subtree updates openembedded poky
meta-openembedded: 491b7592f4..eff1b182c1:
Alejandro Hernandez Samaniego (1):
emacs: update to 29.1
Archana Polampalli (2):
python3-pyroute2: fix ptest failure
nodejs: upgrade 18.17.0 -> 18.17.1
Bartosz Golaszewski (1):
libgpiod: update to v2.0.2
Beniamin Sandu (3):
unbound: upgrade 1.17.1 -> 1.18.0
mbedtls: upgrade 3.4.0 -> 3.4.1
mbedtls: upgrade 2.28.3 -> 2.28.4
Benjamin Bara (3):
libvpx: fix VPXTARGET for non-neon armv7a
ne10: set incompatible for armv7 without neon
openh264: make neon optional and disable if not supported
Chaitanya Vadrevu (1):
bolt: Add recipe
Chen Qi (2):
spice-protocol: fix populate_sdk error when spice is installed
python3-blivetgui: switch from master to main
Christophe Vu-Brugier (1):
sg3-utils: upgrade 1.47 -> 1.48
Danik (2):
python3-gspread: interface for google spreadsheet
python3-piccata: piccata - a simple CoAP toolkit added
Denys Zagorui (1):
bpftool: add native and nativesdk support
Emil Kronborg Andersen (3):
lcms: add CVE_PRODUCT
snappy: add CVE_PRODUCT
libopus: add CVE_PRODUCT
Enrico Jorns (1):
microcom: add new recipe
Ewa Kujawska (1):
python3-oauth2client_4.1.2.bb: recipe added
Frieder Schrempf (1):
python3-can: Add missing runtime dependencies
Gianfranco Costamagna (1):
dlt-daemon: upgrade 2.18.9 -> 2.18.10 (commit: 0f2d4cfffada6f8448a2cb27995b38eb4271044f)
Joe Slater (1):
python3-inotify: fix tests
Justin Bronder (5):
python3-mypy-extensions: upgrade 0.4.3 -> 1.0.0
python3-types-setuptools: add 68.0.0.3
python3-typed-ast: remove EOL package
python3-types-psutil: add 5.9.5.16
python3-mypy: upgrade 0.971 -> 1.5.0
Kai Kang (1):
libmcrypt: fix multilib conflict
Khem Raj (31):
qad: Fix build with clang
python3-dominate: Fix get_thread_context ptest on musl
perfetto: Add SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
libsdl2-ttf: Define SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
sysdig: Add SRCREV_FORMAT
cockpit: Upgrade to 298 release
librelp: Fix function prototypes in tests
jemalloc: Unbolt clang workaroud
python3-protobuf: Fix build errors seen with clang
mariadb: Fix build with libfmt 10.1+
librelp: Add packageconfigs for TLS implementations
librelp: Fix ptests builds on musl
librelp: Fix ptest installs to work with dash
librelp: Add to meta-oe ptest image
liburing: Upgrade to 2.4 release
rsyslog: Enable openssl transport by default
libio-socket-ssl-perl: Upgrade to 2.083
libfaketime: Fix build with clang
libfaketime: Eanable LFS64 on musl
python3-lz4: Drop using PYTHON_PN
python3-lz4: Add missing rdeps needed for ptests
rsyslog: Skip failing omfile-outchannel test on musl
python3-m2crypto: Append architecture to SWIG_FEATURES instead of overriding
networkmanager: Fix build on musl
network-manager-applet: Fix build with musl/lld linker
networkmanager-openvpn: Fix build with lld on musl
openconnect: Upgrade to 9.12
openconnect: Fix build with GnuTLS v3.8.1
fontforge: Fix build with gettext 0.22
Kirk Hays (1):
jack: Drop dependency on readline
Leon Anavi (2):
aml: add new recipe
neatvnc: add new recipe
Marek Vasut (2):
libiio: Use tagged v0.25
libiio: Rename to versioned recipe filename
Marine Vovard (1):
python3-kivy: Require X11 or Wayland in DISTRO_FEATURES
Mark Hatle (1):
kconfig-frontends: Avoid using hard coded /usr/include paths
Markus Volk (28):
gvfs: update 1.51.1 -> 1.51.90
gnome-themes-extra: fix datadir path
libnice: add graphviz-native dependency
libcanberra: fix api-documentation build
libgweather4: fix api-documentation build
appstream: disable docs
gtksourceview5: fix api-documentation build
libpeas: fix api-documentation build
nautilus: fix api-documentation build
evince: fix api-documentation build
usbids: add recipe
libcacard: add recipe
usbredir: upgrade 0.9.0 -> 0.13.0
spice: upgrade 0.14.2 -> 0.15.2
gnome-remote-desktop: add recipe
libosinfo: add recipe
gnome-boxes: add recipe
pipewire: upgrade 0.3.77 -> 0.3.78
spice-gtk: fix api-documentation build
flatpak: fix api-documentation build
phodav: add recipe
libdecor: update to latest commit
spice-guest-vdagent: add recipe
pipewire: upgrade 0.3.78 -> 0.3.79
spice: add missing dependency on orc
spice-guest-vdagent: add missing dependencies
libosinfo: build vapi only if gobject-introspection is enabled
gnome-boxes: remove dependency on ovmf
Martin Jansa (12):
openh264: fix installed-vs-shared QA issue with multilib
libfaketime: simplify packaging
json-schema-validator: restore 0004-cmake-Use-GNUInstallDirs.patch
phodav: make sure systemd files are packaged correctly
sysbench: avoid -L/usr/lib32 and configure-unsafe QA issue
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
libiio: use main branch instead of master
webkitgtk: explicitly disable JIT for armv7* with softfp
layer.conf: update LAYERSERIES_COMPAT for nanbield
Ming Liu (1):
libusbgx: usbgx.service: use Type=oneshot
Mingli Yu (4):
mariadb: Upgrade to 10.11.5
dialog: Update the SRC_URI
gnulib: Update SRC_URI
thrift: Remove buildpaths
Nicolas Marguet (1):
librelp: add ptest
Parian Golchin (1):
json-schema-validator: Updrade to 2.2.0
Pawel Langowski (1):
qcbor: add recipe
Petr Chernikov (1):
Fix empty 0.0.0-0-g0 jemalloc version by adding --with-version
Petr Gotthard (1):
python3-sdbus: add recipe
Robert Yang (1):
frr: Fix CVE-2023-41358 and CVE-2023-41360
Roger Knecht (1):
python3-schedule: add recipe
Roland Hieber (1):
fbida: update Upstream-Status for submitted patches
Ross Burton (1):
Revert "protobuf: stage protoc binary to sysroot"
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Upgrade 1.20.1 -> 1.20.2
Sourav Kumar Pramanik (1):
meta-oe-components: Avoid usage of nobranch=1
Sourav Pramanik (2):
rapidjson: Avoid usage of nobranch=1
nlohmann-json: Avoid usage of nobranch=1
Stanislav Angelovic (1):
feat: bump sdbus-c++ up to v1.3.0
Sudip Mukherjee (1):
qad: Add initial recipe
Trevor Gamblin (1):
python3-kivy: fix filename
Tymoteusz Burak (2):
ttf-google-fira: add recipe
libfaketime: add recipe
Vincent Davis Jr (1):
cglm: upgrade v0.8.9 -> v0.9.1
Wang Mingyu (108):
libcloudproviders: upgrade 0.3.1 -> 0.3.2
chrony: upgrade 4.3 -> 4.4
networkmanager: upgrade 1.42.8 -> 1.44.0
weechat: upgrade 4.0.2 -> 4.0.3
ctags: upgrade 6.0.20230730.0 -> 6.0.20230813.0
fmt: upgrade 10.0.0 -> 10.1.0
gensio: upgrade 2.6.7 -> 2.7.2
googletest: upgrade 1.13.0 -> 1.14.0
lvgl: upgrade 8.3.8 -> 8.3.9
postgresql: upgrade 15.3 -> 15.4
smartmontools: upgrade 7.3 -> 7.4
xdg-dbus-proxy: upgrade 0.1.4 -> 0.1.5
yaml-cpp: upgrade 0.7.0 -> 0.8.0
libtest-harness-perl: upgrade 3.44 -> 3.47
python3-alembic: upgrade 1.11.1 -> 1.11.2
python3-async-timeout: upgrade 4.0.2 -> 4.0.3
python3-bitarray: upgrade 2.8.0 -> 2.8.1
python3-cmake: upgrade 3.27.0 -> 3.27.2
python3-coverage: upgrade 7.2.7 -> 7.3.0
python3-dnspython: upgrade 2.4.1 -> 2.4.2
python3-google-api-python-client: upgrade 2.95.0 -> 2.96.0
python3-googleapis-common-protos: upgrade 1.59.1 -> 1.60.0
python3-joblib: upgrade 1.3.1 -> 1.3.2
python3-luma-oled: upgrade 3.12.0 -> 3.13.0
python3-platformdirs: upgrade 3.9.1 -> 3.10.0
python3-pycodestyle: upgrade 2.10.0 -> 2.11.0
python3-pyflakes: upgrade 3.0.1 -> 3.1.0
python3-pymisp: upgrade 2.4.173 -> 2.4.174
python3-rdflib: upgrade 6.3.2 -> 7.0.0
python3-regex: upgrade 2023.6.3 -> 2023.8.8
python3-rich: upgrade 13.4.2 -> 13.5.2
python3-sh: upgrade 2.0.4 -> 2.0.6
python3-tox: upgrade 4.6.4 -> 4.8.0
python3-tqdm: upgrade 4.65.0 -> 4.66.1
python3-uefi-firmware: upgrade 1.10 -> 1.11
python3-virtualenv: upgrade 20.24.2 -> 20.24.3
python3-web3: upgrade 6.7.0 -> 6.8.0
python3-yamlloader: upgrade 1.2.2 -> 1.3.2
python3-zeroconf: upgrade 0.71.4 -> 0.76.0
python3-protobuf: upgrade 4.23.4 -> 4.24.0
ctags: upgrade 6.0.20230813.0 -> 6.0.20230820.0
debootstrap: upgrade 1.0.128 -> 1.0.131
gensio: upgrade 2.7.2 -> 2.7.4
gnome-bluetooth: upgrade 42.5 -> 42.6
nginx: upgrade 1.25.1 -> 1.25.2
geary: update 44.0 -> 44.1
php: upgrade 8.2.8 -> 8.2.9
python3-redis: upgrade 4.6.0 -> 5.0.0
python3-alembic: upgrade 1.11.2 -> 1.11.3
python3-awesomeversion: upgrade 23.5.0 -> 23.8.0
python3-bitstring: upgrade 4.0.2 -> 4.1.0
python3-click: upgrade 8.1.6 -> 8.1.7
python3-engineio: upgrade 4.5.1 -> 4.6.0
python3-google-api-python-client: upgrade 2.96.0 -> 2.97.0
python3-humanize: upgrade 4.7.0 -> 4.8.0
python3-mypy: upgrade 1.5.0 -> 1.5.1
python3-oauth2client: upgrade 4.1.2 -> 4.1.3
python3-protobuf: upgrade 4.24.0 -> 4.24.1
python3-pycocotools: upgrade 2.0.6 -> 2.0.7
python3-pymetno: upgrade 0.10.0 -> 0.11.0
python3-pymongo: upgrade 4.4.1 -> 4.5.0
python3-pywbem: upgrade 1.6.1 -> 1.6.2
python3-sqlalchemy: upgrade 2.0.19 -> 2.0.20
python3-tox: upgrade 4.8.0 -> 4.10.0
python3-typeguard: upgrade 4.1.0 -> 4.1.2
python3-types-setuptools: upgrade 68.0.0.3 -> 68.1.0.0
python3-zeroconf: upgrade 0.76.0 -> 0.82.1
redis: upgrade 7.0.12 -> 7.2.0
weechat: upgrade 4.0.3 -> 4.0.4
traceroute: upgrade 2.1.2 -> 2.1.3
wireshark: upgrade 4.0.7 -> 4.0.8
adw-gtk3: upgrade 4.8 -> 4.9
ctags: upgrade 6.0.20230820.0 -> 6.0.20230827.0
debootstrap: upgrade 1.0.131 -> 1.0.132
dialog: upgrade 1.3-20210509 -> 1.3-20230209
fmt: upgrade 10.1.0 -> 10.1.1
gensio: upgrade 2.7.4 -> 2.7.5
iwd: upgrade 2.7 -> 2.8
libgphoto2: upgrade 2.5.30 -> 2.5.31
libzip: upgrade 1.10.0 -> 1.10.1
logwatch: upgrade 7.8 -> 7.9
thrift: upgrade 0.18.1 -> 0.19.0
libnet-dns-perl: upgrade 1.39 -> 1.40
python3-alembic: upgrade 1.11.3 -> 1.12.0
python3-argh: upgrade 0.28.1 -> 0.29.3
python3-asttokens: upgrade 2.2.1 -> 2.4.0
python3-bitstring: upgrade 4.1.0 -> 4.1.1
python3-cmake: upgrade 3.27.2 -> 3.27.4.1
python3-diskcache: upgrade 5.6.1 -> 5.6.3
python3-engineio: upgrade 4.6.0 -> 4.7.0
python3-imageio: upgrade 2.31.1 -> 2.31.3
python3-ipython: upgrade 8.14.0 -> 8.15.0
python3-kiwisolver: upgrade 1.4.4 -> 1.4.5
python3-langtable: upgrade 0.0.62 -> 0.0.63
python3-luma-core: upgrade 2.4.0 -> 2.4.1
python3-protobuf: upgrade 4.24.1 -> 4.24.2
python3-pymisp: upgrade 2.4.174 -> 2.4.175
python3-pymodbus: upgrade 3.4.1 -> 3.5.0
python3-smbus2: upgrade 0.4.2 -> 0.4.3
python3-snagboot: upgrade 1.1 -> 1.2
python3-socketio: upgrade 5.8.0 -> 5.9.0
python3-soupsieve: upgrade 2.4.1 -> 2.5
python3-tox: upgrade 4.10.0 -> 4.11.1
python3-typeguard: upgrade 4.1.2 -> 4.1.3
python3-types-setuptools: upgrade 68.1.0.0 -> 68.1.0.1
python3-virtualenv: upgrade 20.24.3 -> 20.24.4
python3-web3: upgrade 6.8.0 -> 6.9.0
python3-zeroconf: upgrade 0.82.1 -> 0.97.0
Willy Tu (1):
abseil-cpp: upgrade 20230125.3 -> 20230802.0
Yi Zhao (7):
nftables: upgrade 1.0.7 -> 1.0.8
libssh: upgrade 0.10.4 -> 0.10.5
samba: upgrade 4.18.5 -> 4.18.6
libyang: upgrade 2.1.55 -> 2.1.111
frr: Security fix CVE-2023-3748
vsomeip: add recipe
ntp: add missing runtime dependencies
Yogita Urade (2):
poppler: fix CVE-2023-34872
hwloc: fix CVE-2022-47022
Βούλγαρη Αικατερίνη (1):
collectd: build with rrdcached plugin
poky: 71282bbc53..61531cd395:
Adrian Freihofer (2):
cmake.bbclass: cleanup spaces and tabs
cmake.bbclass: refactor cmake args
Alberto Planas (1):
bitbake.conf: add bunzip2 in HOSTTOOLS
Alexander Kanavin (18):
lib/oe/recipeutils.py: accommodate SRCPV being optional and deprecated in version check regex
python3-sphinx: correct version check
systemd-bootchart: musl fixes have been rejected upstream
openssl: build and install manpages only if they are enabled
gettext: upgrade 0.21.1 -> 0.22
connman: update 1.41 -> 1.42
libcgroup: update 3.0.0 -> 3.1.0
perlcross: update 1.4.1 -> 1.5
perl: update 5.36.1 -> 5.38.0
groff: update 1.22.4 -> 1.23.0
libglu: update 9.0.2 -> 9.0.3
libpthread-stubs: update 0.4 -> 0.5
gpgme: upgrade 1.20.0 -> 1.22.0
libgudev: upgrade 237 -> 238
gnupg: upgrade 2.4.2 -> 2.4.3
gnutls: update 3.8.0 -> 3.8.1
runqemu: check permissions of available render nodes as well as their presence
build-sysroots: target or native sysroot population need to be selected explicitly
Alexis Lothoré (7):
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest: introduce gitarchive tests
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest/gitarchive: add tests about tags lisiting when no remote is configured
oeqa/utils/gitarchive: allow to pass a logger to get_tags
oeqa/utils/gitarchive: fall back to local tags when listing existing tags
oeqa/utils/gitarchive: replace warning with info when reading local tags
Angelo Ribeiro (1):
ccache.bbclass: Add allowed list for native recipes
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
harfbuzz: upgrade 8.0.1 -> 8.1.1
stress-ng: upgrade 0.15.08 -> 0.16.04
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Benjamin Bara (6):
rust-target-config: fix target_features for vfpv3d16
README: fix mail address in git example command
pixman: avoid neon on unsupported machines
nettle: avoid neon on unsupported machines
ffmpeg: avoid neon on unsupported machines
ghostscript: avoid neon on unsupported machines
Bruce Ashfield (19):
conf/machine: set preferred kernel to be 6.4
poky/poky-tiny: set preferred linux-yocto version to 6.4
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.4: update to v6.4.10
linux-yocto/6.1: update to v6.1.45
kern-tools: include utility to post process config diffs
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: update to v6.4.11
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
linux-yocto/6.4: fix IRQ-80 warnings
linux-yocto/6.4: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.4: update to v6.4.12
linux-yocto/6.1: update to v6.1.50
linux-yocto/6.4: update to v6.4.13
linux-yocto/6.4: update to v6.4.14
linux-yocto/6.1: update to v6.1.51
Changqing Li (1):
sqlite3: set CVE_STATUS for CVE-2023-36191
Chen Qi (6):
bitbake: runqueue.py: fix PSI check logic
cmake: drop OE specific environment variable support
cmake.bbclass: fix allarch override syntax
uninative.bbclass: sync to use UNINATIVE_STAGING_DIR
stress-ng: disable DEBUG_BUILD
oe-depends-dot: improve '-w' behavior
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
David Reyna (3):
bitbake: toaster: Update to Django 4.2
bitbake: toaster: import only used layers
bitbake: toaster: accommodate missing 'Image Name' value in buildinfohelper
Dmitry Baryshkov (4):
mdadm: disable strace on rv32 arch
linux-firmware: upgrade 20230625 -> 20230804
linux-firmware: package audio topology for Lenovo X13s
linux-firmware: package Dragonboard 845c sensors DSP firmware
Eilís 'pidge' Ní Fhlannagáin (1):
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Emil Ekmečić (2):
bitbake: fetch2: add Google Cloud Platform (GCP) fetcher
Add GCP fetcher to list of supported protocols
Emil Kronborg Andersen (2):
dbus: add additional entries to CVE_PRODUCT
libxkbcommon: add CVE_PRODUCT
Etienne Cordonnier (2):
vim: update obsolete comment
migration-guides: system-conf -> systemd-conf
Frederic Martinsons (5):
rust: add cargo-c native recipe
classes-recipe: add cargo_c.bbclass
rust: provide examples for C library generation in rust
oeqa/runtime/rust: correct rust test
ref-manual: classes.rst: suppress rust-hello-world reference, add ptest-cargo class
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jasper Orschulko (1):
cve_check: Fix cpe_id generation
Joe Slater (1):
file: fix call to localtime_r()
Jon Mason (1):
linux-yocto-dev: correct qemuarmv5 device tree location
Jose Quaresma (3):
systemd: fix efi dependency
systemd-boot: remove old gummiboot TUNE_CCARGS
pybootchartgui: also match do_compile and do_configure subtasks
Joshua Watt (9):
bitbake: bblayers/query: Add multiconfig support to `show-appends`
bitbake: cooker: Fix error message
bitbake: lib/bb: Add xattr and acl libraries
buildtools-tarball: Add libacl
classes/image_types: Add vfat image type
bitbake: fetch2: git: Check if clone directory is a git repo
wic: Add gpt-hybrid partition layout
bitbake: fetch2: git: Remove useless try..else clause
Add libacl to required packages
Julien Stephan (4):
less: upgrade 633 -> 643
less: add ptest support
patch.py: use --absolute-git-dir instead of --show-toplevel to retrieve gitdir
vulkan-samples: convert debugfix.patch to git format patch
Kai Kang (1):
webkitgtk: fix build failure with DEBUG_BUILD enabled
Khem Raj (22):
gnu-efi: Fix build on musl
systemd-boot: Fix build on musl
glibc: Upgrade to 2.38 release
glibc: Enable fortify sources by defaults
glibc: Drop --enable-tunables
glibc: Fix SVE detection on aarch64
glibc-tests: Add missing libgcc runtime dependency
kernel.bbclass: Use KERNEL_STRIP instead of STRIP
build-sysroots: Add SUMMARY field
tunes: Add support for sve instructions on armv8/armv9
arch-armv8,arch-armv9: Add sve based tune options
python3: Increase default thread stack size on musl
inetutils: Fix CVE-2023-40303
inetutils: Apply devtool formatting suggestions
qemu: Fix CVE-2023-40360
core-image-ptest: Define a fallback for SUMMARY field
dos2unix: upgrade 7.5.0 -> 7.5.1
python3: Fix ptests on musl
tcl: Add a way to skip ptests
rust-target-config: Map rust target to OE target
libc-test: Depend on musl-staticdev
apr: Fix ptests on musl
Lee Chee Yang (2):
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
Lei Maohui (1):
glibc-package: Fix conflict error when enable multilib.
Luan Rafael Carneiro (2):
weston: Upgrade version 12.0.1 -> 12.0.2
weston: Add sysconfdir to FILES:${PN}
Luca Ceresoli (1):
Revert "oeqa/runtime/parselogs: Exclude preempt-rt error for now"
Markus Niebel (2):
wic: fix wrong attempt to create file system in upartitioned regions
oeqa: wic: Add test for --no-table option
Markus Volk (8):
gtk4: upgrade 4.10.4 -> 4.10.5
libadwaita: upgrade 1.3.3 -> 1.3.4
gtk4: upgrade 4.10.5 -> 4.12.0
qemu: fix libudev packageconfig for systemd images
qemu: build pulseaudio support depending on distro_feature
qemu: add packageconfigs for fuse and dbus-display
gtk4: upgrade 4.12.0 -> 4.12.1
mesa: add intel raytracing support to opencl build
Martin Jansa (6):
tcl: prevent installing another copy of tzdata
cross-localedef-native: fix build on hosts with older glibc
bitbake: runqueue: show more pressure data
Makefile: remove from top-level directory
bitbake: runqueue: show number of currently running bitbake threads when pressure changes
webkitgtk: explicitly disable JIT for armv7* with softfp
Michael Halstead (2):
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (26):
scripts/create-pull-request: update URLs to git repositories
manuals: create a dedicated "Contributor Guide" document
ref-manual: classes.rst: fix location of _ref-classes-ccache
ref-manual: update supported distro versions
contributor-guide: add missing links to mailing lists
contributor-guide: add section about why we use mailing lists
contributor-guide: add recipe style guide
ref-manual: remove AUTHOR variable
contributor guide: call section "Reporting a defect"
contributor-guide: remove obsolete pkg-config guidelines
contributor guide: remove unnecessary information about mailing lists
contributor-guide: clarification about patchtest
contributor guide: update instructions for making and sharing changes
dev-manual: disk-space: mention faster "find" command to trim sstate cache
contributor-guide: move to 2nd place in top menu
contributor-guide: submit-changes: simplify note
contributor-guide: identify component: provide link to repositories
contributor-guide: submit-changes: detail commit and patch creation
contributor-guide: submit-changes: develop sending patches section
manuals: README: update list of manuals
contributor-guide: submit-changes: reorganize and develop sections
contributor-guide: submit-changes: improvements to mailing lists section
contributor-guide: submit-changes: commit guidelines for recipes
contributor-guide: submit-changes: how to request push access to repositories
README: update/fix contribution guidelines
bitbake: doc: bitbake-user-manual: remove reference to SSTATE_MIRRORS variable
Mikko Rapeli (4):
openssh: capture ptest regression test failure logs
oeqa selftest context.py: whitespace fix
oeqa selftest context.py: remove warning from missing meta-selftest
oeqa selftest context.py: fix git commands and set branch name
Mingli Yu (2):
qemu: Add qemu-common package
webkitgtk: Add opengl to REQUIRED_DISTRO_FEATURES
Narpat Mali (1):
ffmpeg: add CVE_STATUS for CVE-2023-39018
Otavio Salvador (2):
weston-init: remove misleading comment about udev rule
weston-init: fix init code indentation
Ovidiu Panait (1):
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Paulo Neves (1):
bitbake: siggen.py: Improve taskhash reproducibility
Peter Kjellerstedt (3):
bin_package.bbclass: Inhibit the default dependencies
insane.bbclass: Remove an unused variable
poky.conf: Switch to post release name/version
Peter Marko (2):
openssl: Upgrade 3.1.1 -> 3.1.2
gcc-runtime: remove bashism
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Randolph Sapp (1):
bitbake: gitsm: tolerate git-lfs in submodules
Richard Purdie (39):
bitbake: siggen: Fix indentation
bitbake: siggen: Update debug
resulttool/report: Avoid divide by zero
gcc-testsuite: Fix qemu binary filtering code logic error
gcc-testsuite: Set qemu options for mips correctly
mips/tune-mips64r2: Set qemu cpu option correctly
binutils-cross-testsuite: Pass TUNE_LDARGS to tests
arch-mips: Ensure TUNE_LDARGS is set correctly
gcc: Add patch to improve testsuite failures, particularly mips
oeqa/runtime/parselogs: Exclude preempt-rt error for now
qemu: Upgrade 8.0.3 -> 8.0.4
lib/package_manager: Improve repo artefact filtering
Revert "oeqa/utils/gitarchive: fix tag computation when creating archive"
lttng-modules: Upgrade 2.13.9 -> 2.13.10
lttng-tools: Upgrade 2.13.9 -> 2.13.10
pseudo: Fix to work with glibc 2.38
binutils: Add missing DEPENDS on pod2man
build-sysroots: Ensure dependency chains are minimal
bitbake: fetch2: Add new srcrev fetcher API
base/package: Move source revision information from PV to PKGV
recipes/classes/scripts: Drop SRCPV usage in OE-Core
glibc: Add glibc 2.38 stable updates
README: Update to point to new contributor guide
bitbake: README: Update to point to new contributor guide
bitbake: command: Avoid time intensive distractions for ping
README: Clarify/standardise contributions process
python3-numpy: Attempt to fix reproducibility issue
bitbake: doc: Document challenges of tags with git fetcher
bitbake: server/process: Add more timing debug
qemu: Upgrade 8.0.4 -> 8.1.0
qemu: Add patches to resolve x86 and then mips boot issues
mdadm: Disable further tests due to intermittent failures
Revert "oeqa selftest context.py: fix git commands and set branch name"
classes: Drop ';' delimiter from ROOTFS/IMAGE*COMMAND variables
build-appliance-image: Update to master head revision
layer.conf: Update to nanbield release series
bitbake: bitbake: Update to 2.6.0 release series/version
layer.conf: Update to nanbield release series
build-appliance-image: Update to master head revision
Ross Burton (47):
connman-conf: don't take over any ethernet devices, not just eth0
meson.bbclass: add MESON_TARGET
meson.bbclass:: update do_write_config vardeps
systemd-boot: use MESON_TARGET
systemd-boot: improve cross file generation
p11-kit: fix build without qemu-usermode
gi-docgen: depend on qemu-usermode MACHINE_FEATURES
python3-pygobject: add explicit check for qemu-usermode MACHINE_FEATURE
graphene: fix runtime detection of IEEE754 behaviour
python3: ignore disputed CVE-2023-36632
procps: backport fix for CVE-2023-4016
linux/generate-cve-exclusions.py: fix comparison
linux/cve-exclusions: update CVE_STATUS exclusions
perf: enable verbose feature detection
perf: add more PACKAGECONFIGs
perf: fix perl binding support
perf: split scripting PACKAGECONFIG into perl and python
perf: disable perl support
libtraceevent: build with Meson
linux/generate-cve-exclusions: add version check warning
linux-yocto: update CVE exclusions files
site: remove at-spi2-core values
inetutils: don't guess target paths
inetutils: remove obsolete patches
inetutils: remove obsolete cruft from do_configure
glib-networking: enable build with GnuTLS if PKCS#11 was disabled
glib-networking: use gnutls backend for TLS sockets
cve-extra-exclusions: remove historic kernel CVEs which are handled now
cve-extra-exclusions: remove BlueZ issues
linux-yocto: update kernel CVE status
linux: review some historic CVE_STATUS
glib-2.0: explicitly enable strlcpy()
scripts/oe-find-native-sysroot: use bitbake-getvar
qemu-system-native: enable PNG support
python3-build: upgrade to 1.0.0
glib-2.0: libelf has a configure option now, specify it
harfbuzz: update PACKAGECONFIG
pango: explictly enable/disable libthai
libsoup-2.4: update PACKAGECONFIG
libsoup: update PACKAGECONFIG
wayland-utils: add libdrm PACKAGECONFIG
cve-exclusion: review the last of the historical kernel CVEs
busybox: remove coreutils dependency in busybox-ptest
libgudev: explicitly disable tests and vapi
linux: update CVE exclusions
python3-build: upgrade to 1.0.3
avahi: handle invalid service types gracefully
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Samantha Jalabert (1):
bitbake: Fix disk space monitoring on cephfs
Stéphane Veyret (1):
nfs-utils: Add needed library to client
Sudip Mukherjee (4):
kea: upgrade to v2.4.0
cmake: upgrade to v3.27.4
dpkg: upgrade to v1.22.0
openssh: upgrade to v9.4p1
Tom Hochstein (1):
linux-firmware: add firmware files for NXP BT chipsets
Trevor Gamblin (16):
python3-hypothesis: upgrade 6.82.0 -> 6.82.5
python3-more-itertools: upgrade 10.0.0 -> 10.1.0
python3-pygments: upgrade 2.15.1 -> 2.16.1
python3-wheel: upgrade 0.41.0 -> 0.41.1
maintainers.inc: Add self for unmaintained Python recipes
oe-buildenv-internal: update required Python version
python3-dbusmock: upgrade 0.29.0 -> 0.29.1
python3-numpy: upgrade 1.25.1 -> 1.25.2
python3-trove-classfiers: upgrade 2023.7.6 -> 2023.8.7
python3-setuptools: upgrade 68.0.0 -> 68.1.0
python3-dtc: upgrade 1.6.1 -> 1.7.0
python3-poetry: upgrade 1.6.1 -> 1.7.0
python3-git: upgrade 3.1.32 -> 3.1.34
python3-hypothesis: upgrade 6.82.7 -> 6.84.0
python3-pytest: upgrade 7.4.0 -> 7.4.1
python3-sphinx: upgrade 7.1.1 -> 7.2.5
Ulrich Ölmann (1):
weston: fix comment
Wang Mingyu (47):
btrfs-tools: upgrade 6.3.1 -> 6.3.3
curl: upgrade 8.2.0 -> 8.2.1
file: upgrade 5.44 -> 5.45
gmp: upgrade 6.2.1 -> 6.3.0
xxhash: upgrade 0.8.1 -> 0.8.2
python3-editables: upgrade 0.4 -> 0.5
python3-markdown: upgrade 3.4.3 -> 3.4.4
python3-pathspec: upgrade 0.11.1 -> 0.11.2
python3-pip: upgrade 23.2 -> 23.2.1
python3-pyparsing: upgrade 3.1.0 -> 3.1.1
re2c: upgrade 3.0 -> 3.1
shaderc: upgrade 2023.4 -> 2023.5
sudo: upgrade 1.9.14p2 -> 1.9.14p3
libarchive: upgrade 3.6.2 -> 3.7.1
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
bluez5: upgrade 5.68 -> 5.69
ell: upgrade 0.57 -> 0.58
git: upgrade 2.41.0 -> 2.42.0
kbd: upgrade 2.6.1 -> 2.6.2
libconvert-asn1-perl: upgrade 0.33 -> 0.34
libdrm: upgrade 2.4.115 -> 2.4.116
libedit: upgrade 20221030-3.1 -> 20230828-3.1
libgit2: upgrade 1.7.0 -> 1.7.1
librepo: upgrade 1.15.1 -> 1.15.2
libsecret: upgrade 0.20.5 -> 0.21.0
libsndfile1: upgrade 1.2.0 -> 1.2.2
libxml2: upgrade 2.11.4 -> 2.11.5
mc: upgrade 4.8.29 -> 4.8.30
mpfr: upgrade 4.2.0 -> 4.2.1
neard: upgrade 0.18 -> 0.19
python3: upgrade 3.11.4 -> 3.11.5
pango: upgrade 1.50.14 -> 1.51.0
pigz: upgrade 2.7 -> 2.8
pkgconf: upgrade 1.9.5 -> 2.0.2
python3-setuptools: upgrade 68.1.0 -> 68.1.2
repo: upgrade 2.35 -> 2.36.1
shaderc: upgrade 2023.5 -> 2023.6
sqlite3: upgrade 3.42.0 -> 3.43.0
sysklogd: upgrade 2.5.0 -> 2.5.2
xz: upgrade 5.4.3 -> 5.4.4
zlib: upgrade 1.2.13 -> 1.3
python3-hypothesis: upgrade 6.82.5 -> 6.82.7
python3-pluggy: upgrade 1.2.0 -> 1.3.0
python3-sphinx-rtd-theme: upgrade 1.2.2 -> 1.3.0
python3-wheel: upgrade 0.41.1 -> 0.41.2
librepo: upgrade 1.15.2 -> 1.16.0
Yang Xu (1):
meson: don't fail if no .pyc exists
Yi Zhao (2):
dhcpcd: upgrade 10.0.1 -> 10.0.2
dhcpcd: fix buffer overflow
Yoann Congal (1):
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (1):
dropbear: fix CVE-2023-36328
Yuta Hayama (3):
linux/generate-cve-exclusions: print the generated time in UTC
linux/generate-cve-exclusions: fix mishandling of boundary values
linux-yocto: correct the wording in CVE_STATUS
Zang Ruochen (6):
tcf-agent: Disable non-building features on loongarch64
gcc-sanitizers: Add loongarch as a compatible architecture.
goarch.bbclass: Add loongarch64 to go_map_arch
qemuloongarch.inc:Change to use virtio-serial-pci
kernel-devsrc: Fixed missing loongarch64 kernel source code when test_kernelmodules
gcc: Fresh 0003-64-bit-multilib-hack.patch to add loongarch64 support
Change-Id: I4d4752539711b34471002dd1817bb7c14a590675
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 7b0f490..4c830cc 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -25,6 +25,7 @@
file://0001-Fix-opening-etc-resolv.conf-error.patch \
file://handle-hup.patch \
file://local-ping.patch \
+ file://invalid-service.patch \
"
GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/poky/meta/recipes-connectivity/avahi/files/invalid-service.patch b/poky/meta/recipes-connectivity/avahi/files/invalid-service.patch
new file mode 100644
index 0000000..8f188af
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/invalid-service.patch
@@ -0,0 +1,29 @@
+From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001
+From: Asger Hautop Drewsen <asger@princh.com>
+Date: Mon, 9 Aug 2021 14:25:08 +0200
+Subject: [PATCH] Fix avahi-browse: Invalid service type
+
+Invalid service types will stop the browse from completing, or
+in simple terms "my washing machine stops me from printing".
+
+Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ avahi-core/browse-service.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 63e0275a..ac3d2ecb 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare(
+ AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL);
+ AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME);
+ AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS);
+- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE);
++
++ if (!avahi_is_valid_service_type_generic(service_type))
++ service_type = "_invalid._tcp";
+
+ if (!domain)
+ domain = server->domain_name;
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.17.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.18.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/bind/bind_9.18.17.bb
rename to poky/meta/recipes-connectivity/bind/bind_9.18.18.bb
index 9e7973e..e74e685 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.18.17.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.18.18.bb
@@ -20,7 +20,7 @@
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "bde1c5017b81d1d79c69eb8f537f2e5032fd3623acdd5ee830d4f74bc2483458"
+SRC_URI[sha256sum] = "d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index d2ee2b4..e10158a 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,7 +55,6 @@
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
file://0004-src-shared-util.c-include-linux-limits.h.patch \
- file://fix-check-ell-path.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
deleted file mode 100644
index 7afa639..0000000
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/fix-check-ell-path.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=168818474411163&w=2]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-
-From linux-bluetooth Sat Jul 01 04:12:52 2023
-From: Rudi Heitbaum <rudi () heitbaum ! com>
-Date: Sat, 01 Jul 2023 04:12:52 +0000
-To: linux-bluetooth
-Subject: [PATCH] configure: Fix check ell path for cross compiling
-Message-Id: <20230701041252.139338-1-rudi () heitbaum ! com>
-X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=168818474411163
-
-Use of AC_CHECK_FILE prevents cross compilation.
-Instead use test to support cross compiling.
-
-Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
----
- configure.ac | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index eff297960..bc7edfcd3 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -298,9 +298,10 @@ if (test "${enable_external_ell}" = "yes"); then
- AC_SUBST(ELL_LIBS)
- fi
- if (test "${enable_external_ell}" != "yes"); then
-- AC_CHECK_FILE(${srcdir}/ell/ell.h, dummy=yes,
-- AC_CHECK_FILE(${srcdir}/../ell/ell/ell.h, dummy=yes,
-- AC_MSG_ERROR(ELL source is required or use --enable-external-ell)))
-+ if (test ! -f ${srcdir}/ell/ell.h) &&
-+ (test ! -f ${srcdir}/../ell/ell/ell.h); then
-+ AC_MSG_ERROR(ELL source is required or use --enable-external-ell)
-+ fi
- fi
- AM_CONDITIONAL(EXTERNAL_ELL, test "${enable_external_ell}" = "yes" ||
- (test "${enable_btpclient}" != "yes" &&
---
-2.34.1
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.69.bb
similarity index 94%
rename from poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
rename to poky/meta/recipes-connectivity/bluez5/bluez5_5.69.bb
index 7c7ad75..4673000 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.69.bb
@@ -1,6 +1,6 @@
require bluez5.inc
-SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
+SRC_URI[sha256sum] = "bc5a35ddc7c72d0d3999a0d7b2175c8b7d57ab670774f8b5b4900ff38a2627fc"
CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf/main.conf b/poky/meta/recipes-connectivity/connman/connman-conf/main.conf
index a394e8f..3c9dd39 100644
--- a/poky/meta/recipes-connectivity/connman/connman-conf/main.conf
+++ b/poky/meta/recipes-connectivity/connman/connman-conf/main.conf
@@ -1,2 +1,2 @@
[General]
-NetworkInterfaceBlacklist = eth0
+NetworkInterfaceBlacklist = eth,en
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch b/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
deleted file mode 100644
index 8e2f47a..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@monom.org>
-Date: Tue, 11 Apr 2023 08:12:56 +0200
-Subject: [PATCH] gdhcp: Verify and sanitize packet length first
-
-Avoid overwriting the read packet length after the initial test. Thus
-move all the length checks which depends on the total length first
-and do not use the total lenght from the IP packet afterwards.
-
-Fixes CVE-2023-28488
-
-Reported by Polina Smirnova <moe.hwr@gmail.com>
-
-CVE: CVE-2023-28488
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- gdhcp/client.c | 16 +++++++++-------
- 1 file changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index 7efa7e45..82017692 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes)
- static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
- struct sockaddr_in *dst_addr)
- {
-- int bytes;
- struct ip_udp_dhcp_packet packet;
- uint16_t check;
-+ int bytes, tot_len;
-
- memset(&packet, 0, sizeof(packet));
-
-@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
- if (bytes < 0)
- return -1;
-
-- if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
-- return -1;
--
-- if (bytes < ntohs(packet.ip.tot_len))
-+ tot_len = ntohs(packet.ip.tot_len);
-+ if (bytes > tot_len) {
-+ /* ignore any extra garbage bytes */
-+ bytes = tot_len;
-+ } else if (bytes < tot_len) {
- /* packet is bigger than sizeof(packet), we did partial read */
- return -1;
-+ }
-
-- /* ignore any extra garbage bytes */
-- bytes = ntohs(packet.ip.tot_len);
-+ if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
-+ return -1;
-
- if (!sanity_check(&packet, bytes))
- return -1;
---
-2.34.1
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch b/poky/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
index 83343fd..9e5ac8d 100644
--- a/poky/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
@@ -1,4 +1,4 @@
-From 5f373f373f5baccc282dce257b7b16c8bb4a82c4 Mon Sep 17 00:00:00 2001
+From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
Date: Sat, 25 Mar 2023 20:51:52 +0000
Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release
@@ -11,82 +11,12 @@
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+
---
- configure.ac | 42 ++++++++-----
scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++
- scripts/libppp-plugin.c | 15 +++--
- 3 files changed, 161 insertions(+), 23 deletions(-)
+ 1 file changed, 127 insertions(+)
create mode 100644 scripts/libppp-compat.h
-diff --git a/configure.ac b/configure.ac
-index a573cef..f34bb38 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -135,14 +135,6 @@ AC_ARG_ENABLE(l2tp,
- AC_HELP_STRING([--enable-l2tp], [enable l2tp support]),
- [enable_l2tp=${enableval}], [enable_l2tp="no"])
- if (test "${enable_l2tp}" != "no"); then
-- if (test -z "${path_pppd}"); then
-- AC_PATH_PROG(PPPD, [pppd], [/usr/sbin/pppd], $PATH:/sbin:/usr/sbin)
-- else
-- PPPD="${path_pppd}"
-- AC_SUBST(PPPD)
-- fi
-- AC_CHECK_HEADERS(pppd/pppd.h, dummy=yes,
-- AC_MSG_ERROR(ppp header files are required))
- if (test -z "${path_l2tp}"); then
- AC_PATH_PROG(L2TP, [xl2tpd], [/usr/sbin/xl2tpd], $PATH:/sbin:/usr/sbin)
- else
-@@ -160,6 +152,18 @@ AC_ARG_ENABLE(pptp,
- AC_HELP_STRING([--enable-pptp], [enable pptp support]),
- [enable_pptp=${enableval}], [enable_pptp="no"])
- if (test "${enable_pptp}" != "no"); then
-+ if (test -z "${path_pptp}"); then
-+ AC_PATH_PROG(PPTP, [pptp], [/usr/sbin/pptp], $PATH:/sbin:/usr/sbin)
-+ else
-+ PPTP="${path_pptp}"
-+ AC_SUBST(PPTP)
-+ fi
-+fi
-+AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no")
-+AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin")
-+
-+if (test "${enable_pptp}" != "no" || test "${enable_l2tp}" != "no"); then
-+
- if (test -z "${path_pppd}"); then
- AC_PATH_PROG(PPPD, [pppd], [/usr/sbin/pppd], $PATH:/sbin:/usr/sbin)
- else
-@@ -168,15 +172,23 @@ if (test "${enable_pptp}" != "no"); then
- fi
- AC_CHECK_HEADERS(pppd/pppd.h, dummy=yes,
- AC_MSG_ERROR(ppp header files are required))
-- if (test -z "${path_pptp}"); then
-- AC_PATH_PROG(PPTP, [pptp], [/usr/sbin/pptp], $PATH:/sbin:/usr/sbin)
-- else
-- PPTP="${path_pptp}"
-- AC_SUBST(PPTP)
-+ AC_CHECK_HEADERS([pppd/chap.h pppd/chap-new.h pppd/chap_ms.h])
-+
-+ PKG_CHECK_EXISTS([pppd],
-+ [AS_VAR_SET([pppd_pkgconfig_support],[yes])])
-+
-+ PPPD_VERSION=2.4.9
-+ if test x"$pppd_pkgconfig_support" = xyes; then
-+ PPPD_VERSION=`$PKG_CONFIG --modversion pppd`
- fi
-+
-+ AC_DEFINE_UNQUOTED([PPP_VERSION(x,y,z)],
-+ [((x & 0xFF) << 16 | (y & 0xFF) << 8 | (z & 0xFF) << 0)],
-+ [Macro to help determine the particular version of pppd])
-+ PPP_VERSION=$(echo $PPPD_VERSION | sed -e "s/\./\,/g")
-+ AC_DEFINE_UNQUOTED(WITH_PPP_VERSION, PPP_VERSION($PPP_VERSION),
-+ [The real version of pppd represented as an int])
- fi
--AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no")
--AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin")
-
- AC_CHECK_HEADERS(resolv.h, dummy=yes,
- AC_MSG_ERROR(resolver header files are required))
diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h
new file mode 100644
index 0000000..eee1d09
@@ -220,55 +150,3 @@
+
+#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */
+#endif /* #if__LIBPPP_COMPAT_H__ */
-diff --git a/scripts/libppp-plugin.c b/scripts/libppp-plugin.c
-index 0dd8b47..61641b5 100644
---- a/scripts/libppp-plugin.c
-+++ b/scripts/libppp-plugin.c
-@@ -29,14 +29,13 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <pppd/pppd.h>
--#include <pppd/fsm.h>
--#include <pppd/ipcp.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-
- #include <dbus/dbus.h>
-
-+#include "libppp-compat.h"
-+
- #define INET_ADDRES_LEN (INET_ADDRSTRLEN + 5)
- #define INET_DNS_LEN (2*INET_ADDRSTRLEN + 9)
-
-@@ -47,7 +46,7 @@ static char *path;
- static DBusConnection *connection;
- static int prev_phase;
-
--char pppd_version[] = VERSION;
-+char pppd_version[] = PPPD_VERSION;
-
- int plugin_init(void);
-
-@@ -170,7 +169,7 @@ static void ppp_up(void *data, int arg)
- DBUS_TYPE_STRING_AS_STRING DBUS_TYPE_STRING_AS_STRING
- DBUS_DICT_ENTRY_END_CHAR_AS_STRING, &dict);
-
-- append(&dict, "INTERNAL_IFNAME", ifname);
-+ append(&dict, "INTERNAL_IFNAME", ppp_ifname());
-
- inet_ntop(AF_INET, &ipcp_gotoptions[0].ouraddr, buf, INET_ADDRSTRLEN);
- append(&dict, "INTERNAL_IP4_ADDRESS", buf);
-@@ -309,9 +308,9 @@ int plugin_init(void)
- chap_check_hook = ppp_have_secret;
- pap_check_hook = ppp_have_secret;
-
-- add_notifier(&ip_up_notifier, ppp_up, NULL);
-- add_notifier(&phasechange, ppp_phase_change, NULL);
-- add_notifier(&exitnotify, ppp_exit, connection);
-+ ppp_add_notify(NF_IP_UP, ppp_up, NULL);
-+ ppp_add_notify(NF_PHASE_CHANGE, ppp_phase_change, NULL);
-+ ppp_add_notify(NF_EXIT, ppp_exit, connection);
-
- return 0;
- }
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 9dca21a..aefdd3a 100644
--- a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -18,14 +18,6 @@
index 954e7cf..2a9bc51 100644
--- a/gweb/gresolv.c
+++ b/gweb/gresolv.c
-@@ -36,6 +36,7 @@
- #include <arpa/inet.h>
- #include <arpa/nameser.h>
- #include <net/if.h>
-+#include <ctype.h>
-
- #include "gresolv.h"
-
@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index)
resolv->index = index;
resolv->nameserver_list = NULL;
diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch
deleted file mode 100644
index 182c5ca..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001
-From: Nathan Crandall <ncrandall@tesla.com>
-Date: Tue, 12 Jul 2022 08:56:34 +0200
-Subject: gweb: Fix OOB write in received_data()
-
-There is a mismatch of handling binary vs. C-string data with memchr
-and strlen, resulting in pos, count, and bytes_read to become out of
-sync and result in a heap overflow. Instead, do not treat the buffer
-as an ASCII C-string. We calculate the count based on the return value
-of memchr, instead of strlen.
-
-Fixes: CVE-2022-32292
-
-CVE: CVE-2022-32292
-
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- gweb/gweb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gweb/gweb.c b/gweb/gweb.c
-index 12fcb1d8..13c6c5f2 100644
---- a/gweb/gweb.c
-+++ b/gweb/gweb.c
-@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond,
- }
-
- *pos = '\0';
-- count = strlen((char *) ptr);
-+ count = pos - ptr;
- if (count > 0 && ptr[count - 1] == '\r') {
- ptr[--count] = '\0';
- bytes_read--;
---
-cgit
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch
deleted file mode 100644
index b280203..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From 72343929836de80727a27d6744c869dff045757c Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@monom.org>
-Date: Tue, 5 Jul 2022 08:32:12 +0200
-Subject: wispr: Add reference counter to portal context
-
-Track the connman_wispr_portal_context live time via a
-refcounter. This only adds the infrastructure to do proper reference
-counting.
-
-Fixes: CVE-2022-32293
-CVE: CVE-2022-32293
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/wispr.c | 52 ++++++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 42 insertions(+), 10 deletions(-)
-
-diff --git a/src/wispr.c b/src/wispr.c
-index a07896ca..bde7e63b 100644
---- a/src/wispr.c
-+++ b/src/wispr.c
-@@ -56,6 +56,7 @@ struct wispr_route {
- };
-
- struct connman_wispr_portal_context {
-+ int refcount;
- struct connman_service *service;
- enum connman_ipconfig_type type;
- struct connman_wispr_portal *wispr_portal;
-@@ -97,6 +98,11 @@ static char *online_check_ipv4_url = NULL;
- static char *online_check_ipv6_url = NULL;
- static bool enable_online_to_ready_transition = false;
-
-+#define wispr_portal_context_ref(wp_context) \
-+ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__)
-+#define wispr_portal_context_unref(wp_context) \
-+ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__)
-+
- static void connman_wispr_message_init(struct connman_wispr_message *msg)
- {
- DBG("");
-@@ -162,9 +168,6 @@ static void free_connman_wispr_portal_context(
- {
- DBG("context %p", wp_context);
-
-- if (!wp_context)
-- return;
--
- if (wp_context->wispr_portal) {
- if (wp_context->wispr_portal->ipv4_context == wp_context)
- wp_context->wispr_portal->ipv4_context = NULL;
-@@ -201,9 +204,38 @@ static void free_connman_wispr_portal_context(
- g_free(wp_context);
- }
-
-+static struct connman_wispr_portal_context *
-+wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context,
-+ const char *file, int line, const char *caller)
-+{
-+ DBG("%p ref %d by %s:%d:%s()", wp_context,
-+ wp_context->refcount + 1, file, line, caller);
-+
-+ __sync_fetch_and_add(&wp_context->refcount, 1);
-+
-+ return wp_context;
-+}
-+
-+static void wispr_portal_context_unref_debug(
-+ struct connman_wispr_portal_context *wp_context,
-+ const char *file, int line, const char *caller)
-+{
-+ if (!wp_context)
-+ return;
-+
-+ DBG("%p ref %d by %s:%d:%s()", wp_context,
-+ wp_context->refcount - 1, file, line, caller);
-+
-+ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1)
-+ return;
-+
-+ free_connman_wispr_portal_context(wp_context);
-+}
-+
- static struct connman_wispr_portal_context *create_wispr_portal_context(void)
- {
-- return g_try_new0(struct connman_wispr_portal_context, 1);
-+ return wispr_portal_context_ref(
-+ g_new0(struct connman_wispr_portal_context, 1));
- }
-
- static void free_connman_wispr_portal(gpointer data)
-@@ -215,8 +247,8 @@ static void free_connman_wispr_portal(gpointer data)
- if (!wispr_portal)
- return;
-
-- free_connman_wispr_portal_context(wispr_portal->ipv4_context);
-- free_connman_wispr_portal_context(wispr_portal->ipv6_context);
-+ wispr_portal_context_unref(wispr_portal->ipv4_context);
-+ wispr_portal_context_unref(wispr_portal->ipv6_context);
-
- g_free(wispr_portal);
- }
-@@ -452,7 +484,7 @@ static void portal_manage_status(GWebResult *result,
- connman_info("Client-Timezone: %s", str);
-
- if (!enable_online_to_ready_transition)
-- free_connman_wispr_portal_context(wp_context);
-+ wispr_portal_context_unref(wp_context);
-
- __connman_service_ipconfig_indicate_state(service,
- CONNMAN_SERVICE_STATE_ONLINE, type);
-@@ -616,7 +648,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service,
- return;
- }
-
-- free_connman_wispr_portal_context(wp_context);
-+ wispr_portal_context_unref(wp_context);
- return;
- }
-
-@@ -952,7 +984,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context)
-
- if (wp_context->token == 0) {
- err = -EINVAL;
-- free_connman_wispr_portal_context(wp_context);
-+ wispr_portal_context_unref(wp_context);
- }
- } else if (wp_context->timeout == 0) {
- wp_context->timeout = g_idle_add(no_proxy_callback, wp_context);
-@@ -1001,7 +1033,7 @@ int __connman_wispr_start(struct connman_service *service,
-
- /* If there is already an existing context, we wipe it */
- if (wp_context)
-- free_connman_wispr_portal_context(wp_context);
-+ wispr_portal_context_unref(wp_context);
-
- wp_context = create_wispr_portal_context();
- if (!wp_context)
---
-cgit
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch
deleted file mode 100644
index 56f8fc8..0000000
--- a/poky/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 416bfaff988882c553c672e5bfc2d4f648d29e8a Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@monom.org>
-Date: Tue, 5 Jul 2022 09:11:09 +0200
-Subject: wispr: Update portal context references
-
-Maintain proper portal context references to avoid UAF.
-
-Fixes: CVE-2022-32293
-CVE: CVE-2022-32293
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/wispr.c | 34 ++++++++++++++++++++++------------
- 1 file changed, 22 insertions(+), 12 deletions(-)
-
-diff --git a/src/wispr.c b/src/wispr.c
-index bde7e63b..84bed33f 100644
---- a/src/wispr.c
-+++ b/src/wispr.c
-@@ -105,8 +105,6 @@ static bool enable_online_to_ready_transition = false;
-
- static void connman_wispr_message_init(struct connman_wispr_message *msg)
- {
-- DBG("");
--
- msg->has_error = false;
- msg->current_element = NULL;
-
-@@ -166,8 +164,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context)
- static void free_connman_wispr_portal_context(
- struct connman_wispr_portal_context *wp_context)
- {
-- DBG("context %p", wp_context);
--
- if (wp_context->wispr_portal) {
- if (wp_context->wispr_portal->ipv4_context == wp_context)
- wp_context->wispr_portal->ipv4_context = NULL;
-@@ -483,9 +479,6 @@ static void portal_manage_status(GWebResult *result,
- &str))
- connman_info("Client-Timezone: %s", str);
-
-- if (!enable_online_to_ready_transition)
-- wispr_portal_context_unref(wp_context);
--
- __connman_service_ipconfig_indicate_state(service,
- CONNMAN_SERVICE_STATE_ONLINE, type);
-
-@@ -546,14 +539,17 @@ static void wispr_portal_request_portal(
- {
- DBG("");
-
-+ wispr_portal_context_ref(wp_context);
- wp_context->request_id = g_web_request_get(wp_context->web,
- wp_context->status_url,
- wispr_portal_web_result,
- wispr_route_request,
- wp_context);
-
-- if (wp_context->request_id == 0)
-+ if (wp_context->request_id == 0) {
- wispr_portal_error(wp_context);
-+ wispr_portal_context_unref(wp_context);
-+ }
- }
-
- static bool wispr_input(const guint8 **data, gsize *length,
-@@ -618,13 +614,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service,
- return;
-
- if (!authentication_done) {
-- wispr_portal_error(wp_context);
- free_wispr_routes(wp_context);
-+ wispr_portal_error(wp_context);
-+ wispr_portal_context_unref(wp_context);
- return;
- }
-
- /* Restarting the test */
- __connman_service_wispr_start(service, wp_context->type);
-+ wispr_portal_context_unref(wp_context);
- }
-
- static void wispr_portal_request_wispr_login(struct connman_service *service,
-@@ -700,11 +698,13 @@ static bool wispr_manage_message(GWebResult *result,
-
- wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN;
-
-+ wispr_portal_context_ref(wp_context);
- if (__connman_agent_request_login_input(wp_context->service,
- wispr_portal_request_wispr_login,
-- wp_context) != -EINPROGRESS)
-+ wp_context) != -EINPROGRESS) {
- wispr_portal_error(wp_context);
-- else
-+ wispr_portal_context_unref(wp_context);
-+ } else
- return true;
-
- break;
-@@ -753,6 +753,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
- if (length > 0) {
- g_web_parser_feed_data(wp_context->wispr_parser,
- chunk, length);
-+ wispr_portal_context_unref(wp_context);
- return true;
- }
-
-@@ -770,6 +771,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
-
- switch (status) {
- case 000:
-+ wispr_portal_context_ref(wp_context);
- __connman_agent_request_browser(wp_context->service,
- wispr_portal_browser_reply_cb,
- wp_context->status_url, wp_context);
-@@ -781,11 +783,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
- if (g_web_result_get_header(result, "X-ConnMan-Status",
- &str)) {
- portal_manage_status(result, wp_context);
-+ wispr_portal_context_unref(wp_context);
- return false;
-- } else
-+ } else {
-+ wispr_portal_context_ref(wp_context);
- __connman_agent_request_browser(wp_context->service,
- wispr_portal_browser_reply_cb,
- wp_context->redirect_url, wp_context);
-+ }
-
- break;
- case 300:
-@@ -798,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
- !g_web_result_get_header(result, "Location",
- &redirect)) {
-
-+ wispr_portal_context_ref(wp_context);
- __connman_agent_request_browser(wp_context->service,
- wispr_portal_browser_reply_cb,
- wp_context->status_url, wp_context);
-@@ -808,6 +814,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
-
- wp_context->redirect_url = g_strdup(redirect);
-
-+ wispr_portal_context_ref(wp_context);
- wp_context->request_id = g_web_request_get(wp_context->web,
- redirect, wispr_portal_web_result,
- wispr_route_request, wp_context);
-@@ -820,6 +827,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
-
- break;
- case 505:
-+ wispr_portal_context_ref(wp_context);
- __connman_agent_request_browser(wp_context->service,
- wispr_portal_browser_reply_cb,
- wp_context->status_url, wp_context);
-@@ -832,6 +840,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
- wp_context->request_id = 0;
- done:
- wp_context->wispr_msg.message_type = -1;
-+ wispr_portal_context_unref(wp_context);
- return false;
- }
-
-@@ -890,6 +899,7 @@ static void proxy_callback(const char *proxy, void *user_data)
- xml_wispr_parser_callback, wp_context);
-
- wispr_portal_request_portal(wp_context);
-+ wispr_portal_context_unref(wp_context);
- }
-
- static gboolean no_proxy_callback(gpointer user_data)
---
-cgit
-
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.42.bb
similarity index 66%
rename from poky/meta/recipes-connectivity/connman/connman_1.41.bb
rename to poky/meta/recipes-connectivity/connman/connman_1.42.bb
index d8ac1f5..c2fcd61 100644
--- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/poky/meta/recipes-connectivity/connman/connman_1.42.bb
@@ -5,16 +5,12 @@
file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
file://connman \
file://no-version-scripts.patch \
- file://CVE-2022-32293_p1.patch \
- file://CVE-2022-32293_p2.patch \
- file://CVE-2022-32292.patch \
- file://0001-gdhcp-Verify-and-sanitize-packet-length-first.patch \
file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \
"
SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-SRC_URI[sha256sum] = "79fb40f4fdd5530c45aa8e592fb16ba23d3674f3a98cf10b89a6576f198de589"
+SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa"
RRECOMMENDS:${PN} = "connman-conf"
RCONFLICTS:${PN} = "networkmanager"
diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
similarity index 93%
rename from poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.1.bb
rename to poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
index de007a6..0966edd 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.1.bb
+++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.2.bb
@@ -15,9 +15,10 @@
file://dhcpcd.service \
file://dhcpcd@.service \
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
+ file://0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch \
"
-SRCREV = "5d9bf80c26b4b7dc9d8aa175d96d5a24e75b4d48"
+SRCREV = "d2fbde99cf2d0072016af9dfe6a77032a5a9fc30"
S = "${WORKDIR}/git"
inherit pkgconfig autotools-brokensep systemd useradd
diff --git a/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
new file mode 100644
index 0000000..d4fb173
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcpcd/files/0001-privsep-fix-strlcpy-overflow-in-psp_ifname-239.patch
@@ -0,0 +1,33 @@
+From 1bd8fc7d4b34f752a32709d277a897e5ad202d97 Mon Sep 17 00:00:00 2001
+From: Tobias Heider <tobhe@users.noreply.github.com>
+Date: Tue, 15 Aug 2023 18:06:48 +0200
+Subject: [PATCH] privsep: fix strlcpy overflow in psp_ifname (#239)
+
+When running our Ubuntu tests with libc6 and strlcpy overflow checks
+enabled we found that the wrong size is passed to strlcpy resulting
+in a crash because of an overflow.
+
+Upstream-Status: Backport
+[https://github.com/NetworkConfiguration/dhcpcd/commit/1bd8fc7d4b34f752a32709d277a897e5ad202d97]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/privsep.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/privsep.c b/src/privsep.c
+index b11c0351..cfe54742 100644
+--- a/src/privsep.c
++++ b/src/privsep.c
+@@ -1200,7 +1200,7 @@ ps_newprocess(struct dhcpcd_ctx *ctx, struct ps_id *psid)
+ #endif
+
+ if (!(ctx->options & DHCPCD_MANAGER))
+- strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_name));
++ strlcpy(psp->psp_ifname, ctx->ifv[0], sizeof(psp->psp_ifname));
+ TAILQ_INSERT_TAIL(&ctx->ps_processes, psp, next);
+ return psp;
+ }
+--
+2.25.1
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000..70bd988
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,279 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ftpd/ftpd.c | 10 +++++++---
+ src/rcp.c | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c | 25 +++++++++++++++++++++----
+ src/rshd.c | 20 +++++++++++++++++---
+ src/uucpd.c | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
++++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+ char *remotehost = pcred->remotehost;
+ int atype = pcred->auth_type;
+
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
++
+ if (pcred->logged_in)
+ {
+ logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+
+ if (data >= 0)
+ return fdopen (data, mode);
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
+ s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+ else /* !AF_INET6 */
+ ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+
+- seteuid ((uid_t) 0);
++ if (seteuid ((uid_t) 0) == -1)
++ _exit (EXIT_FAILURE);
+ if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+ {
+ if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+ if (from_option)
+ { /* Follow "protocol", send data. */
+ response ();
+- setuid (userid);
++
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ source (argc, argv);
+ exit (errs);
+ }
+
+ if (to_option)
+ { /* Receive data. */
+- setuid (userid);
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ sink (argc, argv);
+ exit (errs);
+ }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+ if (response () < 0)
+ exit (EXIT_FAILURE);
+ free (bp);
+- setuid (userid);
++
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+ }
+ source (1, argv + i);
+ close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ ++errs;
+ continue;
+ }
+- seteuid (userid);
++
++ if (seteuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+ (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+ vect[0] = target;
+ sink (1, vect);
+- seteuid (effuid);
++
++ if (seteuid (effuid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
+ close (rem);
+ rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+ return (127);
+
+ case 0:
+- setuid (userid);
++ if (setuid (userid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
++
+ execl (PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit (127);
+ }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+ /* Now change to the real user ID. We have to be set-user-ID root
+ to get the privileged port that rcmd () uses. We now want, however,
+ to run as the real user who invoked us. */
+- seteuid (uid);
+- setuid (uid);
++ if (seteuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
++
++ if (setuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+
+ doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
+
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+ {
+ if (asrsh)
+ *argv = (char *) "rlogin";
+- seteuid (getuid ());
+- setuid (getuid ());
++
++ if (seteuid (getuid ()) == -1)
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
++
++ if (setuid (getuid ()) == -1)
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
++
+ execv (PATH_RLOGIN, argv);
+ error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+ }
+@@ -541,8 +550,16 @@ try_connect:
+ error (0, errno, "setsockopt DEBUG (ignored)");
+ }
+
+- seteuid (uid);
+- setuid (uid);
++ if (seteuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
++
++ if (setuid (uid) == -1)
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
++
+ #ifdef HAVE_SIGACTION
+ sigemptyset (&sigs);
+ sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ pwd->pw_shell = PATH_BSHELL;
+
+ /* Set the gid, then uid to become the user specified by "locuser" */
+- setegid ((gid_t) pwd->pw_gid);
+- setgid ((gid_t) pwd->pw_gid);
++ if (setegid ((gid_t) pwd->pw_gid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setegid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
++
++ if (setgid ((gid_t) pwd->pw_gid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setgid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
++
+ #ifdef HAVE_INITGROUPS
+ initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ }
+ #endif /* WITH_PAM */
+
+- setuid ((uid_t) pwd->pw_uid);
++ if (setuid ((uid_t) pwd->pw_uid) == -1)
++ {
++ rshd_error ("Cannot drop privileges (setuid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ /* We'll execute the client's command in the home directory
+ * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+ snprintf (Username, sizeof (Username), "USER=%s", user);
+ snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+ dologin (pw, sap, salen);
+- setgid (pw->pw_gid);
++
++ if (setgid (pw->pw_gid) == -1)
++ {
++ fprintf (stderr, "setgid() failed");
++ return;
++ }
+ #ifdef HAVE_INITGROUPS
+ initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+ fprintf (stderr, "Login incorrect.");
+ return;
+ }
+- setuid (pw->pw_uid);
++
++ if (setuid (pw->pw_uid) == -1)
++ {
++ fprintf (stderr, "setuid() failed");
++ return;
++ }
++
+ execl (uucico_location, "uucico", NULL);
+ perror ("uucico server: execl");
+ }
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
new file mode 100644
index 0000000..1b972aa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,253 @@
+From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Mon, 31 Jul 2023 13:59:05 +0200
+Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/rcp.c | 42 ++++++++++++++++++++++++------------------
+ src/rlogin.c | 12 ++++++------
+ src/rsh.c | 24 ++++++++++++------------
+ src/rshd.c | 24 ++++++++++++------------
+ src/uucpd.c | 16 ++++++++--------
+ 5 files changed, 62 insertions(+), 56 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index cdcf8500..652f22e6 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -347,9 +347,10 @@ main (int argc, char *argv[])
+ response ();
+
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ source (argc, argv);
+ exit (errs);
+@@ -358,9 +359,10 @@ main (int argc, char *argv[])
+ if (to_option)
+ { /* Receive data. */
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ sink (argc, argv);
+ exit (errs);
+@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
+ free (bp);
+
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+ }
+ source (1, argv + i);
+ close (rem);
+@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
+ }
+
+ if (seteuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (seteuid() failed)");
++ }
+
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+ sslen = sizeof (ss);
+@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
+ sink (1, vect);
+
+ if (seteuid (effuid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (seteuid() failed)");
++ }
+
+ close (rem);
+ rem = -1;
+@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
+
+ case 0:
+ if (setuid (userid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0,
++ "Could not drop privileges (setuid() failed)");
++ }
+
+ execl (PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit (127);
+diff --git a/src/rlogin.c b/src/rlogin.c
+index c543de0c..4360202f 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -648,14 +648,14 @@ try_connect:
+ to get the privileged port that rcmd () uses. We now want, however,
+ to run as the real user who invoked us. */
+ if (seteuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++ }
+
+ if (setuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+- }
++ {
++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++ }
+
+ doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */
+
+diff --git a/src/rsh.c b/src/rsh.c
+index 6f60667d..179b47cd 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -278,14 +278,14 @@ main (int argc, char **argv)
+ *argv = (char *) "rlogin";
+
+ if (seteuid (getuid ()) == -1)
+- {
+- error (EXIT_FAILURE, errno, "seteuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
+
+ if (setuid (getuid ()) == -1)
+- {
+- error (EXIT_FAILURE, errno, "setuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
+
+ execv (PATH_RLOGIN, argv);
+ error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+@@ -551,14 +551,14 @@ try_connect:
+ }
+
+ if (seteuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, errno, "seteuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "seteuid() failed");
++ }
+
+ if (setuid (uid) == -1)
+- {
+- error (EXIT_FAILURE, errno, "setuid() failed");
+- }
++ {
++ error (EXIT_FAILURE, errno, "setuid() failed");
++ }
+
+ #ifdef HAVE_SIGACTION
+ sigemptyset (&sigs);
+diff --git a/src/rshd.c b/src/rshd.c
+index 707790e7..3a153a18 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+
+ /* Set the gid, then uid to become the user specified by "locuser" */
+ if (setegid ((gid_t) pwd->pw_gid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setegid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setegid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ if (setgid ((gid_t) pwd->pw_gid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setgid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setgid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ #ifdef HAVE_INITGROUPS
+ initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */
+@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ #endif /* WITH_PAM */
+
+ if (setuid ((uid_t) pwd->pw_uid) == -1)
+- {
+- rshd_error ("Cannot drop privileges (setuid() failed)\n");
+- exit (EXIT_FAILURE);
+- }
++ {
++ rshd_error ("Cannot drop privileges (setuid() failed)\n");
++ exit (EXIT_FAILURE);
++ }
+
+ /* We'll execute the client's command in the home directory
+ * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 29cfce35..fde7b9c9 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+ dologin (pw, sap, salen);
+
+ if (setgid (pw->pw_gid) == -1)
+- {
+- fprintf (stderr, "setgid() failed");
+- return;
+- }
++ {
++ fprintf (stderr, "setgid() failed");
++ return;
++ }
+ #ifdef HAVE_INITGROUPS
+ initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+ }
+
+ if (setuid (pw->pw_uid) == -1)
+- {
+- fprintf (stderr, "setuid() failed");
+- return;
+- }
++ {
++ fprintf (stderr, "setuid() failed");
++ return;
++ }
+
+ execl (uucico_location, "uucico", NULL);
+ perror ("uucico server: execl");
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
deleted file mode 100644
index 603d2ba..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] Upstream:
- http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
-
-Upstream-Status: Pending
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- ping/ping_common.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/ping/ping_common.h b/ping/ping_common.h
-index 65e3e60..3e84db0 100644
---- a/ping/ping_common.h
-+++ b/ping/ping_common.h
-@@ -18,10 +18,14 @@
- You should have received a copy of the GNU General Public License
- along with this program. If not, see `http://www.gnu.org/licenses/'. */
-
-+#include <config.h>
-+
- #include <netinet/in_systm.h>
- #include <netinet/in.h>
- #include <netinet/ip.h>
-+#ifdef HAVE_IPV6
- #include <netinet/icmp6.h>
-+#endif
- #include <icmp.h>
- #include <error.h>
- #include <progname.h>
-@@ -63,7 +67,12 @@ struct ping_stat
- want to follow the traditional behaviour of ping. */
- #define DEFAULT_PING_COUNT 0
-
-+#ifdef HAVE_IPV6
- #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
-+#else
-+#define PING_HEADER_LEN (ICMP_MINLEN)
-+#endif
-+
- #define PING_TIMING(s) ((s) >= sizeof (struct timeval))
- #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */
-
-@@ -78,13 +87,20 @@ struct ping_stat
-
- #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION)
-
-+#ifdef HAVE_IPV6
- /* FIXME: Adjust IPv6 case for options and their consumption. */
- #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
- (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
-
-+#else
-+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
-+#endif
-+
-+#ifdef HAVE_IPV6
- typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
- struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
- int datalen);
-+#endif
-
- typedef int (*ping_efp) (int code,
- void *closure,
-@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code,
- struct ip * ip, icmphdr_t * icmp, int datalen);
-
- union event {
-+#ifdef HAVE_IPV6
- ping_efp6 handler6;
-+#endif
- ping_efp handler;
- };
-
- union ping_address {
- struct sockaddr_in ping_sockaddr;
-+#ifdef HAVE_IPV6
- struct sockaddr_in6 ping_sockaddr6;
-+#endif
- };
-
- typedef struct ping_data PING;
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
deleted file mode 100644
index 2974bd4..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier at gentoo.org>
-Date: Thu, 18 Nov 2010 16:59:14 -0500
-Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__
-
-Upstream-Status: Pending
-
-Signed-off-by: Mike Frysinger <vapier at gentoo.org>
-
----
- lib/printf-parse.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/printf-parse.h b/lib/printf-parse.h
-index e7d0f82..d7b4534 100644
---- a/lib/printf-parse.h
-+++ b/lib/printf-parse.h
-@@ -28,6 +28,9 @@
-
- #include "printf-args.h"
-
-+#ifdef HAVE_FEATURES_H
-+# include <features.h> /* for __GLIBC__ */
-+#endif
-
- /* Flags */
- #define FLAG_GROUP 1 /* ' flag */
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
deleted file mode 100644
index 1ef7e21..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Upstream-Status: Pending
-
----
- lib/wchar.in.h | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/wchar.in.h b/lib/wchar.in.h
-index cdda680..043866a 100644
---- a/lib/wchar.in.h
-+++ b/lib/wchar.in.h
-@@ -77,6 +77,9 @@
- /* The include_next requires a split double-inclusion guard. */
- #if @HAVE_WCHAR_H@
- # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
-+#else
-+# include <stddef.h>
-+# define MB_CUR_MAX 1
- #endif
-
- #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
deleted file mode 100644
index 460ddf9..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@gmail.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-this prevents the following compilation error :
-system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
-
-this patch comes from :
- http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
-
-Upstream-Status: Inappropriate [not author]
-
-Signed-of-by: Eric Bénard <eric@eukrea.com>
-
----
- ifconfig/system/linux.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c
-index e453b46..4268ca9 100644
---- a/ifconfig/system/linux.c
-+++ b/ifconfig/system/linux.c
-@@ -53,6 +53,10 @@
- #include "../ifconfig.h"
- �
-
-+#ifndef PATH_PROCNET_DEV
-+ #define PATH_PROCNET_DEV "/proc/net/dev"
-+#endif
-+
- /* ARPHRD stuff. */
-
- static void
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
deleted file mode 100644
index 2343c03..0000000
--- a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001
-From: Kai Kang <kai.kang@windriver.com>
-Date: Wed, 6 Mar 2019 09:36:11 -0500
-Subject: [PATCH] inetutils: Import version 1.9.4
-
-Only check security/pam_appl.h which is provided by package libpam when pam is
-enabled.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
----
- configure.ac | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5e16c3a..18510a8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL)
-
- # See if we have libpam.a. Investigate PAM versus Linux-PAM.
- if test "$with_pam" = yes ; then
-+ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
-+#include <sys/types.h>
-+#ifdef HAVE_NETINET_IN_SYSTM_H
-+# include <netinet/in_systm.h>
-+#endif
-+#include <netinet/in.h>
-+#ifdef HAVE_NETINET_IP_H
-+# include <netinet/ip.h>
-+#endif
-+#ifdef HAVE_SYS_PARAM_H
-+# include <sys/param.h>
-+#endif
-+])
- AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
- AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
- if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
-@@ -617,7 +630,7 @@ AC_HEADER_DIRENT
- AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \
- glob.h memory.h netinet/ether.h netinet/in_systm.h \
- netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
-- security/pam_appl.h shadow.h \
-+ shadow.h \
- stropts.h sys/tty.h \
- sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
- sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
index bcc3a02..957f1fe 100644
--- a/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_2.4.bb
@@ -13,23 +13,19 @@
SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2"
SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
- file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
- file://inetutils-1.8-0003-wchar.patch \
- file://rexec.xinetd.inetutils \
+ file://rexec.xinetd.inetutils \
file://rlogin.xinetd.inetutils \
file://rsh.xinetd.inetutils \
file://telnet.xinetd.inetutils \
file://tftpd.xinetd.inetutils \
- file://inetutils-1.9-PATH_PROCNET_DEV.patch \
- file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
-"
+ file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
+ file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
+ "
inherit autotools gettext update-alternatives texinfo
acpaths = "-I ./m4"
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
-
PACKAGECONFIG ??= "ftp uucpd \
${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
@@ -41,21 +37,33 @@
PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
- inetutils_cv_path_login=${base_bindir}/login \
--with-libreadline-prefix=${STAGING_LIBDIR} \
--enable-rpath=no \
-"
+ --with-path-login=${base_bindir}/login \
+ --with-path-cp=${base_bindir}/cp \
+ --with-path-uucico=${libexecdir}/uuico \
+ --with-path-procnet-dev=/proc/net/dev \
+ "
+
+EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx"
# These are horrible for security, disable them
EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
--disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+# The configure script guesses many paths in cross builds, check for this happening
+do_configure_cross_check() {
+ if grep "may be incorrect because of cross-compilation" ${B}/config.log; then
+ bberror Default path values used, these must be set explicitly
+ fi
+}
+do_configure[postfuncs] += "do_configure_cross_check"
+
+# The --with-path options are not actually options, so this check needs to be silenced
+ERROR_QA:remove = "unknown-configure-option"
+
do_configure:prepend () {
export HELP2MAN='true'
- cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
- install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
- install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
- rm -f ${S}/glob/configure*
}
do_install:append () {
diff --git a/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch b/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
new file mode 100644
index 0000000..8a5bd00
--- /dev/null
+++ b/poky/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
@@ -0,0 +1,62 @@
+From f9bcfed5a1d44d9211c5f6eba403a9898c8c9057 Mon Sep 17 00:00:00 2001
+From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Date: Tue, 8 Aug 2023 19:03:13 +0100
+Subject: [PATCH] kea: fix reproducible build failure
+
+New version of Kea has started using path of build-dir instead of
+src-dir which results in reproducible builds failure.
+Use src-dir as is used in v2.2.0
+
+Upstream-Status: Pending
+https://gitlab.isc.org/isc-projects/kea/-/issues/3007
+
+Upstream has confirmed the patch will not be accepted but discussions
+with upstream is still going on, we might have a proper solution later.
+
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+---
+ src/bin/admin/kea-admin.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/bin/admin/kea-admin.in b/src/bin/admin/kea-admin.in
+index 034a0ee..8ab11ab 100644
+--- a/src/bin/admin/kea-admin.in
++++ b/src/bin/admin/kea-admin.in
+@@ -51,14 +51,14 @@ dump_qry=""
+ if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then
+ . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
+ else
+- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh"
++ . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh"
+ fi
+
+ # Find the installed kea-lfc if available. Fallback to sources otherwise.
+ if test -x "@sbindir@/kea-lfc"; then
+ kea_lfc="@sbindir@/kea-lfc"
+ else
+- kea_lfc="@abs_top_builddir@/src/bin/lfc/kea-lfc"
++ kea_lfc="@abs_top_srcdir@/src/bin/lfc/kea-lfc"
+ fi
+
+ # Prints out usage version.
+@@ -355,7 +355,7 @@ mysql_upgrade() {
+ # Check if there are any files in it
+ num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
+ if [ "$num_files" -eq 0 ]; then
+- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/mysql
++ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/mysql
+
+ # Check if the scripts directory exists at all.
+ if [ ! -d ${upgrade_scripts_dir} ]; then
+@@ -405,7 +405,7 @@ pgsql_upgrade() {
+ # Check if there are any files in it
+ num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
+ if [ "$num_files" -eq 0 ]; then
+- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/pgsql
++ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/pgsql
+
+ # Check if the scripts directory exists at all.
+ if [ ! -d ${upgrade_scripts_dir} ]; then
+--
+2.39.2
+
diff --git a/poky/meta/recipes-connectivity/kea/kea_2.2.0.bb b/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb
similarity index 92%
rename from poky/meta/recipes-connectivity/kea/kea_2.2.0.bb
rename to poky/meta/recipes-connectivity/kea/kea_2.4.0.bb
index 2c2e5a7..3164687 100644
--- a/poky/meta/recipes-connectivity/kea/kea_2.2.0.bb
+++ b/poky/meta/recipes-connectivity/kea/kea_2.4.0.bb
@@ -3,7 +3,7 @@
HOMEPAGE = "http://kea.isc.org"
SECTION = "connectivity"
LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=97ce14bdd2733f5b84ab5e29380d057d"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131"
DEPENDS = "boost log4cplus openssl"
@@ -17,8 +17,9 @@
file://fix-multilib-conflict.patch \
file://fix_pid_keactrl.patch \
file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
+ file://0001-kea-fix-reproducible-build-failure.patch \
"
-SRC_URI[sha256sum] = "da7d90ca62a772602dac6e77e507319038422895ad68eeb142f1487d67d531d2"
+SRC_URI[sha256sum] = "3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7"
inherit autotools systemd update-rc.d upstream-version-is-even
diff --git a/poky/meta/recipes-connectivity/neard/neard_0.18.bb b/poky/meta/recipes-connectivity/neard/neard_0.19.bb
similarity index 96%
rename from poky/meta/recipes-connectivity/neard/neard_0.18.bb
rename to poky/meta/recipes-connectivity/neard/neard_0.19.bb
index 362a761..a98f436 100644
--- a/poky/meta/recipes-connectivity/neard/neard_0.18.bb
+++ b/poky/meta/recipes-connectivity/neard/neard_0.19.bb
@@ -15,7 +15,7 @@
file://0001-Add-header-dependency-to-nciattach.o.patch \
"
-SRCREV = "c781008d3786e03173f0a0f5dfcc0545c787d7fc"
+SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
index e703395..35cf6af 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
@@ -84,6 +84,7 @@
${sysconfdir}/nfsmount.conf"
FILES:${PN}-client = "${sbindir}/*statd \
+ ${libdir}/libnfsidmap.so.* \
${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
${sbindir}/showmount ${sbindir}/nfsstat \
${localstatedir}/lib/nfs \
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
new file mode 100644
index 0000000..baa68dc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
@@ -0,0 +1,34 @@
+From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Fri, 25 Aug 2023 10:35:28 +0000
+Subject: [PATCH] openssh regress/Makefile: print logs if test fails
+
+Some tests are failing in CI runs and reproduction has failed. Print
+the captured sshd and ssh client logs if test fails. This should
+help to fix the root causes.
+
+Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ regress/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/437]
+
+diff --git a/regress/Makefile b/regress/Makefile
+index d80bf59..a972dff 100644
+--- a/regress/Makefile
++++ b/regress/Makefile
+@@ -229,7 +229,7 @@ t-exec: ${LTESTS:=.sh}
+ done; \
+ if [ "x$${skip}" = "xno" ]; then \
+ echo "run test $${TEST}" ... 1>&2; \
+- (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
++ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || (echo return value: $$?; echo capturing logs; cat *.log; exit 1); \
+ else \
+ echo skip test $${TEST} 1>&2; \
+ fi; \
+--
+2.34.1
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
deleted file mode 100644
index 4c8aa08..0000000
--- a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
+++ /dev/null
@@ -1,994 +0,0 @@
-From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Fri, 24 Mar 2023 13:56:25 +1100
-Subject: [PATCH] remove support for old libcrypto
-
-OpenSSH now requires LibreSSL 3.1.0 or greater or
-OpenSSL 1.1.1 or greater
-
-with/ok dtucker@
-
-Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
-Comment: Hunks are refreshed.
-Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
-
----
- .github/workflows/c-cpp.yml | 7 -
- INSTALL | 8 +-
- cipher-aes.c | 2 +-
- configure.ac | 96 ++---
- openbsd-compat/libressl-api-compat.c | 556 +--------------------------
- openbsd-compat/openssl-compat.h | 151 +-------
- 6 files changed, 40 insertions(+), 780 deletions(-)
-
-diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
-index 3d9aa22dba5..d299a32468d 100644
---- a/.github/workflows/c-cpp.yml
-+++ b/.github/workflows/c-cpp.yml
-@@ -47,9 +47,6 @@ jobs:
- - { target: ubuntu-20.04, config: tcmalloc }
- - { target: ubuntu-20.04, config: musl }
- - { target: ubuntu-latest, config: libressl-master }
-- - { target: ubuntu-latest, config: libressl-2.2.9 }
-- - { target: ubuntu-latest, config: libressl-2.8.3 }
-- - { target: ubuntu-latest, config: libressl-3.0.2 }
- - { target: ubuntu-latest, config: libressl-3.2.6 }
- - { target: ubuntu-latest, config: libressl-3.3.6 }
- - { target: ubuntu-latest, config: libressl-3.4.3 }
-@@ -58,10 +55,6 @@ jobs:
- - { target: ubuntu-latest, config: libressl-3.7.0 }
- - { target: ubuntu-latest, config: openssl-master }
- - { target: ubuntu-latest, config: openssl-noec }
-- - { target: ubuntu-latest, config: openssl-1.0.1 }
-- - { target: ubuntu-latest, config: openssl-1.0.1u }
-- - { target: ubuntu-latest, config: openssl-1.0.2u }
-- - { target: ubuntu-latest, config: openssl-1.1.0h }
- - { target: ubuntu-latest, config: openssl-1.1.1 }
- - { target: ubuntu-latest, config: openssl-1.1.1k }
- - { target: ubuntu-latest, config: openssl-1.1.1n }
-diff --git a/INSTALL b/INSTALL
-index 68b15e13190..f99d1e2a809 100644
---- a/INSTALL
-+++ b/INSTALL
-@@ -21,12 +21,8 @@ https://zlib.net/
-
- libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
- is supported but severely restricts the available ciphers and algorithms.
-- - LibreSSL (https://www.libressl.org/)
-- - OpenSSL (https://www.openssl.org) with any of the following versions:
-- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
--
--Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
--1.1.0g can't be used.
-+ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
-+ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
-
- LibreSSL/OpenSSL should be compiled as a position-independent library
- (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
-diff --git a/cipher-aes.c b/cipher-aes.c
-index 8b101727284..87c763353d8 100644
---- a/cipher-aes.c
-+++ b/cipher-aes.c
-@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
-
- static int
- ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
-- LIBCRYPTO_EVP_INL_TYPE len)
-+ size_t len)
- {
- struct ssh_rijndael_ctx *c;
- u_char buf[RIJNDAEL_BLOCKSIZE];
-diff --git a/configure.ac b/configure.ac
-index 22fee70f604..1c0ccdf19c5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then
- #include <openssl/crypto.h>
- #define DATA "conftest.ssllibver"
- ]], [[
-- FILE *fd;
-- int rc;
-+ FILE *f;
-
-- fd = fopen(DATA,"w");
-- if(fd == NULL)
-+ if ((f = fopen(DATA, "w")) == NULL)
- exit(1);
--#ifndef OPENSSL_VERSION
--# define OPENSSL_VERSION SSLEAY_VERSION
--#endif
--#ifndef HAVE_OPENSSL_VERSION
--# define OpenSSL_version SSLeay_version
--#endif
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
-- if ((rc = fprintf(fd, "%08lx (%s)\n",
-+ if (fprintf(f, "%08lx (%s)",
- (unsigned long)OpenSSL_version_num(),
-- OpenSSL_version(OPENSSL_VERSION))) < 0)
-+ OpenSSL_version(OPENSSL_VERSION)) < 0)
-+ exit(1);
-+#ifdef LIBRESSL_VERSION_NUMBER
-+ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
-+ exit(1);
-+#endif
-+ if (fputc('\n', f) == EOF || fclose(f) == EOF)
- exit(1);
--
- exit(0);
- ]])],
- [
-- ssl_library_ver=`cat conftest.ssllibver`
-+ sslver=`cat conftest.ssllibver`
-+ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
- # Check version is supported.
-- case "$ssl_library_ver" in
-- 10000*|0*)
-- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
-- ;;
-- 100*) ;; # 1.0.x
-- 101000[[0123456]]*)
-- # https://github.com/openssl/openssl/pull/4613
-- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
-+ case "$sslver" in
-+ 100*|10100*) # 1.0.x, 1.1.0x
-+ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
- ;;
- 101*) ;; # 1.1.x
-- 200*) ;; # LibreSSL
-+ 200*) # LibreSSL
-+ lver=`echo "$sslver" | sed 's/.*libressl-//'`
-+ case "$lver" in
-+ 2*|300*) # 2.x, 3.0.0
-+ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
-+ ;;
-+ *) ;; # Assume all other versions are good.
-+ esac
-+ ;;
- 300*)
- # OpenSSL 3; we use the 1.1x API
- CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
-@@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then
- CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
- ;;
- *)
-- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
-+ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
- ;;
- esac
-- AC_MSG_RESULT([$ssl_library_ver])
-+ AC_MSG_RESULT([$ssl_showver])
- ],
- [
- AC_MSG_RESULT([not found])
-@@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then
-
- case "$host" in
- x86_64-*)
-- case "$ssl_library_ver" in
-+ case "$sslver" in
- 3000004*)
- AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
- ;;
-@@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then
- #include <openssl/opensslv.h>
- #include <openssl/crypto.h>
- ]], [[
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
- exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
- ]])],
- [
-@@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then
- )
- )
-
-- # LibreSSL/OpenSSL 1.1x API
-+ # LibreSSL/OpenSSL API differences
- AC_CHECK_FUNCS([ \
-- OPENSSL_init_crypto \
-- DH_get0_key \
-- DH_get0_pqg \
-- DH_set0_key \
-- DH_set_length \
-- DH_set0_pqg \
-- DSA_get0_key \
-- DSA_get0_pqg \
-- DSA_set0_key \
-- DSA_set0_pqg \
-- DSA_SIG_get0 \
-- DSA_SIG_set0 \
-- ECDSA_SIG_get0 \
-- ECDSA_SIG_set0 \
- EVP_CIPHER_CTX_iv \
- EVP_CIPHER_CTX_iv_noconst \
- EVP_CIPHER_CTX_get_iv \
- EVP_CIPHER_CTX_get_updated_iv \
- EVP_CIPHER_CTX_set_iv \
-- RSA_get0_crt_params \
-- RSA_get0_factors \
-- RSA_get0_key \
-- RSA_set0_crt_params \
-- RSA_set0_factors \
-- RSA_set0_key \
-- RSA_meth_free \
-- RSA_meth_dup \
-- RSA_meth_set1_name \
-- RSA_meth_get_finish \
-- RSA_meth_set_priv_enc \
-- RSA_meth_set_priv_dec \
-- RSA_meth_set_finish \
-- EVP_PKEY_get0_RSA \
-- EVP_MD_CTX_new \
-- EVP_MD_CTX_free \
-- EVP_chacha20 \
- ])
-
- if test "x$openssl_engine" = "xyes" ; then
-@@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then
- ]
- )
-
-- # Check for SHA256, SHA384 and SHA512 support in OpenSSL
-- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
-+ # Check for various EVP support in OpenSSL
-+ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
-
- # Check complete ECC support in OpenSSL
- AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
-diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
-index 498180dc894..59be17397c5 100644
---- a/openbsd-compat/libressl-api-compat.c
-+++ b/openbsd-compat/libressl-api-compat.c
-@@ -1,129 +1,5 @@
--/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
--/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
--/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
--/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
--/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
--/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
--/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay@cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay@cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
--/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
--/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
--/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
--/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-- * project 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing@OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay@cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh@cryptsoft.com).
-- *
-- */
--
--/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
- /*
-- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
-+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -147,192 +23,7 @@
- #include <stdlib.h>
- #include <string.h>
-
--#include <openssl/err.h>
--#include <openssl/bn.h>
--#include <openssl/dsa.h>
--#include <openssl/rsa.h>
- #include <openssl/evp.h>
--#ifdef OPENSSL_HAS_ECC
--#include <openssl/ecdsa.h>
--#endif
--#include <openssl/dh.h>
--
--#ifndef HAVE_DSA_GET0_PQG
--void
--DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
--{
-- if (p != NULL)
-- *p = d->p;
-- if (q != NULL)
-- *q = d->q;
-- if (g != NULL)
-- *g = d->g;
--}
--#endif /* HAVE_DSA_GET0_PQG */
--
--#ifndef HAVE_DSA_SET0_PQG
--int
--DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
--{
-- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
-- (d->g == NULL && g == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(d->p);
-- d->p = p;
-- }
-- if (q != NULL) {
-- BN_free(d->q);
-- d->q = q;
-- }
-- if (g != NULL) {
-- BN_free(d->g);
-- d->g = g;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DSA_SET0_PQG */
--
--#ifndef HAVE_DSA_GET0_KEY
--void
--DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
--{
-- if (pub_key != NULL)
-- *pub_key = d->pub_key;
-- if (priv_key != NULL)
-- *priv_key = d->priv_key;
--}
--#endif /* HAVE_DSA_GET0_KEY */
--
--#ifndef HAVE_DSA_SET0_KEY
--int
--DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
--{
-- if (d->pub_key == NULL && pub_key == NULL)
-- return 0;
--
-- if (pub_key != NULL) {
-- BN_free(d->pub_key);
-- d->pub_key = pub_key;
-- }
-- if (priv_key != NULL) {
-- BN_free(d->priv_key);
-- d->priv_key = priv_key;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_KEY
--void
--RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
--{
-- if (n != NULL)
-- *n = r->n;
-- if (e != NULL)
-- *e = r->e;
-- if (d != NULL)
-- *d = r->d;
--}
--#endif /* HAVE_RSA_GET0_KEY */
--
--#ifndef HAVE_RSA_SET0_KEY
--int
--RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
--{
-- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
-- return 0;
--
-- if (n != NULL) {
-- BN_free(r->n);
-- r->n = n;
-- }
-- if (e != NULL) {
-- BN_free(r->e);
-- r->e = e;
-- }
-- if (d != NULL) {
-- BN_free(r->d);
-- r->d = d;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_CRT_PARAMS
--void
--RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
-- const BIGNUM **iqmp)
--{
-- if (dmp1 != NULL)
-- *dmp1 = r->dmp1;
-- if (dmq1 != NULL)
-- *dmq1 = r->dmq1;
-- if (iqmp != NULL)
-- *iqmp = r->iqmp;
--}
--#endif /* HAVE_RSA_GET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_SET0_CRT_PARAMS
--int
--RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
--{
-- if ((r->dmp1 == NULL && dmp1 == NULL) ||
-- (r->dmq1 == NULL && dmq1 == NULL) ||
-- (r->iqmp == NULL && iqmp == NULL))
-- return 0;
--
-- if (dmp1 != NULL) {
-- BN_free(r->dmp1);
-- r->dmp1 = dmp1;
-- }
-- if (dmq1 != NULL) {
-- BN_free(r->dmq1);
-- r->dmq1 = dmq1;
-- }
-- if (iqmp != NULL) {
-- BN_free(r->iqmp);
-- r->iqmp = iqmp;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_GET0_FACTORS
--void
--RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
--{
-- if (p != NULL)
-- *p = r->p;
-- if (q != NULL)
-- *q = r->q;
--}
--#endif /* HAVE_RSA_GET0_FACTORS */
--
--#ifndef HAVE_RSA_SET0_FACTORS
--int
--RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
--{
-- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(r->p);
-- r->p = p;
-- }
-- if (q != NULL) {
-- BN_free(r->q);
-- r->q = q;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_FACTORS */
-
- #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
- int
-@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
- }
- #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
-
--#ifndef HAVE_DSA_SIG_GET0
--void
--DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
--{
-- if (pr != NULL)
-- *pr = sig->r;
-- if (ps != NULL)
-- *ps = sig->s;
--}
--#endif /* HAVE_DSA_SIG_GET0 */
--
--#ifndef HAVE_DSA_SIG_SET0
--int
--DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
--{
-- if (r == NULL || s == NULL)
-- return 0;
--
-- BN_clear_free(sig->r);
-- sig->r = r;
-- BN_clear_free(sig->s);
-- sig->s = s;
--
-- return 1;
--}
--#endif /* HAVE_DSA_SIG_SET0 */
--
--#ifdef OPENSSL_HAS_ECC
--#ifndef HAVE_ECDSA_SIG_GET0
--void
--ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
--{
-- if (pr != NULL)
-- *pr = sig->r;
-- if (ps != NULL)
-- *ps = sig->s;
--}
--#endif /* HAVE_ECDSA_SIG_GET0 */
--
--#ifndef HAVE_ECDSA_SIG_SET0
--int
--ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
--{
-- if (r == NULL || s == NULL)
-- return 0;
--
-- BN_clear_free(sig->r);
-- BN_clear_free(sig->s);
-- sig->r = r;
-- sig->s = s;
-- return 1;
--}
--#endif /* HAVE_ECDSA_SIG_SET0 */
--#endif /* OPENSSL_HAS_ECC */
--
--#ifndef HAVE_DH_GET0_PQG
--void
--DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
--{
-- if (p != NULL)
-- *p = dh->p;
-- if (q != NULL)
-- *q = dh->q;
-- if (g != NULL)
-- *g = dh->g;
--}
--#endif /* HAVE_DH_GET0_PQG */
--
--#ifndef HAVE_DH_SET0_PQG
--int
--DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
--{
-- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(dh->p);
-- dh->p = p;
-- }
-- if (q != NULL) {
-- BN_free(dh->q);
-- dh->q = q;
-- }
-- if (g != NULL) {
-- BN_free(dh->g);
-- dh->g = g;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DH_SET0_PQG */
--
--#ifndef HAVE_DH_GET0_KEY
--void
--DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
--{
-- if (pub_key != NULL)
-- *pub_key = dh->pub_key;
-- if (priv_key != NULL)
-- *priv_key = dh->priv_key;
--}
--#endif /* HAVE_DH_GET0_KEY */
--
--#ifndef HAVE_DH_SET0_KEY
--int
--DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
--{
-- if (pub_key != NULL) {
-- BN_free(dh->pub_key);
-- dh->pub_key = pub_key;
-- }
-- if (priv_key != NULL) {
-- BN_free(dh->priv_key);
-- dh->priv_key = priv_key;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DH_SET0_KEY */
--
--#ifndef HAVE_DH_SET_LENGTH
--int
--DH_set_length(DH *dh, long length)
--{
-- if (length < 0 || length > INT_MAX)
-- return 0;
--
-- dh->length = length;
-- return 1;
--}
--#endif /* HAVE_DH_SET_LENGTH */
--
--#ifndef HAVE_RSA_METH_FREE
--void
--RSA_meth_free(RSA_METHOD *meth)
--{
-- if (meth != NULL) {
-- free((char *)meth->name);
-- free(meth);
-- }
--}
--#endif /* HAVE_RSA_METH_FREE */
--
--#ifndef HAVE_RSA_METH_DUP
--RSA_METHOD *
--RSA_meth_dup(const RSA_METHOD *meth)
--{
-- RSA_METHOD *copy;
--
-- if ((copy = calloc(1, sizeof(*copy))) == NULL)
-- return NULL;
-- memcpy(copy, meth, sizeof(*copy));
-- if ((copy->name = strdup(meth->name)) == NULL) {
-- free(copy);
-- return NULL;
-- }
--
-- return copy;
--}
--#endif /* HAVE_RSA_METH_DUP */
--
--#ifndef HAVE_RSA_METH_SET1_NAME
--int
--RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
--{
-- char *copy;
--
-- if ((copy = strdup(name)) == NULL)
-- return 0;
-- free((char *)meth->name);
-- meth->name = copy;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET1_NAME */
--
--#ifndef HAVE_RSA_METH_GET_FINISH
--int
--(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
--{
-- return meth->finish;
--}
--#endif /* HAVE_RSA_METH_GET_FINISH */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_ENC
--int
--RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
--{
-- meth->rsa_priv_enc = priv_enc;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_DEC
--int
--RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
--{
-- meth->rsa_priv_dec = priv_dec;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
--
--#ifndef HAVE_RSA_METH_SET_FINISH
--int
--RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
--{
-- meth->finish = finish;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_FINISH */
--
--#ifndef HAVE_EVP_PKEY_GET0_RSA
--RSA *
--EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
--{
-- if (pkey->type != EVP_PKEY_RSA) {
-- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
-- return NULL;
-- }
-- return pkey->pkey.rsa;
--}
--#endif /* HAVE_EVP_PKEY_GET0_RSA */
--
--#ifndef HAVE_EVP_MD_CTX_NEW
--EVP_MD_CTX *
--EVP_MD_CTX_new(void)
--{
-- return calloc(1, sizeof(EVP_MD_CTX));
--}
--#endif /* HAVE_EVP_MD_CTX_NEW */
--
--#ifndef HAVE_EVP_MD_CTX_FREE
--void
--EVP_MD_CTX_free(EVP_MD_CTX *ctx)
--{
-- if (ctx == NULL)
-- return;
--
-- EVP_MD_CTX_cleanup(ctx);
--
-- free(ctx);
--}
--#endif /* HAVE_EVP_MD_CTX_FREE */
--
- #endif /* WITH_OPENSSL */
-diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
-index 61a69dd56eb..d0dd2c3450d 100644
---- a/openbsd-compat/openssl-compat.h
-+++ b/openbsd-compat/openssl-compat.h
-@@ -33,26 +33,13 @@
- int ssh_compatible_openssl(long, long);
- void ssh_libcrypto_init(void);
-
--#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
--# error OpenSSL 1.0.1 or greater is required
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+# error OpenSSL 1.1.0 or greater is required
- #endif
--
--#ifndef OPENSSL_VERSION
--# define OPENSSL_VERSION SSLEAY_VERSION
--#endif
--
--#ifndef HAVE_OPENSSL_VERSION
--# define OpenSSL_version(x) SSLeay_version(x)
--#endif
--
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
--
--#if OPENSSL_VERSION_NUMBER < 0x10000001L
--# define LIBCRYPTO_EVP_INL_TYPE unsigned int
--#else
--# define LIBCRYPTO_EVP_INL_TYPE size_t
-+#ifdef LIBRESSL_VERSION_NUMBER
-+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
-+# error LibreSSL 3.1.0 or greater is required
-+# endif
- #endif
-
- #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);
- # endif
- #endif
-
--/* LibreSSL/OpenSSL 1.1x API compat */
--#ifndef HAVE_DSA_GET0_PQG
--void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
-- const BIGNUM **g);
--#endif /* HAVE_DSA_GET0_PQG */
--
--#ifndef HAVE_DSA_SET0_PQG
--int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--#endif /* HAVE_DSA_SET0_PQG */
--
--#ifndef HAVE_DSA_GET0_KEY
--void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
-- const BIGNUM **priv_key);
--#endif /* HAVE_DSA_GET0_KEY */
--
--#ifndef HAVE_DSA_SET0_KEY
--int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
--#endif /* HAVE_DSA_SET0_KEY */
--
- #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
- # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
- # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
-@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
- const unsigned char *iv, size_t len);
- #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
-
--#ifndef HAVE_RSA_GET0_KEY
--void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
-- const BIGNUM **d);
--#endif /* HAVE_RSA_GET0_KEY */
--
--#ifndef HAVE_RSA_SET0_KEY
--int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
--#endif /* HAVE_RSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_CRT_PARAMS
--void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
-- const BIGNUM **iqmp);
--#endif /* HAVE_RSA_GET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_SET0_CRT_PARAMS
--int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
--#endif /* HAVE_RSA_SET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_GET0_FACTORS
--void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
--#endif /* HAVE_RSA_GET0_FACTORS */
--
--#ifndef HAVE_RSA_SET0_FACTORS
--int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
--#endif /* HAVE_RSA_SET0_FACTORS */
--
--#ifndef DSA_SIG_GET0
--void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
--#endif /* DSA_SIG_GET0 */
--
--#ifndef DSA_SIG_SET0
--int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
--#endif /* DSA_SIG_SET0 */
--
--#ifdef OPENSSL_HAS_ECC
--#ifndef HAVE_ECDSA_SIG_GET0
--void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
--#endif /* HAVE_ECDSA_SIG_GET0 */
--
--#ifndef HAVE_ECDSA_SIG_SET0
--int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
--#endif /* HAVE_ECDSA_SIG_SET0 */
--#endif /* OPENSSL_HAS_ECC */
--
--#ifndef HAVE_DH_GET0_PQG
--void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
-- const BIGNUM **g);
--#endif /* HAVE_DH_GET0_PQG */
--
--#ifndef HAVE_DH_SET0_PQG
--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--#endif /* HAVE_DH_SET0_PQG */
--
--#ifndef HAVE_DH_GET0_KEY
--void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
--#endif /* HAVE_DH_GET0_KEY */
--
--#ifndef HAVE_DH_SET0_KEY
--int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
--#endif /* HAVE_DH_SET0_KEY */
--
--#ifndef HAVE_DH_SET_LENGTH
--int DH_set_length(DH *dh, long length);
--#endif /* HAVE_DH_SET_LENGTH */
--
--#ifndef HAVE_RSA_METH_FREE
--void RSA_meth_free(RSA_METHOD *meth);
--#endif /* HAVE_RSA_METH_FREE */
--
--#ifndef HAVE_RSA_METH_DUP
--RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
--#endif /* HAVE_RSA_METH_DUP */
--
--#ifndef HAVE_RSA_METH_SET1_NAME
--int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
--#endif /* HAVE_RSA_METH_SET1_NAME */
--
--#ifndef HAVE_RSA_METH_GET_FINISH
--int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
--#endif /* HAVE_RSA_METH_GET_FINISH */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_ENC
--int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
--#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_DEC
--int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
--#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
--
--#ifndef HAVE_RSA_METH_SET_FINISH
--int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
--#endif /* HAVE_RSA_METH_SET_FINISH */
--
--#ifndef HAVE_EVP_PKEY_GET0_RSA
--RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
--#endif /* HAVE_EVP_PKEY_GET0_RSA */
--
--#ifndef HAVE_EVP_MD_CTX_new
--EVP_MD_CTX *EVP_MD_CTX_new(void);
--#endif /* HAVE_EVP_MD_CTX_new */
--
--#ifndef HAVE_EVP_MD_CTX_free
--void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
--#endif /* HAVE_EVP_MD_CTX_free */
--
- #endif /* WITH_OPENSSL */
- #endif /* _OPENSSL_COMPAT_H */
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb
rename to poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
index 5fb2dcc..2c85780 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,9 +24,9 @@
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
- file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
+ file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \
"
-SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8"
+SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
index c2a7173..3f77c21 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
@@ -18,9 +18,9 @@
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674"
+SRC_URI[sha256sum] = "a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539"
-inherit lib_package multilib_header multilib_script ptest perlnative
+inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
PACKAGECONFIG ?= ""
@@ -30,6 +30,7 @@
PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
PACKAGECONFIG[no-tls1] = "no-tls1"
PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+PACKAGECONFIG[manpages] = ""
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
@@ -145,7 +146,7 @@
}
do_install () {
- oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)}
oe_multilib_header openssl/opensslconf.h
oe_multilib_header openssl/configuration.h