4469,7 +4469,7 @@ void write_client_pid_file ()
+ int pfdesc;
+
+ /* nothing to do if the user doesn't want a pid file */
+- if (no_pid_file == ISC_TRUE) {
++ if (no_pid_file == true) {
+ return;
+ }
+
+@@ -4727,7 +4727,7 @@ unsigned cons_agent_information_options
+ static void shutdown_exit (void *foo)
+ {
+ /* get rid of the pid if we can */
+- if (no_pid_file == ISC_FALSE)
++ if (no_pid_file == false)
+ (void) unlink(path_dhclient_pid);
+ finish(0);
+ }
+Index: dhcp-4.4.1/common/inet.c
+===================================================================
+--- dhcp-4.4.1.orig/common/inet.c
++++ dhcp-4.4.1/common/inet.c
+@@ -299,7 +299,7 @@ addr_and(struct iaddr *result, const str
+ *
+ * Because the final ".1" would get masked out by the /8.
+ */
+-isc_boolean_t
++bool
+ is_cidr_mask_valid(const struct iaddr *addr, int bits) {
+ int zero_bits;
+ int zero_bytes;
+@@ -311,10 +311,10 @@ is_cidr_mask_valid(const struct iaddr *a
+ * Check our bit boundaries.
+ */
+ if (bits < 0) {
+- return ISC_FALSE;
++ return false;
+ }
+ if (bits > (addr->len * 8)) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ /*
+@@ -328,7 +328,7 @@ is_cidr_mask_valid(const struct iaddr *a
+ */
+ for (i=1; i<=zero_bytes; i++) {
+ if (addr->iabuf[addr->len-i] != 0) {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+@@ -340,7 +340,7 @@ is_cidr_mask_valid(const struct iaddr *a
+ * happy.
+ */
+ shift_bits = zero_bits % 8;
+- if (shift_bits == 0) return ISC_TRUE;
++ if (shift_bits == 0) return true;
+ byte = addr->iabuf[addr->len-zero_bytes-1];
+ return (((byte >> shift_bits) << shift_bits) == byte);
+ }
+Index: dhcp-4.4.1/common/options.c
+===================================================================
+--- dhcp-4.4.1.orig/common/options.c
++++ dhcp-4.4.1/common/options.c
+@@ -676,7 +676,7 @@ cons_options(struct packet *inpacket, st
+ * the priority_list. This way we'll send it whether or not it
+ * is in the PRL. */
+ if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) &&
+- (inpacket->sv_echo_client_id == ISC_TRUE)) {
++ (inpacket->sv_echo_client_id == true)) {
+ priority_list[priority_len++] =
+ DHO_DHCP_CLIENT_IDENTIFIER;
+ }
+@@ -1802,7 +1802,7 @@ const char *pretty_print_option (option,
+ const unsigned char *dp = data;
+ char comma;
+ unsigned long tval;
+- isc_boolean_t a_array = ISC_FALSE;
++ bool a_array = false;
+ int len_used;
+
+ if (emit_commas)
+@@ -1828,7 +1828,7 @@ const char *pretty_print_option (option,
+ fmtbuf [l] = option -> format [i];
+ switch (option -> format [i]) {
+ case 'a':
+- a_array = ISC_TRUE;
++ a_array = true;
+ /* Fall through */
+ case 'A':
+ --numelem;
+@@ -1858,7 +1858,7 @@ const char *pretty_print_option (option,
+ hunksize++;
+ comma = ':';
+ numhunk = 0;
+- a_array = ISC_TRUE;
++ a_array = true;
+ hunkinc = 1;
+ }
+ fmtbuf [l + 1] = 0;
+@@ -1954,7 +1954,7 @@ const char *pretty_print_option (option,
+
+ /* If this is an array, compute its size. */
+ if (numhunk == 0) {
+- if (a_array == ISC_TRUE) {
++ if (a_array == true) {
+ /*
+ * It is an 'a' type array - we repeat the
+ * last format type. A binary string for 'X'
+@@ -2006,7 +2006,7 @@ const char *pretty_print_option (option,
+
+ /* Cycle through the array (or hunk) printing the data. */
+ for (i = 0; i < numhunk; i++) {
+- if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) {
++ if ((a_array == true) && (i != 0) && (numelem > 0)) {
+ /*
+ * For 'a' type of arrays we repeat
+ * only the last format character
+@@ -2734,7 +2734,7 @@ save_option(struct universe *universe, s
+ struct option_cache *oc)
+ {
+ if (universe->save_func)
+- (*universe->save_func)(universe, options, oc, ISC_FALSE);
++ (*universe->save_func)(universe, options, oc, true);
+ else
+ log_error("can't store options in %s space.", universe->name);
+ }
+@@ -2745,14 +2745,14 @@ also_save_option(struct universe *univer
+ struct option_cache *oc)
+ {
+ if (universe->save_func)
+- (*universe->save_func)(universe, options, oc, ISC_TRUE);
++ (*universe->save_func)(universe, options, oc, true);
+ else
+ log_error("can't store options in %s space.", universe->name);
+ }
+
+ void
+ save_hashed_option(struct universe *universe, struct option_state *options,
+- struct option_cache *oc, isc_boolean_t appendp)
++ struct option_cache *oc, bool appendp)
+ {
+ int hashix;
+ pair bptr;
+@@ -3062,7 +3062,7 @@ store_option(struct data_string *result,
+ cfg_options, scope, subu);
+ subu = NULL;
+ }
+- } while (ISC_FALSE);
++ } while (false);
+
+ status = append_option(result, universe, oc->option, &tmp);
+ data_string_forget(&tmp, MDL);
+@@ -3459,7 +3459,7 @@ lookup_fqdn6_option(struct universe *uni
+ */
+ void
+ save_fqdn6_option(struct universe *universe, struct option_state *options,
+- struct option_cache *oc, isc_boolean_t appendp)
++ struct option_cache *oc, bool appendp)
+ {
+ log_fatal("Impossible condition at %s:%d.", MDL);
+ }
+@@ -3784,7 +3784,7 @@ void hashed_option_space_foreach (struct
+
+ void
+ save_linked_option(struct universe *universe, struct option_state *options,
+- struct option_cache *oc, isc_boolean_t appendp)
++ struct option_cache *oc, bool appendp)
+ {
+ pair *tail;
+ struct option_chain_head *head;
+@@ -4073,7 +4073,7 @@ packet6_len_okay(const char *packet, int
+ void
+ do_packet6(struct interface_info *interface, const char *packet,
+ int len, int from_port, const struct iaddr *from,
+- isc_boolean_t was_unicast) {
++ bool was_unicast) {
+ unsigned char msg_type;
+ const struct dhcpv6_packet *msg;
+ const struct dhcpv6_relay_packet *relay;
+Index: dhcp-4.4.1/common/parse.c
+===================================================================
+--- dhcp-4.4.1.orig/common/parse.c
++++ dhcp-4.4.1/common/parse.c
+@@ -4952,7 +4952,7 @@ int parse_option_token (rv, cfile, fmt,
+ unsigned len;
+ struct iaddr addr;
+ int compress;
+- isc_boolean_t freeval = ISC_FALSE;
++ bool freeval = false;
+ const char *f, *g;
+ struct enumeration_value *e;
+
+@@ -5038,7 +5038,7 @@ int parse_option_token (rv, cfile, fmt,
+ return 0;
+ }
+ len = strlen (val);
+- freeval = ISC_TRUE;
++ freeval = true;
+ goto make_string;
+
+ case 't': /* Text string... */
+@@ -5055,9 +5055,9 @@ int parse_option_token (rv, cfile, fmt,
+ if (!make_const_data (&t, (const unsigned char *)val,
+ len, 1, 1, MDL))
+ log_fatal ("No memory for concatenation");
+- if (freeval == ISC_TRUE) {
++ if (freeval == true) {
+ dfree((char *)val, MDL);
+- freeval = ISC_FALSE;
++ freeval = false;
+ POST(freeval);
+ }
+ break;
+Index: dhcp-4.4.1/omapip/dispatch.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/dispatch.c
++++ dhcp-4.4.1/omapip/dispatch.c
+@@ -156,7 +156,7 @@ omapi_iscsock_cb(isc_task_t *task,
+ * This should be a temporary fix until we arrange to properly
+ * close the socket.
+ */
+- if (obj->closed == ISC_TRUE) {
++ if (obj->closed == true) {
+ return(0);
+ }
+ #endif
+@@ -223,7 +223,7 @@ isc_result_t omapi_register_io_object (o
+ status = omapi_io_allocate (&obj, MDL);
+ if (status != ISC_R_SUCCESS)
+ return status;
+- obj->closed = ISC_FALSE; /* mark as open */
++ obj->closed = false; /* mark as open */
+
+ status = omapi_object_reference (&obj -> inner, h, MDL);
+ if (status != ISC_R_SUCCESS) {
+@@ -404,7 +404,7 @@ isc_result_t omapi_unregister_io_object
+ isc_socket_detach(&obj->fd);
+ }
+ #else
+- obj->closed = ISC_TRUE;
++ obj->closed = true;
+ #endif
+
+ omapi_io_dereference (&ph, MDL);
+Index: dhcp-4.4.1/omapip/isclib.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/isclib.c
++++ dhcp-4.4.1/omapip/isclib.c
+@@ -106,9 +106,9 @@ isclib_cleanup(void)
+ if (dhcp_gbl_ctx.taskmgr != NULL)
+ isc_taskmgr_destroy(&dhcp_gbl_ctx.taskmgr);
+
+- if (dhcp_gbl_ctx.actx_started != ISC_FALSE) {
++ if (dhcp_gbl_ctx.actx_started != false) {
+ isc_app_ctxfinish(dhcp_gbl_ctx.actx);
+- dhcp_gbl_ctx.actx_started = ISC_FALSE;
++ dhcp_gbl_ctx.actx_started = false;
+ }
+
+ if (dhcp_gbl_ctx.actx != NULL)
+@@ -211,7 +211,7 @@ dhcp_context_create(int flags,
+ result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+- dhcp_gbl_ctx.actx_started = ISC_TRUE;
++ dhcp_gbl_ctx.actx_started = true;
+
+ /* Not all OSs support suppressing SIGPIPE through socket
+ * options, so set the sigal action to be ignore. This allows
+Index: dhcp-4.4.1/omapip/protocol.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/protocol.c
++++ dhcp-4.4.1/omapip/protocol.c
+@@ -950,14 +950,14 @@ isc_result_t omapi_protocol_stuff_values
+ /* Returns a boolean indicating whether this protocol requires that
+ messages be authenticated or not. */
+
+-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *h)
++bool omapi_protocol_authenticated (omapi_object_t *h)
+ {
+ if (h -> type != omapi_type_protocol)
+- return isc_boolean_false;
++ return false;
+ if (((omapi_protocol_object_t *)h) -> insecure)
+- return isc_boolean_false;
++ return false;
+ else
+- return isc_boolean_true;
++ return true;
+ }
+
+ /* Sets the address and authenticator verification callbacks. The handle
+Index: dhcp-4.4.1/relay/dhcrelay.c
+===================================================================
+--- dhcp-4.4.1.orig/relay/dhcrelay.c
++++ dhcp-4.4.1/relay/dhcrelay.c
+@@ -45,9 +45,9 @@ char *token_line;
+ char *tlname;
+
+ const char *path_dhcrelay_pid = _PATH_DHCRELAY_PID;
+-isc_boolean_t no_dhcrelay_pid = ISC_FALSE;
++bool no_dhcrelay_pid = false;
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+
+ int bogus_agent_drops = 0; /* Packets dropped because agent option
+ field was specified and we're not relaying
+@@ -82,7 +82,7 @@ int dfd[2] = { -1, -1 };
+
+ #ifdef DHCPv6
+ /* Force use of DHCPv6 interface-id option. */
+-isc_boolean_t use_if_id = ISC_FALSE;
++bool use_if_id = false;
+ #endif
+
+ /* Maximum size of a packet with agent options added. */
+@@ -556,7 +556,7 @@ main(int argc, char **argv) {
+ }
+ local_family_set = 1;
+ local_family = AF_INET6;
+- use_if_id = ISC_TRUE;
++ use_if_id = true;
+ } else if (!strcmp(argv[i], "-l")) {
+ if (local_family_set && (local_family == AF_INET)) {
+ usage(use_v6command, argv[i]);
+@@ -564,7 +564,7 @@ main(int argc, char **argv) {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ if (downstreams != NULL)
+- use_if_id = ISC_TRUE;
++ use_if_id = true;
+ if (++i == argc)
+ usage(use_noarg, argv[i-1]);
+ sl = parse_downstream(argv[i]);
+@@ -595,9 +595,9 @@ main(int argc, char **argv) {
+ if (++i == argc)
+ usage(use_noarg, argv[i-1]);
+ path_dhcrelay_pid = argv[i];
+- no_dhcrelay_pid = ISC_TRUE;
++ no_dhcrelay_pid = true;
+ } else if (!strcmp(argv[i], "--no-pid")) {
+- no_pid_file = ISC_TRUE;
++ no_pid_file = true;
+ } else if (argv[i][0] == '-') {
+ usage("Unknown command: %s", argv[i]);
+ } else {
+@@ -645,7 +645,7 @@ main(int argc, char **argv) {
+ * If the user didn't specify a pid file directly
+ * find one from environment variables or defaults
+ */
+- if (no_dhcrelay_pid == ISC_FALSE) {
++ if (no_dhcrelay_pid == false) {
+ if (local_family == AF_INET) {
+ path_dhcrelay_pid = getenv("PATH_DHCRELAY_PID");
+ if (path_dhcrelay_pid == NULL)
+@@ -774,7 +774,7 @@ main(int argc, char **argv) {
+ }
+
+ /* Create the pid file. */
+- if (no_pid_file == ISC_FALSE) {
++ if (no_pid_file == false) {
+ pfdesc = open(path_dhcrelay_pid,
+ O_CREAT | O_TRUNC | O_WRONLY, 0644);
+
+@@ -1569,7 +1569,7 @@ static void
+ setup_streams(void) {
+ struct stream_list *dp, *up;
+ int i;
+- isc_boolean_t link_is_set;
++ bool link_is_set;
+
+ for (dp = downstreams; dp; dp = dp->next) {
+ /* Check interface */
+@@ -1579,9 +1579,9 @@ setup_streams(void) {
+
+ /* Check/set link. */
+ if (IN6_IS_ADDR_UNSPECIFIED(&dp->link.sin6_addr))
+- link_is_set = ISC_FALSE;
++ link_is_set = false;
+ else
+- link_is_set = ISC_TRUE;
++ link_is_set = true;
+ for (i = 0; i < dp->ifp->v6address_count; i++) {
+ if (IN6_IS_ADDR_LINKLOCAL(&dp->ifp->v6addresses[i]))
+ continue;
+@@ -2076,7 +2076,7 @@ dhcp_set_control_state(control_object_st
+ if (newstate != server_shutdown)
+ return ISC_R_SUCCESS;
+
+- if (no_pid_file == ISC_FALSE)
++ if (no_pid_file == false)
+ (void) unlink(path_dhcrelay_pid);
+
+ if (!no_daemon && dfd[0] != -1 && dfd[1] != -1) {
+Index: dhcp-4.4.1/server/dhcp.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcp.c
++++ dhcp-4.4.1/server/dhcp.c
+@@ -225,7 +225,7 @@ dhcp (struct packet *packet) {
+ packet->options->universe_count =
+ agent_universe.index + 1;
+
+- packet->agent_options_stashed = ISC_TRUE;
++ packet->agent_options_stashed = true;
+ }
+ nolease:
+
+@@ -1094,7 +1094,7 @@ void dhcpinform (packet, ms_nulltp)
+ int nulltp;
+ struct sockaddr_in to;
+ struct in_addr from;
+- isc_boolean_t zeroed_ciaddr;
++ bool zeroed_ciaddr;
+ struct interface_info *interface;
+ int result, h_m_client_ip = 0;
+ struct host_decl *host = NULL, *hp = NULL, *h;
+@@ -1109,7 +1109,7 @@ void dhcpinform (packet, ms_nulltp)
+ it's common for clients not to do this, so we'll use their IP
+ source address if they didn't set ciaddr. */
+ if (!packet->raw->ciaddr.s_addr) {
+- zeroed_ciaddr = ISC_TRUE;
++ zeroed_ciaddr = true;
+ /* With DHCPv4-over-DHCPv6 it can be an IPv6 address
+ so we check its length. */
+ if (packet->client_addr.len == 4) {
+@@ -1122,7 +1122,7 @@ void dhcpinform (packet, ms_nulltp)
+ addr_type = "v4o6";
+ }
+ } else {
+- zeroed_ciaddr = ISC_FALSE;
++ zeroed_ciaddr = false;
+ cip.len = 4;
+ memcpy(cip.iabuf, &packet->raw->ciaddr, 4);
+ addr_type = "client";
+@@ -1133,7 +1133,7 @@ void dhcpinform (packet, ms_nulltp)
+ if (packet->raw->giaddr.s_addr) {
+ gip.len = 4;
+ memcpy(gip.iabuf, &packet->raw->giaddr, 4);
+- if (zeroed_ciaddr == ISC_TRUE) {
++ if (zeroed_ciaddr == true) {
+ addr_type = "relay";
+ memcpy(sip.iabuf, gip.iabuf, 4);
+ }
+@@ -1207,7 +1207,7 @@ void dhcpinform (packet, ms_nulltp)
+ save_option(&dhcp_universe, options, noc);
+ option_cache_dereference(&noc, MDL);
+
+- if ((zeroed_ciaddr == ISC_TRUE) && (gip.len != 0))
++ if ((zeroed_ciaddr == true) && (gip.len != 0))
+ addr_type = "relay link select";
+ else
+ addr_type = "selected";
+@@ -1261,7 +1261,7 @@ void dhcpinform (packet, ms_nulltp)
+ NULL, NULL);
+
+ /* If we have ciaddr, find its lease so we can find its pool. */
+- if (zeroed_ciaddr == ISC_FALSE) {
++ if (zeroed_ciaddr == false) {
+ struct lease* cip_lease = NULL;
+
+ find_lease_by_ip_addr (&cip_lease, cip, MDL);
+@@ -2036,7 +2036,7 @@ void echo_client_id(packet, lease, in_op
+ unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER;
+
+ /* Save knowledge that echo is enabled to the packet */
+- packet->sv_echo_client_id = ISC_TRUE;
++ packet->sv_echo_client_id = true;
+
+ /* Now see if inbound packet contains client-id */
+ oc = lookup_option(&dhcp_universe, packet->options, opcode);
+@@ -2187,7 +2187,7 @@ void ack_lease (packet, lease, offer, wh
+ struct iaddr cip;
+ #if defined(DELAYED_ACK)
+ /* By default we don't do the enqueue */
+- isc_boolean_t enqueue = ISC_FALSE;
++ bool enqueue = false;
+ #endif
+ int use_old_lease = 0;
+
+@@ -3217,7 +3217,7 @@ void ack_lease (packet, lease, offer, wh
+ * can just answer right away, set a flag to indicate this.
+ */
+ if (commit)
+- enqueue = ISC_TRUE;
++ enqueue = true;
+
+ /* Install the new information on 'lt' onto the lease at
+ * 'lease'. We will not 'commit' this information to disk
+@@ -4234,7 +4234,7 @@ int find_lease (struct lease **lp,
+ * preference, so the first one is the best one.
+ */
+ while (uid_lease) {
+- isc_boolean_t do_release = !packet->raw->ciaddr.s_addr;
++ bool do_release = !packet->raw->ciaddr.s_addr;
+ #if defined (DEBUG_FIND_LEASE)
+ log_info ("trying next lease matching client id: %s",
+ piaddr (uid_lease -> ip_addr));
+@@ -4267,7 +4267,7 @@ int find_lease (struct lease **lp,
+ #endif
+ /* Allow multiple leases using the same UID
+ on different subnetworks. */
+- do_release = ISC_FALSE;
++ do_release = false;
+ goto n_uid;
+ }
+
+@@ -5331,7 +5331,7 @@ get_server_source_address(struct in_addr
+ struct option_cache *oc = NULL;
+ struct data_string d;
+ struct in_addr *a = NULL;
+- isc_boolean_t found = ISC_FALSE;
++ bool found = false;
+ int allocate = 0;
+
+ memset(&d, 0, sizeof(d));
+@@ -5344,7 +5344,7 @@ get_server_source_address(struct in_addr
+ packet->options, options,
+ &global_scope, oc, MDL)) {
+ if (d.len == sizeof(*from)) {
+- found = ISC_TRUE;
++ found = true;
+ memcpy(from, d.data, sizeof(*from));
+
+ /*
+@@ -5362,7 +5362,7 @@ get_server_source_address(struct in_addr
+ oc = NULL;
+ }
+
+- if ((found == ISC_FALSE) &&
++ if ((found == false) &&
+ (packet->interface->address_count > 0)) {
+ *from = packet->interface->addresses[0];
+
+Index: dhcp-4.4.1/server/failover.c
+===================================================================
+--- dhcp-4.4.1.orig/server/failover.c
++++ dhcp-4.4.1/server/failover.c
+@@ -45,7 +45,7 @@ static isc_result_t failover_message_der
+ static void dhcp_failover_pool_balance(dhcp_failover_state_t *state);
+ static void dhcp_failover_pool_reqbalance(dhcp_failover_state_t *state);
+ static int dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
+- isc_boolean_t *sendreq);
++ bool *sendreq);
+ static inline int secondary_not_hoarding(dhcp_failover_state_t *state,
+ struct pool *p);
+ static void scrub_lease(struct lease* lease, const char *file, int line);
+@@ -2464,7 +2464,7 @@ void
+ dhcp_failover_pool_rebalance(void *failover_state)
+ {
+ dhcp_failover_state_t *state;
+- isc_boolean_t sendreq = ISC_FALSE;
++ bool sendreq = false;
+
+ state = (dhcp_failover_state_t *)failover_state;
+
+@@ -2512,7 +2512,7 @@ dhcp_failover_pool_reqbalance(dhcp_failo
+ */
+ static int
+ dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
+- isc_boolean_t *sendreq)
++ bool *sendreq)
+ {
+ int lts, total, thresh, hold, panic, pass;
+ int leases_queued = 0;
+@@ -2581,7 +2581,7 @@ dhcp_failover_pool_dobalance(dhcp_failov
+
+ if ((sendreq != NULL) && (lts < panic)) {
+ reqlog = " (requesting peer rebalance!)";
+- *sendreq = ISC_TRUE;
++ *sendreq = true;
+ } else
+ reqlog = "";
+
+@@ -5111,7 +5111,7 @@ isc_result_t dhcp_failover_send_update_d
+ * a more detailed system of preferences is required, so this is something we
+ * should monitor as we gain experience with these dueling events.
+ */
+-static isc_boolean_t
++static bool
+ failover_lease_is_better(dhcp_failover_state_t *state, struct lease *lease,
+ failover_message_t *msg)
+ {
+@@ -5132,15 +5132,15 @@ failover_lease_is_better(dhcp_failover_s
+ case FTS_ACTIVE:
+ if (msg->binding_status == FTS_ACTIVE) {
+ if (msg_cltt < lease->cltt)
+- return ISC_TRUE;
++ return true;
+ else if (msg_cltt > lease->cltt)
+- return ISC_FALSE;
++ return false;
+ else if (state->i_am == primary)
+- return ISC_TRUE;
++ return true;
+ else
+- return ISC_FALSE;
++ return false;
+ } else if (msg->binding_status == FTS_EXPIRED) {
+- return ISC_FALSE;
++ return false;
+ }
+ /* FALL THROUGH */
+
+@@ -5151,11 +5151,11 @@ failover_lease_is_better(dhcp_failover_s
+ case FTS_ABANDONED:
+ case FTS_RESET:
+ if (msg->binding_status == FTS_ACTIVE)
+- return ISC_FALSE;
++ return false;
+ else if (state->i_am == primary)
+- return ISC_TRUE;
++ return true;
+ else
+- return ISC_FALSE;
++ return false;
+ /* FALL THROUGH to impossible condition */
+
+ default:
+@@ -5164,7 +5164,7 @@ failover_lease_is_better(dhcp_failover_s
+
+ log_fatal("Impossible condition at %s:%d.", MDL);
+ /* Silence compiler warning. */
+- return ISC_FALSE;
++ return false;
+ }
+
+ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state,
+@@ -5177,8 +5177,8 @@ isc_result_t dhcp_failover_process_bind_
+ int new_binding_state;
+ int send_to_backup = 0;
+ int required_options;
+- isc_boolean_t chaddr_changed = ISC_FALSE;
+- isc_boolean_t ident_changed = ISC_FALSE;
++ bool chaddr_changed = false;
++ bool ident_changed = false;
+
+ /* Validate the binding update. */
+ required_options = FTB_ASSIGNED_IP_ADDRESS | FTB_BINDING_STATUS;
+@@ -5250,7 +5250,7 @@ isc_result_t dhcp_failover_process_bind_
+ if ((lt->hardware_addr.hlen != msg->chaddr.count) ||
+ (memcmp(lt->hardware_addr.hbuf, msg->chaddr.data,
+ msg->chaddr.count) != 0))
+- chaddr_changed = ISC_TRUE;
++ chaddr_changed = true;
+
+ lt -> hardware_addr.hlen = msg -> chaddr.count;
+ memcpy (lt -> hardware_addr.hbuf, msg -> chaddr.data,
+@@ -5262,7 +5262,7 @@ isc_result_t dhcp_failover_process_bind_
+ reason = FTR_MISSING_BINDINFO;
+ goto bad;
+ } else if (msg->binding_status == FTS_ABANDONED) {
+- chaddr_changed = ISC_TRUE;
++ chaddr_changed = true;
+ lt->hardware_addr.hlen = 0;
+ if (lt->scope)
+ binding_scope_dereference(<->scope, MDL);
+@@ -5282,7 +5282,7 @@ isc_result_t dhcp_failover_process_bind_
+ (lt->uid == NULL) || /* Sanity; should never happen. */
+ (memcmp(lt->uid, msg->client_identifier.data,
+ lt->uid_len) != 0))
+- ident_changed = ISC_TRUE;
++ ident_changed = true;
+
+ lt->uid_len = msg->client_identifier.count;
+
+@@ -5312,7 +5312,7 @@ isc_result_t dhcp_failover_process_bind_
+ } else if (lt->uid && msg->binding_status != FTS_RESET &&
+ msg->binding_status != FTS_FREE &&
+ msg->binding_status != FTS_BACKUP) {
+- ident_changed = ISC_TRUE;
++ ident_changed = true;
+ if (lt->uid != lt->uid_buf)
+ dfree (lt->uid, MDL);
+ lt->uid = NULL;
+@@ -5347,7 +5347,7 @@ isc_result_t dhcp_failover_process_bind_
+ if (msg->binding_status == FTS_ACTIVE &&
+ (chaddr_changed || ident_changed)) {
+ #if defined (NSUPDATE)
+- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++ (void) ddns_removals(lease, NULL, NULL, false);
+ #endif /* NSUPDATE */
+
+ if (lease->scope != NULL)
+@@ -5534,7 +5534,7 @@ isc_result_t dhcp_failover_process_bind_
+ struct iaddr ia;
+ const char *message = "no memory";
+ u_int32_t pot_expire;
+- int send_to_backup = ISC_FALSE;
++ int send_to_backup = false;
+ struct timeval tv;
+
+ ia.len = sizeof msg -> assigned_addr;
+@@ -5621,7 +5621,7 @@ isc_result_t dhcp_failover_process_bind_
+ if (state->i_am == primary &&
+ !(lease->flags & (RESERVED_LEASE | BOOTP_LEASE)) &&
+ peer_wants_lease(lease))
+- send_to_backup = ISC_TRUE;
++ send_to_backup = true;
+
+ if (!send_to_backup && state->me.state == normal)
+ commit_leases();
+Index: dhcp-4.4.1/server/dhcpd.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcpd.c
++++ dhcp-4.4.1/server/dhcpd.c
+@@ -98,7 +98,7 @@ const char *path_dhcpd_conf = _PATH_DHCP
+ const char *path_dhcpd_db = _PATH_DHCPD_DB;
+ const char *path_dhcpd_pid = _PATH_DHCPD_PID;
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+
+ int dhcp_max_agent_option_packet_length = DHCP_MTU_MAX;
+
+@@ -476,7 +476,7 @@ main(int argc, char **argv) {
+ path_dhcpd_pid = argv [i];
+ have_dhcpd_pid = 1;
+ } else if (!strcmp(argv[i], "--no-pid")) {
+- no_pid_file = ISC_TRUE;
++ no_pid_file = true;
+ } else if (!strcmp (argv [i], "-t")) {
+ /* test configurations only */
+ #ifndef DEBUG
+@@ -863,7 +863,7 @@ main(int argc, char **argv) {
+ * - we don't have a pid file to check
+ * - there is no other process running
+ */
+- if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
++ if ((lftest == 0) && (no_pid_file == false)) {
+ /*Read previous pid file. */
+ if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) {
+ status = read(i, pbuf, (sizeof pbuf) - 1);
+@@ -974,7 +974,7 @@ main(int argc, char **argv) {
+ * that we have forked we can write our pid if
+ * appropriate.
+ */
+- if (no_pid_file == ISC_FALSE) {
++ if (no_pid_file == false) {
+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ if (i >= 0) {
+ sprintf(pbuf, "%d\n", (int) getpid());
+@@ -1730,7 +1730,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ free_everything ();
+ omapi_print_dmalloc_usage_by_caller ();
+ #endif
+- if (no_pid_file == ISC_FALSE)
++ if (no_pid_file == false)
+ (void) unlink(path_dhcpd_pid);
+ exit (0);
+ }
+@@ -1741,7 +1741,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ free_everything ();
+ omapi_print_dmalloc_usage_by_caller ();
+ #endif
+- if (no_pid_file == ISC_FALSE)
++ if (no_pid_file == false)
+ (void) unlink(path_dhcpd_pid);
+ exit (0);
+ }
+@@ -1750,7 +1750,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ #if defined(FAILOVER_PROTOCOL)
+ !failover_connection_count &&
+ #endif
+- ISC_TRUE) {
++ true) {
+ shutdown_state = shutdown_done;
+ shutdown_time = cur_time;
+ goto oncemore;
+Index: dhcp-4.4.1/server/mdb6.c
+===================================================================
+--- dhcp-4.4.1.orig/server/mdb6.c
++++ dhcp-4.4.1/server/mdb6.c
+@@ -514,10 +514,10 @@ ia_remove_all_lease(struct ia_xx *ia, co
+ /*
+ * Compare two IA.
+ */
+-isc_boolean_t
++bool
+ ia_equal(const struct ia_xx *a, const struct ia_xx *b)
+ {
+- isc_boolean_t found;
++ bool found;
+ int i, j;
+
+ /*
+@@ -525,9 +525,9 @@ ia_equal(const struct ia_xx *a, const st
+ */
+ if (a == NULL) {
+ if (b == NULL) {
+- return ISC_TRUE;
++ return true;
+ } else {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+@@ -535,58 +535,58 @@ ia_equal(const struct ia_xx *a, const st
+ * Check the type is the same.
+ */
+ if (a->ia_type != b->ia_type) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ /*
+ * Check the DUID is the same.
+ */
+ if (a->iaid_duid.len != b->iaid_duid.len) {
+- return ISC_FALSE;
++ return false;
+ }
+ if (memcmp(a->iaid_duid.data,
+ b->iaid_duid.data, a->iaid_duid.len) != 0) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ /*
+ * Make sure we have the same number of addresses/prefixes in each.
+ */
+ if (a->num_iasubopt != b->num_iasubopt) {
+- return ISC_FALSE;
++ return false;
+ }
+
+ /*
+ * Check that each address/prefix is present in both.
+ */
+ for (i=0; i<a->num_iasubopt; i++) {
+- found = ISC_FALSE;
++ found = false;
+ for (j=0; j<a->num_iasubopt; j++) {
+ if (a->iasubopt[i]->plen != b->iasubopt[i]->plen)
+ continue;
+ if (memcmp(&(a->iasubopt[i]->addr),
+ &(b->iasubopt[j]->addr),
+ sizeof(struct in6_addr)) == 0) {
+- found = ISC_TRUE;
++ found = true;
+ break;
+ }
+ }
+ if (!found) {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+ /*
+ * These are the same in every way we care about.
+ */
+- return ISC_TRUE;
++ return true;
+ }
+
+ /*
+ * Helper function for lease heaps.
+ * Makes the top of the heap the oldest lease.
+ */
+-static isc_boolean_t
++static bool
+ lease_older(void *a, void *b) {
+ struct iasubopt *la = (struct iasubopt *)a;
+ struct iasubopt *lb = (struct iasubopt *)b;
+@@ -1038,8 +1038,8 @@ create_lease6(struct ipv6_pool *pool, st
+ struct data_string new_ds;
+ struct iasubopt *iaaddr;
+ isc_result_t result;
+- isc_boolean_t reserved_iid;
+- static isc_boolean_t init_resiid = ISC_FALSE;
++ bool reserved_iid;
++ static bool init_resiid = false;
+
+ /*
+ * Fill the reserved IIDs.
+@@ -1049,7 +1049,7 @@ create_lease6(struct ipv6_pool *pool, st
+ memset(&resany, 0, 8);
+ resany.s6_addr[8] = 0xfd;
+ memset(&resany.s6_addr[9], 0xff, 6);
+- init_resiid = ISC_TRUE;
++ init_resiid = true;
+ }
+
+ /*
+@@ -1094,14 +1094,14 @@ create_lease6(struct ipv6_pool *pool, st
+ /*
+ * Avoid reserved interface IDs. (cf. RFC 5453)
+ */
+- reserved_iid = ISC_FALSE;
++ reserved_iid = false;
+ if (memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) {
+- reserved_iid = ISC_TRUE;
++ reserved_iid = true;
+ }
+ if (!reserved_iid &&
+ (memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) &&
+ ((tmp.s6_addr[15] & 0x80) == 0x80)) {
+- reserved_iid = ISC_TRUE;
++ reserved_iid = true;
+ }
+
+ /*
+@@ -1177,7 +1177,7 @@ create_lease6_eui_64(struct ipv6_pool *p
+ struct iasubopt *test_iaaddr;
+ struct iasubopt *iaaddr;
+ isc_result_t result;
+- static isc_boolean_t init_resiid = ISC_FALSE;
++ static bool init_resiid = false;
+
+ /* Fill the reserved IIDs. */
+ if (!init_resiid) {
+@@ -1185,7 +1185,7 @@ create_lease6_eui_64(struct ipv6_pool *p
+ memset(&resany, 0, 8);
+ resany.s6_addr[8] = 0xfd;
+ memset(&resany.s6_addr[9], 0xff, 6);
+- init_resiid = ISC_TRUE;
++ init_resiid = true;
+ }
+
+ /* Pool must be IA_NA */
+@@ -1520,7 +1520,7 @@ add_lease6(struct ipv6_pool *pool, struc
+ /*
+ * Determine if an address is present in a pool or not.
+ */
+-isc_boolean_t
++bool
+ lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr) {
+ struct iasubopt *test_iaaddr;
+
+@@ -1528,9 +1528,9 @@ lease6_exists(const struct ipv6_pool *po
+ if (iasubopt_hash_lookup(&test_iaaddr, pool->leases,
+ (void *)addr, sizeof(*addr), MDL)) {
+ iasubopt_dereference(&test_iaaddr, MDL);
+- return ISC_TRUE;
++ return true;
+ } else {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+@@ -1545,20 +1545,20 @@ lease6_exists(const struct ipv6_pool *po
+ * \param[in] lease = lease to check
+ *
+ * \return
+- * ISC_TRUE = The lease is allowed to use that address
+- * ISC_FALSE = The lease isn't allowed to use that address
++ * true = The lease is allowed to use that address
++ * false = The lease isn't allowed to use that address
+ */
+-isc_boolean_t
++bool
+ lease6_usable(struct iasubopt *lease) {
+ struct iasubopt *test_iaaddr;
+- isc_boolean_t status = ISC_TRUE;
++ bool status = true;
+
+ test_iaaddr = NULL;
+ if (iasubopt_hash_lookup(&test_iaaddr, lease->ipv6_pool->leases,
+ (void *)&lease->addr,
+ sizeof(lease->addr), MDL)) {
+ if (test_iaaddr != lease) {
+- status = ISC_FALSE;
++ status = false;
+ }
+ iasubopt_dereference(&test_iaaddr, MDL);
+ }
+@@ -1697,7 +1697,7 @@ move_lease_to_inactive(struct ipv6_pool
+ #if defined (NSUPDATE)
+ /* Process events upon expiration. */
+ if (pool->pool_type != D6O_IA_PD) {
+- (void) ddns_removals(NULL, lease, NULL, ISC_FALSE);
++ (void) ddns_removals(NULL, lease, NULL, false);
+ }
+ #endif
+
+@@ -1977,21 +1977,21 @@ create_prefix6(struct ipv6_pool *pool, s
+ /*
+ * Determine if a prefix is present in a pool or not.
+ */
+-isc_boolean_t
++bool
+ prefix6_exists(const struct ipv6_pool *pool,
+ const struct in6_addr *pref, u_int8_t plen) {
+ struct iasubopt *test_iapref;
+
+ if ((int)plen != pool->units)
+- return ISC_FALSE;
++ return false;
+
+ test_iapref = NULL;
+ if (iasubopt_hash_lookup(&test_iapref, pool->leases,
+ (void *)pref, sizeof(*pref), MDL)) {
+ iasubopt_dereference(&test_iapref, MDL);
+- return ISC_TRUE;
++ return true;
+ } else {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+@@ -2267,15 +2267,15 @@ ipv6_network_portion(struct in6_addr *re
+ /*
+ * Determine if the given address/prefix is in the pool.
+ */
+-isc_boolean_t
++bool
+ ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool) {
+ struct in6_addr tmp;
+
+ ipv6_network_portion(&tmp, addr, pool->bits);
+ if (memcmp(&tmp, &pool->start_addr, sizeof(tmp)) == 0) {
+- return ISC_TRUE;
++ return true;
+ } else {
+- return ISC_FALSE;
++ return false;
+ }
+ }
+
+Index: dhcp-4.4.1/server/ddns.c
+===================================================================
+--- dhcp-4.4.1.orig/server/ddns.c
++++ dhcp-4.4.1/server/ddns.c
+@@ -373,7 +373,7 @@ ddns_updates(struct packet *packet, stru
+
+ /* If desired do the removals */
+ if (do_remove != 0) {
+- (void) ddns_removals(lease, lease6, NULL, ISC_TRUE);
++ (void) ddns_removals(lease, lease6, NULL, true);
+ }
+ goto out;
+ }
+@@ -618,7 +618,7 @@ ddns_updates(struct packet *packet, stru
+ * We should log a more specific error closer to the actual
+ * error if we want one. ddns_removal failure not logged here.
+ */
+- (void) ddns_removals(lease, lease6, ddns_cb, ISC_TRUE);
++ (void) ddns_removals(lease, lease6, ddns_cb, true);
+ }
+ else {
+ ddns_fwd_srv_connector(lease, lease6, scope, ddns_cb,
+@@ -1907,7 +1907,7 @@ ddns_fwd_srv_rem1(dhcp_ddns_cb_t *ddns_c
+ * the current entry.
+ *
+ * \li active - indication about the status of the lease. It is
+- * ISC_TRUE if the lease is still active, and FALSE if the lease
++ * true if the lease is still active, and FALSE if the lease
+ * is inactive. This is used to indicate if the lease is inactive or going
+ * to inactive so we can avoid trying to update the lease with cb pointers
+ * and text information if it isn't useful.
+@@ -1923,7 +1923,7 @@ isc_result_t
+ ddns_removals(struct lease *lease,
+ struct iasubopt *lease6,
+ dhcp_ddns_cb_t *add_ddns_cb,
+- isc_boolean_t active)
++ bool active)
+ {
+ isc_result_t rcode, execute_add = ISC_R_FAILURE;
+ struct binding_scope **scope = NULL;
+@@ -1970,7 +1970,7 @@ ddns_removals(struct lease *lease,
+ if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
+ (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
+ (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
+- ((active == ISC_FALSE) &&
++ ((active == false) &&
+ ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
+ /* Cancel the current request */
+ ddns_cancel(lease->ddns_cb, MDL);
+@@ -1998,7 +1998,7 @@ ddns_removals(struct lease *lease,
+ if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
+ (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
+ (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
+- ((active == ISC_FALSE) &&
++ ((active == false) &&
+ ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
+ /* Cancel the current request */
+ ddns_cancel(lease6->ddns_cb, MDL);
+@@ -2053,7 +2053,7 @@ ddns_removals(struct lease *lease,
+ * the lease information for v6 when the response
+ * from the DNS code is processed.
+ */
+- if (active == ISC_TRUE) {
++ if (active == true) {
+ ddns_cb->flags |= DDNS_ACTIVE_LEASE;
+ }
+
+Index: dhcp-4.4.1/server/mdb.c
+===================================================================
+--- dhcp-4.4.1.orig/server/mdb.c
++++ dhcp-4.4.1/server/mdb.c
+@@ -1504,7 +1504,7 @@ void make_binding_state_transition (stru
+ lease -> binding_state == FTS_ACTIVE &&
+ lease -> next_binding_state != FTS_RELEASED))) {
+ #if defined (NSUPDATE)
+- (void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
++ (void) ddns_removals(lease, NULL, NULL, true);
+ #endif
+ if (lease->on_star.on_expiry) {
+ execute_statements(NULL, NULL, lease,
+@@ -1568,7 +1568,7 @@ void make_binding_state_transition (stru
+ * release message. This is not true of expiry, where the
+ * peer may have extended the lease.
+ */
+- (void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
++ (void) ddns_removals(lease, NULL, NULL, true);
+ #endif
+ if (lease->on_star.on_release) {
+ execute_statements(NULL, NULL, lease,
+@@ -1736,7 +1736,7 @@ void release_lease (lease, packet)
+ /* If there are statements to execute when the lease is
+ released, execute them. */
+ #if defined (NSUPDATE)
+- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++ (void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+ if (lease->on_star.on_release) {
+ execute_statements (NULL, packet, lease,
+@@ -1810,7 +1810,7 @@ void abandon_lease (lease, message)
+ {
+ struct lease *lt = NULL;
+ #if defined (NSUPDATE)
+- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++ (void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+
+ if (!lease_copy(<, lease, MDL)) {
+@@ -1860,7 +1860,7 @@ void dissociate_lease (lease)
+ {
+ struct lease *lt = (struct lease *)0;
+ #if defined (NSUPDATE)
+- (void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++ (void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+
+ if (!lease_copy (<, lease, MDL))
+@@ -2072,38 +2072,38 @@ int find_lease_by_hw_addr (struct lease
+ * should never see reset leases for this.
+ * 4) Abandoned leases are always dead last.
+ */
+-static isc_boolean_t
++static bool
+ client_lease_preferred(struct lease *cand, struct lease *lease)
+ {
+ if (cand->binding_state == FTS_ACTIVE) {
+ if (lease->binding_state == FTS_ACTIVE &&
+ lease->ends >= cand->ends)
+- return ISC_TRUE;
++ return true;
+ } else if (cand->binding_state == FTS_EXPIRED ||
+ cand->binding_state == FTS_RELEASED) {
+ if (lease->binding_state == FTS_ACTIVE)
+- return ISC_TRUE;
++ return true;
+
+ if ((lease->binding_state == FTS_EXPIRED ||
+ lease->binding_state == FTS_RELEASED) &&
+ lease->cltt >= cand->cltt)
+- return ISC_TRUE;
++ return true;
+ } else if (cand->binding_state != FTS_ABANDONED) {
+ if (lease->binding_state == FTS_ACTIVE ||
+ lease->binding_state == FTS_EXPIRED ||
+ lease->binding_state == FTS_RELEASED)
+- return ISC_TRUE;
++ return true;
+
+ if (lease->binding_state != FTS_ABANDONED &&
+ lease->cltt >= cand->cltt)
+- return ISC_TRUE;
++ return true;
+ } else /* (cand->binding_state == FTS_ABANDONED) */ {
+ if (lease->binding_state != FTS_ABANDONED ||
+ lease->cltt >= cand->cltt)
+- return ISC_TRUE;
++ return true;
+ }
+
+- return ISC_FALSE;
++ return false;
+ }
+
+ /* Add the specified lease to the uid hash. */
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
deleted file mode 100644
index 006d18a..0000000
--- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 Jun 2016 22:51:44 -0400
-Subject: [PATCH 08/11] tweak to support external bind
-
-Tweak the external bind to oe-core's sysroot rather than
-external bind source build.
-
-Upstream-Status: Inappropriate <oe-core specific>
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am | 2 +-
- client/tests/Makefile.am | 2 +-
- common/tests/Makefile.am | 2 +-
- dhcpctl/Makefile.am | 2 +-
- omapip/Makefile.am | 2 +-
- relay/Makefile.am | 2 +-
- server/Makefile.am | 2 +-
- server/tests/Makefile.am | 2 +-
- 8 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 4730bb3..84d8131 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
-diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index 5031d0c..a8dfd26 100644
---- a/client/tests/Makefile.am
-+++ b/client/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f6a43e4..2f98d22 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
-
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ba8dd8b..9b2486e 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index dd1afa0..e4a8599 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- AM_CPPFLAGS = -I$(top_srcdir)/includes
-
- lib_LIBRARIES = libomapi.a
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 6d652f6..b3bf578 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 3990b9c..b5d8c2d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
-
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index a87c5e7..9821081 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
-
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
-
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
---
-1.8.3.1
-
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
index 159abbc..ca0daa1 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -10,6 +10,7 @@
file://0009-remove-dhclient-script-bash-dependency.patch \
file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
file://0013-fixup_use_libbind.patch \
+ file://0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch \
"
SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
new file mode 100644
index 0000000..d4764f5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending
+
+Subject: rcp: fix to work with large files
+
+When we copy file by rcp command, if the file > 2GB, it will fail.
+The cause is that it used incorrect data type on file size in sink() of rcp.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/rcp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index 21f55b6..bafa35f 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
+ enum
+ { YES, NO, DISPLAYED } wrerr;
+ BUF *bp;
+- off_t i, j;
++ off_t i, j, size;
+ int amt, count, exists, first, mask, mode, ofd, omode;
+- int setimes, size, targisdir, wrerrno;
++ int setimes, targisdir, wrerrno;
+ char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
+ const char *why;
+
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 0000000..24c134f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,83 @@
+Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 1dfd1b5..3bfbd12 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -17,10 +17,14 @@
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see `http://www.gnu.org/licenses/'. */
+
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -62,7 +66,12 @@ struct ping_stat
+ want to follow the traditional behaviour of ping. */
+ #define DEFAULT_PING_COUNT 0
+
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s) ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */
+
+@@ -74,13 +83,20 @@ struct ping_stat
+ (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
+ } while (0)
+
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption. */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ int datalen);
++#endif
+
+ typedef int (*ping_efp) (int code,
+ void *closure,
+@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
+ struct ip * ip, icmphdr_t * icmp, int datalen);
+
+ union event {
++#ifdef HAVE_IPV6
+ ping_efp6 handler6;
++#endif
+ ping_efp handler;
+ };
+
+ union ping_address {
+ struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+ struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+
+ typedef struct ping_data PING;
+--
+2.8.3
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 0000000..3da4e9f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,29 @@
+From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+---
+ lib/printf-parse.h | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index 67a4a2a..3bd6152 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -25,6 +25,9 @@
+
+ #include "printf-args.h"
+
++#ifdef HAVE_FEATURES_H
++# include <features.h> /* for __GLIBC__ */
++#endif
+
+ /* Flags */
+ #define FLAG_GROUP 1 /* ' flag */
+--
+1.7.3.2
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 0000000..b13bb92
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending
+
+--- inetutils-1.8/lib/wchar.in.h
++++ inetutils-1.8/lib/wchar.in.h
+@@ -70,6 +70,9 @@
+ /* The include_next requires a split double-inclusion guard. */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 0000000..2592989
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,26 @@
+inetutils: define PATH_PROCNET_DEV if not already defined
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+---
+diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
+--- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500
++++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500
+@@ -49,6 +49,10 @@
+ #include "../ifconfig.h"
+
+
++#ifndef PATH_PROCNET_DEV
++ #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff. */
+
+ static void
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 0000000..ff3abd8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,40 @@
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/configure.ac b/configure.ac
+index b35e672..e78a751 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -195,6 +195,19 @@ fi
+
+ # See if we have libpam.a. Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+ AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+ AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+ if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+ glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+- security/pam_appl.h shadow.h \
++ shadow.h \
+ stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+ sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 0000000..30e81ef
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote
+# execution facilities with authentication based on user names and
+# passwords.
+#
+service exec
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rexecd
+ disable = yes
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 0000000..21b55da
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rlogind -a
+ disable = yes
+}
+
+
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 0000000..2b894a7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and,
+# consequently, for the rsh(1) program. The server provides
+# remote execution facilities with authentication based on
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+ socket_type = stream
+ protocol = tcp
+ flags = NAMEINARGS
+ wait = no
+ user = root
+ group = root
+ log_on_success += USERID
+ log_on_failure += USERID
+ server = @SBINDIR@/tcpd
+ server_args = @SBINDIR@/in.rshd -aL
+ disable = yes
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 0000000..2d9a040
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+# unencrypted username/password pairs for authentication.
+service telnet
+{
+ disable = no
+ flags = REUSE
+ socket_type = stream
+ wait = no
+ user = root
+ server = @SBINDIR@/in.telnetd
+ log_on_failure += USERID
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 0000000..67b44c4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+ disable = yes
+ socket_type = dgram
+ protocol = udp
+ flags = IPv6
+ wait = yes
+ user = root
+ group = root
+ server = @SBINDIR@/in.tftpd
+ server_args = /tftpboot
+}
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
new file mode 100644
index 0000000..532a0e5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+remove m4_esyscmd function
+
+Signed-off-by: Chunrong Guo <b40290@freescale.com>
+--- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800
++++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800
+@@ -20,8 +20,7 @@
+
+ AC_PREREQ(2.59)
+
+-AC_INIT([GNU inetutils],
+- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
++AC_INIT([GNU inetutils],[1.9.4],
+ [bug-inetutils@gnu.org])
+
+ AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
new file mode 100644
index 0000000..ec1384e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -0,0 +1,209 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPLv3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
+ file://version.patch \
+ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+ file://inetutils-1.8-0003-wchar.patch \
+ file://rexec.xinetd.inetutils \
+ file://rlogin.xinetd.inetutils \
+ file://rsh.xinetd.inetutils \
+ file://telnet.xinetd.inetutils \
+ file://tftpd.xinetd.inetutils \
+ file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+ file://0001-rcp-fix-to-work-with-large-files.patch \
+"
+
+SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
+SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+ "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+ inetutils_cv_path_login=${base_bindir}/login \
+ --with-libreadline-prefix=${STAGING_LIBDIR} \
+ --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \
+ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure_prepend () {
+ export HELP2MAN='true'
+ cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+ install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+ install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+ rm -f ${S}/glob/configure*
+}
+
+do_install_append () {
+ install -m 0755 -d ${D}${base_sbindir}
+ install -m 0755 -d ${D}${sbindir}
+ install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+ if [ "${base_bindir}" != "${bindir}" ] ; then
+ install -m 0755 -d ${D}${base_bindir}
+ mv ${D}${bindir}/ping* ${D}${base_bindir}/
+ mv ${D}${bindir}/hostname ${D}${base_bindir}/
+ fi
+ mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+ mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+ mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+ mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+ if [ -e ${D}${libexecdir}/rexecd ]; then
+ mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+ cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+ fi
+ if [ -e ${D}${libexecdir}/rlogind ]; then
+ mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+ cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+ fi
+ if [ -e ${D}${libexecdir}/rshd ]; then
+ mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+ cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+ fi
+ if [ -e ${D}${libexecdir}/talkd ]; then
+ mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+ fi
+ mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+ mv ${D}${libexecdir}/* ${D}${bindir}/
+ cp ${WORKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet
+ cp ${WORKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd
+
+ sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+ if [ -e ${D}${libdir}/charset.alias ]; then
+ rm -rf ${D}${libdir}/charset.alias
+ fi
+ rm -rf ${D}${libexecdir}/
+ # remove usr/lib if empty
+ rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE_${PN} = "whois"
+ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE_${PN}-logger = "logger"
+ALTERNATIVE_${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
+
+ALTERNATIVE_${PN}-ftp = "ftp"
+ALTERNATIVE_${PN}-ftpd = "ftpd"
+ALTERNATIVE_${PN}-tftp = "tftp"
+ALTERNATIVE_${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd"
+
+ALTERNATIVE_${PN}-telnet = "telnet"
+ALTERNATIVE_${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE_${PN}-inetd= "inetd"
+ALTERNATIVE_${PN}-traceroute = "traceroute"
+
+ALTERNATIVE_${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
+
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+
+ALTERNATIVE_${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE_${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
+
+ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6"
+
+
+FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES_${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES_${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES_${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES_${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES_${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS_${PN}-rsh += "netkit-rsh-client"
+RPROVIDES_${PN}-rsh = "rsh"
+
+FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+ ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS_${PN}-rshd += "netkit-rshd-server"
+RPROVIDES_${PN}-rshd = "rshd"
+
+FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS_${PN}-ftpd += "xinetd"
+
+FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS_${PN}-tftpd += "netkit-tftpd"
+RDEPENDS_${PN}-tftpd += "xinetd"
+
+FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS_${PN}-telnetd += "netkit-telnetd"
+RPROVIDES_${PN}-telnetd = "telnetd"
+RDEPENDS_${PN}-telnetd += "xinetd"
+
+FILES_${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS_${PN} = "xinetd"
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
index b283589..1aa1eec 100644
--- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -52,3 +52,7 @@
ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap.inc b/poky/meta/recipes-connectivity/libpcap/libpcap.inc
deleted file mode 100644
index e57ea87..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap.inc
+++ /dev/null
@@ -1,42 +0,0 @@
-SUMMARY = "Interface for user-level network packet capture"
-DESCRIPTION = "Libpcap provides a portable framework for low-level network \
-monitoring. Libpcap can provide network statistics collection, \
-security monitoring and network debugging."
-HOMEPAGE = "http://www.tcpdump.org/"
-BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
-SECTION = "libs/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
- file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
-DEPENDS = "flex-native bison-native"
-
-INC_PR = "r5"
-
-SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
-
-BINCONFIG = "${bindir}/pcap-config"
-
-inherit autotools binconfig-disabled pkgconfig bluetooth
-
-EXTRA_OECONF = "--with-pcap=linux"
-EXTRA_AUTORECONF += "--exclude=aclocal"
-
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
- ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
-"
-PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
-# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
-PACKAGECONFIG[bluez5] = ",,"
-PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
-
-CPPFLAGS_prepend = "-I${S} "
-CFLAGS_prepend = "-I${S} "
-CXXFLAGS_prepend = "-I${S} "
-
-do_configure_prepend () {
- sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
-}
-
-BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
deleted file mode 100644
index edb6ae5..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:44:42 -0200
-Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
-| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
-| {aka struct _compiler_state}' has no member named 'ai'
-| cstate.ai = NULL;
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gencode.c b/gencode.c
-index a887f27..e103c70 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
- }
- initchunks(&cstate);
- cstate.no_optimize = 0;
-+#ifdef INET6
- cstate.ai = NULL;
-+#endif
- cstate.ic.root = NULL;
- cstate.ic.cur_mark = 0;
- cstate.bpf_pcap = p;
---
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
new file mode 100644
index 0000000..0177383
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
@@ -0,0 +1,29 @@
+From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001
+From: maxice8 <thinkabit.ukim@gmail.com>
+Date: Sun, 22 Jul 2018 18:54:17 -0300
+Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems.
+
+fix compilation on musl libc systems like Void Linux and Alpine.
+
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ pcap-usb-linux.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
+index 6f8adf65..b92c05ea 100644
+--- a/pcap-usb-linux.c
++++ b/pcap-usb-linux.c
+@@ -50,6 +50,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <limits.h>
+ #include <string.h>
+ #include <dirent.h>
+ #include <byteswap.h>
+--
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
deleted file mode 100644
index 032b265..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:47:29 -0200
-Subject: [PATCH 2/2] Add missing compiler_state_t parameter
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-|../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
-|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
-| (first use in this function)
-| bpf_error(cstate, "direction applied to 'gateway'");
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/gencode.c b/gencode.c
-index e103c70..f07c0be 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
- struct in6_addr *, int, int, int);
- #endif
- #ifndef INET6
--static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
-+static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int);
- #endif
- static struct block *gen_ipfrag(compiler_state_t *);
- static struct block *gen_portatom(compiler_state_t *, int, bpf_int32);
-@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
-
- #ifndef INET6
- static struct block *
--gen_gateway(eaddr, alist, proto, dir)
-- const u_char *eaddr;
-- bpf_u_int32 **alist;
-- int proto;
-- int dir;
-+gen_gateway(cstate, eaddr, alist, proto, dir)
-+ compiler_state_t *cstate;
-+ const u_char *eaddr;
-+ bpf_u_int32 **alist;
-+ int proto;
-+ int dir;
- {
- struct block *b0, *b1, *tmp;
-
-@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
- alist = pcap_nametoaddr(name);
- if (alist == NULL || *alist == NULL)
- bpf_error(cstate, "unknown host '%s'", name);
-- b = gen_gateway(eaddr, alist, proto, dir);
-+ b = gen_gateway(cstate, eaddr, alist, proto, dir);
- free(eaddr);
- return b;
- #else
---
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
deleted file mode 100644
index 7e1eea6..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Disable bits of remote capture support inherited from the WinPCAP merge
-which cause applications to FTBFS if they define HAVE_REMOTE.
-
-Patch from:
-https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/?
-id=f35949969269dfdcc3549b12fade604755e1e326
-
-Upstream-Status: Pending
-
---- a/pcap/pcap.h
-+++ b/pcap/pcap.h
-@@ -506,6 +506,11 @@
- #define MODE_STAT 1
- #define MODE_MON 2
-
-+#ifdef HAVE_REMOTE
-+ /* Includes most of the public stuff that is needed for the remote capture */
-+ #include <remote-ext.h>
-+#endif /* HAVE_REMOTE */
-+
- #elif defined(MSDOS)
-
- /*
-@@ -526,11 +531,6 @@
-
- #endif /* _WIN32/MSDOS/UN*X */
-
--#ifdef HAVE_REMOTE
-- /* Includes most of the public stuff that is needed for the remote capture */
-- #include <remote-ext.h>
--#endif /* HAVE_REMOTE */
--
- #ifdef __cplusplus
- }
- #endif
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
deleted file mode 100644
index f40e655..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Fix a missing dependency that can result in:
-
-../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001
-From: Alfredo Alvarez Fernandez <alfredoalvarezernandez@gmail.com>
-Date: Tue, 21 Feb 2017 11:41:43 +0100
-Subject: [PATCH] Makefile.in: Fix missing dependency
-
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 7044f043..f5d443ae 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -465,7 +465,7 @@ grammar.h: grammar.c
- $(MAKE) $(MAKEFLAGS) grammar.c; \
- fi
-
--grammar.o: grammar.c
-+grammar.o: grammar.c scanner.h
- $(CC) $(FULL_CFLAGS) -c grammar.c
-
- gencode.o: $(srcdir)/gencode.c grammar.h scanner.h
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
deleted file mode 100644
index afaa3be..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 3 Nov 2016 17:56:29 -0200
-Subject: [PATCH] libpcap: pkgconfig support
-Organization: O.S. Systems Software LTDA.
-
-Adding basic structure to support pkg-config.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- Makefile.in | 5 +++++
- configure.ac | 1 +
- libpcap.pc.in | 10 ++++++++++
- 3 files changed, 16 insertions(+)
- create mode 100644 libpcap.pc.in
-
-diff --git a/Makefile.in b/Makefile.in
-index e71d973..d7004ed 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
- DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- PROG=libpcap
-
-+# pkgconfig support
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = libpcap.pc
-+
- # Standard CFLAGS
- FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
-
-@@ -286,6 +290,7 @@ EXTRA_DIST = \
- lbl/os-solaris2.h \
- lbl/os-sunos4.h \
- lbl/os-ultrix4.h \
-+ libpcap.pc \
- missing/getopt.c \
- missing/getopt.h \
- missing/snprintf.c \
-diff --git a/configure.ac b/configure.ac
-index da2f940..4fc67bf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1805,6 +1805,7 @@ fi
- AC_PROG_INSTALL
-
- AC_CONFIG_HEADER(config.h)
-+AC_CONFIG_FILES([libpcap.pc])
-
- AC_OUTPUT_COMMANDS([if test -f .devel; then
- echo timestamp > stamp-h
-diff --git a/libpcap.pc.in b/libpcap.pc.in
-new file mode 100644
-index 0000000..4f78ad8
---- /dev/null
-+++ b/libpcap.pc.in
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: libpcap
-+Description: System-independent interface for user-level packet capture.
-+Version: @VERSION@
-+Libs: -L${libdir} -lpcap
-+Cflags: -I${includedir}
---
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
deleted file mode 100644
index 13dfbd6..0000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-require libpcap.inc
-
-SRC_URI += " \
- file://libpcap-pkgconfig-support.patch \
- file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \
- file://0002-Add-missing-compiler_state_t-parameter.patch \
- file://disable-remote.patch \
- file://fix-grammar-deps.patch \
-"
-
-SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447"
-SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e"
-
-#
-# make install doesn't cover the shared lib
-# make install-shared is just broken (no symlinks)
-#
-
-do_configure_prepend () {
- #remove hardcoded references to /usr/include
- sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
-}
-
-do_install_prepend () {
- install -d ${D}${libdir}
- install -d ${D}${bindir}
- oe_runmake install-shared DESTDIR=${D}
- oe_libinstall -a -so libpcap ${D}${libdir}
- sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
- install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
-}
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
new file mode 100644
index 0000000..7836156
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
@@ -0,0 +1,45 @@
+SUMMARY = "Interface for user-level network packet capture"
+DESCRIPTION = "Libpcap provides a portable framework for low-level network \
+monitoring. Libpcap can provide network statistics collection, \
+security monitoring and network debugging."
+HOMEPAGE = "http://www.tcpdump.org/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
+SECTION = "libs/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
+ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
+DEPENDS = "flex-native bison-native"
+
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
+ file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \
+ "
+SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33"
+SRC_URI[sha256sum] = "2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019"
+
+inherit autotools binconfig-disabled pkgconfig bluetooth
+
+BINCONFIG = "${bindir}/pcap-config"
+
+# Explicitly disable dag support. We don't have recipe for it and if enabled here,
+# configure script poisons the include dirs with /usr/local/include even when the
+# support hasn't been detected.
+EXTRA_OECONF = " \
+ --with-pcap=linux \
+ --without-dag \
+ "
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
+
+do_configure_prepend () {
+ #remove hardcoded references to /usr/include
+ sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
+}
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
deleted file mode 100644
index 7e97e8e..0000000
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-The mobile-broadband-provider-info.pc file is installed into a non-arch directory
-yet contains libdir which can vary depending on which multilib is configured.
-The .pc file does not require libdir so remove this to fix multilib builds.
-
-Upstream-Status: Backport [8109fcd3c7299fae859fb891ff416927581a9955]
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-
-Index: git/mobile-broadband-provider-info.pc.in
-===================================================================
---- git.orig/mobile-broadband-provider-info.pc.in 2018-08-07 13:09:31.811364063 +0800
-+++ git/mobile-broadband-provider-info.pc.in 2018-08-10 17:49:25.645288320 +0800
-@@ -1,6 +1,5 @@
- prefix=@prefix@
- exec_prefix=@exec_prefix@
--libdir=@libdir@
- datarootdir = @datarootdir@
- pkgdatadir=${datarootdir}/@PACKAGE@
- includedir=@includedir@
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 7f1dd78..77adceb 100644
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -3,13 +3,11 @@
SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
-PV = "20170310"
+SRCREV = "c7def60ba50d9cc30a90f69f89d7e82243501e86"
+PV = "20190116"
PE = "1"
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https \
- file://multilibfix.patch \
-"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
S = "${WORKDIR}/git"
inherit autotools
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
new file mode 100644
index 0000000..a44d1bf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
@@ -0,0 +1,32 @@
+From 4f115fc314646500f7b4178d7248a02654c7cd10 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 30 Nov 2018 16:47:57 -0800
+Subject: [PATCH] Do not pass null pointer to freeaddrinfo()
+
+Passing null pointer as input parameter to freeaddrinfo() is undefined
+behaviour, some libcs e.g. glibc might just call free() which does
+accept null pointer but other libcs e.g. musl might not and instead
+cause the program to segfault. Therefore do not rely on undefined
+behaviour instead make it deterministic
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/export/client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: nfs-utils-2.3.2/support/export/client.c
+===================================================================
+--- nfs-utils-2.3.2.orig/support/export/client.c
++++ nfs-utils-2.3.2/support/export/client.c
+@@ -309,7 +309,8 @@ client_lookup(char *hname, int canonical
+ init_addrlist(clp, ai);
+
+ out:
+- freeaddrinfo(ai);
++ if (ai)
++ freeaddrinfo(ai);
+ return clp;
+ }
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
new file mode 100644
index 0000000..23bc3ea
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
@@ -0,0 +1,40 @@
+From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001
+From: Pascal Bach <pascal.bach@siemens.com>
+Date: Wed, 13 Feb 2019 09:28:07 +0100
+Subject: [PATCH] Don't build tools with CC_FOR_BUILD
+
+The tools are intended for the target not for the host.
+
+Upstream-Status: Pending
+
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+---
+ tools/locktest/Makefile.am | 1 -
+ tools/rpcgen/Makefile.am | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
+index 3156815..87d0bac 100644
+--- a/tools/locktest/Makefile.am
++++ b/tools/locktest/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+
+ noinst_PROGRAMS = testlk
+diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
+index 8a9ec89..3e092c9 100644
+--- a/tools/rpcgen/Makefile.am
++++ b/tools/rpcgen/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+
+ noinst_PROGRAMS = rpcgen
+--
+2.11.0
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
new file mode 100644
index 0000000..aa551eb
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -0,0 +1,295 @@
+From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 14 Dec 2018 17:44:32 +0800
+Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a
+
+The source file of libnsm.a uses some function
+in ../support/misc/file.c, add ../support/misc/file.c
+to libnsm_a_SOURCES to fix build error when run
+"make -C tests statdb_dump":
+| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
+| collect2: error: ld returned 1 exit status
+
+As there is already one source file named file.c
+as support/nsm/file.c in support/nsm/Makefile.am,
+so rename ../support/misc/file.c to ../support/misc/misc.c.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ support/misc/Makefile.am | 2 +-
+ support/misc/file.c | 111 -----------------------------------------------
+ support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++
+ support/nsm/Makefile.am | 2 +-
+ 4 files changed, 113 insertions(+), 113 deletions(-)
+ delete mode 100644 support/misc/file.c
+ create mode 100644 support/misc/misc.c
+
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index 8936b0d..d4c1f76 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -1,6 +1,6 @@
+ ## Process this file with automake to produce Makefile.in
+
+ noinst_LIBRARIES = libmisc.a
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c
+
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/file.c b/support/misc/file.c
+deleted file mode 100644
+index e7c3819..0000000
+--- a/support/misc/file.c
++++ /dev/null
+@@ -1,111 +0,0 @@
+-/*
+- * Copyright 2009 Oracle. All rights reserved.
+- * Copyright 2017 Red Hat, Inc. All rights reserved.
+- *
+- * This file is part of nfs-utils.
+- *
+- * nfs-utils is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * nfs-utils is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-#include <sys/stat.h>
+-
+-#include <string.h>
+-#include <libgen.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <dirent.h>
+-#include <stdlib.h>
+-#include <stdbool.h>
+-#include <limits.h>
+-
+-#include "xlog.h"
+-#include "misc.h"
+-
+-/*
+- * Returns a dynamically allocated, '\0'-terminated buffer
+- * containing an appropriate pathname, or NULL if an error
+- * occurs. Caller must free the returned result with free(3).
+- */
+-__attribute__((__malloc__))
+-char *
+-generic_make_pathname(const char *base, const char *leaf)
+-{
+- size_t size;
+- char *path;
+- int len;
+-
+- size = strlen(base) + strlen(leaf) + 2;
+- if (size > PATH_MAX)
+- return NULL;
+-
+- path = malloc(size);
+- if (path == NULL)
+- return NULL;
+-
+- len = snprintf(path, size, "%s/%s", base, leaf);
+- if ((len < 0) || ((size_t)len >= size)) {
+- free(path);
+- return NULL;
+- }
+-
+- return path;
+-}
+-
+-
+-/**
+- * generic_setup_basedir - set up basedir
+- * @progname: C string containing name of program, for error messages
+- * @parentdir: C string containing pathname to on-disk state, or NULL
+- * @base: character buffer to contain the basedir that is set up
+- * @baselen: size of @base in bytes
+- *
+- * This runs before logging is set up, so error messages are directed
+- * to stderr.
+- *
+- * Returns true and sets up our basedir, if @parentdir was valid
+- * and usable; otherwise false is returned.
+- */
+-_Bool
+-generic_setup_basedir(const char *progname, const char *parentdir, char *base,
+- const size_t baselen)
+-{
+- static char buf[PATH_MAX];
+- struct stat st;
+- char *path;
+-
+- /* First: test length of name and whether it exists */
+- if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
+- (void)fprintf(stderr, "%s: Directory name too long: %s",
+- progname, parentdir);
+- return false;
+- }
+- if (lstat(parentdir, &st) == -1) {
+- (void)fprintf(stderr, "%s: Failed to stat %s: %s",
+- progname, parentdir, strerror(errno));
+- return false;
+- }
+-
+- /* Ensure we have a clean directory pathname */
+- strncpy(buf, parentdir, sizeof(buf)-1);
+- path = dirname(buf);
+- if (*path == '.') {
+- (void)fprintf(stderr, "%s: Unusable directory %s",
+- progname, parentdir);
+- return false;
+- }
+-
+- xlog(D_CALL, "Using %s as the state directory", parentdir);
+- strcpy(base, parentdir);
+- return true;
+-}
+diff --git a/support/misc/misc.c b/support/misc/misc.c
+new file mode 100644
+index 0000000..e7c3819
+--- /dev/null
++++ b/support/misc/misc.c
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2009 Oracle. All rights reserved.
++ * Copyright 2017 Red Hat, Inc. All rights reserved.
++ *
++ * This file is part of nfs-utils.
++ *
++ * nfs-utils is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * nfs-utils is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++
++#include <string.h>
++#include <libgen.h>
++#include <stdio.h>
++#include <errno.h>
++#include <dirent.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <limits.h>
++
++#include "xlog.h"
++#include "misc.h"
++
++/*
++ * Returns a dynamically allocated, '\0'-terminated buffer
++ * containing an appropriate pathname, or NULL if an error
++ * occurs. Caller must free the returned result with free(3).
++ */
++__attribute__((__malloc__))
++char *
++generic_make_pathname(const char *base, const char *leaf)
++{
++ size_t size;
++ char *path;
++ int len;
++
++ size = strlen(base) + strlen(leaf) + 2;
++ if (size > PATH_MAX)
++ return NULL;
++
++ path = malloc(size);
++ if (path == NULL)
++ return NULL;
++
++ len = snprintf(path, size, "%s/%s", base, leaf);
++ if ((len < 0) || ((size_t)len >= size)) {
++ free(path);
++ return NULL;
++ }
++
++ return path;
++}
++
++
++/**
++ * generic_setup_basedir - set up basedir
++ * @progname: C string containing name of program, for error messages
++ * @parentdir: C string containing pathname to on-disk state, or NULL
++ * @base: character buffer to contain the basedir that is set up
++ * @baselen: size of @base in bytes
++ *
++ * This runs before logging is set up, so error messages are directed
++ * to stderr.
++ *
++ * Returns true and sets up our basedir, if @parentdir was valid
++ * and usable; otherwise false is returned.
++ */
++_Bool
++generic_setup_basedir(const char *progname, const char *parentdir, char *base,
++ const size_t baselen)
++{
++ static char buf[PATH_MAX];
++ struct stat st;
++ char *path;
++
++ /* First: test length of name and whether it exists */
++ if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
++ (void)fprintf(stderr, "%s: Directory name too long: %s",
++ progname, parentdir);
++ return false;
++ }
++ if (lstat(parentdir, &st) == -1) {
++ (void)fprintf(stderr, "%s: Failed to stat %s: %s",
++ progname, parentdir, strerror(errno));
++ return false;
++ }
++
++ /* Ensure we have a clean directory pathname */
++ strncpy(buf, parentdir, sizeof(buf)-1);
++ path = dirname(buf);
++ if (*path == '.') {
++ (void)fprintf(stderr, "%s: Unusable directory %s",
++ progname, parentdir);
++ return false;
++ }
++
++ xlog(D_CALL, "Using %s as the state directory", parentdir);
++ strcpy(base, parentdir);
++ return true;
++}
+diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am
+index 8f5874e..68f1a46 100644
+--- a/support/nsm/Makefile.am
++++ b/support/nsm/Makefile.am
+@@ -10,7 +10,7 @@ GENFILES = $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H)
+ EXTRA_DIST = sm_inter.x
+
+ noinst_LIBRARIES = libnsm.a
+-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c
++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c
+
+ BUILT_SOURCES = $(GENFILES)
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
new file mode 100644
index 0000000..906ac0f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
@@ -0,0 +1,50 @@
+From fcece65d1b713eaeef41706898440302f8ce92d9 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Thu, 12 Jul 2018 15:19:41 +0800
+Subject: [PATCH] Makefile.am: update the path of libnfs.a
+
+The libnfs.a is under ../support/nfs/.libs/ now,
+update the reference path accordingly to fix below
+build error when run "make -C tests statdb_dump":
+| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'. Stop.
+
+And below error when run "make -C tests/nsm_client nsm_client"
+| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'. Stop.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502636522745&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ tests/Makefile.am | 2 +-
+ tests/nsm_client/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 1f96264..74aa629 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -3,7 +3,7 @@
+ check_PROGRAMS = statdb_dump
+ statdb_dump_SOURCES = statdb_dump.c
+
+-statdb_dump_LDADD = ../support/nfs/libnfs.a \
++statdb_dump_LDADD = ../support/nfs/.libs/libnfs.a \
+ ../support/nsm/libnsm.a $(LIBCAP)
+
+ SUBDIRS = nsm_client
+diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am
+index a8fc131..43db9c2 100644
+--- a/tests/nsm_client/Makefile.am
++++ b/tests/nsm_client/Makefile.am
+@@ -13,7 +13,7 @@ check_PROGRAMS = nsm_client
+ nsm_client_SOURCES = $(GENFILES) nsm_client.c
+
+ BUILT_SOURCES = $(GENFILES)
+-nsm_client_LDADD = ../../support/nfs/libnfs.a \
++nsm_client_LDADD = ../../support/nfs/.libs/libnfs.a \
+ ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC)
+
+ if CONFIG_RPCGEN
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
new file mode 100644
index 0000000..bafff5b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
@@ -0,0 +1,38 @@
+From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Dec 2018 10:02:12 -0800
+Subject: [PATCH] cacheio: use intmax_t for formatted IO
+
+time_t is not same size on x32 ABI (ILP32)
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/nfs/cacheio.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
+index 9dc4cf1..2086a95 100644
+--- a/support/nfs/cacheio.c
++++ b/support/nfs/cacheio.c
+@@ -17,6 +17,7 @@
+
+ #include <nfslib.h>
+ #include <stdio.h>
++#include <inttypes.h>
+ #include <stdio_ext.h>
+ #include <string.h>
+ #include <ctype.h>
+@@ -234,7 +235,7 @@ cache_flush(int force)
+ stb.st_mtime > now)
+ stb.st_mtime = time(0);
+
+- sprintf(stime, "%ld\n", stb.st_mtime);
++ sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime);
+ for (c=0; cachelist[c]; c++) {
+ int fd;
+ sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]);
+--
+2.19.2
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
new file mode 100644
index 0000000..17aabb9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
@@ -0,0 +1,43 @@
+From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Mon, 17 Dec 2018 15:29:47 +0800
+Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes
+
+There comes below error when run "make -C tests/nsm_client nsm_client"
+| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
+
+It is because rpcgen doesn't generate -Wmissing-prototypes
+free code for nlm_sm_inter_svc.c with below logic
+in tests/nsm_client/Makefile.am
+[snip]
+GENFILES_SVC = nlm_sm_inter_svc.c
+[snip]
+$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
+ test -f $@ && rm -rf $@ || true
+ $(RPCGEN) -m -o $@ $<
+
+So add the logic not to fatalize -Wmissing-prototypes.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index e82ff14..d0cc5d5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -548,7 +548,7 @@ my_am_cflags="\
+ -Wall \
+ -Wextra \
+ -Werror=strict-prototypes \
+- -Werror=missing-prototypes \
++ -Wmissing-prototypes \
+ -Werror=missing-declarations \
+ -Werror=format=2 \
+ -Werror=undef \
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
new file mode 100644
index 0000000..1d693e4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
@@ -0,0 +1,183 @@
+Clang comes up with more printf format warnings
+Correcting “format string is not a string literal” warning
+requires us to declare that parameter is a printf style
+format using the attribute flag
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: nfs-utils-2.3.3/support/include/xcommon.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xcommon.h
++++ nfs-utils-2.3.3/support/include/xcommon.h
+@@ -27,7 +27,7 @@
+
+ /* Functions in sundries.c that are used in mount.c and umount.c */
+ char *canonicalize (const char *path);
+-void nfs_error (const char *fmt, ...);
++void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
+ void *xmalloc (size_t size);
+ void *xrealloc(void *p, size_t size);
+ void xfree(void *);
+@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n);
+ char *xstrconcat2 (const char *, const char *);
+ char *xstrconcat3 (const char *, const char *, const char *);
+ char *xstrconcat4 (const char *, const char *, const char *, const char *);
+-void die (int errcode, const char *fmt, ...);
++void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+
+-extern void die(int err, const char *fmt, ...);
++extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+ extern void (*at_die)(void);
+
+ /* exit status - bits below are ORed */
+Index: nfs-utils-2.3.3/support/include/xlog.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xlog.h
++++ nfs-utils-2.3.3/support/include/xlog.h
+@@ -43,10 +43,10 @@ void xlog_config(int fac, int on);
+ void xlog_sconfig(char *, int on);
+ void xlog_from_conffile(char *);
+ int xlog_enabled(int fac);
+-void xlog(int fac, const char *fmt, ...);
+-void xlog_warn(const char *fmt, ...);
+-void xlog_err(const char *fmt, ...);
+-void xlog_errno(int err, const char *fmt, ...);
+-void xlog_backend(int fac, const char *fmt, va_list args);
++void xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0)));
+
+ #endif /* XLOG_H */
+Index: nfs-utils-2.3.3/support/nfs/xcommon.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/xcommon.c
++++ nfs-utils-2.3.3/support/nfs/xcommon.c
+@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) {
+
+ fmt2 = xstrconcat2 (fmt, "\n");
+ va_start (args, fmt);
++#pragma clang diagnostic push
++#pragma clang diagnostic ignored "-Wformat-nonliteral"
+ vfprintf (stderr, fmt2, args);
++#pragma clang diagnostic pop
+ va_end (args);
+ free (fmt2);
+ }
+Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c
++++ nfs-utils-2.3.3/utils/exportfs/exportfs.c
+@@ -644,6 +644,7 @@ out:
+ return result;
+ }
+
++__attribute__((__format__ (__printf__, 2, 3)))
+ static char
+ dumpopt(char c, char *fmt, ...)
+ {
+Index: nfs-utils-2.3.3/utils/statd/statd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/statd.c
++++ nfs-utils-2.3.3/utils/statd/statd.c
+@@ -136,7 +136,7 @@ static void log_modes(void)
+ strcat(buf, "TI-RPC ");
+ #endif
+
+- xlog_warn(buf);
++ xlog_warn("%s", buf);
+ }
+
+ /*
+Index: nfs-utils-2.3.3/support/nfs/svc_create.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/svc_create.c
++++ nfs-utils-2.3.3/support/nfs/svc_create.c
+@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s
+ type = SOCK_STREAM;
+ break;
+ default:
+- xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u",
++ xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu",
+ __func__, nconf->nc_semantics);
+ return -1;
+ }
+Index: nfs-utils-2.3.3/support/nsm/rpc.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nsm/rpc.c
++++ nfs-utils-2.3.3/support/nsm/rpc.c
+@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s
+ uint32_t xid;
+ XDR xdr;
+
+- xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version);
++ xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version);
+
+ nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr);
+ xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS,
+Index: nfs-utils-2.3.3/utils/mountd/cache.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/cache.c
++++ nfs-utils-2.3.3/utils/mountd/cache.c
+@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str
+ } else if (found_type == i && found->m_warned == 0) {
+ xlog(L_WARNING, "%s exported to both %s and %s, "
+ "arbitrarily choosing options from first",
+- path, found->m_client->m_hostname, exp->m_client->m_hostname,
+- dom);
++ path, found->m_client->m_hostname, exp->m_client->m_hostname);
+ found->m_warned = 1;
+ }
+ }
+Index: nfs-utils-2.3.3/utils/mountd/mountd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/mountd.c
++++ nfs-utils-2.3.3/utils/mountd/mountd.c
+@@ -213,7 +213,7 @@ static void
+ sig_hup (int sig)
+ {
+ /* don't exit on SIGHUP */
+- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
++ xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig);
+ return;
+ }
+
+Index: nfs-utils-2.3.3/utils/statd/rmtcall.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c
++++ nfs-utils-2.3.3/utils/statd/rmtcall.c
+@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds)
+ xlog_warn("%s: service %d not registered on localhost",
+ __func__, NL_MY_PROG(lp));
+ } else {
+- xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded",
++ xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded",
+ __func__, NL_MY_NAME(lp), NL_MON_NAME(lp));
+ }
+ nlist_free(¬ify, lp);
+Index: nfs-utils-2.3.3/utils/statd/svc_run.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/svc_run.c
++++ nfs-utils-2.3.3/utils/statd/svc_run.c
+@@ -53,6 +53,7 @@
+
+ #include <errno.h>
+ #include <time.h>
++#include <inttypes.h>
+ #include "statd.h"
+ #include "notlist.h"
+
+@@ -104,8 +105,8 @@ my_svc_run(int sockfd)
+
+ tv.tv_sec = NL_WHEN(notify) - now;
+ tv.tv_usec = 0;
+- xlog(D_GENERAL, "Waiting for reply... (timeo %d)",
+- tv.tv_sec);
++ xlog(D_GENERAL, "Waiting for reply... (timeo %jd)",
++ (intmax_t)tv.tv_sec);
+ selret = select(FD_SETSIZE, &readfds,
+ (void *) 0, (void *) 0, &tv);
+ } else {
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5..0000000
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am | 2 ++
- tools/rpcgen/Makefile.am | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
-
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
-
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
-
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
-
- noinst_PROGRAMS = rpcgen
---
-1.7.9.5
-
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
index a169e6a..22002fa 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
@@ -1,17 +1,24 @@
+From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 26 Jun 2018 15:59:00 +0800
+Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1
+
Fixed:
configure: error: res_querydomain needed
-Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/musl-res_querydomain.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096]
+Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ configure.ac | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
+index 276dec3..760238b 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -401,7 +401,7 @@ if test "$enable_gss" = yes; then
+@@ -408,7 +408,7 @@ if test "$enable_gss" = yes; then
fi
dnl libdnsidmap specific checks
@@ -20,3 +27,31 @@
AC_ARG_ENABLE([ldap],
[AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])])
+@@ -547,11 +547,11 @@ my_am_cflags="\
+ -pipe \
+ -Wall \
+ -Wextra \
+- -Werror=strict-prototypes \
+- -Werror=missing-prototypes \
+- -Werror=missing-declarations \
++ -Wstrict-prototypes \
++ -Wmissing-prototypes \
++ -Wmissing-declarations \
+ -Werror=format=2 \
+- -Werror=undef \
++ -Wundef \
+ -Werror=missing-include-dirs \
+ -Werror=strict-aliasing=2 \
+ -Werror=init-self \
+@@ -579,10 +579,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [
+
+ CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1])
+ CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
+-CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
+ CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
+
+-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"])
+
+ # Make sure that $ACLOCAL_FLAGS are used during a rebuild
+ AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
similarity index 88%
rename from poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb
rename to poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
index 6d450c7..ac4437b 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
@@ -26,16 +26,21 @@
file://nfs-mountd.service \
file://nfs-statd.service \
file://proc-fs-nfsd.mount \
- file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
file://nfs-utils-debianize-start-statd.patch \
file://bugfix-adjust-statd-service-name.patch \
file://nfs-utils-musl-limits.patch \
+ file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \
+ file://0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch \
+ file://clang-format-string.patch \
+ file://0001-Makefile.am-update-the-path-of-libnfs.a.patch \
+ file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
+ file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
"
-
+SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
-SRC_URI[md5sum] = "d77b182a9ee396aa6221ac2401ad7046"
-SRC_URI[sha256sum] = "96d06b5a86b185815760d8f04c34fdface8fa8b9949ff256ac05c3ebc08335a5"
+SRC_URI[md5sum] = "b6c9c032995af1c08fea9fbcc1ce33e9"
+SRC_URI[sha256sum] = "f68b34793831b05f1fd5760d6bdec92772c7684177586a99a61e7b444f336322"
# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
# pull in the remainder of the dependencies.
@@ -62,6 +67,8 @@
--with-statdpath=/var/lib/nfs/statd \
"
+CFLAGS += "-Wno-error=format-overflow"
+
PACKAGECONFIG ??= "tcp-wrappers \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
@@ -140,11 +147,6 @@
chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
- # the following are built by CC_FOR_BUILD
- rm -f ${D}${sbindir}/rpcdebug
- rm -f ${D}${sbindir}/rpcgen
- rm -f ${D}${sbindir}/locktest
-
# Make python tools use python 3
sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
deleted file mode 100644
index be7d9ea..0000000
--- a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require ofono.inc
-
-SRC_URI = "\
- ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://ofono \
- file://use-python3.patch \
-"
-SRC_URI[md5sum] = "be24e80f6551f46fea0c5b5879964d6c"
-SRC_URI[sha256sum] = "9c8e351b7658f4b43f9a4380b731c47d2d7544a89987c48c3f227e73636c87ae"
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb
new file mode 100644
index 0000000..3688b9d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb
@@ -0,0 +1,9 @@
+require ofono.inc
+
+SRC_URI = "\
+ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://ofono \
+ file://use-python3.patch \
+"
+SRC_URI[md5sum] = "31450cabdd8dbbf3f808ea2f2f066863"
+SRC_URI[sha256sum] = "eb011fcd3080e93f3a56f96be60350b6595a8b5f36b61646312ba41b0bcb0d75"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
similarity index 96%
rename from poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb
rename to poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index f54dfb5..2a23f64 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -11,7 +11,7 @@
DEPENDS = "zlib openssl"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
file://sshd_config \
file://ssh_config \
file://init \
@@ -25,13 +25,11 @@
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
"
+SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f"
+SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad"
PAM_SRC_URI = "file://sshd"
-SRCREV = "cce8cbe0ed7d1ba3a575310e0b63c193326ae616"
-
-S = "${WORKDIR}/git"
-
inherit useradd update-rc.d update-alternatives systemd
USERADD_PACKAGES = "${PN}-sshd"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 80b62ab..949c788 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -20,6 +20,11 @@
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
Configurations/unix-Makefile.tmpl | 10 +++++++++-
crypto/build.info | 2 +-
@@ -29,7 +34,7 @@
index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
@@ -43,6 +48,7 @@
+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
+ }
+ join(' ', @{$config{CFLAGS}}) -}
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
new file mode 100644
index 0000000..900ef97
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
@@ -0,0 +1,69 @@
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE: CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- a/crypto/evp/e_chacha20_poly1305.c
++++ b/crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+
+ #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
++#define CHACHA20_POLY1305_MAX_IVLEN 12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char user_key[CHACHA_KEY_SIZE],
+ const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ return 1;
+
+ case EVP_CTRL_AEAD_SET_IVLEN:
+- if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+ return 0;
+ actx->nonce_len = arg;
+ return 1;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 0000000..7c4b084
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+ $config{afalgeng}="";
+ if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+- my $minver = 4*10000 + 1*100 + 0;
+- if ($config{CROSS_COMPILE} eq "") {
+- my $verstr = `uname -r`;
+- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+- ($mi2) = $mi2 =~ /(\d+)/;
+- my $ver = $ma*10000 + $mi1*100 + $mi2;
+- if ($ver < $minver) {
+- $disabled{afalgeng} = "too-old-kernel";
+- } else {
+- push @{$config{engdirs}}, "afalg";
+- }
+- } else {
+- $disabled{afalgeng} = "cross-compiling";
+- }
++ push @{$config{engdirs}}, "afalg";
+ } else {
+ $disabled{afalgeng} = "not-linux";
+ }
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdc..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-# 1. the filename to be scanned
-# returns:
-# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
- local IS_TYPE=0
-
- # make IFS a newline so we can process grep output line by line
- local OLDIFS=${IFS}
- IFS=$( printf "\n" )
-
- # XXX: could be more efficient to have two 'grep -m' but is -m portable?
- for LINE in $( grep '^-----BEGIN .*-----' ${1} )
- do
- if echo ${LINE} \
- | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- break
- fi
- elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- break
- fi
- fi
- done
-
- # restore IFS
- IFS=${OLDIFS}
-
- return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-# arguments:
-# 1. the filename to fingerprint
-# 2. the method to use (x509, crl)
-# returns:
-# none
-# assumptions:
-# user will capture output from last stage of pipeline
-#
-fingerprint()
-{
- ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-# arguments:
-# 1. the filename to create a link for
-# 2. the type of certificate being linked (x509, crl)
-# returns:
-# 0 on success, 1 otherwise
-#
-link_hash()
-{
- local FINGERPRINT=$( fingerprint ${1} ${2} )
- local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
- local SUFFIX=0
- local LINKFILE=''
- local TAG=''
-
- if [ ${2} = "crl" ]
- then
- TAG='r'
- fi
-
- LINKFILE=${HASH}.${TAG}${SUFFIX}
-
- while [ -f ${LINKFILE} ]
- do
- if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
- then
- echo "NOTE: Skipping duplicate file ${1}" >&2
- return 1
- fi
-
- SUFFIX=$(( ${SUFFIX} + 1 ))
- LINKFILE=${HASH}.${TAG}${SUFFIX}
- done
-
- echo "${3} => ${LINKFILE}"
-
- # assume any system with a POSIX shell will either support symlinks or
- # do something to handle this gracefully
- ln -s ${3} ${LINKFILE}
-
- return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
- echo "Doing ${1}"
-
- cd ${1}
-
- ls -1 * 2>/dev/null | while read FILE
- do
- if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
- && [ -h "${FILE}" ]
- then
- rm ${FILE}
- fi
- done
-
- ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
- do
- REAL_FILE=${FILE}
- # if we run on build host then get to the real files in rootfs
- if [ -n "${SYSROOT}" -a -h ${FILE} ]
- then
- FILE=$( readlink ${FILE} )
- # check the symlink is absolute (or dangling in other word)
- if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
- then
- REAL_FILE=${SYSROOT}/${FILE}
- fi
- fi
-
- check_file ${REAL_FILE}
- local FILE_TYPE=${?}
- local TYPE_STR=''
-
- if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- TYPE_STR='x509'
- elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- TYPE_STR='crl'
- else
- echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
- continue
- fi
-
- link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
- done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
- SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
- SSL_CMD=/usr/bin/openssl
- OPENSSL=${SSL_CMD}
- export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
- echo "${0}: rehashing skipped ('openssl' program not available)" >&2
- exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
- IFS=':'
- DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
- DIRLIST=$SSL_CERT_DIR
-else
- DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
- if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
- then
- IFS=$old_IFS
- hash_dir ${CERT_DIR}
- IFS=':'
- fi
-done
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
index 0a620de..3fb2247 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@
# OPENSSL_ENGINES is relative from the test binaries
export OPENSSL_ENGINES=../engines
-perl ./test/run_tests.pl $*
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
rename to poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
index 54af100..87df4f5 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -53,8 +53,8 @@
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
-SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
+SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
S = "${WORKDIR}/openssl-${PV}"
@@ -78,9 +78,6 @@
export OE_LDFLAGS = "${LDFLAGS}"
-# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
-CCACHE = ""
-
TERMIO ?= "-DTERMIO"
TERMIO_libc-musl = "-DTERMIOS"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
similarity index 89%
rename from poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
index e9e9fac..d3404d2 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
@@ -7,26 +7,33 @@
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
DEPENDS = "hostperl-runtime-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
- file://openssl-c_rehash.sh \
file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ file://CVE-2019-1543.patch \
"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73"
-SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
+SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
+SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
inherit lib_package multilib_header ptest
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
@@ -113,6 +120,7 @@
# environment variables set by bitbake. Adjust the environment variables instead.
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
}
do_install () {
@@ -141,12 +149,6 @@
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-
- # Install a custom version of c_rehash that can handle sysroots properly.
- # This version is used for example when installing ca-certificates during
- # image creation.
- install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
- sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
}
do_install_append_class-nativesdk () {
@@ -195,16 +197,10 @@
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-bin = "perl"
-RDEPENDS_${PN}-misc = "perl"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
RPROVIDES_openssl-conf = "openssl10-conf"
RREPLACES_openssl-conf = "openssl10-conf"
RCONFLICTS_openssl-conf = "openssl10-conf"
BBCLASSEXTEND = "native nativesdk"
-
-inherit multilib_script
-
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 0000000..a476cf0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
deleted file mode 100644
index d4d49e7..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c | 16 +++++++++++++---
- src/ap/wpa_auth.c | 11 +++++++++++
- src/ap/wpa_auth.h | 3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h | 1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- break;
- #endif /* CONFIG_IEEE80211R */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
deleted file mode 100644
index 501bb4b..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 11 +++++
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h | 4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
- }
-
- return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
--
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ const struct wpa_igtk_kde *igtk;
-+
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
deleted file mode 100644
index 2e22655..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h | 2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
deleted file mode 100644
index 6c19486..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c | 5 ++---
- src/rsn_supp/wpa_i.h | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
deleted file mode 100644
index b262dca..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
deleted file mode 100644
index 15183f4..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
deleted file mode 100644
index 2e12bc7..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
-
- if (!wpa_s->wnmsleep_used) {
- wpa_printf(MSG_DEBUG,
-- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- return;
- }
-
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- return;
- }
-
-+ wpa_s->wnmsleep_used = 0;
-+
- if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
deleted file mode 100644
index 7f5390c..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
---
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
deleted file mode 100644
index e800a41..0000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-wpa_supplicant-2.6: Fix CVE-2018-14526
-
-[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
-
-wpa: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-
-Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
-CVE: CVE-2018-14526
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..6bdf923 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
-
- if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+ /*
-+ * Only decrypt the Key Data field if the frame's authenticity
-+ * was verified. When using AES-SIV (FILS), the MIC flag is not
-+ * set, so this check should only be performed if mic_len != 0
-+ * which is the case in this code branch.
-+ */
-+ if (!(key_info & WPA_KEY_INFO_MIC)) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+ goto out;
-+ }
- if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- &key_data_len))
- goto out;
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
similarity index 77%
rename from poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
rename to poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
index aa4c4c2..fe5fa2b 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
@@ -3,9 +3,9 @@
BUGTRACKER = "http://w1.fi/security/"
SECTION = "network"
LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \
- file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \
- file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a3791c270ad6bb026707d17bf750e5ef \
+ file://README;beginline=1;endline=56;md5=495cbce6008253de4b4d8f4cdfae9f4f \
+ file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=a5687903a31b8679e6a06b3afa5c819e"
DEPENDS = "dbus libnl"
RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
@@ -24,18 +24,10 @@
file://wpa_supplicant.conf \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
- file://key-replay-cve-multiple1.patch \
- file://key-replay-cve-multiple2.patch \
- file://key-replay-cve-multiple3.patch \
- file://key-replay-cve-multiple4.patch \
- file://key-replay-cve-multiple5.patch \
- file://key-replay-cve-multiple6.patch \
- file://key-replay-cve-multiple7.patch \
- file://key-replay-cve-multiple8.patch \
- file://wpa_supplicant-CVE-2018-14526.patch \
+ file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
"
-SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
-SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
+SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10"
+SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074"
CVE_PRODUCT = "wpa_supplicant"
@@ -50,8 +42,6 @@
do_configure () {
${MAKE} -C wpa_supplicant clean
install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
- echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
- echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
ssl=openssl