subtree updates
poky: 4e511f0abc..a015ed7704:
Adrian Bunk (22):
gnutls: upgrade 3.6.5 -> 3.6.7
dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
Set XZ_COMPRESSION_LEVEL to -9
gcc: Remove Java support variables
Use the best xz compression for the SDK
gnome-doc-utils: Remove stale patch
libxcrypt: Stop adding -std=gnu99 to CPPFLAGS
file: Stop adding -std=c99 to CFLAGS
gnu-efi: Remove support patch for gcc < 4.7
grub: Use -Wno-error instead of doing this on a per-warning basis
socat: upgrade 1.7.3.2 -> 1.7.3.3
bison: upgrade 3.0.4 -> 3.1
mmc-utils: update to the latest upstream code
cogl: upgrade 1.22.2 -> 1.22.4
cogl: remove -Werror=maybe-uninitialized workaround
libxcb: remove workaround patch for a bug that was fixed in gcc 5 in 2015
sysstat: inherit upstream-version-is-even
ccache: upgrade 3.6 -> 3.7.1
lttng-modules: upgrade 2.10.8 -> 2.10.9
iproute2: Remove bogus workaround patch for musl
openssl: Remove openssl10
Remove irda-utils and the irda feature
Alejandro Enedino Hernandez Samaniego (1):
run-postinsts: Fix full execution of scripts at first boot
Alejandro del Castillo (1):
opkg: add ptest
Alex Kiernan (12):
systemd-conf: simplify creation of machine-specific configuration
systemctl-native: Rewrite in Python supporting preset-all and mask
image: call systemctl preset-all for images
uboot-sign: Fix build when UBOOT_DTB_BINARY is empty
patchelf: Upgrade 0.9 -> 0.10
python3: Add ntpath.py to python core
go: Exclude vcs files when installing deps
recipetool: fix unbound variable when fixed SRCREV can't be found
systemd: Default to non-stateless images
systemd-systemctl: Restore support for enable command
systemd: Restore mask and preset targets, fix instance creation
shadow: Backport last change reproducibility
Alexander Kanavin (38):
python3: add a tr-tr locale for test_locale ptest
gobject-introspection: update to 1.60.1
dtc: upgrade 1.4.7 -> 1.5.0
webkitgtk: update to 2.24.0
libdazzle: update to 3.32.1
vala: update to 0.44.3
libdnf: update to 0.28.1
libcomps: upgrade 0.1.10 -> 0.1.11
dnf: upgrade 4.1.0 -> 4.2.2
btrfs-tools: upgrade 4.20.1 -> 4.20.2
meson: update to 0.50.0
libmodulemd: update to 2.2.3
at-spi2-core: fix meson 0.50 build
ffmpeg: update to 4.1.3
python: update to 2.7.16
python: update to 3.7.3
python-numpy: update to 1.16.2
icu: update to 64.1
epiphany: update to 3.32.1.2
python3: add another multilib fix
meson: do not try to substitute the prefix in python supplied paths
python3-pygobject: update to 3.32.0
meson: add missing Upstream-Status and SOB to a patch
acpica: update to 20190405
msmtp: fix upstream version check
python-scons: update to 3.0.5
python-setuptools: update to 41.0.1
python3-mako: update to 1.0.9
python3-pbr: update to 5.1.3
python3-pip: update to 19.0.3
buildhistory: call a dependency parser only on actual dependency lists
gtk-doc.bbclass: unify option setting for meson-based recipes
python3-pycairo: update to 1.18.1
maintainers.inc: take over as perl maintainer
xorg-lib: drop native overrides for REQUIRED_DISTRO_FEATURES
meson: update to 0.50.1
perl: update to 5.28.2
packagegroup-self-hosted: drop epiphany
Alistair Francis (5):
u-boot: Upgrade from 2019.01 to 2019.04
beaglebone-yocto: Update u-boot config to match u-boot 19.04
u-boot: Fix missing Python.h build failure
libsoup: Upgrade from 2.64.2 to 2.66.1
qemu: Upgrade from 3.1.0 to 4.0.0
Andre Rosa (1):
bitbake: utils: Let mkdirhier fail if existing path is not a folder
Andreas Müller (17):
gobject-introspection: auto-enable/-disable gobject-introspection for meson
libmodulemd: use gobject-introspection.bbclass on/off mechanism
gdk-pixbuf: use gobject-introspection.bbclass on/off mechanism
json-glib: use gobject-introspection.bbclass on/off mechanism
libdazzle: use gobject-introspection.bbclass on/off mechanism
clutter-gtk-1.0: use gobject-introspection.bbclass on/off mechanism
pango: use gobject-introspection.bbclass on/off mechanism
at-spi2-core: use gobject-introspection.bbclass on/off mechanism
atk: use gobject-introspection.bbclass on/off mechanism
libsoup-2.4: use gobject-introspection.bbclass on/off mechanism
glib-networking: upgrade 2.58.0 -> 2.60.1
gst-plugins: move 'inherit gobject-introspection' to recipes supporting GI
gstreamer1.0-python: rework gobject-introspection handling
insane.bbclass: Trigger unrecognzed configure option for meson
vte: upgrade 0.52.2 -> 0.56.1
vte: move shell auto scripts into seperate package
qemu: split out vte into seperate PACKAGECONFIG
Andreas Obergschwandtner (1):
uboot-sign: add support for different u-boot configurations
Andrej Valek (2):
dropbear: update to 2019.78
systemd: upgrade to 242
Angus Lees (1):
Revert "wic: Set a miniumum FAT16 volume size."
Anuj Mittal (4):
gcc: fix CVE-2018-18484
gdb: fix CVE-2017-9778
binutils: fix CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077
openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
Armin Kuster (8):
resulttool: add ltp test support
logparser: Add decoding ltp logs
ltp: add runtime test
resulttool: add LTP compliance section
logparser: Add LTP compliance section
ltp_compliance: add new runtime
manual compliance: remove bits done at runtime
nss: cleanup recipe to match OE style
Beniamin Sandu (1):
kernel-devsrc: check for localversion files in the kernel source tree
Breno Leitao (3):
weston-init: Fix tab indentation
weston-init: Add support for non-root start
weston-init: Fix WESTON_USER typo
Bruce Ashfield (8):
linux-yocto/5.0: update to v5.0.5
linux-yocto-rt: update to 5.0.5-rt3
linux-yocto/5.0: update to v5.0.7
linux-yocto/4.19: update to v4.19.34
linux-yocto-rt/4.19: fix merge conflict in lru_drain
linux-yocto/5.0: port RAID configuration tweaks from master
linux-yocto/5.0: integrate TCP timeout / hang fix
linux-yocto/5.0: update TCP patch to mainline version
Changhyeok Bae (2):
iw: upgrade 4.14 -> 5.0.1
iptables: upgrade 1.6.2 -> 1.8.2
Changqing Li (11):
ruby: make ext module fiddle can compile success
ruby: add ptest
cogl: fix compile error caused by -Werror=maybe-uninitialized
systemd: change default locale from C.UTF-8 to C
m4: add ptest support
gettext: add ptest support
waffle: supprt build waffle without x11
piglit: support build piglit without x11
dbus: fix ptest failure
populate_sdk_base: provide options to set sdk type
python3: fix do_install fail for parallel buiild
Chee Yang Lee (1):
wic/bootimg-efi: replace hardcoded volume name with label
Chen Qi (9):
runqemu: do not check return code of tput
busybox: fix ptest failure about 'dc'
base-files: move hostname operations out of issue file settings
webkitgtk: set CVE_PRODUCT
dropbear: set CVE_PRODUCT
libsdl: set CVE_PRODUCT
ghostscript: set CVE_PRODUCT
flac: also add flac to CVE_PRODUCT
squashfs-tools: set CVE_PRODUCT
David Reyna (1):
bitbake: toaster: update to Warrior
Dengke Du (2):
perf: workaround the error cased by maybe-uninitialized warning
linux-yocto_5.0: set devicetree for armv5
Denys Dmytriyenko (1):
weston: upgrade 5.0.0 -> 6.0.0
Douglas Royds (2):
distutils: Run python from the PATH in the -native case as well
distutils: Tidy and simplify for readability
Fabio Berton (1):
mesa: Update 19.0.1 -> 19.0.3
He Zhe (2):
ltp: Fix setrlimit03 call succeeded unexpectedly
systemd: Bump up SRCREV to systemd-stable top to include the fix for shutdown now hang
Hongxu Jia (15):
image_types.bbclass: fix a race between the ubi and ubifs FSTYPES
cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid native clashing
acpica: use update-alternatives for acpidump
apr: upgrade 1.6.5 -> 1.7.0
man-pages: upgrade 4.16 -> 5.01
man-db: upgrade 2.8.4 -> 2.8.5
bash: upgrade 4.4.18 -> 5.0
ncurses: fix incorrect UPSTREAM_CHECK_GITTAGREGEX
gpgme: upgrade 1.12.0 -> 1.13.0
subversion: upgrade 1.11.1 -> 1.12.0
groff: upgrade 1.22.3 -> 1.22.4
libxml2: upgrade 2.9.8 -> 2.9.9
ghostscript: 9.26 -> 9.27
groff: imporve musl support
oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd
Jacob Kroon (3):
grub-efi-native: Install grub-editenv
bitbake: knotty: Pretty print task elapsed time
base-passwd: Add kvm group
Jaewon Lee (1):
Adding back wrapper and using OEPYTHON3HOME variable for python3
Jens Rehsack (1):
kernel-module-split.bbclass: support CONFIG_MODULE_COMPRESS=y
Jonas Bonn (3):
systemd: don't build firstboot by default
systemd: do not create machine-id
systemd: create preset files instead of installing in image
Joshua Watt (6):
classes/waf: Set WAFLOCK
resulttool: Load results from URL
resulttool: Add log subcommand
qemux86: Allow higher tunes
bitbake.conf: Account for older versions of bitbake
resulttool: Add option to dump all ptest logs
Kai Kang (5):
msmtp: 1.6.6 -> 1.8.3
cryptodev: fix module loading error
target-sdk-provides-dummy: resolve sstate conflict
bitbake.conf: set NO_RECOMMENDATIONS with weak assignment
webkitgtk: fix compile error for arm64
Kevin Hao (1):
meta-yocto-bsp: Bump to the latest stable kernel for all the BSP
Khem Raj (9):
gcc-cross-canadian: Make baremetal specific code generic
musl: Upgrade to master past 1.1.22
webkitgtk: Fix build with clang
mdadm: Disable Werror
gcc-target: Do not set --with-sysroot and gxx-include-dir paths
systemd: Add -Wno-error=format-overflow to fix build with gcc9
systemd: Backport patch to fix build with gcc9
libgfortan: Package target gcc include directory to fix
gcc-9: Add recipes for gcc 9.1 release
Lei Maohui (2):
dnf: Enable nativesdk
icu: Added armeb support.
Lei Yang (1):
recipetool: add missed module
Luca Boccassi (1):
systemd: add cgroupv2 PACKAGECONFIG
Mardegan, Alberto (1):
oeqa/core/runner: dump stdout and stderr of each test case
Mariano Lopez (5):
update-alternatives.bbclass: Add function to get metadata
ptest.bbclass: Add feature to populate a binary directory
util-linux: Use PTEST binary directory
busybox: Use PTEST binary directory
ptest.bbclass: Use d.getVar instead of os.environ
Martin Jansa (6):
connman: add PACKAGECONFIG for nfc, fix MACHINE_ARCH signature when l2tp is enabled
icecc.bbclass: stop causing everything to be effectivelly MACHINE_ARCH
glibc: always use bfd linker
opkg: fix ptest packaging when OPKGLIBDIR == libdir
kexec-tools: refresh patches with devtool
perf: make sure that the tools/include/uapi/asm-generic directory exists
Matthias Schiffer (1):
systemd: move "machines" symlinks to systemd-container
Max Kellermann (2):
useradd-staticids: print exception after parse_args() error
initrdscripts: merge multiple "mkdir" calls
Michael Scott (2):
kernel-fitimage: support RISC-V
procps: update legacy sysctl.conf to fix rp_filter sysctl issue
Mikko Rapeli (3):
elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries
oeqa/sdk: use bash to execute SDK test commands
openssh: recommend rng-tools with sshd
Mingli Yu (6):
nettle: fix ptest failure
elfutils: add ptest support
elfutils: fix build failure with musl
gcc-sanitizers: fix -Werror=maybe-uninitialized issue
nettle: fix the Segmentation fault
nettle: fix ptest failure
Nathan Rossi (1):
ccmake.bbclass: Fix up un-escaped quotes in output formatting
Naveen Saini (5):
core-image-rt: make sure that we append to DEPENDS
core-image-rt-sdk: make sure that we append to DEPENDS
bitbake.conf: add git-lfs to HOSTTOOLS_NONFATAL
bitbake: bitbake: fetch2/git: git-lfs check
linux-yocto: update genericx86* SRCREV for 4.19
Oleksandr Kravchuk (52):
iproute2: update to 5.0.0
curl: update to 7.64.1
libxext: update to 1.3.4
x11perf: update to 1.6.1
libxdmcp: update to 1.1.3
libxkbfile: update 1.1.0
libxvmc: update to 1.0.11
libxrandr: update to 1.5.2
connman: update to 1.37
ethtool: update to 5.0
tar: update to 1.32
ffmpeg: update to 4.1.2
librepo: update to 1.9.6
libxmu: update to 1.1.3
libxcrypt: update to 4.4.4
wget: update to 1.20.2
libsecret: 0.18.8
createrepo-c: update to 0.12.2
libinput: update to 1.13.0
cronie: update to 1.5.4
libyaml: update to 0.2.2
fontconfig: update to 2.13.1
makedepend: update to 1.0.6
libdrm: update to 2.4.98
libinput: update to 1.13.1
libnotify: update to 0.7.8
libpng: update to 1.6.37
libcroco: update to 0.6.13
libpsl: update to 0.21.0
git: update to 2.21.0
quota: update to 4.05
gnupg: update to 2.2.15
lz4: update to 1.9.0
orc: update to 0.4.29
help2man-native: update to 1.47.10
cups: update to 2.2.11
pixman: update to 0.38.4
libcap: update to 2.27
ninja: add Upstream-Status and SOB for musl patch
python-numpy: update to 1.16.3
python3-pygobject: update to 3.32.1
wget: update to 1.20.3
libsolv: update to 0.7.4
ell: add recipe
sqlite3: update to 3.28.0
kmscube: update to latest revision
coreutils: update to 8.31
mtools: update to 4.0.23
msmtp: update to 1.8.4
wpa-supplicant: update to 2.8
bitbake.conf: use https instead of http
ell: update to 0.20
Paul Barker (3):
oe.path: Add copyhardlink() helper function
license_image: Use new oe.path.copyhardlink() helper
gdb: Fix aarch64 build with musl
Peter Kjellerstedt (1):
systemd: Use PACKAGECONFIG definition to depend on libnss-myhostname
Randy MacLeod (5):
valgrind: update from 3.14.0 to 3.15.0
valgrind: fix vg_regtest return code
valgrind: update the ptest subdirs list
valgrind: adjust test filters and expected output
valgrind: fix call/cachegrind ptests
Richard Purdie (52):
pseudo: Update to gain key bugfixes
python3: Avoid hanging tests
python3: Fix ptest output parsing
go.bbclass: Remove unused override
goarch.bbclass: Simplify logic
e2fsprogs: Skip slow ptest tests
bitbake: bitbake: Update version to 1.42.0
poky.conf: Bump version for 2.7 warrior release
build-appliance-image: Update to warrior head revision
bitbake: bitbake: Post release version bumnp to 1.43
poky.conf: Post release version bump
build-appliance-image: Update to master head revision
Revert "nettle: fix ptest failure"
core-image-sato-sdk-ptest: Try and keep image below 4GB limit
core-image-sato-ptest-fast: Add 'fast' ptest execution image
core-image-sato-sdk-ptest: Include more ptests in ptest image
core-image-sato-sdk-ptest: Add temporary PROVIDES core-image-sato-ptest
resultool/resultutils: Fix module import error
lttng-tools: Add missing patch Upstream-Status
utils/multiprocess_launch: Improve failing subprocess output
python3: Drop ptest hack
ptest-packagelists: Add m4 and gettext as 'fast' ptests
bitbake: knotty: Implement console 'keepalive' output
bitbake: build: Ensure warning for invalid task dependencies is useful
bitbake: build: Disable warning about dependent tasks for now
oeqa/ssh: Avoid unicode decode exceptions
elfutils: ptest fixes
elfutils: Fix ptest compile failures on musl
bitbake: bitbake: Add initial pass of SPDX license headers to source code
bitbake: bitbake: Drop duplicate license boilerplace text
bitbake: bitbake: Strip old editor directives from file headers
bitbake: HEADER: Drop it
openssh/systemd/python/qemu: Fix patch Upstream-Status
scripts/pybootchart: Fix mixed indentation
scripts/pybootchart: Port to python3
scripts/pybootchart/draw: Clarify some variable names
scripts/pybootchart/draw: Fix some bounding problems
coreutils: Fix patch upstream status field
oeqa: Drop OETestID
meta/lib+scripts: Convert to SPDX license headers
oeqa/core/runner: Handle unexpectedSucesses
oeqa/systemd_boot: Drop OETestID
oeqa/runner: Fix subunit setupClass/setupModule failure handling
oeqa/concurrenttest: Patch subunit module to handle classSetup failures
tcmode-default: Add PREFERRED_VERSION for libgfortran
oeqa/selftest: Automate manual pybootchart tests
openssh: Avoid PROVIDES warning from rng-tools dependency
oeqa/target/ssh: Replace suggogatepass with ignoring errors
core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit
valgrind: Include debugging symbols in ptests
dbus-test: Improve ptest dependencies dependencies
ptest: Add RDEPENDS frpm PN-ptest to PN package
Robert Joslyn (1):
qemu: Add PACKAGECONFIG for snappy
Robert Yang (6):
bitbake: bitbake-diffsigs: Use 4 spaces as indent for recursecb
bitbake: bb: siggen: Make dump_sigfile and compare_sigfiles print uuid4
bitbake: bb: siggen: Print more info when basehash are mis-matched
bitbake: BBHandler: Fix addtask and deltask
bitbake: build.py: check dependendent task for addtask
bitbake: tests/parse.py: Add testcase for addtask and deltask
Ross Burton (14):
lttng-tools: fix Upstream-Status
acpica: upgrade to 20190215
staging: add ${datadir}/gtk-doc/html to the sysroot blacklist
mpg123: port to use libsdl2
meta-poky: remove obsolete DISTRO_FEATURES_LIBC
m4: update patch status
packagegroup-core-full-cmdline: remove zlib
wic: change expand behaviour to match docs
wic: add global debug option
gtk-icon-cache: clean up DEPENDS
patch: add minver and maxver parameters
glib-2.0: fix locale handling
glib-2.0: add missing locales for the tests
glib-2.0: fix last failing ptest
Scott Rifenbark (34):
bitbake: poky.ent: Removed "ECLIPSE" entity variables.
bitbake: bitbake-user-manual: Added section on modifying variables
Makefile: Removed Eclipse support
Documentation: Removed customization.xsl files for Eclipse
mega-manual: Removed two Eclipse figures from tarball list
mega-manual, overview-manual: Added updated index releases figure
poky.ent: Removed Eclipse related variables.
mega-manual: Removed the Eclipse chapters
dev-manual: Removed all references to Eclipse.
overview-manual: Removed all references to Eclipse
profile-manual: Removed all references to Eclipse
ref-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
dev-manual; brief-yoctoprojectqs: Updated checkout branch example
dev-manual: Added reasoning blurb to "Viewing Variables" section.
ref-manual: Inserted Migration 2.7 section.
ref-manual: Added Eclipse removal for migration section.
ref-manual: Added "License Value Corrections to migration.
ref-manual: Added Fedora 29 to the supported distros list.
poky.ent: changed 2.7 release variable date to "May 2019"
ref-manual: Review comments applied to 2.7 migration section.
documentation: Prepared for 2.8 release
bsp-guide: Removed inaccurate "container layer" references.
ref-manual: Updated the "Container Layer" term.
bsp-guide: Updated the "beaglebone-yocto.conf" example.
documentation: Cleaned up "plug-in"/"plugin" terminology.
bsp-guide: Updated the BSP kernel recipe example.
ref-manual: Updated PREFERRED_VERSION variable to use 5.0
bsp-guide: More corrections to the BSP Kernel Recipe example
dev-manual: Added cross-link to "Fetchers" section in BB manual.
bitbake: bitbake-user-manual: Added npm to other fetcher list.
overview-manual: Updated SMC section to link to fetchers
ref-manual: Added "npm" information to the SRC_URI variable.
Stefan Kral (1):
bitbake: build: Add verbnote to shell log commands
Stefan Müller-Klieser (1):
cml1.bbclass: fix undefined behavior
Steven Hung (洪于玉) (1):
kernel.bbclass: convert base_do_unpack_append() to a task
Tom Rini (2):
vim: Rework to not rely on relative directories
vim: Update to 8.1.1240
Wenlin Kang (1):
systemd: install libnss-myhostname.so when myhostname be enabled
Yeoh Ee Peng (1):
resulttool/manualexecution: Refactor and remove duplicate code
Yi Zhao (2):
harfbuzz: update source checksums after upstream replaced the tarball
libyaml: update SRC_URI[md5sum] and SRC_URI[sha256sum]
Ying-Chun Liu (PaulLiu) (1):
uboot-sign: Fix u-boot-nodtb symlinks
Zang Ruochen (10):
libatomic-ops:upgrade 7.6.8 -> 7.6.10
libgpg-error:upgrade 1.35 -> 1.36
libxft:upgrade 2.3.2 -> 2.3.3
libxxf86dga:upgrade 1.1.4 -> 1.1.5
nss:upgrade 3.42.1 -> 3.43
sysprof:upgrade 3.30.2 -> 3.32.0
libtirpc:upgrade 1.0.3 -> 1.1.4
xtrans:upgrade 1.3.5 -> 1.4.0
harfbuzz:upgrade 2.3.1 -> 2.4.0
icu: Upgrade 64.1 -> 64.2
Zheng Ruoqin (1):
sanity: check_perl_modules bug fix
sangeeta jain (1):
resulttool/manualexecution: Enable test case configuration option
meta-openembedded: 4a9deabbc8..1ecd8b4364:
Adrian Bunk (34):
linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCH
linux-atm: Replace bogus on_exit removal with musl-specific hack
ledmon: Mark as incompatible on musl instead of adding bogus patch
efivars: Drop workaround patch for host gcc < 4.7
sshfs-fuse: upgrade 2.8 -> 2.10
wv: upgrade 1.2.4 -> 1.2.9
caps: Upgrade 0.9.24 -> 0.9.26
dvb-apps: Remove dvb-fe-xc5000c-4.1.30.7.fw
schroedinger: Remove the obsolete DEPENDS on liboil
vlc: Remove workaround and patches for problems fixed upstream
Remove liboil
dnrd: Remove stale files of recipe removed 2 years ago
postfix: Upgrade 3.4.1 -> 3.4.5
pptp-linux: Upgrade 1.9.0 -> 1.10.0
dovecot: Upgrade 2.2.36 -> 2.2.36.3
postgresql: Upgrade 11.2 -> 11.3
rocksdb: Upgrade 5.18.2 -> 5.18.3
cloud9: Remove stale files of recipe removed 2 years ago
fluentbit: Upgrade 0.12.1 -> 0.12.19
libcec: Upgrade 4.0.2 -> 4.0.4
libqb: Upgrade 1.0.3 -> 1.0.5
openwsman: Upgrade 2.6.8 -> 2.6.9
glm: Upgrade 0.9.9.3 -> 0.9.9.5
fvwm: Upgrade 2.6.7 -> 2.6.8
augeas: Upgrade 1.11.0 -> 1.12.0
ccid: Upgrade 1.4.24 -> 1.4.30
daemonize: Upgrade 1.7.7 -> 1.7.8
inotify-tools: Upgrade 3.14 -> 3.20.1
liboop: Upgrade 1.0 -> 1.0.1
ode: Remove stale file of recipe removed 2 years ago
openwbem: Remove stale files of recipe removed 2 years ago
catch2: Upgrade 2.6.1 -> 2.7.2
geos: Upgrade 3.4.2 -> 3.4.3
rdfind: Upgrade 1.3.4 -> 1.4.1
Akshay Bhat (3):
python-urllib3: Set CVE_PRODUCT
python3-pillow: Set CVE_PRODUCT
python-requests: Set CVE_PRODUCT
Alistair Francis (3):
mycroft: Update the systemd service to ensure we are ready to start
mycroft: Bump from 19.2.2 to 19.2.3
python-obd: Add missing RDEPENDS
Andreas Müller (33):
gvfs: remove executable permission from systemd user services
udisks2: upgrade 2.8.1 -> 2.8.2
parole: upgrade 1.0.1 -> 1.0.2
ristretto: upgrade 0.8.3 -> 0.8.4
networkmanager: rework musl build
gvfs: remove systemd user unit executable permission adjustment
fltk: upgrade 1.3.4-2 -> 1.3.5
samba: install bundled libs into seperate packages
samba: rework localstatedir package split
fluidsynth: upgrade 2.0.4 -> 2.0.5
xfce4-vala: auto-detect vala api version
gnome-desktop3: set correct meson gtk doc option
vlc: rework qt PACKAGECONFIG
evince: add patch to fix build with recent gobject-introspection
xfce4-cpufreq-plugin: Fix memory leak and reduce CPU load
packagegroup-meta-networking: replace DISTRO_FEATURE by DISTRO_FEATURES
meta-xfce: add meta-networking to layer depends
gtksourceview4: initial add 4.2.0
gtksourceview-classic-light: extend to gtksourceview4
itstool: rework - it went out too early
fontforge: upgrade 20170731 -> 20190413
exo: upgrade 0.12.4 -> 0.12.5
xfce4-places-plugin: upgrade 1.7.0 -> 1.8.0
xfce4-datetime-plugin: upgrade 0.7.0 -> 0.7.1
xfce4-notifyd: upgrade 0.4.3 -> 0.4.4
desktop-file-utils: remove - a more recent version is in oe-core
libwnck3: upgrade 3.30.0 and move to meson build
xfce4-terminal: add vte-prompt to RRECOMMENDS
xfce4-session: get rid of machine-host
xfce4-session: remove strange entry in FILES_${PN}
libxfce4ui: Add PACKAGECONFIG 'gladeui2' for glade (gtk3) support
glade3: move to to meta-xfce
Remove me as maintainer
Andrej Valek (2):
squid: upgrade squid 3.5.28 -> 4.6
ntp: upgrade 4.2.8p12 -> 4.2.8p13
Ankit Navik (1):
libnfc: Initial recipe for Near Field Communication library.
Armin Kuster (1):
meta-filesystems: drop bitbake from README
Changqing Li (5):
gd: fix compile error caused by -Werror=maybe-uninitialized
apache2: add back patch for set perlbin
php: upgrade 7.3.2 -> 7.3.4
postgresql: fix compile error
php: correct httpd path
Chris Garren (1):
python-cryptography: Move linker flag to .inc
Denys Dmytriyenko (1):
v4l-utils: upgrade 1.16.0 -> 1.16.5
Gianfranco Costamagna (1):
cpprest: update to 2.10.13, drop 32bit build fix upstream
Hains van den Bosch (1):
libcdio: update to version 2.1.0
Hongxu Jia (1):
pmtools: use update-alternatives for acpidump
Hongzhi.Song (1):
lua: upgrade from v5.3.4 to v5.3.5
Ivan Maidanski (1):
bdwgc: upgrade 7.6.12 -> 8.0.4
Johannes Pointner (1):
samba: update to 4.8.11
Kai Kang (3):
gvfs: fix typo libexec
drbd: fix compile errors
drbd-utils: fix file conflict with base-files
Khem Raj (3):
redis: Upgrade to 4.0.14
squid: Link with libatomic on mips/ppc
cpupower: Inherit bash completion class
Leon Anavi (1):
openbox: Add python-shell as a runtime dependency
Liwei Song (1):
ledmon: control hard disk led for RAID arrays
Mark Asselstine (1):
xfconf: fix 'Failed to get connection to xfconfd' during do_rootfs
Martin Jansa (13):
ftgl: add x11 to required DISTRO_FEATURES like freeglut
libforms: add x11 to required DISTRO_FEATURES because of libx11
Revert "ell: remove recipe"
ne10: set NE10_TARGET_ARCH with an override instead of anonymous python
libopus: use armv7a, aarch64 overrides when adding ne10 dependency
esound: fix SRC_URI for multilib
opusfile: fix SRC_URI for multilib
miniupnpd: fix SRC_URI for multilib
zbar: fix SRC_URI for multilib
libvncserver: set PV in the recipe
efivar: prevent native efivar depending on target kernel
libdbi-perl: prevent native libdbi-perl depending on target perl
aufs-util: prevent native aufs-util depending on target kernel
Ming Liu (1):
libmodbus: add documentation PACKAGECONFIG
Mingli Yu (6):
indent: Upgrade to 2.2.12
hostapd: Upgrade to 2.8
hwdata: Upgrade to 0.322
rrdtool: Upgrade to 1.7.1
libdev-checklib-perl: add new recipe
libdbd-mysql-perl: Upgrade to 4.050
Nathan Rossi (1):
fatresize_1.0.2.bb: Add recipe for fatresize command line tool
Nicolas Dechesne (3):
cpupower: remove LIC_FILES_CHKSUM
bpftool: remove LIC_FILES_CHKSUM
cannelloni: move from meta-oe to meta-networking
Oleksandr Kravchuk (38):
smcroute: update to 2.4.4
phytool: update to v2
fwknop: update to 2.6.10
cifs-utils: update to 6.9
keepalived: update to 2.0.15
usbredir: update to 0.8.0
open-isns: update to 0.99
nanomsg: update to 1.1.5
stunnel: update to 5.51
babeld: update to 1.8.4
drbd-utils: update to 9.8.0
drbd: update to 9.0.17-1
macchanger: update to 1.7.0
wolfssl: update to 4.0.0
ell: remove recipe
analyze-suspend: update to 5.3
chrony: update to 3.4
nghttp2: update to 1.38
nano: update to 4.1
networkmanager-openvpn: update to 1.8.10
wpan-tools: update to 0.9
uftp: update to 4.9.9
vblade: add UPSTREAM_CHECK_URI
traceroute: add UPSTREAM_CHECK_URI
nuttcp: update to 8.2.2
nfacct: add UPSTREAM_CHECK_URI
nftables: add UPSTREAM_CHECK_URI
libnetfilter-queue: update to 1.0.3
arno-iptables-firewall: update to 2.0.3
ypbind-mt: update to 2.6
ebtables: add UPSTREAM_CHECK_URI
doxygen: replace ninja 1.9.0 fix with official one
libnetfilter-queue: fix update to 1.0.3
networkd-dispatcher: update to 2.0.1
opensaf: update to 5.19.01
libnetfilter-conntrack: update to 1.0.7
conntrack-tools: update to 1.4.5
openvpn: update to 2.4.7
Paolo Valente (1):
s-suite: push SRCREV to version 3.2
Parthiban Nallathambi (6):
python3-aiohttp: add version 3.5.4
python3-supervisor: add version 4.0.2
python3-websocket-client: add version 0.56.0
python3-tinyrecord: add version 0.1.5
python3-sentry-sdk: add version 0.7.14
python3-raven: add version 6.10.0
Pascal Bach (2):
paho-mqtt-c: 1.2.1 -> 1.3.0
thrift: update to 0.12.0
Pavel Modilaynen (1):
jsoncpp: add native BBCLASSEXTEND
Peter Kjellerstedt (2):
apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS
apache2: Correct packaging of build and doc related files
Philip Balister (1):
sip: Update to 4.19.16.
Qi.Chen@windriver.com (4):
multipath-tools: fix up patch to avoid segfault
netkit-rsh: add tag to CVE patch
ipsec-tools: fix CVE tag in patch
gd: set CVE_PRODUCT
Randy MacLeod (1):
imagemagick: update from 7.0.8-35 to 7.0.8-43
Robert Joslyn (5):
gpm: Fix gpm path in unit file
gpm: Add PID file to systemd unit file
gpm: Generate documentation
gpm: Remove duplicate definition of _GNU_SOURCE
gpm: Recipe cleanup
Sean Nyekjaer (2):
cannelloni: new package, CAN to ethernet proxy
ser2net: upgrade to version 3.5.1
Vincent Prince (1):
mongodb: Fix build with gcc
Wenlin Kang (1):
samba: add PACKAGECONFIG for libunwind
Yi Zhao (7):
python-flask-socketio: move to meta-python directory
apache2: upgrade 2.4.34 -> 2.4.39
apache-websocket: upgrade to latest git rev
netkit-rsh: security fixes
openhpi: fix failure of ptest case ohpi_035
openhpi: update openhpi-fix-testfail-errors.patch
phpmyadmin: upgrade 4.8.3 -> 4.8.5
Zang Ruochen (43):
xlsatoms: upgrade 1.1.2 -> 1.1.3
xrdb: upgrade 1.1.1 -> 1.2.0
xrefresh: upgrade 1.0.5 -> 1.0.6
xsetroot: upgrade 1.1.1 -> 1.1.2
xstdcmap: upgrade 1.0.3 -> 1.0.4
xbitmaps: upgrade 1.1.1 -> 1.1.2
wireshark: upgrade 3.0.0 -> 3.0.1
python-cffi: upgrade 1.11.5 -> 1.12.2
python-attrs: upgrade 18.1.0 -> 19.1.0
python-certifi: upgrade 2018.8.13 -> 2019.3.9
python-beabutifulsoup4: upgrade 4.6.0 -> 4.7.1
python-dateutil: upgrade 2.7.3 -> 2.8.0
python-mako: upgrade 1.0.7 -> 1.0.9
python-msgpack: upgrade 0.6.0 -> 0.6.1
python-paste: upgrade 3.0.6 -> 3.0.8
python-psutil: upgrade 5.4.6 -> 5.6.1
python-py: upgrade 1.6.0 -> 1.8.0
python-pymongo: upgrade 3.7.1 -> 3.7.2
python-pyopenssl: upgrade 18.0.0 -> 19.0.0
python-pytz: upgrade 2018.5 -> 2019.1
python-stevedore: upgrade 1.29.0 -> 1.30.1
python-pbr: upgrade 4.2.0 -> 5.1.3
python-cython: upgrade 0.28.5 -> 0.29.6
python-editor: upgrade 1.0.3 -> 1.0.4
python-jinja2: upgrade 2.10 -> 2.10.1
python-lxml: upgrade 4.3.1 -> 4.3.3
python-alembic: upgrade 1.0.0 -> 1.0.9
python-cffi: upgrade 1.12.2 -> 1.12.3
python-hyperlink: upgrade 18.0.0 -> 19.0.0
python-twisted: upgrade 18.4.0 -> 19.2.0
python-zopeinterface: upgrade 4.5.0 -> 4.6.0
python-decorator: upgrade 4.3.0 -> 4.4.0
python-pip: upgrade 18.0 -> 19.1
python-pyasn1: upgrade 0.4.4 -> 0.4.5
libnet-dns-perl: upgrade 1.19 -> 1.20
python-alembic: upgrade 1.0.9 -> 1.0.10
python-cython: upgrade 0.29.6 -> 0.29.7
python-mock: upgrade 2.0.0 -> 3.0.5
python-pbr: upgrade 5.1.3 -> 5.2.0
python-psutil: upgrade 5.6.1 -> 5.6.2
python-pymongo: upgrade 3.7.2 -> 3.8.0
python-pyperclip: upgrade 1.6.2 -> 1.7.0
python-rfc3987: upgrade 1.3.7 -> 1.3.8
leimaohui (3):
To fix confilict error with python3-pbr.
python-pycodestyle: Fix conflict error with python3-pycodestyle during do_rootfs
mozjs: Make mozjs support arm32BE.
meta-raspberrypi: 9ceb84ee9e..7059c37451:
Francesco Giancane (1):
qtbase_%.bbappend: update PACKAGECONFIG name for xkbcommon
Gianluigi Tiesi (1):
psplash: Raise alternatives priority to 200
Martin Jansa (3):
linux_raspberrypi_4.19: Update to 4.19.34
bluez5: apply the same patches and pi-bluetooth dependency for all rpi MACHINEs
userland: use default PACKAGE_ARCH
Paul Barker (3):
linux-raspberrypi: Update 4.14.y kernel
linux-raspberrypi: Switch default back to 4.14.y
linux-raspberrypi 4.9: Drop old version
meta-security: 8a1f54a246..9f5cc2a7eb:
Alexander Kanavin (1):
apparmor: fetch from git
Armin Kuster (15):
clamav runtime: add resolve.conf support
clamav: fix llvm reference version
libldb: add waf-cross-answeres
clamav: runtime fix local routing
clamav: add clamav-cvd package for cvd db
clamav-native: fix new build issue
apparmor: fix fragment for 5.0 kernel
apparmor: add a few more runtime
smack: move patch to smack dir
smack-test: add smack tests from meta-intel-iot-security
samhain: add more tests and fix ret checks
libldb: add earlier version
libseccomp: update to 2.4.1
oe-selftest: add running cve checker
smack: kernel fragment update
Yi Zhao (2):
meta-tpm/conf/layer.conf: update layer dependencies
meta-tpm/README: update
Change-Id: I9e02cb75a779f25fca84395144025410bb609dfa
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
deleted file mode 100644
index 5535a3c..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-From 044ae35c5694c39a4aca2a33502cc3897e88f79e Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/ap/ieee802_11.c | 16 +++++++++++++---
- src/ap/wpa_auth.c | 11 +++++++++++
- src/ap/wpa_auth.h | 3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h | 1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- struct ieee80211_ht_capabilities ht_cap;
- struct ieee80211_vht_capabilities vht_cap;
-+ int set = 1;
-
- /*
- * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- * FT-over-the-DS, where a station re-associates back to the same AP but
- * skips the authentication flow, or if working with a driver that
- * does not support full AP client state.
-+ *
-+ * Skip this if the STA has already completed FT reassociation and the
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for
-+ * the same key.
- */
-- if (!sta->added_unassoc)
-+ if (!sta->added_unassoc &&
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+ set = 0;
-+ }
-
- #ifdef CONFIG_IEEE80211N
- if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-- sta->added_unassoc)) {
-+ set)) {
- hostapd_logger(hapd, sta->addr,
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- "Could not %s STA to kernel driver",
-- sta->added_unassoc ? "set" : "add");
-+ set ? "set" : "add");
-
- if (sta->added_unassoc) {
- hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- break;
- #endif /* CONFIG_IEEE80211R */
-+ case WPA_DRV_STA_REMOVED:
-+ sm->tk_already_set = FALSE;
-+ return 0;
- }
-
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
-
-
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+ return 0;
-+ return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- u8 *data, size_t data_len);
- enum wpa_event {
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- return;
- }
-
-+ if (sm->tk_already_set) {
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+ * PN in the driver */
-+ wpa_printf(MSG_DEBUG,
-+ "FT: Do not re-install same PTK to the driver");
-+ return;
-+ }
-+
- /* FIX: add STA entry to kernel/driver here? The set_key will fail
- * most likely without this.. At the moment, STA entry is added only
- * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
-
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- sm->pairwise_set = TRUE;
-+ sm->tk_already_set = TRUE;
- }
-
-
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
-
- sm->pairwise = pairwise;
- sm->PTK_valid = TRUE;
-+ sm->tk_already_set = FALSE;
- wpa_ft_install_ptk(sm);
-
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- struct wpa_ptk PTK;
- Boolean PTK_valid;
- Boolean pairwise_set;
-+ Boolean tk_already_set;
- int keycount;
- Boolean Pair;
- struct wpa_key_replay_counter {
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
deleted file mode 100644
index 4e57bca..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+++ /dev/null
@@ -1,253 +0,0 @@
-From c623cc973de525f7411dffe438e957ba86ef4733 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/7] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/common/wpa_common.h | 11 +++++
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h | 4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- size_t tk_len;
- };
-
-+struct wpa_gtk {
-+ u8 gtk[WPA_GTK_MAX_LEN];
-+ size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+ u8 igtk[WPA_IGTK_MAX_LEN];
-+ size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
-
- /* WPA IE version 1
- * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
-+ /* Detect possible key reinstallation */
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+ gd->keyidx, gd->tx, gd->gtk_len);
-+ return 0;
-+ }
-+
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- return 0;
- }
-
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
-
-
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+ const struct wpa_igtk_kde *igtk)
-+{
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+ /* Detect possible key reinstallation */
-+ if (sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+ keyidx);
-+ return 0;
-+ }
-+
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+ keyidx, MAC2STR(igtk->pn));
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+ if (keyidx > 4095) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Invalid IGTK KeyID %d", keyidx);
-+ return -1;
-+ }
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+ broadcast_ether_addr,
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+ igtk->igtk, len) < 0) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Failed to configure IGTK to the driver");
-+ return -1;
-+ }
-+
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+ return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- if (ie->igtk) {
- size_t len;
- const struct wpa_igtk_kde *igtk;
-- u16 keyidx;
-+
- len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- return -1;
-+
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- keyidx = WPA_GET_LE16(igtk->keyid);
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
-- "pn %02x%02x%02x%02x%02x%02x",
-- keyidx, MAC2STR(igtk->pn));
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
-- igtk->igtk, len);
-- if (keyidx > 4095) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Invalid IGTK KeyID %d", keyidx);
-- return -1;
-- }
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igtk->pn, sizeof(igtk->pn),
-- igtk->igtk, len) < 0) {
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-- "WPA: Failed to configure IGTK to the driver");
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
- }
-
- return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
- */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
-- int clear_ptk = 1;
-+ int clear_keys = 1;
-
- if (sm == NULL)
- return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- /* Prepare for the next transition */
- wpa_ft_prepare_auth_request(sm, NULL);
-
-- clear_ptk = 0;
-+ clear_keys = 0;
- }
- #endif /* CONFIG_IEEE80211R */
-
-- if (clear_ptk) {
-+ if (clear_keys) {
- /*
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- }
-
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(sm->pmk, 0, sizeof(sm->pmk));
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
-- struct wpa_igtk_kde igd;
-- u16 keyidx;
--
-- os_memset(&igd, 0, sizeof(igd));
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
-- os_memcpy(igd.keyid, buf + 2, 2);
-- os_memcpy(igd.pn, buf + 4, 6);
--
-- keyidx = WPA_GET_LE16(igd.keyid);
-- os_memcpy(igd.igtk, buf + 10, keylen);
--
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
-- igd.igtk, keylen);
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-- broadcast_ether_addr,
-- keyidx, 0, igd.pn, sizeof(igd.pn),
-- igd.igtk, keylen) < 0) {
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
-- "WNM mode");
-- os_memset(&igd, 0, sizeof(igd));
-+ const struct wpa_igtk_kde *igtk;
-+
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- return -1;
-- }
-- os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- } else {
- wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+ struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+ struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
-
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
deleted file mode 100644
index e39bbf6..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-From a6caab8060ab60876e233306f5c586451169eba1 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/7] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h | 2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
-
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- const struct wpa_gtk_data *gd,
-- const u8 *key_rsc)
-+ const u8 *key_rsc, int wnm_sleep)
- {
- const u8 *_gtk = gd->gtk;
- u8 gtk_buf[32];
-
- /* Detect possible key reinstallation */
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- }
- os_memset(gtk_buf, 0, sizeof(gtk_buf));
-
-- sm->gtk.gtk_len = gd->gtk_len;
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ if (wnm_sleep) {
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+ sm->gtk_wnm_sleep.gtk_len);
-+ } else {
-+ sm->gtk.gtk_len = gd->gtk_len;
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+ }
-
- return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- gtk_len, gtk_len,
- &gd.key_rsc_len, &gd.alg) ||
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: Failed to install GTK");
- os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
-
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-- const struct wpa_igtk_kde *igtk)
-+ const struct wpa_igtk_kde *igtk,
-+ int wnm_sleep)
- {
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- u16 keyidx = WPA_GET_LE16(igtk->keyid);
-
- /* Detect possible key reinstallation */
-- if (sm->igtk.igtk_len == len &&
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+ if ((sm->igtk.igtk_len == len &&
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+ (sm->igtk_wnm_sleep.igtk_len == len &&
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- return -1;
- }
-
-- sm->igtk.igtk_len = len;
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ if (wnm_sleep) {
-+ sm->igtk_wnm_sleep.igtk_len = len;
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+ sm->igtk_wnm_sleep.igtk_len);
-+ } else {
-+ sm->igtk.igtk_len = len;
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+ }
-
- return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- return -1;
-
- igtk = (const struct wpa_igtk_kde *) ie->igtk;
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- return -1;
- }
-
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- key_rsc = null_rsc;
-
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- goto failed;
- os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- sm->tptk_set = 0;
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- }
-
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
-
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- gd.gtk, gd.gtk_len);
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- os_memset(&gd, 0, sizeof(gd));
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- const struct wpa_igtk_kde *igtk;
-
- igtk = (const struct wpa_igtk_kde *) (buf + 2);
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- return -1;
- #endif /* CONFIG_IEEE80211W */
- } else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- int rx_replay_counter_set;
- u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- struct wpa_gtk gtk;
-+ struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- struct wpa_igtk igtk;
-+ struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
-
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch
deleted file mode 100644
index 5103625..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From abf941647f2dc33b0b59612f525e1b292331cc9f Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/7] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c | 5 ++---
- src/rsn_supp/wpa_i.h | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- size_t kck_len;
- size_t kek_len;
- size_t tk_len;
-+ int installed; /* 1 if key has already been installed to driver */
- };
-
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- os_memset(buf, 0, sizeof(buf));
- }
- sm->tptk_set = 1;
-- sm->tk_to_set = 1;
-
- kde = sm->assoc_wpa_ie;
- kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- enum wpa_alg alg;
- const u8 *key_rsc;
-
-- if (!sm->tk_to_set) {
-+ if (sm->ptk.installed) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "WPA: Do not re-install same PTK to the driver");
- return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
-
- /* TK is not needed anymore in supplicant */
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-- sm->tk_to_set = 0;
-+ sm->ptk.installed = 1;
-
- if (sm->wpa_ptk_rekey) {
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- struct wpa_ptk ptk, tptk;
- int ptk_set, tptk_set;
- unsigned int msg_3_of_4_ok:1;
-- unsigned int tk_to_set:1;
- u8 snonce[WPA_NONCE_LEN];
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- int renew_snonce;
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
deleted file mode 100644
index b0e1df3..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 804b9d72808cddd822e7dcec4d60f40c1aceda82 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/7] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
-
-
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+ wpa_printf(MSG_ERROR,
-+ "WPA: Failed to get random data for ANonce");
-+ sm->Disconnect = TRUE;
-+ return -1;
-+ }
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+ WPA_NONCE_LEN);
-+ sm->TimeoutCtr = 0;
-+ return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- SM_ENTER(WPA_PTK, AUTHENTICATION);
- else if (sm->ReAuthenticationRequest)
- SM_ENTER(WPA_PTK, AUTHENTICATION2);
-- else if (sm->PTKRequest)
-- SM_ENTER(WPA_PTK, PTKSTART);
-- else switch (sm->wpa_ptk_state) {
-+ else if (sm->PTKRequest) {
-+ if (wpa_auth_sm_ptk_update(sm) < 0)
-+ SM_ENTER(WPA_PTK, DISCONNECTED);
-+ else
-+ SM_ENTER(WPA_PTK, PTKSTART);
-+ } else switch (sm->wpa_ptk_state) {
- case WPA_PTK_INITIALIZE:
- break;
- case WPA_PTK_DISCONNECT:
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
deleted file mode 100644
index 72c7d51..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 7fd26db2d8147ed662db192c41d7bc15752a601d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/7] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- } tpk;
- int tpk_set;
-+ int tk_set; /* TPK-TK configured to the driver */
- int tpk_success;
- int tpk_in_progress;
-
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- u8 rsc[6];
- enum wpa_alg alg;
-
-+ if (peer->tk_set) {
-+ /*
-+ * This same TPK-TK has already been configured to the driver
-+ * and this new configuration attempt (likely due to an
-+ * unexpected retransmitted frame) would result in clearing
-+ * the TX/RX sequence number which can break security, so must
-+ * not allow that to happen.
-+ */
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+ " has already been configured to the driver - do not reconfigure",
-+ MAC2STR(peer->addr));
-+ return -1;
-+ }
-+
- os_memset(rsc, 0, 6);
-
- switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- return -1;
- }
-
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+ MAC2STR(peer->addr));
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- "driver");
- return -1;
- }
-+ peer->tk_set = 1;
- return 0;
- }
-
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- peer->cipher = 0;
- peer->qos_info = 0;
- peer->wmm_capable = 0;
-- peer->tpk_set = peer->tpk_success = 0;
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- peer->chan_switch_enabled = 0;
- os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- wpa_tdls_peer_free(sm, peer);
- return -1;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- peer->inonce, WPA_NONCE_LEN);
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
-
-
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+ int i;
-+
-+ for (i = 0; i < WPA_NONCE_LEN; i++) {
-+ if (nonce[i])
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- peer->rsnie_i_len = kde.rsn_ie_len;
- peer->cipher = cipher;
-
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+ !tdls_nonce_set(peer->inonce)) {
- /*
- * There is no point in updating the RNonce for every obtained
- * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- "TDLS: Failed to get random data for responder nonce");
- goto error;
- }
-+ peer->tk_set = 0; /* A new nonce results in a new TK */
- }
-
- #if 0
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
deleted file mode 100644
index d0978c7..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From a42eb67c42f845faf266b0633d52e17f2a82f511 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 7/7] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
-
-Upstream-Status: Backport
-Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
----
- src/rsn_supp/wpa.c | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+ sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
-
- /* Keys are not needed in the WPA state machine anymore */
- wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- u16 capab;
-
- sm->ft_completed = 0;
-+ sm->ft_reassoc_completed = 0;
-
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ if (sm->ft_reassoc_completed) {
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+ return 0;
-+ }
-+
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- return -1;
- }
-
-+ sm->ft_reassoc_completed = 1;
-+
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- return -1;
-
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- size_t r0kh_id_len;
- u8 r1kh_id[FT_R1KH_ID_LEN];
- int ft_completed;
-+ int ft_reassoc_completed;
- int over_the_ds_in_progress;
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- int set_ptk_after_assoc;
---
-1.8.3.1
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch
deleted file mode 100644
index 522fc39..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-hostapd-2.6: Fix CVE-2018-14526
-
-[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
-
-wpa: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-
-Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
-CVE: CVE-2018-14526
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..6bdf923 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
-
- if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+ /*
-+ * Only decrypt the Key Data field if the frame's authenticity
-+ * was verified. When using AES-SIV (FILS), the MIC flag is not
-+ * set, so this check should only be performed if mic_len != 0
-+ * which is the case in this code branch.
-+ */
-+ if (!(key_info & WPA_KEY_INFO_MIC)) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+ goto out;
-+ }
- if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- &key_data_len))
- goto out;
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb
similarity index 64%
rename from meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
rename to meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb
index 42aae42..15884d0 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb
@@ -2,7 +2,7 @@
HOMEPAGE = "http://w1.fi/hostapd/"
SECTION = "kernel/userland"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://hostapd/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350"
+LIC_FILES_CHKSUM = "file://hostapd/README;md5=1ec986bec88070e2a59c68c95d763f89"
DEPENDS = "libnl openssl"
@@ -11,18 +11,10 @@
file://defconfig \
file://init \
file://hostapd.service \
- file://0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
- file://0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
- file://0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
- file://0004-Prevent-installation-of-an-all-zero-TK.patch \
- file://0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
- file://0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
- file://0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \
- file://hostapd-CVE-2018-14526.patch \
"
-SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7"
-SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d"
+SRC_URI[md5sum] = "ed2c254e5f400838cb9d8e7b6e43b86c"
+SRC_URI[sha256sum] = "929f522be6eeec38c53147e7bc084df028f65f148a3f7e4fa6c4c3f955cee4b0"
S = "${WORKDIR}/hostapd-${PV}"
B = "${WORKDIR}/hostapd-${PV}/hostapd"
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.2.1.bb b/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.2.1.bb
deleted file mode 100644
index a7a9b5a..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.2.1.bb
+++ /dev/null
@@ -1,35 +0,0 @@
-SUMMARY = "Paho MQTT - C libraries for the MQTT and MQTT-SN protocols"
-DESCRIPTION = "Client implementation of open and standard messaging protocols for Machine-to-Machine (M2M) and Internet of Things (IoT)."
-HOMEPAGE = "http://www.eclipse.org/paho/"
-SECTION = "console/network"
-LICENSE = "EPL-1.0 | EDL-1.0"
-
-LIC_FILES_CHKSUM = " \
- file://edl-v10;md5=3adfcc70f5aeb7a44f3f9b495aa1fbf3 \
- file://epl-v10;md5=659c8e92a40b6df1d9e3dccf5ae45a08 \
- file://notice.html;md5=a00d6f9ab542be7babc2d8b80d5d2a4c \
- file://about.html;md5=dcde438d73cf42393da9d40fabc0c9bc \
-"
-
-SRC_URI = "git://github.com/eclipse/paho.mqtt.c;protocol=http"
-
-SRCREV = "09fe0744e02f317b907e96dd5afcc02224ddbb85"
-
-DEPENDS = "openssl"
-
-S = "${WORKDIR}/git"
-
-TARGET_CC_ARCH += "${LDFLAGS}"
-
-do_install() {
- install -d ${D}${libdir}
- oe_libinstall -C build/output -so libpaho-mqtt3a ${D}${libdir}
- oe_libinstall -C build/output -so libpaho-mqtt3as ${D}${libdir}
- oe_libinstall -C build/output -so libpaho-mqtt3c ${D}${libdir}
- oe_libinstall -C build/output -so libpaho-mqtt3cs ${D}${libdir}
- install -d ${D}${includedir}
- install -m 644 src/MQTTAsync.h ${D}${includedir}
- install -m 644 src/MQTTClient.h ${D}${includedir}
- install -m 644 src/MQTTClientPersistence.h ${D}${includedir}
-}
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.0.bb
new file mode 100644
index 0000000..79a8f43
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-connectivity/paho-mqtt-c/paho-mqtt-c_1.3.0.bb
@@ -0,0 +1,28 @@
+SUMMARY = "Paho MQTT - C libraries for the MQTT and MQTT-SN protocols"
+DESCRIPTION = "Client implementation of open and standard messaging protocols for Machine-to-Machine (M2M) and Internet of Things (IoT)."
+HOMEPAGE = "http://www.eclipse.org/paho/"
+SECTION = "console/network"
+LICENSE = "EPL-1.0 | EDL-1.0"
+
+LIC_FILES_CHKSUM = " \
+ file://edl-v10;md5=3adfcc70f5aeb7a44f3f9b495aa1fbf3 \
+ file://epl-v10;md5=659c8e92a40b6df1d9e3dccf5ae45a08 \
+ file://notice.html;md5=a00d6f9ab542be7babc2d8b80d5d2a4c \
+ file://about.html;md5=dcde438d73cf42393da9d40fabc0c9bc \
+"
+
+SRC_URI = "git://github.com/eclipse/paho.mqtt.c;protocol=http"
+
+SRCREV = "9f715d0862a8e16099b5837c4e53a1bf6a6a0675"
+
+DEPENDS = "openssl"
+
+S = "${WORKDIR}/git"
+
+inherit cmake
+
+do_install_append() {
+ # paho-mqtt installes some thing that we don't want.
+ rm -rf ${D}${prefix}/samples
+ find ${D}${prefix} -maxdepth 1 -type f -delete
+}
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.bb b/meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.1.bb
similarity index 71%
rename from meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.bb
rename to meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.1.bb
index f64776c..ed8aab0 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/ser2net/ser2net_3.5.1.bb
@@ -7,8 +7,8 @@
SRC_URI = "${SOURCEFORGE_MIRROR}/project/ser2net/ser2net/ser2net-${PV}.tar.gz"
-SRC_URI[md5sum] = "e10e7c8c97e5bade5e85ce6e89bdf1f4"
-SRC_URI[sha256sum] = "ba9e1d60a89fd7ed075553b4a2074352902203f7fbd9b65b15048c05f0e3f3be"
+SRC_URI[md5sum] = "569267b37b8f507d8874f28f5334b5d2"
+SRC_URI[sha256sum] = "02f5dd0abbef5a17b80836b0de1ef0588e257106fb5e269b86822bfd001dc862"
inherit autotools pkgconfig
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-Forcibly-disable-check-for-Qt5.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-Forcibly-disable-check-for-Qt5.patch
deleted file mode 100644
index a77cd28..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-Forcibly-disable-check-for-Qt5.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From a5544d8e543436e413379422b702f6f56ac7eb8e Mon Sep 17 00:00:00 2001
-From: Philip Balister <philip@balister.org>
-Date: Tue, 12 Apr 2016 17:30:15 -0400
-Subject: [PATCH] Forcibly disable check for Qt5.
-
-Signed-off-by: Philip Balister <philip@balister.org>
-
----
- build/cmake/DefineOptions.cmake | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/build/cmake/DefineOptions.cmake b/build/cmake/DefineOptions.cmake
-index 62e240f..f8b4493 100644
---- a/build/cmake/DefineOptions.cmake
-+++ b/build/cmake/DefineOptions.cmake
-@@ -52,9 +52,6 @@ CMAKE_DEPENDENT_OPTION(WITH_LIBEVENT "Build with libevent support" ON
- find_package(Qt4 QUIET COMPONENTS QtCore QtNetwork)
- CMAKE_DEPENDENT_OPTION(WITH_QT4 "Build with Qt4 support" ON
- "QT4_FOUND" OFF)
--find_package(Qt5 QUIET COMPONENTS Core Network)
--CMAKE_DEPENDENT_OPTION(WITH_QT5 "Build with Qt5 support" ON
-- "Qt5_FOUND" OFF)
- if(${WITH_QT4} AND ${WITH_QT5} AND ${CMAKE_MAJOR_VERSION} LESS 3)
- # cmake < 3.0.0 causes conflict when building both Qt4 and Qt5
- set(WITH_QT4 OFF)
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch
deleted file mode 100644
index 182eacc..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From b8e254a2f4ba49412e541598c72159869a7770f8 Mon Sep 17 00:00:00 2001
-From: Cody P Schafer <dev@codyps.com>
-Date: Mon, 16 May 2016 15:21:10 -0400
-Subject: [PATCH] THRIFT-3828 In cmake avoid use of both quoted paths and
- SYSTEM with include_directories()
-
-This allows us to avoid issues where there are no paths to be added to
-the include path (include_directories() errors when given an empty
-string).
-
-Specifically, gcc-6 requires that libraries stop passing paths like
-'/usr/include' (or they will get libstdc++ build errors), so these paths
-will be empty more often in the future.
-
----
- lib/cpp/CMakeLists.txt | 8 ++++----
- lib/cpp/test/CMakeLists.txt | 2 +-
- test/cpp/CMakeLists.txt | 6 +++---
- tutorial/cpp/CMakeLists.txt | 2 +-
- 4 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/lib/cpp/CMakeLists.txt b/lib/cpp/CMakeLists.txt
-index 4c7caeb..a716ac3 100755
---- a/lib/cpp/CMakeLists.txt
-+++ b/lib/cpp/CMakeLists.txt
-@@ -24,7 +24,7 @@ else()
- find_package(Boost 1.53.0 REQUIRED)
- endif()
-
--include_directories(SYSTEM "${Boost_INCLUDE_DIRS}")
-+include_directories(${Boost_INCLUDE_DIRS})
- include_directories(src)
-
- # SYSLIBS contains libraries that need to be linked to all lib targets
-@@ -104,7 +104,7 @@ if(OPENSSL_FOUND AND WITH_OPENSSL)
- src/thrift/transport/TSSLSocket.cpp
- src/thrift/transport/TSSLServerSocket.cpp
- )
-- include_directories(SYSTEM "${OPENSSL_INCLUDE_DIR}")
-+ include_directories(${OPENSSL_INCLUDE_DIR})
- list(APPEND SYSLIBS "${OPENSSL_LIBRARIES}")
- endif()
-
-@@ -162,7 +162,7 @@ TARGET_LINK_LIBRARIES_THRIFT(thrift ${SYSLIBS})
-
- if(WITH_LIBEVENT)
- find_package(Libevent REQUIRED) # Libevent comes with CMake support form upstream
-- include_directories(SYSTEM ${LIBEVENT_INCLUDE_DIRS})
-+ include_directories(${LIBEVENT_INCLUDE_DIRS})
-
- ADD_LIBRARY_THRIFT(thriftnb ${thriftcppnb_SOURCES})
- TARGET_LINK_LIBRARIES_THRIFT(thriftnb ${SYSLIBS} ${LIBEVENT_LIBRARIES})
-@@ -171,7 +171,7 @@ endif()
-
- if(WITH_ZLIB)
- find_package(ZLIB REQUIRED)
-- include_directories(SYSTEM ${ZLIB_INCLUDE_DIRS})
-+ include_directories(${ZLIB_INCLUDE_DIRS})
-
- ADD_LIBRARY_THRIFT(thriftz ${thriftcppz_SOURCES})
- TARGET_LINK_LIBRARIES_THRIFT(thriftz ${SYSLIBS} ${ZLIB_LIBRARIES})
-diff --git a/lib/cpp/test/CMakeLists.txt b/lib/cpp/test/CMakeLists.txt
-index 5de9fc4..c956c38 100644
---- a/lib/cpp/test/CMakeLists.txt
-+++ b/lib/cpp/test/CMakeLists.txt
-@@ -20,7 +20,7 @@
- # Find required packages
- set(Boost_USE_STATIC_LIBS ON) # Force the use of static boost test framework
- find_package(Boost 1.53.0 REQUIRED COMPONENTS chrono filesystem system thread unit_test_framework)
--include_directories(SYSTEM "${Boost_INCLUDE_DIRS}")
-+include_directories(${Boost_INCLUDE_DIRS})
-
- #Make sure gen-cpp files can be included
- include_directories("${CMAKE_CURRENT_BINARY_DIR}")
-diff --git a/test/cpp/CMakeLists.txt b/test/cpp/CMakeLists.txt
-index 2d75f2e..b1409de 100755
---- a/test/cpp/CMakeLists.txt
-+++ b/test/cpp/CMakeLists.txt
-@@ -22,13 +22,13 @@ include(ThriftMacros)
-
- set(Boost_USE_STATIC_LIBS ON)
- find_package(Boost 1.53.0 REQUIRED COMPONENTS program_options system filesystem)
--include_directories(SYSTEM "${Boost_INCLUDE_DIRS}")
-+include_directories(${Boost_INCLUDE_DIRS})
-
- find_package(OpenSSL REQUIRED)
--include_directories(SYSTEM "${OPENSSL_INCLUDE_DIR}")
-+include_directories(${OPENSSL_INCLUDE_DIR})
-
- find_package(Libevent REQUIRED) # Libevent comes with CMake support from upstream
--include_directories(SYSTEM ${LIBEVENT_INCLUDE_DIRS})
-+include_directories(${LIBEVENT_INCLUDE_DIRS})
-
- #Make sure gen-cpp files can be included
- include_directories("${CMAKE_CURRENT_BINARY_DIR}")
-diff --git a/tutorial/cpp/CMakeLists.txt b/tutorial/cpp/CMakeLists.txt
-index 2b0c143..5ecae17 100644
---- a/tutorial/cpp/CMakeLists.txt
-+++ b/tutorial/cpp/CMakeLists.txt
-@@ -18,7 +18,7 @@
- #
-
- find_package(Boost 1.53.0 REQUIRED)
--include_directories(SYSTEM "${Boost_INCLUDE_DIRS}")
-+include_directories(${Boost_INCLUDE_DIRS})
-
- #Make sure gen-cpp files can be included
- include_directories("${CMAKE_CURRENT_BINARY_DIR}")
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch
deleted file mode 100644
index 37715c2..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 7b05a74432f08ef34d0f8743dd6438ad012e3b5e Mon Sep 17 00:00:00 2001
-From: Cody P Schafer <dev@codyps.com>
-Date: Fri, 9 Sep 2016 15:50:26 -0400
-Subject: [PATCH] THRIFT-3831 in test/cpp explicitly use `signed char`
-
-`char`'s signed-ness is implimentation dependent, and in the case where
-`char` was not signed, we previously recieved errors like
-
- thrift/0.9.3-r0/git/test/cpp/src/TestClient.cpp:404:15: error: narrowing conversion of '-127' from 'int' to 'char' inside { } [-Wnarrowing]
-
-(This example from gcc-6 on arm)
-
----
- test/cpp/src/TestClient.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/test/cpp/src/TestClient.cpp b/test/cpp/src/TestClient.cpp
-index 7c425a9..7145ebb 100644
---- a/test/cpp/src/TestClient.cpp
-+++ b/test/cpp/src/TestClient.cpp
-@@ -381,7 +381,7 @@ int main(int argc, char** argv) {
- * BINARY TEST
- */
- printf("testBinary([-128..127]) = {");
-- const char bin_data[256]
-+ const signed char bin_data[256]
- = {-128, -127, -126, -125, -124, -123, -122, -121, -120, -119, -118, -117, -116, -115, -114,
- -113, -112, -111, -110, -109, -108, -107, -106, -105, -104, -103, -102, -101, -100, -99,
- -98, -97, -96, -95, -94, -93, -92, -91, -90, -89, -88, -87, -86, -85, -84,
-@@ -402,7 +402,7 @@ int main(int argc, char** argv) {
- 127};
- try {
- string bin_result;
-- testClient.testBinary(bin_result, string(bin_data, 256));
-+ testClient.testBinary(bin_result, string(reinterpret_cast<const char *>(bin_data), 256));
- if (bin_result.size() != 256) {
- printf("}\n*** FAILED ***\n");
- printf("invalid length: %lu\n", bin_result.size());
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
deleted file mode 100644
index 500cfab..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 5f2c7e50b99d72177250c44236c41b99bfc161b5 Mon Sep 17 00:00:00 2001
-From: Andrej Valek <andrej.valek@siemens.com>
-Date: Thu, 7 Jun 2018 15:21:06 +0200
-Subject: [PATCH 4/6] %% original patch:
- 0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
-
----
- lib/cpp/src/thrift/transport/TSSLSocket.cpp | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-index 98c5326..3da9e45 100644
---- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-@@ -39,6 +39,7 @@
- #include <thrift/transport/PlatformSocket.h>
-
- #define OPENSSL_VERSION_NO_THREAD_ID 0x10000000L
-+#define OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2 0x10100000L
-
- using namespace std;
- using namespace apache::thrift::concurrency;
-@@ -143,10 +144,15 @@ SSLContext::SSLContext(const SSLProtocol& protocol) {
- ctx_ = SSL_CTX_new(SSLv3_method());
- } else if (protocol == TLSv1_0) {
- ctx_ = SSL_CTX_new(TLSv1_method());
-+#if (OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2)
- } else if (protocol == TLSv1_1) {
- ctx_ = SSL_CTX_new(TLSv1_1_method());
- } else if (protocol == TLSv1_2) {
- ctx_ = SSL_CTX_new(TLSv1_2_method());
-+#else
-+ //Support for this versions will end on 2016-12-31
-+ //https://www.openssl.org/about/releasestrat.html
-+#endif
- } else {
- /// UNKNOWN PROTOCOL!
- throw TSSLException("SSL_CTX_new: Unknown protocol");
---
-2.19.0
-
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch
deleted file mode 100644
index f4482b1..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 81f36e7174097a1f1f3e7f94a97574b2ec68577f Mon Sep 17 00:00:00 2001
-From: "James E. King, III" <jim.king@simplivity.com>
-Date: Thu, 29 Sep 2016 15:04:09 -0400
-Subject: [PATCH] THRIFT-3878: fix interop with newer OpenSSL libraries
-
----
- lib/cpp/src/thrift/transport/TSSLSocket.cpp | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-index 3da9e45..0a3a124 100644
---- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-@@ -97,7 +97,12 @@ void initializeOpenSSL() {
- SSL_library_init();
- SSL_load_error_strings();
- // static locking
-+ // newer versions of OpenSSL changed CRYPTO_num_locks - see THRIFT-3878
-+#ifdef CRYPTO_num_locks
-+ mutexes = boost::shared_array<Mutex>(new Mutex[CRYPTO_num_locks()]);
-+#else
- mutexes = boost::shared_array<Mutex>(new Mutex[ ::CRYPTO_num_locks()]);
-+#endif
- if (mutexes == NULL) {
- throw TTransportException(TTransportException::INTERNAL_ERROR,
- "initializeOpenSSL() failed, "
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch
deleted file mode 100644
index dfaa2fb..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 4cd49f470ca983369451d1141acc80fe1115cab4 Mon Sep 17 00:00:00 2001
-From: Nobuaki Sukegawa <nsuke@apache.org>
-Date: Sun, 13 Mar 2016 08:55:38 +0900
-Subject: [PATCH] THRIFT-3736 C++ library build fails if OpenSSL does not
-
- surrpot SSLv3
-
----
- lib/cpp/src/thrift/transport/TSSLSocket.cpp | 2 ++
- lib/cpp/test/SecurityTest.cpp | 8 ++++++++
- 2 files changed, 10 insertions(+)
-
-diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-index 0a3a124..3e79354 100644
---- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
-@@ -145,8 +145,10 @@ static char uppercase(char c);
- SSLContext::SSLContext(const SSLProtocol& protocol) {
- if (protocol == SSLTLS) {
- ctx_ = SSL_CTX_new(SSLv23_method());
-+#ifndef OPENSSL_NO_SSL3
- } else if (protocol == SSLv3) {
- ctx_ = SSL_CTX_new(SSLv3_method());
-+#endif
- } else if (protocol == TLSv1_0) {
- ctx_ = SSL_CTX_new(TLSv1_method());
- #if (OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2)
-diff --git a/lib/cpp/test/SecurityTest.cpp b/lib/cpp/test/SecurityTest.cpp
-index 213efd4..08110e7 100644
---- a/lib/cpp/test/SecurityTest.cpp
-+++ b/lib/cpp/test/SecurityTest.cpp
-@@ -239,6 +239,14 @@ BOOST_AUTO_TEST_CASE(ssl_security_matrix)
- continue;
- }
-
-+#ifdef OPENSSL_NO_SSL3
-+ if (si == 2 || ci == 2)
-+ {
-+ // Skip all SSLv3 cases - protocol not supported
-+ continue;
-+ }
-+#endif
-+
- boost::mutex::scoped_lock lock(mMutex);
-
- BOOST_TEST_MESSAGE(boost::format("TEST: Server = %1%, Client = %2%")
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.12.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.12.0.bb
new file mode 100644
index 0000000..1c69951
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.12.0.bb
@@ -0,0 +1,66 @@
+SUMMARY = "Apache Thrift"
+DESCRIPTION = "A software framework, for scalable cross-language services development"
+HOMEPAGE = "https://thrift.apache.org/"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=394465e125cffc0f133695ed43f14047 \
+ file://NOTICE;md5=42748ae4646b45fbfa5182807321fb6c"
+
+DEPENDS = "thrift-native boost flex-native bison-native openssl"
+
+SRC_URI = "https://www-eu.apache.org/dist/thrift//${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "3deebbb4d1ca77dd9c9e009a1ea02183"
+SRC_URI[sha256sum] = "c336099532b765a6815173f62df0ed897528a9d551837d627c1f87fadad90428"
+
+BBCLASSEXTEND = "native nativesdk"
+
+inherit pkgconfig cmake pythonnative
+
+export STAGING_INCDIR
+export STAGING_LIBDIR
+export BUILD_SYS
+export HOST_SYS
+
+EXTRA_OECMAKE = " \
+ -DENABLE_PRECOMPILED_HEADERS=OFF \
+ -DBUILD_LIBRARIES=ON \
+ -DBUILD_COMPILER=ON \
+ -DBUILD_TESTING=OFF \
+ -DBUILD_EXAMPLES=OFF \
+ -DBUILD_TUTORIALS=OFF \
+ -DWITH_CPP=ON \
+ -DWITH_JAVA=OFF \
+ -DWITH_PYTHON=OFF \
+ -DWITH_STATIC_LIB=ON \
+ -DWITH_SHARED_LIB=ON \
+ -DWITH_OPENSSL=ON \
+ -DWITH_QT4=OFF \
+ -DWITH_QT5=OFF \
+ -DWITH_BOOST_FUNCTIONAL=OFF \
+"
+
+PACKAGECONFIG ??= "libevent glib boost-smart-ptr"
+PACKAGECONFIG[libevent] = "-DWITH_LIBEVENT=ON,-DWITH_LIBEVENT=OFF,libevent"
+PACKAGECONFIG[glib] = "-DWITH_C_GLIB=ON,-DWITH_C_GLIB=OFF,glib-2.0"
+PACKAGECONFIG[boost-smart-ptr] = "-DWITH_BOOST_SMART_PTR=ON,-DWITH_BOOST_SMART_PTR=OFF,boost"
+
+do_install_append () {
+ ln -sf thrift ${D}/${bindir}/thrift-compiler
+}
+
+LEAD_SONAME = "libthrift.so.${PV}"
+
+# thrift packages
+PACKAGE_BEFORE_PN = "${PN}-compiler lib${BPN} lib${BPN}z lib${BPN}nb lib${BPN}-c-glib"
+FILES_lib${BPN} = "${libdir}/libthrift.so.*"
+FILES_lib${BPN}z = "${libdir}/libthriftz.so.*"
+FILES_lib${BPN}nb = "${libdir}/libthriftnb.so.*"
+FILES_lib${BPN}-c-glib = "${libdir}/libthrift_c_glib.so.*"
+FILES_${PN}-compiler = "${bindir}/*"
+
+# The thrift packages just pulls in some default dependencies but is otherwise empty
+RRECOMMENDS_${PN} = "${PN}-compiler lib${BPN}"
+ALLOW_EMPTY_${PN} = "1"
+RRECOMMENDS_${PN}_class-native = ""
+RRECOMMENDS_${PN}_class-nativesdk = ""
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb b/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
deleted file mode 100644
index 7ab7402..0000000
--- a/meta-openembedded/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
+++ /dev/null
@@ -1,67 +0,0 @@
-SUMMARY = "Apache Thrift"
-DESCRIPTION = "A software framework, for scalable cross-language services development"
-HOMEPAGE = "https://thrift.apache.org/"
-
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e4ed21f679b2aafef26eac82ab0c2cbf \
- file://NOTICE;md5=115f49498b66b494b0472658f2bfe80b"
-
-DEPENDS = "thrift-native boost flex-native bison-native openssl"
-
-SRC_URI = "http://mirror.switch.ch/mirror/apache/dist/thrift/${PV}/${BPN}-${PV}.tar.gz \
- file://0001-Forcibly-disable-check-for-Qt5.patch \
- file://0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch \
- file://0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch \
- file://0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch \
- file://0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch \
- file://0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch \
-"
-
-SRC_URI[md5sum] = "88d667a8ae870d5adeca8cb7d6795442"
-SRC_URI[sha256sum] = "b0740a070ac09adde04d43e852ce4c320564a292f26521c46b78e0641564969e"
-
-BBCLASSEXTEND = "native nativesdk"
-
-inherit pkgconfig cmake pythonnative
-
-export STAGING_INCDIR
-export STAGING_LIBDIR
-export BUILD_SYS
-export HOST_SYS
-
-EXTRA_OECMAKE = " \
- -DBUILD_LIBRARIES=ON \
- -DBUILD_COMPILER=ON \
- -DBUILD_TESTING=OFF \
- -DBUILD_EXAMPLES=OFF \
- -DBUILD_TUTORIALS=OFF \
- -DWITH_CPP=ON \
- -DWITH_JAVA=OFF \
- -DWITH_STATIC_LIB=ON \
- -DWITH_SHARED_LIB=ON \
- -DWITH_OPENSSL=ON \
- -DWITH_QT4=OFF \
- -DWITH_QT5=OFF \
-"
-
-PACKAGECONFIG ??= "libevent glib python"
-PACKAGECONFIG[libevent] = "-DWITH_LIBEVENT=ON,-DWITH_LIBEVENT=OFF,libevent,"
-PACKAGECONFIG[python] = "-DWITH_PYTHON=ON,-DWITH_PYTHON=OFF,python,"
-PACKAGECONFIG[glib] = "-DWITH_C_GLIB=ON,-DWITH_C_GLIB=OFF,glib-2.0 ,"
-
-do_install_append () {
- ln -sf thrift ${D}/${bindir}/thrift-compiler
-}
-
-LEAD_SONAME = "libthrift.so.${PV}"
-
-# thrift packages
-PACKAGE_BEFORE_PN = "${PN}-compiler lib${BPN}"
-FILES_lib${BPN} = "${libdir}/*.so.*"
-FILES_${PN}-compiler = "${bindir}/*"
-
-# The thrift packages just pulls in some default dependencies but is otherwise empty
-RRECOMMENDS_${PN} = "${PN}-compiler lib${BPN}"
-ALLOW_EMPTY_${PN} = "1"
-RRECOMMENDS_${PN}_class-native = ""
-RRECOMMENDS_${PN}_class-nativesdk = ""