Yocto 2.4
Move OpenBMC to Yocto 2.4(rocko)
Tested: Built and verified Witherspoon and Palmetto images
Change-Id: I12057b18610d6fb0e6903c60213690301e9b0c67
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
index faa8741..7814464 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -63,10 +63,6 @@
EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
-
-LDFLAGS_append_libc-uclibc = " -lintl"
-LDFLAGS_append_uclinux-uclibc = " -lintl"
-
do_configure_prepend() {
sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
@@ -111,7 +107,6 @@
RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
-# uclibc has no nss
RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
index 8ccef08..942607a 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
@@ -1,17 +1,18 @@
-From a59f13fab31a6e25bb03b2c2bc3aea576f857b6c Mon Sep 17 00:00:00 2001
+From 6ff255eff4fea6350b5e0462fee176fadc26fc1c Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Sun, 12 Jun 2016 18:32:49 +0300
Subject: [PATCH] configure.ac: install GtkBuilder interface files for GTK+3
too
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/130]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index aebb716..48bdf63 100644
+index 87a9a17..9860dcc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -965,7 +965,7 @@ AC_SUBST(avahi_socket)
@@ -24,5 +25,5 @@
AC_SUBST(interfacesdir)
fi
--
-2.1.4
+2.8.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
index 805cbb3..1e23c0f 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
@@ -7,15 +7,19 @@
Update context for version 9.10.3-P2.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update context for version 9.10.5-P3.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
configure.in | 23 +++--------------------
1 file changed, 3 insertions(+), 20 deletions(-)
diff --git a/configure.in b/configure.in
-index 0db826d..75819eb 100644
+index 4da73a4..6f2a754 100644
--- a/configure.in
+++ b/configure.in
-@@ -2107,26 +2107,9 @@ case "$use_libxml2" in
+@@ -2282,26 +2282,9 @@ case "$use_libxml2" in
DST_LIBXML2_INC=""
;;
auto|yes)
@@ -25,7 +29,7 @@
- libxml2_cflags=`xml2-config --cflags`
- ;;
- *)
-- if test "$use_libxml2" = "yes" ; then
+- if test "yes" = "$use_libxml2" ; then
- AC_MSG_RESULT(no)
- AC_MSG_ERROR(required libxml2 version not available)
- else
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
deleted file mode 100644
index 2149bd1..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Thu, 18 Feb 2016 12:11:27 +1100
-Subject: [PATCH] 4318. [security] Malformed control messages can
- trigger assertions in named and rndc. (CVE-2016-1285)
- [RT #41666]
-
-(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
-
-CVE: CVE-2016-1285
-Upstream-Status: Backport
-[Removed doc/arm/notes.xml changes from upstream patch]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- CHANGES | 3 +++
- bin/named/control.c | 2 +-
- bin/named/controlconf.c | 2 +-
- bin/rndc/rndc.c | 8 ++++----
- doc/arm/notes.xml | 11 +++++++++++
- lib/isccc/cc.c | 14 +++++++-------
- 6 files changed, 27 insertions(+), 13 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index b9bd9ef..2c727d5 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,6 @@
-+4318. [security] Malformed control messages can trigger assertions
-+ in named and rndc. (CVE-2016-1285) [RT #41666]
-+
- --- 9.10.3-P3 released ---
-
- 4288. [bug] Fixed a regression in resolver.c:possibly_mark()
-diff --git a/bin/named/control.c b/bin/named/control.c
-index 8554335..81340ca 100644
---- a/bin/named/control.c
-+++ b/bin/named/control.c
-@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
- #endif
-
- data = isccc_alist_lookup(message, "_data");
-- if (data == NULL) {
-+ if (!isccc_alist_alistp(data)) {
- /*
- * No data section.
- */
-diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
-index 765afdd..a39ab8b 100644
---- a/bin/named/controlconf.c
-+++ b/bin/named/controlconf.c
-@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
- * Limit exposure to replay attacks.
- */
- _ctrl = isccc_alist_lookup(request, "_ctrl");
-- if (_ctrl == NULL) {
-+ if (!isccc_alist_alistp(_ctrl)) {
- log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup_request;
- }
-diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
-index cb17050..b6e05c8 100644
---- a/bin/rndc/rndc.c
-+++ b/bin/rndc/rndc.c
-@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
- isccc_cc_fromwire(&source, &response, algorithm, &secret));
-
- data = isccc_alist_lookup(response, "_data");
-- if (data == NULL)
-- fatal("no data section in response");
-+ if (!isccc_alist_alistp(data))
-+ fatal("bad or missing data section in response");
- result = isccc_cc_lookupstring(data, "err", &errormsg);
- if (result == ISC_R_SUCCESS) {
- failed = ISC_TRUE;
-@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
- isccc_cc_fromwire(&source, &response, algorithm, &secret));
-
- _ctrl = isccc_alist_lookup(response, "_ctrl");
-- if (_ctrl == NULL)
-- fatal("_ctrl section missing");
-+ if (!isccc_alist_alistp(_ctrl))
-+ fatal("bad or missing ctrl section in response");
- nonce = 0;
- if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
- nonce = 0;
-diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
-index 47a3b74..2bb961e 100644
---- a/lib/isccc/cc.c
-+++ b/lib/isccc/cc.c
-@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
- * Extract digest.
- */
- _auth = isccc_alist_lookup(alist, "_auth");
-- if (_auth == NULL)
-+ if (!isccc_alist_alistp(_auth))
- return (ISC_R_FAILURE);
- if (algorithm == ISCCC_ALG_HMACMD5)
- hmac = isccc_alist_lookup(_auth, "hmd5");
- else
- hmac = isccc_alist_lookup(_auth, "hsha");
-- if (hmac == NULL)
-+ if (!isccc_sexpr_binaryp(hmac))
- return (ISC_R_FAILURE);
- /*
- * Compute digest.
-@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
- REQUIRE(ackp != NULL && *ackp == NULL);
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) ||
- isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
-@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL)
-+ if (!isccc_alist_alistp(_ctrl))
- return (ISC_FALSE);
- if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
- return (ISC_TRUE);
-@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL)
-+ if (!isccc_alist_alistp(_ctrl))
- return (ISC_FALSE);
- if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
- return (ISC_TRUE);
-@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
- _data = isccc_alist_lookup(message, "_data");
-- if (_ctrl == NULL || _data == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
- isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
-@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
- isccc_sexpr_t *_ctrl;
-
- _ctrl = isccc_alist_lookup(message, "_ctrl");
-- if (_ctrl == NULL ||
-+ if (!isccc_alist_alistp(_ctrl) ||
- isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
- isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
- return (ISC_R_FAILURE);
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
deleted file mode 100644
index ae5cc48..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
-From: Mukund Sivaraman <muks@isc.org>
-Date: Mon, 22 Feb 2016 12:22:43 +0530
-Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
- (CVE-2016-1286) (#41753)
-
-(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
-
-CVE: CVE-2016-1286
-Upstream-Status: Backport
-
-[Removed doc/arm/notes.xml changes from upstream patch.]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
-diff -ruN a/CHANGES b/CHANGES
---- a/CHANGES 2016-04-13 07:28:44.940873629 +0200
-+++ b/CHANGES 2016-04-13 07:38:38.923167851 +0200
-@@ -1,3 +1,7 @@
-+4319. [security] Fix resolver assertion failure due to improper
-+ DNAME handling when parsing fetch reply messages.
-+ (CVE-2016-1286) [RT #41753]
-+
- 4318. [security] Malformed control messages can trigger assertions
- in named and rndc. (CVE-2016-1285) [RT #41666]
-
-diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
---- a/lib/dns/resolver.c 2016-04-13 07:28:43.088953790 +0200
-+++ b/lib/dns/resolver.c 2016-04-13 07:38:20.411968925 +0200
-@@ -6967,21 +6967,26 @@
- isc_boolean_t found_dname = ISC_FALSE;
- dns_name_t *dname_name;
-
-+ /*
-+ * Only pass DNAME or RRSIG(DNAME).
-+ */
-+ if (rdataset->type != dns_rdatatype_dname &&
-+ (rdataset->type != dns_rdatatype_rrsig ||
-+ rdataset->covers != dns_rdatatype_dname))
-+ continue;
-+
-+ /*
-+ * If we're not chaining, then the DNAME and
-+ * its signature should not be external.
-+ */
-+ if (!chaining && external) {
-+ log_formerr(fctx, "external DNAME");
-+ return (DNS_R_FORMERR);
-+ }
-+
- found = ISC_FALSE;
- aflag = 0;
- if (rdataset->type == dns_rdatatype_dname) {
-- /*
-- * We're looking for something else,
-- * but we found a DNAME.
-- *
-- * If we're not chaining, then the
-- * DNAME should not be external.
-- */
-- if (!chaining && external) {
-- log_formerr(fctx,
-- "external DNAME");
-- return (DNS_R_FORMERR);
-- }
- found = ISC_TRUE;
- want_chaining = ISC_TRUE;
- POST(want_chaining);
-@@ -7010,9 +7015,7 @@
- &fctx->domain)) {
- return (DNS_R_SERVFAIL);
- }
-- } else if (rdataset->type == dns_rdatatype_rrsig
-- && rdataset->covers ==
-- dns_rdatatype_dname) {
-+ } else {
- /*
- * We've found a signature that
- * covers the DNAME.
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
deleted file mode 100644
index 5f5cb0d..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
+++ /dev/null
@@ -1,317 +0,0 @@
-From 7602be276a73a6eb5431c5acd9718e68a55e8b61 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Mon, 29 Feb 2016 07:16:48 +1100
-Subject: [PATCH] Part 2 of: 4319. [security] Fix resolver assertion
- failure due to improper DNAME handling when parsing
- fetch reply messages. (CVE-2016-1286) [RT #41753]
-
-CVE: CVE-2016-1286
-Upstream-Status: Backport
-
-(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
- 1 file changed, 93 insertions(+), 99 deletions(-)
-
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 70aba87..41e9df4 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6074,14 +6074,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
- }
-
- static inline isc_result_t
--dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
-- dns_name_t *oname, dns_fixedname_t *fixeddname)
-+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
-+ unsigned int nlabels, dns_fixedname_t *fixeddname)
- {
- isc_result_t result;
- dns_rdata_t rdata = DNS_RDATA_INIT;
-- unsigned int nlabels;
-- int order;
-- dns_namereln_t namereln;
- dns_rdata_dname_t dname;
- dns_fixedname_t prefix;
-
-@@ -6096,21 +6093,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
- if (result != ISC_R_SUCCESS)
- return (result);
-
-- /*
-- * Get the prefix of qname.
-- */
-- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
-- if (namereln != dns_namereln_subdomain) {
-- char qbuf[DNS_NAME_FORMATSIZE];
-- char obuf[DNS_NAME_FORMATSIZE];
--
-- dns_rdata_freestruct(&dname);
-- dns_name_format(qname, qbuf, sizeof(qbuf));
-- dns_name_format(oname, obuf, sizeof(obuf));
-- log_formerr(fctx, "unrelated DNAME in answer: "
-- "%s is not in %s", qbuf, obuf);
-- return (DNS_R_FORMERR);
-- }
- dns_fixedname_init(&prefix);
- dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
- dns_fixedname_init(fixeddname);
-@@ -6736,13 +6718,13 @@ static isc_result_t
- answer_response(fetchctx_t *fctx) {
- isc_result_t result;
- dns_message_t *message;
-- dns_name_t *name, *qname, tname, *ns_name;
-+ dns_name_t *name, *dname, *qname, tname, *ns_name;
- dns_rdataset_t *rdataset, *ns_rdataset;
- isc_boolean_t done, external, chaining, aa, found, want_chaining;
- isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
- unsigned int aflag;
- dns_rdatatype_t type;
-- dns_fixedname_t dname, fqname;
-+ dns_fixedname_t fdname, fqname;
- dns_view_t *view;
-
- FCTXTRACE("answer_response");
-@@ -6770,10 +6752,15 @@ answer_response(fetchctx_t *fctx) {
- view = fctx->res->view;
- result = dns_message_firstname(message, DNS_SECTION_ANSWER);
- while (!done && result == ISC_R_SUCCESS) {
-+ dns_namereln_t namereln;
-+ int order;
-+ unsigned int nlabels;
-+
- name = NULL;
- dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
- external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
-- if (dns_name_equal(name, qname)) {
-+ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
-+ if (namereln == dns_namereln_equal) {
- wanted_chaining = ISC_FALSE;
- for (rdataset = ISC_LIST_HEAD(name->list);
- rdataset != NULL;
-@@ -6898,10 +6885,11 @@ answer_response(fetchctx_t *fctx) {
- */
- INSIST(!external);
- if (aflag ==
-- DNS_RDATASETATTR_ANSWER)
-+ DNS_RDATASETATTR_ANSWER) {
- have_answer = ISC_TRUE;
-- name->attributes |=
-- DNS_NAMEATTR_ANSWER;
-+ name->attributes |=
-+ DNS_NAMEATTR_ANSWER;
-+ }
- rdataset->attributes |= aflag;
- if (aa)
- rdataset->trust =
-@@ -6956,6 +6944,8 @@ answer_response(fetchctx_t *fctx) {
- if (wanted_chaining)
- chaining = ISC_TRUE;
- } else {
-+ dns_rdataset_t *dnameset = NULL;
-+
- /*
- * Look for a DNAME (or its SIG). Anything else is
- * ignored.
-@@ -6963,10 +6953,8 @@ answer_response(fetchctx_t *fctx) {
- wanted_chaining = ISC_FALSE;
- for (rdataset = ISC_LIST_HEAD(name->list);
- rdataset != NULL;
-- rdataset = ISC_LIST_NEXT(rdataset, link)) {
-- isc_boolean_t found_dname = ISC_FALSE;
-- dns_name_t *dname_name;
--
-+ rdataset = ISC_LIST_NEXT(rdataset, link))
-+ {
- /*
- * Only pass DNAME or RRSIG(DNAME).
- */
-@@ -6980,20 +6968,41 @@ answer_response(fetchctx_t *fctx) {
- * its signature should not be external.
- */
- if (!chaining && external) {
-- log_formerr(fctx, "external DNAME");
-+ char qbuf[DNS_NAME_FORMATSIZE];
-+ char obuf[DNS_NAME_FORMATSIZE];
-+
-+ dns_name_format(name, qbuf,
-+ sizeof(qbuf));
-+ dns_name_format(&fctx->domain, obuf,
-+ sizeof(obuf));
-+ log_formerr(fctx, "external DNAME or "
-+ "RRSIG covering DNAME "
-+ "in answer: %s is "
-+ "not in %s", qbuf, obuf);
-+ return (DNS_R_FORMERR);
-+ }
-+
-+ if (namereln != dns_namereln_subdomain) {
-+ char qbuf[DNS_NAME_FORMATSIZE];
-+ char obuf[DNS_NAME_FORMATSIZE];
-+
-+ dns_name_format(qname, qbuf,
-+ sizeof(qbuf));
-+ dns_name_format(name, obuf,
-+ sizeof(obuf));
-+ log_formerr(fctx, "unrelated DNAME "
-+ "in answer: %s is "
-+ "not in %s", qbuf, obuf);
- return (DNS_R_FORMERR);
- }
-
-- found = ISC_FALSE;
- aflag = 0;
- if (rdataset->type == dns_rdatatype_dname) {
-- found = ISC_TRUE;
- want_chaining = ISC_TRUE;
- POST(want_chaining);
- aflag = DNS_RDATASETATTR_ANSWER;
-- result = dname_target(fctx, rdataset,
-- qname, name,
-- &dname);
-+ result = dname_target(rdataset, qname,
-+ nlabels, &fdname);
- if (result == ISC_R_NOSPACE) {
- /*
- * We can't construct the
-@@ -7005,14 +7014,12 @@ answer_response(fetchctx_t *fctx) {
- } else if (result != ISC_R_SUCCESS)
- return (result);
- else
-- found_dname = ISC_TRUE;
-+ dnameset = rdataset;
-
-- dname_name = dns_fixedname_name(&dname);
-+ dname = dns_fixedname_name(&fdname);
- if (!is_answertarget_allowed(view,
-- qname,
-- rdataset->type,
-- dname_name,
-- &fctx->domain)) {
-+ qname, rdataset->type,
-+ dname, &fctx->domain)) {
- return (DNS_R_SERVFAIL);
- }
- } else {
-@@ -7020,73 +7027,60 @@ answer_response(fetchctx_t *fctx) {
- * We've found a signature that
- * covers the DNAME.
- */
-- found = ISC_TRUE;
- aflag = DNS_RDATASETATTR_ANSWERSIG;
- }
-
-- if (found) {
-+ /*
-+ * We've found an answer to our
-+ * question.
-+ */
-+ name->attributes |= DNS_NAMEATTR_CACHE;
-+ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
-+ rdataset->trust = dns_trust_answer;
-+ if (!chaining) {
- /*
-- * We've found an answer to our
-- * question.
-+ * This data is "the" answer to
-+ * our question only if we're
-+ * not chaining.
- */
-- name->attributes |=
-- DNS_NAMEATTR_CACHE;
-- rdataset->attributes |=
-- DNS_RDATASETATTR_CACHE;
-- rdataset->trust = dns_trust_answer;
-- if (!chaining) {
-- /*
-- * This data is "the" answer
-- * to our question only if
-- * we're not chaining.
-- */
-- INSIST(!external);
-- if (aflag ==
-- DNS_RDATASETATTR_ANSWER)
-- have_answer = ISC_TRUE;
-+ INSIST(!external);
-+ if (aflag == DNS_RDATASETATTR_ANSWER) {
-+ have_answer = ISC_TRUE;
- name->attributes |=
- DNS_NAMEATTR_ANSWER;
-- rdataset->attributes |= aflag;
-- if (aa)
-- rdataset->trust =
-- dns_trust_authanswer;
-- } else if (external) {
-- rdataset->attributes |=
-- DNS_RDATASETATTR_EXTERNAL;
-- }
--
-- /*
-- * DNAME chaining.
-- */
-- if (found_dname) {
-- /*
-- * Copy the dname into the
-- * qname fixed name.
-- *
-- * Although we check for
-- * failure of the copy
-- * operation, in practice it
-- * should never fail since
-- * we already know that the
-- * result fits in a fixedname.
-- */
-- dns_fixedname_init(&fqname);
-- result = dns_name_copy(
-- dns_fixedname_name(&dname),
-- dns_fixedname_name(&fqname),
-- NULL);
-- if (result != ISC_R_SUCCESS)
-- return (result);
-- wanted_chaining = ISC_TRUE;
-- name->attributes |=
-- DNS_NAMEATTR_CHAINING;
-- rdataset->attributes |=
-- DNS_RDATASETATTR_CHAINING;
-- qname = dns_fixedname_name(
-- &fqname);
- }
-+ rdataset->attributes |= aflag;
-+ if (aa)
-+ rdataset->trust =
-+ dns_trust_authanswer;
-+ } else if (external) {
-+ rdataset->attributes |=
-+ DNS_RDATASETATTR_EXTERNAL;
- }
- }
-+
-+ /*
-+ * DNAME chaining.
-+ */
-+ if (dnameset != NULL) {
-+ /*
-+ * Copy the dname into the qname fixed name.
-+ *
-+ * Although we check for failure of the copy
-+ * operation, in practice it should never fail
-+ * since we already know that the result fits
-+ * in a fixedname.
-+ */
-+ dns_fixedname_init(&fqname);
-+ qname = dns_fixedname_name(&fqname);
-+ result = dns_name_copy(dname, qname, NULL);
-+ if (result != ISC_R_SUCCESS)
-+ return (result);
-+ wanted_chaining = ISC_TRUE;
-+ name->attributes |= DNS_NAMEATTR_CHAINING;
-+ dnameset->attributes |=
-+ DNS_RDATASETATTR_CHAINING;
-+ }
- if (wanted_chaining)
- chaining = ISC_TRUE;
- }
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
deleted file mode 100644
index 1b84d46..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-CVE-2016-2088
-
-Backport commit d7ff9a1c41bf0ba9773cb3adb08b48b9fd57c956 from the
-v9_10_3_patch branch.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088
-https://kb.isc.org/article/AA-01351
-
-CVE: CVE-2016-2088
-Upstream-Status: Backport
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
-
-Original commit message from Mark Andrews <marka@isc.org> below:
-
-4322. [security] Duplicate EDNS COOKIE options in a response could
- trigger an assertion failure. (CVE-2016-2088)
- [RT #41809]
-
-(cherry picked from commit 455c0848f80a8acda27aad1466c72987cafaa029)
-(cherry picked from commit 7cd300abd6ee8b8ee8730593daf742ba53f90bc3)
----
- CHANGES | 4 ++++
- bin/dig/dighost.c | 9 +++++++++
- bin/named/client.c | 33 +++++++++++++++++++++++----------
- doc/arm/notes.xml | 7 +++++++
- lib/dns/resolver.c | 14 +++++++++++++-
- 5 files changed, 56 insertions(+), 11 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index c5b5d2b..d2e3360 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,7 @@
-+4322. [security] Duplicate EDNS COOKIE options in a response could
-+ trigger an assertion failure. (CVE-2016-2088)
-+ [RT #41809]
-+
- 4319. [security] Fix resolver assertion failure due to improper
- DNAME handling when parsing fetch reply messages.
- (CVE-2016-1286) [RT #41753]
-diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
-index ca82f8e..340904f 100644
---- a/bin/dig/dighost.c
-+++ b/bin/dig/dighost.c
-@@ -3458,6 +3458,7 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) {
- isc_buffer_t optbuf;
- isc_uint16_t optcode, optlen;
- dns_rdataset_t *opt = msg->opt;
-+ isc_boolean_t seen_cookie = ISC_FALSE;
-
- result = dns_rdataset_first(opt);
- if (result == ISC_R_SUCCESS) {
-@@ -3470,7 +3471,15 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) {
- optlen = isc_buffer_getuint16(&optbuf);
- switch (optcode) {
- case DNS_OPT_COOKIE:
-+ /*
-+ * Only process the first cookie option.
-+ */
-+ if (seen_cookie) {
-+ isc_buffer_forward(&optbuf, optlen);
-+ break;
-+ }
- process_sit(l, msg, &optbuf, optlen);
-+ seen_cookie = ISC_TRUE;
- break;
- default:
- isc_buffer_forward(&optbuf, optlen);
-diff --git a/bin/named/client.c b/bin/named/client.c
-index 683305c..0d7331a 100644
---- a/bin/named/client.c
-+++ b/bin/named/client.c
-@@ -120,7 +120,10 @@
- */
- #endif
-
--#define SIT_SIZE 24U /* 8 + 4 + 4 + 8 */
-+#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
-+
-+#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0)
-+#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
-
- /*% nameserver client manager structure */
- struct ns_clientmgr {
-@@ -1395,7 +1398,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
- {
- char nsid[BUFSIZ], *nsidp;
- #ifdef ISC_PLATFORM_USESIT
-- unsigned char sit[SIT_SIZE];
-+ unsigned char sit[COOKIE_SIZE];
- #endif
- isc_result_t result;
- dns_view_t *view;
-@@ -1420,7 +1423,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
- flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
-
- /* Set EDNS options if applicable */
-- if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 &&
-+ if (WANTNSID(client) &&
- (ns_g_server->server_id != NULL ||
- ns_g_server->server_usehostname)) {
- if (ns_g_server->server_usehostname) {
-@@ -1453,7 +1456,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
-
- INSIST(count < DNS_EDNSOPTIONS);
- ednsopts[count].code = DNS_OPT_COOKIE;
-- ednsopts[count].length = SIT_SIZE;
-+ ednsopts[count].length = COOKIE_SIZE;
- ednsopts[count].value = sit;
- count++;
- }
-@@ -1661,19 +1664,26 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
-
- static void
- process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
-- unsigned char dbuf[SIT_SIZE];
-+ unsigned char dbuf[COOKIE_SIZE];
- unsigned char *old;
- isc_stdtime_t now;
- isc_uint32_t when;
- isc_uint32_t nonce;
- isc_buffer_t db;
-
-+ /*
-+ * If we have already seen a ECS option skip this ECS option.
-+ */
-+ if ((client->attributes & NS_CLIENTATTR_WANTSIT) != 0) {
-+ isc_buffer_forward(buf, optlen);
-+ return;
-+ }
- client->attributes |= NS_CLIENTATTR_WANTSIT;
-
- isc_stats_increment(ns_g_server->nsstats,
- dns_nsstatscounter_sitopt);
-
-- if (optlen != SIT_SIZE) {
-+ if (optlen != COOKIE_SIZE) {
- /*
- * Not our token.
- */
-@@ -1717,14 +1727,13 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
- isc_buffer_init(&db, dbuf, sizeof(dbuf));
- compute_sit(client, when, nonce, &db);
-
-- if (!isc_safe_memequal(old, dbuf, SIT_SIZE)) {
-+ if (!isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
- isc_stats_increment(ns_g_server->nsstats,
- dns_nsstatscounter_sitnomatch);
- return;
- }
- isc_stats_increment(ns_g_server->nsstats,
- dns_nsstatscounter_sitmatch);
--
- client->attributes |= NS_CLIENTATTR_HAVESIT;
- }
- #endif
-@@ -1783,7 +1792,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
- optlen = isc_buffer_getuint16(&optbuf);
- switch (optcode) {
- case DNS_OPT_NSID:
-- isc_stats_increment(ns_g_server->nsstats,
-+ if (!WANTNSID(client))
-+ isc_stats_increment(
-+ ns_g_server->nsstats,
- dns_nsstatscounter_nsidopt);
- client->attributes |= NS_CLIENTATTR_WANTNSID;
- isc_buffer_forward(&optbuf, optlen);
-@@ -1794,7 +1805,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
- break;
- #endif
- case DNS_OPT_EXPIRE:
-- isc_stats_increment(ns_g_server->nsstats,
-+ if (!WANTEXPIRE(client))
-+ isc_stats_increment(
-+ ns_g_server->nsstats,
- dns_nsstatscounter_expireopt);
- client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
- isc_buffer_forward(&optbuf, optlen);
-diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
-index ebf4f55..095eb5b 100644
---- a/doc/arm/notes.xml
-+++ b/doc/arm/notes.xml
-@@ -51,6 +51,13 @@
- <title>Security Fixes</title>
- <itemizedlist>
- <listitem>
-+ <para>
-+ Duplicate EDNS COOKIE options in a response could trigger
-+ an assertion failure. This flaw is disclosed in CVE-2016-2088.
-+ [RT #41809]
-+ </para>
-+ </listitem>
-+ <listitem>
- <para>
- Specific APL data could trigger an INSIST. This flaw
- was discovered by Brian Mitchell and is disclosed in
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index a797e3f..ba1ae23 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -7502,7 +7502,9 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- unsigned char *sit;
- dns_adbaddrinfo_t *addrinfo;
- unsigned char cookie[8];
-+ isc_boolean_t seen_cookie = ISC_FALSE;
- #endif
-+ isc_boolean_t seen_nsid = ISC_FALSE;
-
- result = dns_rdataset_first(opt);
- if (result == ISC_R_SUCCESS) {
-@@ -7516,14 +7518,23 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- INSIST(optlen <= isc_buffer_remaininglength(&optbuf));
- switch (optcode) {
- case DNS_OPT_NSID:
-- if (query->options & DNS_FETCHOPT_WANTNSID)
-+ if (!seen_nsid &&
-+ query->options & DNS_FETCHOPT_WANTNSID)
- log_nsid(&optbuf, optlen, query,
- ISC_LOG_DEBUG(3),
- query->fctx->res->mctx);
- isc_buffer_forward(&optbuf, optlen);
-+ seen_nsid = ISC_TRUE;
- break;
- #ifdef ISC_PLATFORM_USESIT
- case DNS_OPT_COOKIE:
-+ /*
-+ * Only process the first cookie option.
-+ */
-+ if (seen_cookie) {
-+ isc_buffer_forward(&optbuf, optlen);
-+ break;
-+ }
- sit = isc_buffer_current(&optbuf);
- compute_cc(query, cookie, sizeof(cookie));
- INSIST(query->fctx->rmessage->sitbad == 0 &&
-@@ -7541,6 +7552,7 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- isc_buffer_forward(&optbuf, optlen);
- inc_stats(query->fctx->res,
- dns_resstatscounter_sitin);
-+ seen_cookie = ISC_TRUE;
- break;
- #endif
- default:
---
-2.1.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
deleted file mode 100644
index 5393063..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 9d8aba8a7778721ae2cee6e4670a8e6be6590b05 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Wed, 12 Oct 2016 19:52:59 +0900
-Subject: [PATCH]
-4406. [security] getrrsetbyname with a non absolute name could
- trigger an infinite recursion bug in lwresd
- and named with lwres configured if when combined
- with a search list entry the resulting name is
- too long. (CVE-2016-2775) [RT #42694]
-
-Backport commit 38cc2d14e218e536e0102fa70deef99461354232 from the
-v9.11.0_patch branch.
-
-CVE: CVE-2016-2775
-Upstream-Status: Backport
-
-Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
-
----
- CHANGES | 6 ++++++
- bin/named/lwdgrbn.c | 16 ++++++++++------
- bin/tests/system/lwresd/lwtest.c | 9 ++++++++-
- 3 files changed, 24 insertions(+), 7 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index d2e3360..d0a9d12 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,9 @@
-+4406. [security] getrrsetbyname with a non absolute name could
-+ trigger an infinite recursion bug in lwresd
-+ and named with lwres configured if when combined
-+ with a search list entry the resulting name is
-+ too long. (CVE-2016-2775) [RT #42694]
-+
- 4322. [security] Duplicate EDNS COOKIE options in a response could
- trigger an assertion failure. (CVE-2016-2088)
- [RT #41809]
-diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
-index 3e7b15b..e1e9adc 100644
---- a/bin/named/lwdgrbn.c
-+++ b/bin/named/lwdgrbn.c
-@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) {
- INSIST(client->lookup == NULL);
-
- dns_fixedname_init(&absname);
-- result = ns_lwsearchctx_current(&client->searchctx,
-- dns_fixedname_name(&absname));
-+
- /*
-- * This will return failure if relative name + suffix is too long.
-- * In this case, just go on to the next entry in the search path.
-+ * Perform search across all search domains until success
-+ * is returned. Return in case of failure.
- */
-- if (result != ISC_R_SUCCESS)
-- start_lookup(client);
-+ while (ns_lwsearchctx_current(&client->searchctx,
-+ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) {
-+ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) {
-+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
-+ return;
-+ }
-+ }
-
- result = dns_lookup_create(cm->mctx,
- dns_fixedname_name(&absname),
-diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c
-index ad9b551..3eb4a66 100644
---- a/bin/tests/system/lwresd/lwtest.c
-+++ b/bin/tests/system/lwresd/lwtest.c
-@@ -768,7 +768,14 @@ main(void) {
- test_getrrsetbyname("e.example1.", 1, 2, 1, 1, 1);
- test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1);
- test_getrrsetbyname("", 1, 1, 0, 0, 0);
--
-+ test_getrrsetbyname("123456789.123456789.123456789.123456789."
-+ "123456789.123456789.123456789.123456789."
-+ "123456789.123456789.123456789.123456789."
-+ "123456789.123456789.123456789.123456789."
-+ "123456789.123456789.123456789.123456789."
-+ "123456789.123456789.123456789.123456789."
-+ "123456789", 1, 1, 0, 0, 0);
-+
- if (fails == 0)
- printf("I:ok\n");
- return (fails);
---
-2.7.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
deleted file mode 100644
index 738bf60..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 1171111657081970585f9f0e03b476358c33a6c0 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Wed, 12 Oct 2016 20:36:52 +0900
-Subject: [PATCH]
-4467. [security] It was possible to trigger an assertion when
- rendering a message. (CVE-2016-2776) [RT #43139]
-
-Backport commit 2bd0922cf995b9ac205fc83baf7e220b95c6bf12 from the
-v9.11.0_patch branch.
-
-CVE: CVE-2016-2776
-Upstream-Status: Backport
-
-Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
-
----
- CHANGES | 3 +++
- lib/dns/message.c | 42 +++++++++++++++++++++++++++++++-----------
- 2 files changed, 34 insertions(+), 11 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index d0a9d12..5c8c61a 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,6 @@
-+4467. [security] It was possible to trigger an assertion when
-+ rendering a message. (CVE-2016-2776) [RT #43139]
-+
- 4406. [security] getrrsetbyname with a non absolute name could
- trigger an infinite recursion bug in lwresd
- and named with lwres configured if when combined
-diff --git a/lib/dns/message.c b/lib/dns/message.c
-index 6b5b4bb..b74dc81 100644
---- a/lib/dns/message.c
-+++ b/lib/dns/message.c
-@@ -1754,7 +1754,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx,
- if (r.length < DNS_MESSAGE_HEADERLEN)
- return (ISC_R_NOSPACE);
-
-- if (r.length < msg->reserved)
-+ if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved)
- return (ISC_R_NOSPACE);
-
- /*
-@@ -1895,8 +1895,29 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options,
-
- return (ISC_TRUE);
- }
--
- #endif
-+
-+static isc_result_t
-+renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name,
-+ dns_compress_t *cctx, isc_buffer_t *target,
-+ unsigned int reserved, unsigned int options, unsigned int *countp)
-+{
-+ isc_result_t result;
-+
-+ /*
-+ * Shrink the space in the buffer by the reserved amount.
-+ */
-+ if (target->length - target->used < reserved)
-+ return (ISC_R_NOSPACE);
-+
-+ target->length -= reserved;
-+ result = dns_rdataset_towire(rdataset, owner_name,
-+ cctx, target, options, countp);
-+ target->length += reserved;
-+
-+ return (result);
-+}
-+
- isc_result_t
- dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
- unsigned int options)
-@@ -1939,6 +1960,8 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
- /*
- * Shrink the space in the buffer by the reserved amount.
- */
-+ if (msg->buffer->length - msg->buffer->used < msg->reserved)
-+ return (ISC_R_NOSPACE);
- msg->buffer->length -= msg->reserved;
-
- total = 0;
-@@ -2214,9 +2237,8 @@ dns_message_renderend(dns_message_t *msg) {
- * Render.
- */
- count = 0;
-- result = dns_rdataset_towire(msg->opt, dns_rootname,
-- msg->cctx, msg->buffer, 0,
-- &count);
-+ result = renderset(msg->opt, dns_rootname, msg->cctx,
-+ msg->buffer, msg->reserved, 0, &count);
- msg->counts[DNS_SECTION_ADDITIONAL] += count;
- if (result != ISC_R_SUCCESS)
- return (result);
-@@ -2232,9 +2254,8 @@ dns_message_renderend(dns_message_t *msg) {
- if (result != ISC_R_SUCCESS)
- return (result);
- count = 0;
-- result = dns_rdataset_towire(msg->tsig, msg->tsigname,
-- msg->cctx, msg->buffer, 0,
-- &count);
-+ result = renderset(msg->tsig, msg->tsigname, msg->cctx,
-+ msg->buffer, msg->reserved, 0, &count);
- msg->counts[DNS_SECTION_ADDITIONAL] += count;
- if (result != ISC_R_SUCCESS)
- return (result);
-@@ -2255,9 +2276,8 @@ dns_message_renderend(dns_message_t *msg) {
- * the owner name of a SIG(0) is irrelevant, and will not
- * be set in a message being rendered.
- */
-- result = dns_rdataset_towire(msg->sig0, dns_rootname,
-- msg->cctx, msg->buffer, 0,
-- &count);
-+ result = renderset(msg->sig0, dns_rootname, msg->cctx,
-+ msg->buffer, msg->reserved, 0, &count);
- msg->counts[DNS_SECTION_ADDITIONAL] += count;
- if (result != ISC_R_SUCCESS)
- return (result);
---
-2.7.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch
deleted file mode 100644
index 75bc211..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-6170.patch
+++ /dev/null
@@ -1,1090 +0,0 @@
-From 1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Wed, 2 Nov 2016 17:31:27 +1100
-Subject: [PATCH] 4504. [security] Allow the maximum number of records in a
- zone to be specified. This provides a control for issues raised in
- CVE-2016-6170. [RT #42143]
-
-(cherry picked from commit 5f8412a4cb5ee14a0e8cddd4107854b40ee3291e)
-
-Upstream-Status: Backport
-[https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f]
-
-CVE: CVE-2016-6170
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- CHANGES | 4 +
- bin/named/config.c | 1 +
- bin/named/named.conf.docbook | 3 +
- bin/named/update.c | 16 +++
- bin/named/zoneconf.c | 7 ++
- bin/tests/system/nsupdate/clean.sh | 1 +
- bin/tests/system/nsupdate/ns3/named.conf | 7 ++
- bin/tests/system/nsupdate/ns3/too-big.test.db.in | 10 ++
- bin/tests/system/nsupdate/setup.sh | 2 +
- bin/tests/system/nsupdate/tests.sh | 15 +++
- bin/tests/system/xfer/clean.sh | 1 +
- bin/tests/system/xfer/ns1/axfr-too-big.db | 10 ++
- bin/tests/system/xfer/ns1/ixfr-too-big.db.in | 13 +++
- bin/tests/system/xfer/ns1/named.conf | 11 ++
- bin/tests/system/xfer/ns6/named.conf | 14 +++
- bin/tests/system/xfer/setup.sh | 2 +
- bin/tests/system/xfer/tests.sh | 26 +++++
- doc/arm/Bv9ARM-book.xml | 21 ++++
- doc/arm/notes.xml | 9 ++
- lib/bind9/check.c | 2 +
- lib/dns/db.c | 13 +++
- lib/dns/ecdb.c | 3 +-
- lib/dns/include/dns/db.h | 20 ++++
- lib/dns/include/dns/rdataslab.h | 13 +++
- lib/dns/include/dns/result.h | 6 +-
- lib/dns/include/dns/zone.h | 28 ++++-
- lib/dns/rbtdb.c | 127 +++++++++++++++++++++--
- lib/dns/rdataslab.c | 13 +++
- lib/dns/result.c | 9 +-
- lib/dns/sdb.c | 3 +-
- lib/dns/sdlz.c | 3 +-
- lib/dns/xfrin.c | 22 +++-
- lib/dns/zone.c | 23 +++-
- lib/isccfg/namedconf.c | 1 +
- 34 files changed, 444 insertions(+), 15 deletions(-)
- create mode 100644 bin/tests/system/nsupdate/ns3/too-big.test.db.in
- create mode 100644 bin/tests/system/xfer/ns1/axfr-too-big.db
- create mode 100644 bin/tests/system/xfer/ns1/ixfr-too-big.db.in
-
-diff --git a/CHANGES b/CHANGES
-index 41cfce5..97d2e60 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,7 @@
-+4504. [security] Allow the maximum number of records in a zone to
-+ be specified. This provides a control for issues
-+ raised in CVE-2016-6170. [RT #42143]
-+
- 4489. [security] It was possible to trigger assertions when processing
- a response. (CVE-2016-8864) [RT #43465]
-
-diff --git a/bin/named/config.c b/bin/named/config.c
-index f06348c..c24e334 100644
---- a/bin/named/config.c
-+++ b/bin/named/config.c
-@@ -209,6 +209,7 @@ options {\n\
- max-transfer-time-out 120;\n\
- max-transfer-idle-in 60;\n\
- max-transfer-idle-out 60;\n\
-+ max-records 0;\n\
- max-retry-time 1209600; /* 2 weeks */\n\
- min-retry-time 500;\n\
- max-refresh-time 2419200; /* 4 weeks */\n\
-diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
-index 4c99a61..c2d173a 100644
---- a/bin/named/named.conf.docbook
-+++ b/bin/named/named.conf.docbook
-@@ -338,6 +338,7 @@ options {
- };
-
- max-journal-size <replaceable>size_no_default</replaceable>;
-+ max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
- max-transfer-idle-in <replaceable>integer</replaceable>;
-@@ -527,6 +528,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
- };
-
- max-journal-size <replaceable>size_no_default</replaceable>;
-+ max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
- max-transfer-idle-in <replaceable>integer</replaceable>;
-@@ -624,6 +626,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
- };
-
- max-journal-size <replaceable>size_no_default</replaceable>;
-+ max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
- max-transfer-idle-in <replaceable>integer</replaceable>;
-diff --git a/bin/named/update.c b/bin/named/update.c
-index 83b1a05..cc2a611 100644
---- a/bin/named/update.c
-+++ b/bin/named/update.c
-@@ -2455,6 +2455,8 @@ update_action(isc_task_t *task, isc_event_t *event) {
- isc_boolean_t had_dnskey;
- dns_rdatatype_t privatetype = dns_zone_getprivatetype(zone);
- dns_ttl_t maxttl = 0;
-+ isc_uint32_t maxrecords;
-+ isc_uint64_t records;
-
- INSIST(event->ev_type == DNS_EVENT_UPDATE);
-
-@@ -3138,6 +3140,20 @@ update_action(isc_task_t *task, isc_event_t *event) {
- }
- }
-
-+ maxrecords = dns_zone_getmaxrecords(zone);
-+ if (maxrecords != 0U) {
-+ result = dns_db_getsize(db, ver, &records, NULL);
-+ if (result == ISC_R_SUCCESS && records > maxrecords) {
-+ update_log(client, zone, ISC_LOG_ERROR,
-+ "records in zone (%"
-+ ISC_PRINT_QUADFORMAT
-+ "u) exceeds max-records (%u)",
-+ records, maxrecords);
-+ result = DNS_R_TOOMANYRECORDS;
-+ goto failure;
-+ }
-+ }
-+
- journalfile = dns_zone_getjournal(zone);
- if (journalfile != NULL) {
- update_log(client, zone, LOGLEVEL_DEBUG,
-diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
-index 4ee3dfe..14dd8ce 100644
---- a/bin/named/zoneconf.c
-+++ b/bin/named/zoneconf.c
-@@ -978,6 +978,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
- dns_zone_setmaxttl(raw, maxttl);
- }
-
-+ obj = NULL;
-+ result = ns_config_get(maps, "max-records", &obj);
-+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
-+ dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj));
-+ if (zone != mayberaw)
-+ dns_zone_setmaxrecords(zone, 0);
-+
- if (raw != NULL && filename != NULL) {
- #define SIGNED ".signed"
- size_t signedlen = strlen(filename) + sizeof(SIGNED);
-diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
-index aaefc02..ea25545 100644
---- a/bin/tests/system/nsupdate/clean.sh
-+++ b/bin/tests/system/nsupdate/clean.sh
-@@ -32,6 +32,7 @@ rm -f ns3/example.db.jnl ns3/example.db
- rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test.
- rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test.
- rm -f ns3/K*
-+rm -f ns3/too-big.test.db
- rm -f dig.out.*
- rm -f jp.out.ns3.*
- rm -f Kxxx.*
-diff --git a/bin/tests/system/nsupdate/ns3/named.conf b/bin/tests/system/nsupdate/ns3/named.conf
-index 2abd522..68ff27a 100644
---- a/bin/tests/system/nsupdate/ns3/named.conf
-+++ b/bin/tests/system/nsupdate/ns3/named.conf
-@@ -60,3 +60,10 @@ zone "dnskey.test" {
- allow-update { any; };
- file "dnskey.test.db.signed";
- };
-+
-+zone "too-big.test" {
-+ type master;
-+ allow-update { any; };
-+ max-records 3;
-+ file "too-big.test.db";
-+};
-diff --git a/bin/tests/system/nsupdate/ns3/too-big.test.db.in b/bin/tests/system/nsupdate/ns3/too-big.test.db.in
-new file mode 100644
-index 0000000..7ff1e4a
---- /dev/null
-+++ b/bin/tests/system/nsupdate/ns3/too-big.test.db.in
-@@ -0,0 +1,10 @@
-+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
-+;
-+; This Source Code Form is subject to the terms of the Mozilla Public
-+; License, v. 2.0. If a copy of the MPL was not distributed with this
-+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+$TTL 10
-+too-big.test. IN SOA too-big.test. hostmaster.too-big.test. 1 3600 900 2419200 3600
-+too-big.test. IN NS too-big.test.
-+too-big.test. IN A 10.53.0.3
-diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
-index 828255e..43c4094 100644
---- a/bin/tests/system/nsupdate/setup.sh
-+++ b/bin/tests/system/nsupdate/setup.sh
-@@ -27,12 +27,14 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
- rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk
- rm -f ns2/update.bk ns2/update.alt.bk
- rm -f ns3/example.db.jnl
-+rm -f ns3/too-big.test.db.jnl
-
- cp -f ns1/example1.db ns1/example.db
- sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
- sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
- sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db
- cp -f ns3/example.db.in ns3/example.db
-+cp -f ns3/too-big.test.db.in ns3/too-big.test.db
-
- # update_test.pl has its own zone file because it
- # requires a specific NS record set.
-diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
-index 78d501e..0a6bbd3 100755
---- a/bin/tests/system/nsupdate/tests.sh
-+++ b/bin/tests/system/nsupdate/tests.sh
-@@ -581,5 +581,20 @@ if [ $ret -ne 0 ]; then
- status=1
- fi
-
-+n=`expr $n + 1`
-+echo "I:check that adding too many records is blocked ($n)"
-+ret=0
-+$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
-+server 10.53.0.3 5300
-+zone too-big.test.
-+update add r1.too-big.test 3600 IN TXT r1.too-big.test
-+send
-+EOF
-+grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
-+DIG +tcp @10.53.0.3 -p 5300 r1.too-big.test TXT > dig.out.ns3.test$n
-+grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
-+grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
-+[ $ret = 0 ] || { echo I:failed; status=1; }
-+
- echo "I:exit status: $status"
- exit $status
-diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh
-index 48aa159..da62a33 100644
---- a/bin/tests/system/xfer/clean.sh
-+++ b/bin/tests/system/xfer/clean.sh
-@@ -36,3 +36,4 @@ rm -f ns7/*.db ns7/*.bk ns7/*.jnl
- rm -f */named.memstats
- rm -f */named.run
- rm -f */ans.run
-+rm -f ns1/ixfr-too-big.db ns1/ixfr-too-big.db.jnl
-diff --git a/bin/tests/system/xfer/ns1/axfr-too-big.db b/bin/tests/system/xfer/ns1/axfr-too-big.db
-new file mode 100644
-index 0000000..d43760d
---- /dev/null
-+++ b/bin/tests/system/xfer/ns1/axfr-too-big.db
-@@ -0,0 +1,10 @@
-+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
-+;
-+; This Source Code Form is subject to the terms of the Mozilla Public
-+; License, v. 2.0. If a copy of the MPL was not distributed with this
-+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+$TTL 3600
-+@ IN SOA . . 0 0 0 0 0
-+@ IN NS .
-+$GENERATE 1-29 host$ A 1.2.3.$
-diff --git a/bin/tests/system/xfer/ns1/ixfr-too-big.db.in b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in
-new file mode 100644
-index 0000000..318bb77
---- /dev/null
-+++ b/bin/tests/system/xfer/ns1/ixfr-too-big.db.in
-@@ -0,0 +1,13 @@
-+; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
-+;
-+; This Source Code Form is subject to the terms of the Mozilla Public
-+; License, v. 2.0. If a copy of the MPL was not distributed with this
-+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+$TTL 3600
-+@ IN SOA . . 0 0 0 0 0
-+@ IN NS ns1
-+@ IN NS ns6
-+ns1 IN A 10.53.0.1
-+ns6 IN A 10.53.0.6
-+$GENERATE 1-25 host$ A 1.2.3.$
-diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf
-index 07dad85..1d29292 100644
---- a/bin/tests/system/xfer/ns1/named.conf
-+++ b/bin/tests/system/xfer/ns1/named.conf
-@@ -44,3 +44,14 @@ zone "slave" {
- type master;
- file "slave.db";
- };
-+
-+zone "axfr-too-big" {
-+ type master;
-+ file "axfr-too-big.db";
-+};
-+
-+zone "ixfr-too-big" {
-+ type master;
-+ allow-update { any; };
-+ file "ixfr-too-big.db";
-+};
-diff --git a/bin/tests/system/xfer/ns6/named.conf b/bin/tests/system/xfer/ns6/named.conf
-index c9421b1..a12a92c 100644
---- a/bin/tests/system/xfer/ns6/named.conf
-+++ b/bin/tests/system/xfer/ns6/named.conf
-@@ -52,3 +52,17 @@ zone "slave" {
- masters { 10.53.0.1; };
- file "slave.bk";
- };
-+
-+zone "axfr-too-big" {
-+ type slave;
-+ max-records 30;
-+ masters { 10.53.0.1; };
-+ file "axfr-too-big.bk";
-+};
-+
-+zone "ixfr-too-big" {
-+ type slave;
-+ max-records 30;
-+ masters { 10.53.0.1; };
-+ file "ixfr-too-big.bk";
-+};
-diff --git a/bin/tests/system/xfer/setup.sh b/bin/tests/system/xfer/setup.sh
-index 56ca901..c55abf8 100644
---- a/bin/tests/system/xfer/setup.sh
-+++ b/bin/tests/system/xfer/setup.sh
-@@ -33,3 +33,5 @@ cp -f ns4/named.conf.base ns4/named.conf
-
- cp ns2/slave.db.in ns2/slave.db
- touch -t 200101010000 ns2/slave.db
-+
-+cp -f ns1/ixfr-too-big.db.in ns1/ixfr-too-big.db
-diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
-index 67b2a1a..fe33f0a 100644
---- a/bin/tests/system/xfer/tests.sh
-+++ b/bin/tests/system/xfer/tests.sh
-@@ -368,5 +368,31 @@ $DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && {
- status=1
- }
-
-+n=`expr $n + 1`
-+echo "I:test that a zone with too many records is rejected (AXFR) ($n)"
-+tmp=0
-+grep "'axfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1
-+if test $tmp != 0 ; then echo "I:failed"; fi
-+status=`expr $status + $tmp`
-+
-+n=`expr $n + 1`
-+echo "I:test that a zone with too many records is rejected (IXFR) ($n)"
-+tmp=0
-+grep "'ixfr-too-big./IN.*: too many records" ns6/named.run >/dev/null && tmp=1
-+$NSUPDATE << EOF
-+zone ixfr-too-big
-+server 10.53.0.1 5300
-+update add the-31st-record.ixfr-too-big 0 TXT this is it
-+send
-+EOF
-+for i in 1 2 3 4 5 6 7 8
-+do
-+ grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null && break
-+ sleep 1
-+done
-+grep "'ixfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1
-+if test $tmp != 0 ; then echo "I:failed"; fi
-+status=`expr $status + $tmp`
-+
- echo "I:exit status: $status"
- exit $status
-diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
-index 848b582..0369505 100644
---- a/doc/arm/Bv9ARM-book.xml
-+++ b/doc/arm/Bv9ARM-book.xml
-@@ -4858,6 +4858,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
- <optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
- <optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
- <optional> queryport-pool-updateinterval <replaceable>number</replaceable>; </optional>
-+ <optional> max-records <replaceable>number</replaceable>; </optional>
- <optional> max-transfer-time-in <replaceable>number</replaceable>; </optional>
- <optional> max-transfer-time-out <replaceable>number</replaceable>; </optional>
- <optional> max-transfer-idle-in <replaceable>number</replaceable>; </optional>
-@@ -8164,6 +8165,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
- </varlistentry>
-
- <varlistentry>
-+ <term><command>max-records</command></term>
-+ <listitem>
-+ <para>
-+ The maximum number of records permitted in a zone.
-+ The default is zero which means unlimited.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
-+ <varlistentry>
- <term><command>host-statistics-max</command></term>
- <listitem>
- <para>
-@@ -12056,6 +12067,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
- </varlistentry>
-
- <varlistentry>
-+ <term><command>max-records</command></term>
-+ <listitem>
-+ <para>
-+ See the description of
-+ <command>max-records</command> in <xref linkend="server_resource_limits"/>.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
-+ <varlistentry>
- <term><command>max-transfer-time-in</command></term>
- <listitem>
- <para>
-diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
-index 095eb5b..36495e7 100644
---- a/doc/arm/notes.xml
-+++ b/doc/arm/notes.xml
-@@ -52,6 +52,15 @@
- <itemizedlist>
- <listitem>
- <para>
-+ Added the ability to specify the maximum number of records
-+ permitted in a zone (max-records #;). This provides a mechanism
-+ to block overly large zone transfers, which is a potential risk
-+ with slave zones from other parties, as described in CVE-2016-6170.
-+ [RT #42143]
-+ </para>
-+ </listitem>
-+ <listitem>
-+ <para>
- Duplicate EDNS COOKIE options in a response could trigger
- an assertion failure. This flaw is disclosed in CVE-2016-2088.
- [RT #41809]
-diff --git a/lib/bind9/check.c b/lib/bind9/check.c
-index b8c05dd..edb7534 100644
---- a/lib/bind9/check.c
-+++ b/lib/bind9/check.c
-@@ -1510,6 +1510,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
- REDIRECTZONE },
- { "masters", SLAVEZONE | STUBZONE | REDIRECTZONE },
- { "max-ixfr-log-size", MASTERZONE | SLAVEZONE | STREDIRECTZONE },
-+ { "max-records", MASTERZONE | SLAVEZONE | STUBZONE | STREDIRECTZONE |
-+ STATICSTUBZONE | REDIRECTZONE },
- { "max-refresh-time", SLAVEZONE | STUBZONE | STREDIRECTZONE },
- { "max-retry-time", SLAVEZONE | STUBZONE | STREDIRECTZONE },
- { "max-transfer-idle-in", SLAVEZONE | STUBZONE | STREDIRECTZONE },
-diff --git a/lib/dns/db.c b/lib/dns/db.c
-index 7e4f357..ced94a5 100644
---- a/lib/dns/db.c
-+++ b/lib/dns/db.c
-@@ -999,6 +999,19 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version,
- }
-
- isc_result_t
-+dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records,
-+ isc_uint64_t *bytes)
-+{
-+ REQUIRE(DNS_DB_VALID(db));
-+ REQUIRE(dns_db_iszone(db) == ISC_TRUE);
-+
-+ if (db->methods->getsize != NULL)
-+ return ((db->methods->getsize)(db, version, records, bytes));
-+
-+ return (ISC_R_NOTFOUND);
-+}
-+
-+isc_result_t
- dns_db_setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset,
- isc_stdtime_t resign)
- {
-diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
-index 553a339..b5d04d2 100644
---- a/lib/dns/ecdb.c
-+++ b/lib/dns/ecdb.c
-@@ -587,7 +587,8 @@ static dns_dbmethods_t ecdb_methods = {
- NULL, /* findnodeext */
- NULL, /* findext */
- NULL, /* setcachestats */
-- NULL /* hashsize */
-+ NULL, /* hashsize */
-+ NULL /* getsize */
- };
-
- static isc_result_t
-diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
-index a4a4482..aff42d6 100644
---- a/lib/dns/include/dns/db.h
-+++ b/lib/dns/include/dns/db.h
-@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
- dns_rdataset_t *sigrdataset);
- isc_result_t (*setcachestats)(dns_db_t *db, isc_stats_t *stats);
- unsigned int (*hashsize)(dns_db_t *db);
-+ isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version,
-+ isc_uint64_t *records, isc_uint64_t *bytes);
- } dns_dbmethods_t;
-
- typedef isc_result_t
-@@ -1485,6 +1487,24 @@ dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version,
- */
-
- isc_result_t
-+dns_db_getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records,
-+ isc_uint64_t *bytes);
-+/*%<
-+ * Get the number of records in the given version of the database as well
-+ * as the number bytes used to store those records.
-+ *
-+ * Requires:
-+ * \li 'db' is a valid zone database.
-+ * \li 'version' is NULL or a valid version.
-+ * \li 'records' is NULL or a pointer to return the record count in.
-+ * \li 'bytes' is NULL or a pointer to return the byte count in.
-+ *
-+ * Returns:
-+ * \li #ISC_R_SUCCESS
-+ * \li #ISC_R_NOTIMPLEMENTED
-+ */
-+
-+isc_result_t
- dns_db_findnsec3node(dns_db_t *db, dns_name_t *name,
- isc_boolean_t create, dns_dbnode_t **nodep);
- /*%<
-diff --git a/lib/dns/include/dns/rdataslab.h b/lib/dns/include/dns/rdataslab.h
-index 3ac44b8..2e1e759 100644
---- a/lib/dns/include/dns/rdataslab.h
-+++ b/lib/dns/include/dns/rdataslab.h
-@@ -104,6 +104,7 @@ dns_rdataslab_tordataset(unsigned char *slab, unsigned int reservelen,
- * Ensures:
- *\li 'rdataset' is associated and points to a valid rdataest.
- */
-+
- unsigned int
- dns_rdataslab_size(unsigned char *slab, unsigned int reservelen);
- /*%<
-@@ -116,6 +117,18 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen);
- *\li The number of bytes in the slab, including the reservelen.
- */
-
-+unsigned int
-+dns_rdataslab_count(unsigned char *slab, unsigned int reservelen);
-+/*%<
-+ * Return the number of records in the rdataslab
-+ *
-+ * Requires:
-+ *\li 'slab' points to a slab.
-+ *
-+ * Returns:
-+ *\li The number of records in the slab.
-+ */
-+
- isc_result_t
- dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab,
- unsigned int reservelen, isc_mem_t *mctx,
-diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h
-index 7d11c2b..93d1fd5 100644
---- a/lib/dns/include/dns/result.h
-+++ b/lib/dns/include/dns/result.h
-@@ -157,8 +157,12 @@
- #define DNS_R_BADCDS (ISC_RESULTCLASS_DNS + 111)
- #define DNS_R_BADCDNSKEY (ISC_RESULTCLASS_DNS + 112)
- #define DNS_R_OPTERR (ISC_RESULTCLASS_DNS + 113)
-+#define DNS_R_BADDNSTAP (ISC_RESULTCLASS_DNS + 114)
-+#define DNS_R_BADTSIG (ISC_RESULTCLASS_DNS + 115)
-+#define DNS_R_BADSIG0 (ISC_RESULTCLASS_DNS + 116)
-+#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117)
-
--#define DNS_R_NRESULTS 114 /*%< Number of results */
-+#define DNS_R_NRESULTS 118 /*%< Number of results */
-
- /*
- * DNS wire format rcodes.
-diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h
-index a9367f1..227540b 100644
---- a/lib/dns/include/dns/zone.h
-+++ b/lib/dns/include/dns/zone.h
-@@ -296,6 +296,32 @@ dns_zone_getfile(dns_zone_t *zone);
- */
-
- void
-+dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t records);
-+/*%<
-+ * Sets the maximim number of records permitted in a zone.
-+ * 0 implies unlimited.
-+ *
-+ * Requires:
-+ *\li 'zone' to be valid initialised zone.
-+ *
-+ * Returns:
-+ *\li void
-+ */
-+
-+isc_uint32_t
-+dns_zone_getmaxrecords(dns_zone_t *zone);
-+/*%<
-+ * Gets the maximim number of records permitted in a zone.
-+ * 0 implies unlimited.
-+ *
-+ * Requires:
-+ *\li 'zone' to be valid initialised zone.
-+ *
-+ * Returns:
-+ *\li isc_uint32_t maxrecords.
-+ */
-+
-+void
- dns_zone_setmaxttl(dns_zone_t *zone, isc_uint32_t maxttl);
- /*%<
- * Sets the max ttl of the zone.
-@@ -316,7 +342,7 @@ dns_zone_getmaxttl(dns_zone_t *zone);
- *\li 'zone' to be valid initialised zone.
- *
- * Returns:
-- *\li isc_uint32_t maxttl.
-+ *\li dns_ttl_t maxttl.
- */
-
- isc_result_t
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index 62becfc..72d722f 100644
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -209,6 +209,7 @@ typedef isc_uint64_t rbtdb_serial_t;
- #define free_rbtdb_callback free_rbtdb_callback64
- #define free_rdataset free_rdataset64
- #define getnsec3parameters getnsec3parameters64
-+#define getsize getsize64
- #define getoriginnode getoriginnode64
- #define getrrsetstats getrrsetstats64
- #define getsigningtime getsigningtime64
-@@ -589,6 +590,13 @@ typedef struct rbtdb_version {
- isc_uint16_t iterations;
- isc_uint8_t salt_length;
- unsigned char salt[DNS_NSEC3_SALTSIZE];
-+
-+ /*
-+ * records and bytes are covered by rwlock.
-+ */
-+ isc_rwlock_t rwlock;
-+ isc_uint64_t records;
-+ isc_uint64_t bytes;
- } rbtdb_version_t;
-
- typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t;
-@@ -1130,6 +1138,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
- INSIST(refs == 0);
- UNLINK(rbtdb->open_versions, rbtdb->current_version, link);
- isc_refcount_destroy(&rbtdb->current_version->references);
-+ isc_rwlock_destroy(&rbtdb->current_version->rwlock);
- isc_mem_put(rbtdb->common.mctx, rbtdb->current_version,
- sizeof(rbtdb_version_t));
- }
-@@ -1383,6 +1392,7 @@ allocate_version(isc_mem_t *mctx, rbtdb_serial_t serial,
-
- static isc_result_t
- newversion(dns_db_t *db, dns_dbversion_t **versionp) {
-+ isc_result_t result;
- dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
- rbtdb_version_t *version;
-
-@@ -1415,13 +1425,28 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) {
- version->salt_length = 0;
- memset(version->salt, 0, sizeof(version->salt));
- }
-- rbtdb->next_serial++;
-- rbtdb->future_version = version;
-- }
-+ result = isc_rwlock_init(&version->rwlock, 0, 0);
-+ if (result != ISC_R_SUCCESS) {
-+ isc_refcount_destroy(&version->references);
-+ isc_mem_put(rbtdb->common.mctx, version,
-+ sizeof(*version));
-+ version = NULL;
-+ } else {
-+ RWLOCK(&rbtdb->current_version->rwlock,
-+ isc_rwlocktype_read);
-+ version->records = rbtdb->current_version->records;
-+ version->bytes = rbtdb->current_version->bytes;
-+ RWUNLOCK(&rbtdb->current_version->rwlock,
-+ isc_rwlocktype_read);
-+ rbtdb->next_serial++;
-+ rbtdb->future_version = version;
-+ }
-+ } else
-+ result = ISC_R_NOMEMORY;
- RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
-
- if (version == NULL)
-- return (ISC_R_NOMEMORY);
-+ return (result);
-
- *versionp = version;
-
-@@ -2681,6 +2706,7 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
-
- if (cleanup_version != NULL) {
- INSIST(EMPTY(cleanup_version->changed_list));
-+ isc_rwlock_destroy(&cleanup_version->rwlock);
- isc_mem_put(rbtdb->common.mctx, cleanup_version,
- sizeof(*cleanup_version));
- }
-@@ -6254,6 +6280,26 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
- else
- rbtnode->data = newheader;
- newheader->next = topheader->next;
-+ if (rbtversion != NULL)
-+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
-+ if (rbtversion != NULL && !header_nx) {
-+ rbtversion->records -=
-+ dns_rdataslab_count((unsigned char *)header,
-+ sizeof(*header));
-+ rbtversion->bytes -=
-+ dns_rdataslab_size((unsigned char *)header,
-+ sizeof(*header));
-+ }
-+ if (rbtversion != NULL && !newheader_nx) {
-+ rbtversion->records +=
-+ dns_rdataslab_count((unsigned char *)newheader,
-+ sizeof(*newheader));
-+ rbtversion->bytes +=
-+ dns_rdataslab_size((unsigned char *)newheader,
-+ sizeof(*newheader));
-+ }
-+ if (rbtversion != NULL)
-+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
- if (loading) {
- /*
- * There are no other references to 'header' when
-@@ -6355,6 +6401,16 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
- newheader->down = NULL;
- rbtnode->data = newheader;
- }
-+ if (rbtversion != NULL && !newheader_nx) {
-+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
-+ rbtversion->records +=
-+ dns_rdataslab_count((unsigned char *)newheader,
-+ sizeof(*newheader));
-+ rbtversion->bytes +=
-+ dns_rdataslab_size((unsigned char *)newheader,
-+ sizeof(*newheader));
-+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
-+ }
- idx = newheader->node->locknum;
- if (IS_CACHE(rbtdb)) {
- ISC_LIST_PREPEND(rbtdb->rdatasets[idx],
-@@ -6811,6 +6867,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- */
- newheader->additional_auth = NULL;
- newheader->additional_glue = NULL;
-+ rbtversion->records +=
-+ dns_rdataslab_count((unsigned char *)newheader,
-+ sizeof(*newheader));
-+ rbtversion->bytes +=
-+ dns_rdataslab_size((unsigned char *)newheader,
-+ sizeof(*newheader));
- } else if (result == DNS_R_NXRRSET) {
- /*
- * This subtraction would remove all of the rdata;
-@@ -6846,6 +6908,12 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- * topheader.
- */
- INSIST(rbtversion->serial >= topheader->serial);
-+ rbtversion->records -=
-+ dns_rdataslab_count((unsigned char *)header,
-+ sizeof(*header));
-+ rbtversion->bytes -=
-+ dns_rdataslab_size((unsigned char *)header,
-+ sizeof(*header));
- if (topheader_prev != NULL)
- topheader_prev->next = newheader;
- else
-@@ -7172,6 +7240,7 @@ rbt_datafixer(dns_rbtnode_t *rbtnode, void *base, size_t filesize,
- unsigned char *limit = ((unsigned char *) base) + filesize;
- unsigned char *p;
- size_t size;
-+ unsigned int count;
-
- REQUIRE(rbtnode != NULL);
-
-@@ -7179,6 +7248,9 @@ rbt_datafixer(dns_rbtnode_t *rbtnode, void *base, size_t filesize,
- p = (unsigned char *) header;
-
- size = dns_rdataslab_size(p, sizeof(*header));
-+ count = dns_rdataslab_count(p, sizeof(*header));;
-+ rbtdb->current_version->records += count;
-+ rbtdb->current_version->bytes += size;
- isc_crc64_update(crc, p, size);
- #ifdef DEBUG
- hexdump("hashing header", p, sizeof(rdatasetheader_t));
-@@ -7777,6 +7849,33 @@ getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, dns_hash_t *hash,
- }
-
- static isc_result_t
-+getsize(dns_db_t *db, dns_dbversion_t *version, isc_uint64_t *records,
-+ isc_uint64_t *bytes)
-+{
-+ dns_rbtdb_t *rbtdb;
-+ isc_result_t result = ISC_R_SUCCESS;
-+ rbtdb_version_t *rbtversion = version;
-+
-+ rbtdb = (dns_rbtdb_t *)db;
-+
-+ REQUIRE(VALID_RBTDB(rbtdb));
-+ INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb);
-+
-+ if (rbtversion == NULL)
-+ rbtversion = rbtdb->current_version;
-+
-+ RWLOCK(&rbtversion->rwlock, isc_rwlocktype_read);
-+ if (records != NULL)
-+ *records = rbtversion->records;
-+
-+ if (bytes != NULL)
-+ *bytes = rbtversion->bytes;
-+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_read);
-+
-+ return (result);
-+}
-+
-+static isc_result_t
- setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, isc_stdtime_t resign) {
- dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db;
- isc_stdtime_t oldresign;
-@@ -7972,7 +8071,8 @@ static dns_dbmethods_t zone_methods = {
- NULL,
- NULL,
- NULL,
-- hashsize
-+ hashsize,
-+ getsize
- };
-
- static dns_dbmethods_t cache_methods = {
-@@ -8018,7 +8118,8 @@ static dns_dbmethods_t cache_methods = {
- NULL,
- NULL,
- setcachestats,
-- hashsize
-+ hashsize,
-+ NULL
- };
-
- isc_result_t
-@@ -8310,6 +8411,20 @@ dns_rbtdb_create
- rbtdb->current_version->salt_length = 0;
- memset(rbtdb->current_version->salt, 0,
- sizeof(rbtdb->current_version->salt));
-+ result = isc_rwlock_init(&rbtdb->current_version->rwlock, 0, 0);
-+ if (result != ISC_R_SUCCESS) {
-+ isc_refcount_destroy(&rbtdb->current_version->references);
-+ isc_mem_put(mctx, rbtdb->current_version,
-+ sizeof(*rbtdb->current_version));
-+ rbtdb->current_version = NULL;
-+ isc_refcount_decrement(&rbtdb->references, NULL);
-+ isc_refcount_destroy(&rbtdb->references);
-+ free_rbtdb(rbtdb, ISC_FALSE, NULL);
-+ return (result);
-+ }
-+
-+ rbtdb->current_version->records = 0;
-+ rbtdb->current_version->bytes = 0;
- rbtdb->future_version = NULL;
- ISC_LIST_INIT(rbtdb->open_versions);
- /*
-diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
-index e29dc84..63e3728 100644
---- a/lib/dns/rdataslab.c
-+++ b/lib/dns/rdataslab.c
-@@ -523,6 +523,19 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen) {
- return ((unsigned int)(current - slab));
- }
-
-+unsigned int
-+dns_rdataslab_count(unsigned char *slab, unsigned int reservelen) {
-+ unsigned int count;
-+ unsigned char *current;
-+
-+ REQUIRE(slab != NULL);
-+
-+ current = slab + reservelen;
-+ count = *current++ * 256;
-+ count += *current++;
-+ return (count);
-+}
-+
- /*
- * Make the dns_rdata_t 'rdata' refer to the slab item
- * beginning at '*current', which is part of a slab of type
-diff --git a/lib/dns/result.c b/lib/dns/result.c
-index 7be4f57..a621909 100644
---- a/lib/dns/result.c
-+++ b/lib/dns/result.c
-@@ -167,11 +167,16 @@ static const char *text[DNS_R_NRESULTS] = {
- "covered by negative trust anchor", /*%< 110 DNS_R_NTACOVERED */
- "bad CDS", /*%< 111 DNS_R_BADCSD */
- "bad CDNSKEY", /*%< 112 DNS_R_BADCDNSKEY */
-- "malformed OPT option" /*%< 113 DNS_R_OPTERR */
-+ "malformed OPT option", /*%< 113 DNS_R_OPTERR */
-+ "malformed DNSTAP data", /*%< 114 DNS_R_BADDNSTAP */
-+
-+ "TSIG in wrong location", /*%< 115 DNS_R_BADTSIG */
-+ "SIG(0) in wrong location", /*%< 116 DNS_R_BADSIG0 */
-+ "too many records", /*%< 117 DNS_R_TOOMANYRECORDS */
- };
-
- static const char *rcode_text[DNS_R_NRCODERESULTS] = {
-- "NOERROR", /*%< 0 DNS_R_NOEROR */
-+ "NOERROR", /*%< 0 DNS_R_NOERROR */
- "FORMERR", /*%< 1 DNS_R_FORMERR */
- "SERVFAIL", /*%< 2 DNS_R_SERVFAIL */
- "NXDOMAIN", /*%< 3 DNS_R_NXDOMAIN */
-diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
-index abfeeb0..19397e0 100644
---- a/lib/dns/sdb.c
-+++ b/lib/dns/sdb.c
-@@ -1298,7 +1298,8 @@ static dns_dbmethods_t sdb_methods = {
- findnodeext,
- findext,
- NULL, /* setcachestats */
-- NULL /* hashsize */
-+ NULL, /* hashsize */
-+ NULL /* getsize */
- };
-
- static isc_result_t
-diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
-index b1198a4..0e3163d 100644
---- a/lib/dns/sdlz.c
-+++ b/lib/dns/sdlz.c
-@@ -1269,7 +1269,8 @@ static dns_dbmethods_t sdlzdb_methods = {
- findnodeext,
- findext,
- NULL, /* setcachestats */
-- NULL /* hashsize */
-+ NULL, /* hashsize */
-+ NULL /* getsize */
- };
-
- /*
-diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
-index 2a6c1b4..ac566e1 100644
---- a/lib/dns/xfrin.c
-+++ b/lib/dns/xfrin.c
-@@ -149,6 +149,9 @@ struct dns_xfrin_ctx {
- unsigned int nrecs; /*%< Number of records recvd */
- isc_uint64_t nbytes; /*%< Number of bytes received */
-
-+ unsigned int maxrecords; /*%< The maximum number of
-+ records set for the zone */
-+
- isc_time_t start; /*%< Start time of the transfer */
- isc_time_t end; /*%< End time of the transfer */
-
-@@ -309,10 +312,18 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
- static isc_result_t
- axfr_apply(dns_xfrin_ctx_t *xfr) {
- isc_result_t result;
-+ isc_uint64_t records;
-
- CHECK(dns_diff_load(&xfr->diff, xfr->axfr.add, xfr->axfr.add_private));
- xfr->difflen = 0;
- dns_diff_clear(&xfr->diff);
-+ if (xfr->maxrecords != 0U) {
-+ result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
-+ if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
-+ result = DNS_R_TOOMANYRECORDS;
-+ goto failure;
-+ }
-+ }
- result = ISC_R_SUCCESS;
- failure:
- return (result);
-@@ -396,6 +407,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
- static isc_result_t
- ixfr_apply(dns_xfrin_ctx_t *xfr) {
- isc_result_t result;
-+ isc_uint64_t records;
-
- if (xfr->ver == NULL) {
- CHECK(dns_db_newversion(xfr->db, &xfr->ver));
-@@ -403,6 +415,13 @@ ixfr_apply(dns_xfrin_ctx_t *xfr) {
- CHECK(dns_journal_begin_transaction(xfr->ixfr.journal));
- }
- CHECK(dns_diff_apply(&xfr->diff, xfr->db, xfr->ver));
-+ if (xfr->maxrecords != 0U) {
-+ result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
-+ if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
-+ result = DNS_R_TOOMANYRECORDS;
-+ goto failure;
-+ }
-+ }
- if (xfr->ixfr.journal != NULL) {
- result = dns_journal_writediff(xfr->ixfr.journal, &xfr->diff);
- if (result != ISC_R_SUCCESS)
-@@ -759,7 +778,7 @@ xfrin_reset(dns_xfrin_ctx_t *xfr) {
-
- static void
- xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) {
-- if (result != DNS_R_UPTODATE) {
-+ if (result != DNS_R_UPTODATE && result != DNS_R_TOOMANYRECORDS) {
- xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s",
- msg, isc_result_totext(result));
- if (xfr->is_ixfr)
-@@ -852,6 +871,7 @@ xfrin_create(isc_mem_t *mctx,
- xfr->nmsg = 0;
- xfr->nrecs = 0;
- xfr->nbytes = 0;
-+ xfr->maxrecords = dns_zone_getmaxrecords(zone);
- isc_time_now(&xfr->start);
-
- xfr->tsigkey = NULL;
-diff --git a/lib/dns/zone.c b/lib/dns/zone.c
-index 90e558d..2b0d8e4 100644
---- a/lib/dns/zone.c
-+++ b/lib/dns/zone.c
-@@ -253,6 +253,8 @@ struct dns_zone {
- isc_uint32_t maxretry;
- isc_uint32_t minretry;
-
-+ isc_uint32_t maxrecords;
-+
- isc_sockaddr_t *masters;
- isc_dscp_t *masterdscps;
- dns_name_t **masterkeynames;
-@@ -10088,6 +10090,20 @@ dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val) {
- zone->maxretry = val;
- }
-
-+isc_uint32_t
-+dns_zone_getmaxrecords(dns_zone_t *zone) {
-+ REQUIRE(DNS_ZONE_VALID(zone));
-+
-+ return (zone->maxrecords);
-+}
-+
-+void
-+dns_zone_setmaxrecords(dns_zone_t *zone, isc_uint32_t val) {
-+ REQUIRE(DNS_ZONE_VALID(zone));
-+
-+ zone->maxrecords = val;
-+}
-+
- static isc_boolean_t
- notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name,
- isc_sockaddr_t *addr, dns_tsigkey_t *key)
-@@ -14431,7 +14447,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
- DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR);
-
- TIME_NOW(&now);
-- switch (result) {
-+ switch (xfrresult) {
- case ISC_R_SUCCESS:
- DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY);
- /*FALLTHROUGH*/
-@@ -14558,6 +14574,11 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) {
- DNS_ZONE_SETFLAG(zone, DNS_ZONEFLAG_NOIXFR);
- goto same_master;
-
-+ case DNS_R_TOOMANYRECORDS:
-+ DNS_ZONE_JITTER_ADD(&now, zone->refresh, &zone->refreshtime);
-+ inc_stats(zone, dns_zonestatscounter_xfrfail);
-+ break;
-+
- default:
- next_master:
- /*
-diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
-index 780ab46..e7ff1cc 100644
---- a/lib/isccfg/namedconf.c
-+++ b/lib/isccfg/namedconf.c
-@@ -1679,6 +1679,7 @@ zone_clauses[] = {
- { "masterfile-format", &cfg_type_masterformat, 0 },
- { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE },
- { "max-journal-size", &cfg_type_sizenodefault, 0 },
-+ { "max-records", &cfg_type_uint32, 0 },
- { "max-refresh-time", &cfg_type_uint32, 0 },
- { "max-retry-time", &cfg_type_uint32, 0 },
- { "max-transfer-idle-in", &cfg_type_uint32, 0 },
---
-2.7.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch
deleted file mode 100644
index b52d680..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-8864.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From c1d0599a246f646d1c22018f8fa09459270a44b8 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Fri, 21 Oct 2016 14:55:10 +1100
-Subject: [PATCH] 4489. [security] It was possible to trigger assertions when
- processing a response. (CVE-2016-8864) [RT #43465]
-
-(cherry picked from commit bd6f27f5c353133b563fe69100b2f168c129f3ca)
-
-Upstream-Status: Backport
-[https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8]
-
-CVE: CVE-2016-8864
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- CHANGES | 3 +++
- lib/dns/resolver.c | 69 +++++++++++++++++++++++++++++++++++++-----------------
- 2 files changed, 50 insertions(+), 22 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index 5c8c61a..41cfce5 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,6 @@
-+4489. [security] It was possible to trigger assertions when processing
-+ a response. (CVE-2016-8864) [RT #43465]
-+
- 4467. [security] It was possible to trigger an assertion when
- rendering a message. (CVE-2016-2776) [RT #43139]
-
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index ba1ae23..13c8b44 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -612,7 +612,9 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
- valarg->addrinfo = addrinfo;
-
- if (!ISC_LIST_EMPTY(fctx->validators))
-- INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
-+ valoptions |= DNS_VALIDATOR_DEFER;
-+ else
-+ valoptions &= ~DNS_VALIDATOR_DEFER;
-
- result = dns_validator_create(fctx->res->view, name, type, rdataset,
- sigrdataset, fctx->rmessage,
-@@ -5526,13 +5528,6 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
- rdataset,
- sigrdataset,
- valoptions, task);
-- /*
-- * Defer any further validations.
-- * This prevents multiple validators
-- * from manipulating fctx->rmessage
-- * simultaneously.
-- */
-- valoptions |= DNS_VALIDATOR_DEFER;
- }
- } else if (CHAINING(rdataset)) {
- if (rdataset->type == dns_rdatatype_cname)
-@@ -5647,6 +5642,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
- eresult == DNS_R_NCACHENXRRSET);
- }
- event->result = eresult;
-+ if (adbp != NULL && *adbp != NULL) {
-+ if (anodep != NULL && *anodep != NULL)
-+ dns_db_detachnode(*adbp, anodep);
-+ dns_db_detach(adbp);
-+ }
- dns_db_attach(fctx->cache, adbp);
- dns_db_transfernode(fctx->cache, &node, anodep);
- clone_results(fctx);
-@@ -5897,6 +5897,11 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
- fctx->attributes |= FCTX_ATTR_HAVEANSWER;
- if (event != NULL) {
- event->result = eresult;
-+ if (adbp != NULL && *adbp != NULL) {
-+ if (anodep != NULL && *anodep != NULL)
-+ dns_db_detachnode(*adbp, anodep);
-+ dns_db_detach(adbp);
-+ }
- dns_db_attach(fctx->cache, adbp);
- dns_db_transfernode(fctx->cache, &node, anodep);
- clone_results(fctx);
-@@ -6718,13 +6723,15 @@ static isc_result_t
- answer_response(fetchctx_t *fctx) {
- isc_result_t result;
- dns_message_t *message;
-- dns_name_t *name, *dname, *qname, tname, *ns_name;
-+ dns_name_t *name, *dname = NULL, *qname, *dqname, tname, *ns_name;
-+ dns_name_t *cname = NULL;
- dns_rdataset_t *rdataset, *ns_rdataset;
- isc_boolean_t done, external, chaining, aa, found, want_chaining;
-- isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
-+ isc_boolean_t have_answer, found_cname, found_dname, found_type;
-+ isc_boolean_t wanted_chaining;
- unsigned int aflag;
- dns_rdatatype_t type;
-- dns_fixedname_t fdname, fqname;
-+ dns_fixedname_t fdname, fqname, fqdname;
- dns_view_t *view;
-
- FCTXTRACE("answer_response");
-@@ -6738,6 +6745,7 @@ answer_response(fetchctx_t *fctx) {
-
- done = ISC_FALSE;
- found_cname = ISC_FALSE;
-+ found_dname = ISC_FALSE;
- found_type = ISC_FALSE;
- chaining = ISC_FALSE;
- have_answer = ISC_FALSE;
-@@ -6747,12 +6755,13 @@ answer_response(fetchctx_t *fctx) {
- aa = ISC_TRUE;
- else
- aa = ISC_FALSE;
-- qname = &fctx->name;
-+ dqname = qname = &fctx->name;
- type = fctx->type;
- view = fctx->res->view;
-+ dns_fixedname_init(&fqdname);
- result = dns_message_firstname(message, DNS_SECTION_ANSWER);
- while (!done && result == ISC_R_SUCCESS) {
-- dns_namereln_t namereln;
-+ dns_namereln_t namereln, dnamereln;
- int order;
- unsigned int nlabels;
-
-@@ -6760,6 +6769,8 @@ answer_response(fetchctx_t *fctx) {
- dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
- external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
- namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
-+ dnamereln = dns_name_fullcompare(dqname, name, &order,
-+ &nlabels);
- if (namereln == dns_namereln_equal) {
- wanted_chaining = ISC_FALSE;
- for (rdataset = ISC_LIST_HEAD(name->list);
-@@ -6854,7 +6865,7 @@ answer_response(fetchctx_t *fctx) {
- }
- } else if (rdataset->type == dns_rdatatype_rrsig
- && rdataset->covers ==
-- dns_rdatatype_cname
-+ dns_rdatatype_cname
- && !found_type) {
- /*
- * We're looking for something else,
-@@ -6884,11 +6895,18 @@ answer_response(fetchctx_t *fctx) {
- * a CNAME or DNAME).
- */
- INSIST(!external);
-- if (aflag ==
-- DNS_RDATASETATTR_ANSWER) {
-+ if ((rdataset->type !=
-+ dns_rdatatype_cname) ||
-+ !found_dname ||
-+ (aflag ==
-+ DNS_RDATASETATTR_ANSWER))
-+ {
- have_answer = ISC_TRUE;
-+ if (rdataset->type ==
-+ dns_rdatatype_cname)
-+ cname = name;
- name->attributes |=
-- DNS_NAMEATTR_ANSWER;
-+ DNS_NAMEATTR_ANSWER;
- }
- rdataset->attributes |= aflag;
- if (aa)
-@@ -6982,11 +7000,11 @@ answer_response(fetchctx_t *fctx) {
- return (DNS_R_FORMERR);
- }
-
-- if (namereln != dns_namereln_subdomain) {
-+ if (dnamereln != dns_namereln_subdomain) {
- char qbuf[DNS_NAME_FORMATSIZE];
- char obuf[DNS_NAME_FORMATSIZE];
-
-- dns_name_format(qname, qbuf,
-+ dns_name_format(dqname, qbuf,
- sizeof(qbuf));
- dns_name_format(name, obuf,
- sizeof(obuf));
-@@ -7001,7 +7019,7 @@ answer_response(fetchctx_t *fctx) {
- want_chaining = ISC_TRUE;
- POST(want_chaining);
- aflag = DNS_RDATASETATTR_ANSWER;
-- result = dname_target(rdataset, qname,
-+ result = dname_target(rdataset, dqname,
- nlabels, &fdname);
- if (result == ISC_R_NOSPACE) {
- /*
-@@ -7018,10 +7036,13 @@ answer_response(fetchctx_t *fctx) {
-
- dname = dns_fixedname_name(&fdname);
- if (!is_answertarget_allowed(view,
-- qname, rdataset->type,
-- dname, &fctx->domain)) {
-+ dqname, rdataset->type,
-+ dname, &fctx->domain))
-+ {
- return (DNS_R_SERVFAIL);
- }
-+ dqname = dns_fixedname_name(&fqdname);
-+ dns_name_copy(dname, dqname, NULL);
- } else {
- /*
- * We've found a signature that
-@@ -7046,6 +7067,10 @@ answer_response(fetchctx_t *fctx) {
- INSIST(!external);
- if (aflag == DNS_RDATASETATTR_ANSWER) {
- have_answer = ISC_TRUE;
-+ found_dname = ISC_TRUE;
-+ if (cname != NULL)
-+ cname->attributes &=
-+ ~DNS_NAMEATTR_ANSWER;
- name->attributes |=
- DNS_NAMEATTR_ANSWER;
- }
---
-2.7.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
index 096d5d8..8bc4ea3 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
@@ -17,24 +17,28 @@
Upstream-Status: Pending
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
+Update context(trailing whitespace) for version 9.10.5-P3.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
bin/confgen/Makefile.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
-index 8b3e5aa..4868a24 100644
+index dca272f..02becce 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c
ddns-confgen.@O@: ddns-confgen.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
--rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
--ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
index db20127..ef915c0 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -3,5 +3,6 @@
if [ ! -s /etc/bind/rndc.key ]; then
echo -n "Generating /etc/bind/rndc.key:"
/usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+ chown root:bind /etc/bind/rndc.key
chmod 0640 /etc/bind/rndc.key
fi
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
deleted file mode 100644
index 2930796..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
+++ /dev/null
@@ -1,104 +0,0 @@
-bind: port a patch to fix a build failure
-
-mips1 does not support ll and sc instructions, and lead to below error, now
-we port a patch from debian to fix it
-[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz]
-
-| {standard input}: Assembler messages:
-| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)'
-| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)'
-
-Upstream-Status: Pending
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
-
---- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h
-+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h
-@@ -31,18 +31,20 @@
- isc_atomic_xadd(isc_int32_t *p, int val) {
- isc_int32_t orig;
-
-- /* add is a cheat, since MIPS has no mov instruction */
-- __asm__ volatile (
-- "1:"
-- "ll $3, %1\n"
-- "add %0, $0, $3\n"
-- "add $3, $3, %2\n"
-- "sc $3, %1\n"
-- "beq $3, 0, 1b"
-- : "=&r"(orig)
-- : "m"(*p), "r"(val)
-- : "memory", "$3"
-- );
-+ __asm__ __volatile__ (
-+ " .set push \n"
-+ " .set mips2 \n"
-+ " .set noreorder \n"
-+ " .set noat \n"
-+ "1: ll $1, %1 \n"
-+ " addu %0, $1, %2 \n"
-+ " sc %0, %1 \n"
-+ " beqz %0, 1b \n"
-+ " move %0, $1 \n"
-+ " .set pop \n"
-+ : "=&r" (orig), "+R" (*p)
-+ : "r" (val)
-+ : "memory");
-
- return (orig);
- }
-@@ -52,16 +54,7 @@
- */
- static inline void
- isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
-- __asm__ volatile (
-- "1:"
-- "ll $3, %0\n"
-- "add $3, $0, %1\n"
-- "sc $3, %0\n"
-- "beq $3, 0, 1b"
-- :
-- : "m"(*p), "r"(val)
-- : "memory", "$3"
-- );
-+ *p = val;
- }
-
- /*
-@@ -72,20 +65,23 @@
- static inline isc_int32_t
- isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) {
- isc_int32_t orig;
-+ isc_int32_t tmp;
-
-- __asm__ volatile(
-- "1:"
-- "ll $3, %1\n"
-- "add %0, $0, $3\n"
-- "bne $3, %2, 2f\n"
-- "add $3, $0, %3\n"
-- "sc $3, %1\n"
-- "beq $3, 0, 1b\n"
-- "2:"
-- : "=&r"(orig)
-- : "m"(*p), "r"(cmpval), "r"(val)
-- : "memory", "$3"
-- );
-+ __asm__ __volatile__ (
-+ " .set push \n"
-+ " .set mips2 \n"
-+ " .set noreorder \n"
-+ " .set noat \n"
-+ "1: ll $1, %1 \n"
-+ " bne $1, %3, 2f \n"
-+ " move %2, %4 \n"
-+ " sc %2, %1 \n"
-+ " beqz %2, 1b \n"
-+ "2: move %0, $1 \n"
-+ " .set pop \n"
-+ : "=&r"(orig), "+R" (*p), "=r" (tmp)
-+ : "r"(cmpval), "r"(val)
-+ : "memory");
-
- return (orig);
- }
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
new file mode 100644
index 0000000..9829f15
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
@@ -0,0 +1,36 @@
+Use python3 rather default python which maybe links to python2 for oe. And add
+option for setup.py to install files to right directory.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in
+index a43a3c1..2e727f2 100644
+--- a/bin/python/Makefile.in
++++ b/bin/python/Makefile.in
+@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs
+ ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8
+ if test -n "${PYTHON}" ; then \
+ if test -n "${DESTDIR}" ; then \
+- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \
++ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \
+ else \
+- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \
++ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \
+ fi \
+ fi
+
+diff --git a/configure.in b/configure.in
+index 314bb90..867923e 100644
+--- a/configure.in
++++ b/configure.in
+@@ -227,7 +227,7 @@ AC_ARG_WITH(python,
+ [ --with-python=PATH specify path to python interpreter],
+ use_python="$withval", use_python="unspec")
+
+-python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7"
++python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7"
+
+ testargparse='try: import argparse
+ except: exit(1)'
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.5-P3.bb
similarity index 74%
rename from import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.5-P3.bb
index a802274..13724a8 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.5-P3.bb
@@ -3,14 +3,13 @@
SECTION = "console/network"
LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0a95f52a0ab6c5f52dedc9a45e7abb3f"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43"
DEPENDS = "openssl libcap"
-SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://conf.patch \
file://make-etc-initd-bind-stop-work.patch \
- file://mips1-not-support-opcode.diff \
file://dont-test-on-host.patch \
file://generate-rndc-key.sh \
file://named.service \
@@ -21,33 +20,33 @@
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
file://0001-lib-dns-gen.c-fix-too-long-error.patch \
- file://CVE-2016-1285.patch \
- file://CVE-2016-1286_1.patch \
- file://CVE-2016-1286_2.patch \
- file://CVE-2016-2088.patch \
- file://CVE-2016-2775.patch \
- file://CVE-2016-2776.patch \
- file://CVE-2016-8864.patch \
- file://CVE-2016-6170.patch \
+ file://use-python3-and-fix-install-lib-path.patch \
"
-SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a"
-SRC_URI[sha256sum] = "690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83"
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+
+SRC_URI[md5sum] = "d79cafbd9ac76239ee532dd89d05cc83"
+SRC_URI[sha256sum] = "8d7e96b5b0bbac7b900d4c4bbb82e0956b4e509433c5fa392bb72a929b96606a"
ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
-EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \
- --disable-devpoll --disable-epoll --with-gost=no \
+EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
+ --disable-devpoll --enable-epoll --with-gost=no \
--with-gssapi=no --with-ecdsa=yes \
--sysconfdir=${sysconfdir}/bind \
--with-openssl=${STAGING_LIBDIR}/.. \
"
-inherit autotools update-rc.d systemd useradd pkgconfig
+
+inherit autotools update-rc.d systemd useradd pkgconfig python3-dir
+
+export PYTHON_SITEPACKAGES_DIR
# PACKAGECONFIGs readline and libedit should NOT be set at same time
PACKAGECONFIG ?= "readline"
PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2"
PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
+PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
@@ -66,7 +65,7 @@
PACKAGE_BEFORE_PN += "${PN}-utils"
FILES_${PN}-utils = "${bindir}/host ${bindir}/dig"
FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}"
do_install_prepend() {
# clean host path in isc-config.sh before the hardlink created
@@ -98,6 +97,13 @@
install -d ${D}${sysconfdir}/default
install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+ fi
+
+ rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc
}
CONFFILES_${PN} = " \
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
index 882873a..1807aa7 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -6,16 +6,41 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
-DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck"
+DEPENDS = "udev dbus-glib glib-2.0 libcheck"
PROVIDES += "bluez-hcidump"
RPROVIDES_${PN} += "bluez-hcidump"
RCONFLICTS_${PN} = "bluez4"
-PACKAGECONFIG ??= "obex-profiles readline"
+PACKAGECONFIG ??= "obex-profiles \
+ readline \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ a2dp-profiles \
+ avrcp-profiles \
+ network-profiles \
+ hid-profiles \
+ hog-profiles \
+ tools \
+ deprecated \
+"
PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
-PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental,"
PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
+PACKAGECONFIG[testing] = "--enable-testing,--disable-testing"
+PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups"
+PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
+PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
+PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
+PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
+PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
+PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
+PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
+PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health"
+PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
+PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
+PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
+PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
SRC_URI = "\
${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
@@ -24,6 +49,7 @@
file://run-ptest \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+ file://0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch \
file://cve-2017-1000250.patch \
"
S = "${WORKDIR}/bluez-${PV}"
@@ -33,21 +59,20 @@
inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
EXTRA_OECONF = "\
- --enable-tools \
- --disable-cups \
--enable-test \
--enable-datafiles \
- ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd', '--disable-systemd', d)} \
--enable-library \
"
# bluez5 builds a large number of useful utilities but does not
# install them. Specify which ones we want put into ${PN}-noinst-tools.
NOINST_TOOLS_READLINE ??= ""
-NOINST_TOOLS_EXPERIMENTAL ??= ""
+NOINST_TOOLS_TESTING ??= ""
+NOINST_TOOLS_BT ??= ""
NOINST_TOOLS = " \
${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \
- ${@bb.utils.contains('PACKAGECONFIG', 'experimental', '${NOINST_TOOLS_EXPERIMENTAL}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
"
do_install_append() {
@@ -55,38 +80,36 @@
install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
install -d ${D}${sysconfdir}/bluetooth/
- if [ -f ${S}/profiles/audio/audio.conf ]; then
- install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/
- fi
if [ -f ${S}/profiles/network/network.conf ]; then
- install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+ install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
fi
if [ -f ${S}/profiles/input/input.conf ]; then
- install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+ install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
fi
- if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
- sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
- fi
+ if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
+ sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
+ fi
# Install desired tools that upstream leaves in build area
- for f in ${NOINST_TOOLS} ; do
- install -m 755 ${B}/$f ${D}/${bindir}
+ for f in ${NOINST_TOOLS} ; do
+ install -m 755 ${B}/$f ${D}/${bindir}
done
- # Patch python tools to use Python 3; they should be source compatible, but
- # still refer to Python 2 in the shebang
- sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
+ # Patch python tools to use Python 3; they should be source compatible, but
+ # still refer to Python 2 in the shebang
+ sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
}
-ALLOW_EMPTY_libasound-module-bluez = "1"
-PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
+PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
-FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
-FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${systemd_unitdir}/ ${datadir}/dbus-1"
-FILES_${PN}-dev += "\
- ${libdir}/bluetooth/plugins/*.la \
- ${libdir}/alsa-lib/*.la \
+FILES_${PN} += " \
+ ${libdir}/bluetooth/plugins/*.so \
+ ${systemd_unitdir}/ ${datadir}/dbus-1 \
+ ${libdir}/cups \
+"
+FILES_${PN}-dev += " \
+ ${libdir}/bluetooth/plugins/*.la \
"
FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
@@ -109,17 +132,17 @@
RDEPENDS_${PN}-testtools += "python3 python3-dbus python3-pygobject"
-SYSTEMD_SERVICE_${PN} = "bluetooth.service"
+SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME_${PN} = "bluetooth"
EXCLUDE_FROM_WORLD = "1"
do_compile_ptest() {
- oe_runmake buildtests
+ oe_runmake buildtests
}
do_install_ptest() {
- cp -r ${B}/unit/ ${D}${PTEST_PATH}
- rm -f ${D}${PTEST_PATH}/unit/*.o
+ cp -r ${B}/unit/ ${D}${PTEST_PATH}
+ rm -f ${D}${PTEST_PATH}/unit/*.o
}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
new file mode 100644
index 0000000..4679438
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
@@ -0,0 +1,36 @@
+From 3b341fb421ef61db7782bf1314ec693828467de9 Mon Sep 17 00:00:00 2001
+From: Andy Duan <fugang.duan@nxp.com>
+Date: Wed, 23 Nov 2016 17:12:12 +0800
+Subject: [PATCH] hciattach: bcm43xx: fix the delay timer for firmware download
+
+From the log in .bcm43xx_load_firmware():
+ /* Wait 50ms to let the firmware placed in download mode */
+ nanosleep(&tm_mode, NULL);
+
+But timespec tm_mode is real is 50us. Correct the delayed timer count.
+
+Upstream-Status: Accepted [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=76255f732d68aef2b90d36d9c7be51a9e1739ce7]
+
+Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
+---
+ tools/hciattach_bcm43xx.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/hciattach_bcm43xx.c b/tools/hciattach_bcm43xx.c
+index 81f38cb..ac1b3c1 100644
+--- a/tools/hciattach_bcm43xx.c
++++ b/tools/hciattach_bcm43xx.c
+@@ -228,8 +228,8 @@ static int bcm43xx_set_speed(int fd, struct termios *ti, uint32_t speed)
+ static int bcm43xx_load_firmware(int fd, const char *fw)
+ {
+ unsigned char cmd[] = { HCI_COMMAND_PKT, 0x2e, 0xfc, 0x00 };
+- struct timespec tm_mode = { 0, 50000 };
+- struct timespec tm_ready = { 0, 2000000 };
++ struct timespec tm_mode = { 0, 50000000 };
++ struct timespec tm_ready = { 0, 200000000 };
+ unsigned char resp[CC_MIN_SIZE];
+ unsigned char tx_buf[1024];
+ int len, fd_fw, n;
+--
+1.9.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
index 489e9b9..d7972f2 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
@@ -21,25 +21,22 @@
case $1 in
start)
- echo "Starting $DESC"
-
+ echo -n "Starting $DESC: "
if test "$BLUETOOTH_ENABLED" = 0; then
- echo "disabled. see /etc/default/bluetooth"
+ echo "disabled (see /etc/default/bluetooth)."
exit 0
fi
-
start-stop-daemon --start --background $SSD_OPTIONS
- echo "${DAEMON##*/}"
-
+ echo "${DAEMON##*/}."
;;
stop)
- echo "Stopping $DESC"
+ echo -n "Stopping $DESC: "
if test "$BLUETOOTH_ENABLED" = 0; then
- echo "disabled."
+ echo "disabled (see /etc/default/bluetooth)."
exit 0
fi
start-stop-daemon --stop $SSD_OPTIONS
- echo "${DAEMON}"
+ echo "${DAEMON##*/}."
;;
restart|force-reload)
$0 stop
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.43.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.46.bb
similarity index 60%
rename from import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.43.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.46.bb
index e10b82d..e1f8587 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.43.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.46.bb
@@ -2,13 +2,13 @@
REQUIRED_DISTRO_FEATURES = "bluez5"
-SRC_URI[md5sum] = "698def88df96840dfbb0858bb6d73350"
-SRC_URI[sha256sum] = "16c9c05d2a1da644ce3570d975ada3643d2e60c007a955bac09c0a0efeb58d15"
+SRC_URI[md5sum] = "913f35d6fa4ca5772c53adb936bf1947"
+SRC_URI[sha256sum] = "ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28"
# noinst programs in Makefile.tools that are conditional on READLINE
# support
NOINST_TOOLS_READLINE ?= " \
- attrib/gatttool \
+ ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \
tools/obex-client-tool \
tools/obex-server-tool \
tools/bluetooth-player \
@@ -16,12 +16,13 @@
tools/btmgmt \
"
-# noinst programs in Makefile.tools that are conditional on EXPERIMENTAL
+# noinst programs in Makefile.tools that are conditional on TESTING
# support
-NOINST_TOOLS_EXPERIMENTAL ?= " \
+NOINST_TOOLS_TESTING ?= " \
emulator/btvirt \
emulator/b1ee \
emulator/hfp \
+ peripheral/btsensor \
tools/3dsp \
tools/mgmt-tester \
tools/gap-tester \
@@ -30,6 +31,13 @@
tools/smp-tester \
tools/hci-tester \
tools/rfcomm-tester \
+ tools/bnep-tester \
+ tools/userchan-tester \
+"
+
+# noinst programs in Makefile.tools that are conditional on TOOLS
+# support
+NOINST_TOOLS_BT ?= " \
tools/bdaddr \
tools/avinfo \
tools/avtest \
@@ -39,17 +47,23 @@
tools/hcieventmask \
tools/hcisecfilter \
tools/btinfo \
- tools/btattach \
tools/btsnoop \
tools/btproxy \
tools/btiotest \
+ tools/bneptest \
tools/mcaptest \
tools/cltest \
tools/oobtest \
+ tools/advtest \
tools/seq2bseq \
+ tools/nokfw \
+ tools/create-image \
+ tools/eddystone \
tools/ibeacon \
tools/btgatt-client \
tools/btgatt-server \
+ tools/test-runner \
+ tools/check-selftest \
tools/gatt-service \
profiles/iap/iapd \
"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
index 64a5418..2b03f9c 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
@@ -13,9 +13,9 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives
-DEPENDS = "dbus glib-2.0 ppp iptables readline"
+DEPENDS = "dbus glib-2.0 ppp readline"
INC_PR = "r20"
@@ -33,6 +33,7 @@
PACKAGECONFIG ??= "wispr \
${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
+ iptables \
"
# If you want ConnMan to support VPN, add following statement into
@@ -50,6 +51,8 @@
PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
# WISPr support for logging into hotspots, requires TLS
PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
INITSCRIPT_NAME = "connman"
INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
@@ -66,6 +69,11 @@
SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service"
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+
do_install_append() {
if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
install -d ${D}${sysconfdir}/init.d
@@ -86,6 +94,11 @@
# Automake 1.12 won't install empty directories, but we need the
# plugins directory to be present for ownership
mkdir -p ${D}${libdir}/connman/plugins
+
+ # For read-only filesystem, do not create links during bootup
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
+ fi
}
# These used to be plugins, but now they are core
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch
deleted file mode 100644
index bf3b86d..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From c8bfad4ee9d2c505c00ccbb8b2139543b5ad6fcb Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Mon, 23 Jan 2017 17:41:39 +0200
-Subject: [PATCH] Fix compile on musl with kernel 4.9 headers
-
-Kernel headers break when musl defines IFF_LOWER_UP. While
-waiting for more proper fix in musl, add a hack to connman.
-
-Upstream-Status: Inappropriate [Workaround]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- src/6to4.c | 4 ++++
- src/firewall.c | 4 ++++
- src/iptables.c | 4 ++++
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/6to4.c b/src/6to4.c
-index 71a2882..1938afb 100644
---- a/src/6to4.c
-+++ b/src/6to4.c
-@@ -24,6 +24,10 @@
- #include <config.h>
- #endif
-
-+/* hack to make sure kernel headers understand that libc (musl)
-+ does define IFF_LOWER_UP et al. */
-+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
-+
- #include <errno.h>
- #include <stdio.h>
- #include <stdlib.h>
-diff --git a/src/firewall.c b/src/firewall.c
-index c440df6..c83def9 100644
---- a/src/firewall.c
-+++ b/src/firewall.c
-@@ -23,6 +23,10 @@
- #include <config.h>
- #endif
-
-+/* hack to make sure kernel headers understand that libc (musl)
-+ does define IFF_LOWER_UP et al. */
-+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
-+
- #include <errno.h>
-
- #include <xtables.h>
-diff --git a/src/iptables.c b/src/iptables.c
-index 82e3ac4..46ad9e2 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -23,6 +23,10 @@
- #include <config.h>
- #endif
-
-+/* hack to make sure kernel headers understand that libc (musl)
-+ does define IFF_LOWER_UP et al. */
-+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
-+
- #include <getopt.h>
- #include <stdlib.h>
- #include <stdio.h>
---
-2.1.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
new file mode 100644
index 0000000..8e2e0bd0
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
@@ -0,0 +1,29 @@
+From 9f70b94ebf18f52c115634642652830fa77f27a1 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 12 Jun 2017 16:52:39 +0300
+Subject: [PATCH] connman.service: stop systemd-resolved when we use connman
+
+Stop systemd-resolved service when we use connman as network manager.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ src/connman.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/connman.service.in b/src/connman.service.in
+index 9f5c10f..dab48bc 100644
+--- a/src/connman.service.in
++++ b/src/connman.service.in
+@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman
+ After=dbus.service network-pre.target systemd-sysusers.service
+ Before=network.target multi-user.target shutdown.target
+ Wants=network.target
++Conflicts=systemd-resolved.service
+
+ [Service]
+ Type=dbus
+--
+2.4.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
new file mode 100644
index 0000000..cfafbd1
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
@@ -0,0 +1,72 @@
+From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 8 May 2017 10:53:18 +0300
+Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7
+
+We need these updates to accommodate the changes caused by the following
+commit in libnftnl-1.0.7
+
+commit 907a9f8e5a93f5bcd449643eb3916a656d634758
+Author: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue Dec 20 13:47:11 2016 +0100
+
+src: get rid of aliases and compat
+
+This machinery was introduced to avoid sudden compilation breakage of
+old nftables releases. With the upcoming release of 0.7 (and 0.6 which
+is now 6 months old) this is not required anymore.
+
+Moreover, users gain nothing from older releases since they are
+half-boiled and buggy.
+
+So let's get rid of aliases now. Bump LIBVERSION and update map file.
+
+Upstream-Status: Submitted
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ src/firewall-nftables.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c
+index 583d1c4..83b137b 100644
+--- a/src/firewall-nftables.c
++++ b/src/firewall-nftables.c
+@@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op,
+ if (!expr)
+ return -ENOMEM;
+
+- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg);
+- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
+- nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
++ nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len);
+
+ nftnl_rule_add_expr(rule, expr);
+
+@@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen,
+ expr = nftnl_expr_alloc("meta");
+ if (!expr)
+ goto err;
+- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME);
+- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
+ nftnl_rule_add_expr(rule, expr);
+ err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface,
+ strlen(interface) + 1);
+@@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address,
+ expr = nftnl_expr_alloc("meta");
+ if (!expr)
+ goto err;
+- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF);
+- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF);
++ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
+ nftnl_rule_add_expr(rule, expr);
+ err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index));
+ if (err < 0)
+--
+2.4.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch
deleted file mode 100644
index c545811..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-stats-Fix-bad-file-descriptor-initialisation.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From c7f4151fb053b0d0691d8f10d7e3690265d28889 Mon Sep 17 00:00:00 2001
-From: Lukasz Nowak <lnowak@tycoint.com>
-Date: Wed, 26 Oct 2016 18:13:02 +0100
-Subject: [PATCH] stats: Fix bad file descriptor initialisation
-
-Stats file code initialises its file descriptor field to 0. But 0 is
-a valid fd value. -1 should be used instead. This causes problems
-when an error happens before a stats file is open (e.g. mkdir
-fails). The clean-up procedure, stats_free() calls close(fd). When fd
-is 0, this first closes stdin, and then any files/sockets which
-received fd=0, re-used by the OS.
-
-Fixed several instances of bad file descriptor field handling, in case
-of errors.
-
-The bug results with connman freezing if there is no read/write storage
-directory available, and there are multiple active interfaces
-(fd=0 gets re-used for sockets in that case).
-
-The patch was imported from the Connman git repository
-(git://git.kernel.org/pub/scm/network/connman) as of commit id
-c7f4151fb053b0d0691d8f10d7e3690265d28889.
-
-Upstream-Status: Accepted
-Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
----
- src/stats.c | 15 +++++++++++++++
- src/util.c | 4 ++--
- 2 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/src/stats.c b/src/stats.c
-index 26343b1..c3ca738 100644
---- a/src/stats.c
-+++ b/src/stats.c
-@@ -378,6 +378,7 @@ static int stats_file_setup(struct stats_file *file)
- strerror(errno), file->name);
-
- TFR(close(file->fd));
-+ file->fd = -1;
- g_free(file->name);
- file->name = NULL;
-
-@@ -393,6 +394,7 @@ static int stats_file_setup(struct stats_file *file)
- err = stats_file_remap(file, size);
- if (err < 0) {
- TFR(close(file->fd));
-+ file->fd = -1;
- g_free(file->name);
- file->name = NULL;
-
-@@ -649,6 +651,13 @@ static int stats_file_history_update(struct stats_file *data_file)
- bzero(history_file, sizeof(struct stats_file));
- bzero(temp_file, sizeof(struct stats_file));
-
-+ /*
-+ * 0 is a valid file descriptor - fd needs to be initialized
-+ * to -1 to handle errors correctly
-+ */
-+ history_file->fd = -1;
-+ temp_file->fd = -1;
-+
- err = stats_open(history_file, data_file->history_name);
- if (err < 0)
- return err;
-@@ -682,6 +691,12 @@ int __connman_stats_service_register(struct connman_service *service)
- if (!file)
- return -ENOMEM;
-
-+ /*
-+ * 0 is a valid file descriptor - fd needs to be initialized
-+ * to -1 to handle errors correctly
-+ */
-+ file->fd = -1;
-+
- g_hash_table_insert(stats_hash, service, file);
- } else {
- return -EALREADY;
-diff --git a/src/util.c b/src/util.c
-index e6532c8..732d451 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -63,7 +63,7 @@ int __connman_util_init(void)
- {
- int r = 0;
-
-- if (f > 0)
-+ if (f >= 0)
- return 0;
-
- f = open(URANDOM, O_RDONLY);
-@@ -86,7 +86,7 @@ int __connman_util_init(void)
-
- void __connman_util_cleanup(void)
- {
-- if (f > 0)
-+ if (f >= 0)
- close(f);
-
- f = -1;
---
-2.7.4
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb
deleted file mode 100644
index ee04d9b..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-require connman.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
- file://connman \
- file://no-version-scripts.patch \
- file://includes.patch \
- file://0003-stats-Fix-bad-file-descriptor-initialisation.patch \
- file://CVE-2017-12865.patch \
- "
-SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
- file://0001-Fix-compile-on-musl-with-kernel-4.9-headers.patch"
-
-SRC_URI[md5sum] = "c51903fd3e7a6a371d12ac5d72a1fa01"
-SRC_URI[sha256sum] = "bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0"
-
-RRECOMMENDS_${PN} = "connman-conf"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.34.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.34.bb
new file mode 100644
index 0000000..dc2c688
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.34.bb
@@ -0,0 +1,18 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+ file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \
+ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+ file://connman \
+ file://no-version-scripts.patch \
+ file://includes.patch \
+ file://CVE-2017-12865.patch \
+ "
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
+ "
+
+SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef"
+SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e"
+
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
index aafdd0a..e943707 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -12,30 +12,33 @@
DEPENDS = "openssl bind"
-SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
- file://define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
+SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
file://init-relay file://default-relay \
file://init-server file://default-server \
file://dhclient.conf file://dhcpd.conf \
+ file://dhclient-systemd-wrapper \
+ file://dhclient.service \
file://dhcpd.service file://dhcrelay.service \
file://dhcpd6.service \
- file://search-for-libxml2.patch "
-
+ "
UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/"
inherit autotools systemd useradd update-rc.d
USERADD_PACKAGES = "${PN}-server"
-USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${PN} --shell /bin/false --user-group ${PN}"
+USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}"
-SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay"
+SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client"
SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
+SYSTEMD_SERVICE_${PN}-client = "dhclient.service"
+SYSTEMD_AUTO_ENABLE_${PN}-client = "disable"
+
INITSCRIPT_PACKAGES = "dhcp-server"
INITSCRIPT_NAME_dhcp-server = "dhcp-server"
INITSCRIPT_PARAMS_dhcp-server = "defaults"
@@ -46,7 +49,7 @@
--with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
--with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
--with-libbind=${STAGING_LIBDIR}/ \
- --enable-paranoia \
+ --enable-paranoia --disable-static \
--with-randomdev=/dev/random \
"
@@ -79,15 +82,23 @@
sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
- sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
+ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
+
+ install -d ${D}${base_sbindir}
+ install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper
+ install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service
+ sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service
}
-PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
+PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
-FILES_${PN} = ""
+PACKAGES_remove = "${PN}"
RDEPENDS_${PN}-dev = ""
RDEPENDS_${PN}-staticdev = ""
+FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0*"
+
FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
RRECOMMENDS_${PN}-server = "dhcp-server-config"
@@ -95,7 +106,11 @@
FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
-FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf"
+FILES_${PN}-client = "${base_sbindir}/dhclient \
+ ${base_sbindir}/dhclient-script \
+ ${sysconfdir}/dhcp/dhclient.conf \
+ ${base_sbindir}/dhclient-systemd-wrapper \
+ "
FILES_${PN}-omshell = "${bindir}/omshell"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
similarity index 70%
rename from import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
index 32bdaf0..e5b3cf9 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
@@ -1,17 +1,21 @@
-define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
+From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 16:14:22 +0800
+Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
Upstream-Status: Inappropriate [OE specific]
+Rebase to 4.3.6
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
includes/site.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/includes/site.h b/includes/site.h
-index d87b309..17bc40d 100644
+index b2f7fd7..280fbb9 100644
--- a/includes/site.h
+++ b/includes/site.h
-@@ -139,7 +139,8 @@
+@@ -149,7 +149,8 @@
/* Define this if you want the dhcpd.conf file to go somewhere other than
the default location. By default, it goes in /etc/dhcpd.conf. */
@@ -22,5 +26,5 @@
/* Network API definitions. You do not need to choose one of these - if
you don't choose, one will be chosen for you in your system's config
--
-1.9.1
+1.8.3.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
new file mode 100644
index 0000000..6459dc0
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
@@ -0,0 +1,117 @@
+From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 14:56:56 +0800
+Subject: [PATCH 02/11] dhclient dbus
+
+upstream-Status: Inappropriate [distribution]
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/bsdos | 5 +++++
+ client/scripts/freebsd | 5 +++++
+ client/scripts/linux | 5 +++++
+ client/scripts/netbsd | 5 +++++
+ client/scripts/openbsd | 5 +++++
+ client/scripts/solaris | 5 +++++
+ 6 files changed, 30 insertions(+)
+
+diff --git a/client/scripts/bsdos b/client/scripts/bsdos
+index d69d0d8..095b143 100755
+--- a/client/scripts/bsdos
++++ b/client/scripts/bsdos
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/freebsd b/client/scripts/freebsd
+index 8f3e2a2..ad7fb44 100755
+--- a/client/scripts/freebsd
++++ b/client/scripts/freebsd
+@@ -89,6 +89,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 5fb1612..3d447b6 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -174,6 +174,11 @@ exit_with_hooks() {
+ exit_status=$?
+ fi
+
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/netbsd b/client/scripts/netbsd
+index 07383b7..aaba8e8 100755
+--- a/client/scripts/netbsd
++++ b/client/scripts/netbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/openbsd b/client/scripts/openbsd
+index e7f4746..56b980c 100644
+--- a/client/scripts/openbsd
++++ b/client/scripts/openbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/solaris b/client/scripts/solaris
+index af553b9..4a2aa69 100755
+--- a/client/scripts/solaris
++++ b/client/scripts/solaris
+@@ -26,6 +26,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
similarity index 68%
rename from import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
index 0d0e0dd..810c7b6 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
@@ -1,24 +1,28 @@
-Author: Andrei Gherzan <andrei@gherzan.ro>
-Date: Thu Feb 2 23:59:11 2012 +0200
+From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001
+From: Andrei Gherzan <andrei@gherzan.ro>
+Date: Tue, 15 Aug 2017 15:05:47 +0800
+Subject: [PATCH 03/11] link with lcrypto
-From 4.2.0 final release, -lcrypto check was removed and we compile static libraries
-from bind that are linked to libcrypto. This is why i added a patch in order to add
+From 4.2.0 final release, -lcrypto check was removed and we compile
+static libraries
+from bind that are linked to libcrypto. This is why i added a patch in
+order to add
-lcrypto to LIBS.
Upstream-Status: Pending
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
-Rebase to 4.3.4
+Rebase to 4.3.6
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
configure.ac | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/configure.ac b/configure.ac
-index 097b0c3..726c88e 100644
+index cdfa352..44fb57e 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -584,6 +584,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn));
+@@ -591,6 +591,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn));
# Look for optional headers.
AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
@@ -30,5 +34,5 @@
AC_SEARCH_LIBS(socket, [socket])
AC_SEARCH_LIBS(inet_ntoa, [nsl])
--
-2.8.1
+1.8.3.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
similarity index 92%
rename from import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
index 2f44147..7d1d867 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
@@ -1,10 +1,13 @@
-Fix out of tree builds
+From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:08:22 +0800
+Subject: [PATCH 04/11] Fix out of tree builds
Upstream-Status: Pending
RP 2013/03/21
-Rebase to 4.3.4
+Rebase to 4.3.6
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
@@ -93,5 +96,5 @@
dist_sysconf_DATA = dhcpd.conf.example
sbin_PROGRAMS = dhcpd
--
-2.8.1
+1.8.3.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
new file mode 100644
index 0000000..dd56381
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
@@ -0,0 +1,36 @@
+From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:24:14 +0800
+Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on
+ Read-only file system
+
+In read-only file system, '/etc' is on the readonly partition,
+and '/etc/resolv.conf' is symlinked to a separate writable
+partition.
+
+In this situation, we create temp files 'resolv.conf.dhclient-new'
+in /tmp dir.
+
+Upstream-Status: Pending
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3d447b6..3122a75 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -40,7 +40,7 @@ make_resolv_conf() {
+ # DHCPv4
+ if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] ||
+ [ -n "$new_domain_name_servers" ]; then
+- new_resolv_conf=/etc/resolv.conf.dhclient-new
++ new_resolv_conf=/tmp/resolv.conf.dhclient-new
+ rm -f $new_resolv_conf
+
+ if [ -n "$new_domain_name" ]; then
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
similarity index 65%
rename from import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
index 47443a5..c62b283 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
@@ -1,17 +1,22 @@
+From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 15 Aug 2017 15:37:49 +0800
+Subject: [PATCH 06/11] site.h: enable gentle shutdown
+
Upstream-Status: Inappropriate [configuration]
-
-Subject: [PATCH] site.h: enable gentle shutdown
-
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
includes/site.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/includes/site.h b/includes/site.h
-index 1dd1251..abb66e4 100644
+index 280fbb9..e6c2972 100644
--- a/includes/site.h
+++ b/includes/site.h
-@@ -289,7 +289,7 @@
+@@ -296,7 +296,7 @@
situations. We plan to revisit this feature and may
make non-backwards compatible changes including the
removal of this define. Use at your own risk. */
@@ -21,5 +26,5 @@
/* Include old error codes. This is provided in case you
are building an external program similar to omshell for
--
-2.8.1
+1.8.3.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
new file mode 100644
index 0000000..43c26ea
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
@@ -0,0 +1,42 @@
+From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001
+From: Christopher Larson <chris_larson@mentor.com>
+Date: Tue, 15 Aug 2017 16:17:49 +0800
+Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency
+ explicit and determinisitic.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 44fb57e..8e9f509 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -611,6 +611,17 @@ AC_CHECK_FUNCS(strlcat)
+ # For HP/UX we need -lipv6 for if_nametoindex, perhaps others.
+ AC_SEARCH_LIBS(if_nametoindex, [ipv6])
+
++AC_ARG_WITH(libxml2,
++ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
++ with_libxml2="$withval", with_libxml2="no")
++
++if test x$with_libxml2 != xno; then
++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++ [if test x$with_libxml2 != xauto; then
++ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
++ fi])
++fi
++
+ # check for /dev/random (declares HAVE_DEV_RANDOM)
+ AC_MSG_CHECKING(for random device)
+ AC_ARG_WITH(randomdev,
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
similarity index 93%
rename from import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
index 03c6abb..006d18a 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
@@ -1,7 +1,7 @@
-From ad7bb401f47714fc30c408853b796ce0f1c7e65f Mon Sep 17 00:00:00 2001
+From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Sat, 11 Jun 2016 22:51:44 -0400
-Subject: [PATCH] tweak to support external bind
+Subject: [PATCH 08/11] tweak to support external bind
Tweak the external bind to oe-core's sysroot rather than
external bind source build.
@@ -34,7 +34,7 @@
AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
-DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index da69ea9..fe35e57 100644
+index 5031d0c..a8dfd26 100644
--- a/client/tests/Makefile.am
+++ b/client/tests/Makefile.am
@@ -1,6 +1,6 @@
@@ -46,7 +46,7 @@
AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f8d6b0e..05cd9c1 100644
+index f6a43e4..2f98d22 100644
--- a/common/tests/Makefile.am
+++ b/common/tests/Makefile.am
@@ -1,6 +1,6 @@
@@ -101,7 +101,7 @@
AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index 65a9f74..2892309 100644
+index a87c5e7..9821081 100644
--- a/server/tests/Makefile.am
+++ b/server/tests/Makefile.am
@@ -1,6 +1,6 @@
@@ -113,5 +113,5 @@
AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
--
-2.8.1
+1.8.3.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
new file mode 100644
index 0000000..912b6d6
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
@@ -0,0 +1,28 @@
+From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Tue, 15 Aug 2017 15:49:31 +0800
+Subject: [PATCH 09/11] remove dhclient-script bash dependency
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3122a75..1712d7d 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # dhclient-script for Linux. Dan Halbert, March, 1997.
+ # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
+ # No guarantees about this. I'm a novice at the details of Linux
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
new file mode 100644
index 0000000..f128731
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
@@ -0,0 +1,208 @@
+From 76c370a929e5ab5dbc81c2fbcf4e50f4fbc08ce9 Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 15 Aug 2017 15:53:37 +0800
+Subject: [PATCH 10/11] build shared libs
+
+Upstream-Status: Pending
+
+Port patches from Fedora to build shared libs rather than static libs.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am | 4 ++--
+ common/tests/Makefile.am | 13 +++++--------
+ configure.ac | 12 ++----------
+ dhcpctl/Makefile.am | 14 ++++++--------
+ omapip/Makefile.am | 7 +++----
+ relay/Makefile.am | 5 ++---
+ server/Makefile.am | 7 +++----
+ server/tests/Makefile.am | 7 +++----
+ 8 files changed, 26 insertions(+), 43 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index 84d8131..e776bf0 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
+ scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+ scripts/netbsd scripts/nextstep scripts/openbsd \
+ scripts/solaris scripts/openwrt
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+index 2f98d22..8745e88 100644
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
+@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest
+ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ dns_unittest_LDADD = $(ATF_LDFLAGS)
+ dns_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ misc_unittest_LDADD = $(ATF_LDFLAGS)
+ misc_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c
+ ns_name_unittest_LDADD = $(ATF_LDFLAGS)
+ ns_name_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.a -L$(BINDLIBDIR) \
++ -ldns -lisccfg -lisc
+
+ check: $(ATF_TESTS)
+ @if test $(top_srcdir) != ${top_builddir}; then \
+diff --git a/configure.ac b/configure.ac
+index 8e9f509..bfe988a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes")
+ # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
+ AC_USE_SYSTEM_EXTENSIONS
+
+-AC_PROG_RANLIB
+-
+-AC_PATH_PROG(AR, ar)
+-AC_SUBST(AR)
+-
+-if test "X$AR" = "X"; then
+- AC_MSG_ERROR([
+-ar program not found. Please fix your PATH to include the directory in
+-which ar resides, or set AR in the environment with the full path to ar.])
+-fi
++# Use libtool to simplify building of shared libraries
++AC_PROG_LIBTOOL
+
+ AC_CONFIG_HEADERS([includes/config.h])
+
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index 9b2486e..784cdf7 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
+
+ bin_PROGRAMS = omshell
+-lib_LIBRARIES = libdhcpctl.a
++lib_LTLIBRARIES = libdhcpctl.la
+ noinst_PROGRAMS = cltest
+ man_MANS = omshell.1 dhcpctl.3
+ EXTRA_DIST = $(man_MANS)
+
+ omshell_SOURCES = omshell.c
+-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
+
+ cltest_SOURCES = cltest.c
+-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index e4a8599..c0c7a1e 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,10 +1,10 @@
+ BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+-lib_LIBRARIES = libomapi.a
++lib_LTLIBRARIES = libomapi.la
+ noinst_PROGRAMS = svtest
+
+-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
+ errwarn.c listener.c dispatch.c generic.c support.c \
+ handle.c message.c convert.c hash.c auth.c inet_addr.c \
+ array.c trace.c toisc.c iscprint.c isclib.c
+@@ -13,6 +13,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index b3bf578..f47009f 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+
+diff --git a/server/Makefile.am b/server/Makefile.am
+index b5d8c2d..d7f876d 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
+ dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c
+
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \
+- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS)
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ ../dhcpctl/libdhcpctl.la -L$(BINDLIBDIR) \
++ -lirs -ldns -lisccfg -lisc $(LDAP_LIBS)
+
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index 9821081..de95872 100644
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
+@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \
+ ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \
+ ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c
+
+-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \
+- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \
+- $(BINDLIBDIR)/libisc.a
++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \
++ $(top_builddir)/dhcpctl/libdhcpctl.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+ ATF_TESTS =
+ if HAVE_ATF
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
new file mode 100644
index 0000000..67bb463
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
@@ -0,0 +1,81 @@
+From 37725f3e22edb50e0ca2d1fff971321a5a4d5112 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 12 Jul 2017 03:05:13 -0400
+Subject: [PATCH 11/11] Moved the call to isc_app_ctxstart() to not get signal
+ block by all threads
+
+Signed-off-by: Francis Dupont <fdupont@isc.org>
+
+In https://source.isc.org/git/bind9.git, since the following
+commit applied:
+...
+commit b99bfa184bc9375421b5df915eea7dfac6a68a99
+Author: Evan Hunt <each@isc.org>
+Date: Wed Apr 10 13:49:57 2013 -0700
+
+ [master] unify internal and export libraries
+
+ 3550. [func] Unified the internal and export versions of the
+ BIND libraries, allowing external clients to use
+ the same libraries as BIND. [RT #33131]
+...
+(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c)
+
+In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS),
+it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart.
+Which caused dhclient/dhcpd could not be stopped by SIGTERM.
+
+It caused systemd's reboot hung which send SIGTERM by default.
+
+Upstream-Status: Backport [https://source.isc.org/git/dhcp.git]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ omapip/isclib.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index ce86490..6a04345 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -185,16 +185,6 @@ dhcp_context_create(int flags,
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+- result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+- if (result != ISC_R_SUCCESS)
+- return (result);
+- dhcp_gbl_ctx.actx_started = ISC_TRUE;
+-
+- /* Not all OSs support suppressing SIGPIPE through socket
+- * options, so set the sigal action to be ignore. This allows
+- * broken connections to fail gracefully with EPIPE on writes */
+- handle_signal(SIGPIPE, SIG_IGN);
+-
+ result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx,
+ dhcp_gbl_ctx.actx,
+ 1, 0,
+@@ -217,6 +207,21 @@ dhcp_context_create(int flags,
+ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
++
++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
++ if (result != ISC_R_SUCCESS)
++ return (result);
++ dhcp_gbl_ctx.actx_started = ISC_TRUE;
++
++ /* Not all OSs support suppressing SIGPIPE through socket
++ * options, so set the sigal action to be ignore. This allows
++ * broken connections to fail gracefully with EPIPE on writes */
++ handle_signal(SIGPIPE, SIG_IGN);
++
++ /* Reset handlers installed by isc_app_ctxstart()
++ * to default for control-c and kill */
++ handle_signal(SIGINT, SIG_DFL);
++ handle_signal(SIGTERM, SIG_DFL);
+ }
+
+ #if defined (NSUPDATE)
+--
+1.8.3.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
new file mode 100644
index 0000000..2d3af9d
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
@@ -0,0 +1,37 @@
+From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001
+From: Awais Belal <awais_belal@mentor.com>
+Date: Wed, 25 Oct 2017 21:00:05 +0500
+Subject: [PATCH] dhcp: correct the intention for xml2 lib search
+
+A missing case breaks the build when libxml2 is
+required and found appropriately. The third argument
+to the function AC_SEARCH_LIB is action-if-found which
+was mistakenly been used for the case where the library
+is not found and hence breaks the configure phase
+where it shoud actually pass.
+We now pass on silently when action-if-found is
+executed.
+
+Upstream-Status: Pending
+
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index bfe988a..f0459e6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -608,7 +608,7 @@ AC_ARG_WITH(libxml2,
+ with_libxml2="$withval", with_libxml2="no")
+
+ if test x$with_libxml2 != xno; then
+- AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
+ [if test x$with_libxml2 != xauto; then
+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
+ fi])
+--
+2.11.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
deleted file mode 100644
index 96095a5..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-dhcp-client: fix invoke dhclient-script failed on Read-only file system
-
-In read-only file system, '/etc' is on the readonly partition,
-and '/etc/resolv.conf' is symlinked to a separate writable
-partition.
-
-In this situation, we should use shell variable to instead of
-temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'.
-
-Upstream-Status: Pending
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -27,27 +27,25 @@ ip=/sbin/ip
-
- make_resolv_conf() {
- if [ x"$new_domain_name_servers" != x ]; then
-- cat /dev/null > /etc/resolv.conf.dhclient
-- chmod 644 /etc/resolv.conf.dhclient
-+ resolv_conf=""
- if [ x"$new_domain_search" != x ]; then
-- echo search $new_domain_search >> /etc/resolv.conf.dhclient
-+ resolv_conf="search ${new_domain_search}\n"
- elif [ x"$new_domain_name" != x ]; then
- # Note that the DHCP 'Domain Name Option' is really just a domain
- # name, and that this practice of using the domain name option as
- # a search path is both nonstandard and deprecated.
-- echo search $new_domain_name >> /etc/resolv.conf.dhclient
-+ resolv_conf="search ${new_domain_name}\n"
- fi
- for nameserver in $new_domain_name_servers; do
-- echo nameserver $nameserver >>/etc/resolv.conf.dhclient
-+ resolv_conf="${resolv_conf}nameserver ${nameserver}\n"
- done
-
-- mv /etc/resolv.conf.dhclient /etc/resolv.conf
-+ echo -e "${resolv_conf}" > /etc/resolv.conf
- elif [ "x${new_dhcp6_name_servers}" != x ] ; then
-- cat /dev/null > /etc/resolv.conf.dhclient6
-- chmod 644 /etc/resolv.conf.dhclient6
-+ resolv_conf=""
-
- if [ "x${new_dhcp6_domain_search}" != x ] ; then
-- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6
-+ resolv_conf="search ${new_dhcp6_domain_search}\n"
- fi
- shopt -s nocasematch
- for nameserver in ${new_dhcp6_name_servers} ; do
-@@ -59,11 +57,11 @@ make_resolv_conf() {
- else
- zone_id=
- fi
-- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6
-+ resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
- done
- shopt -u nocasematch
-
-- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf
-+ echo -e "${resolv_conf}" > /etc/resolv.conf
- fi
- }
-
---
-2.8.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
deleted file mode 100644
index b4a666d..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Upstream-Status: Inappropriate [distribution]
-
---- client/scripts/bsdos
-+++ client/scripts/bsdos
-@@ -47,6 +47,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
---- client/scripts/freebsd
-+++ client/scripts/freebsd
-@@ -57,6 +57,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
---- client/scripts/linux
-+++ client/scripts/linux
-@@ -69,6 +69,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
---- client/scripts/netbsd
-+++ client/scripts/netbsd
-@@ -47,6 +47,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
---- client/scripts/openbsd
-+++ client/scripts/openbsd
-@@ -47,6 +47,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
---- client/scripts/solaris
-+++ client/scripts/solaris
-@@ -47,6 +47,11 @@
- . /etc/dhcp/dhclient-exit-hooks
- fi
- # probably should do something with exit status of the local script
-+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+ dbus-send --system --dest=com.redhat.dhcp \
-+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+ fi
- exit $exit_status
- }
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
deleted file mode 100644
index 1435662..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Add configure argument to make the libxml2 dependency explicit and
-determinisitic.
-
-Upstream-Status: Pending
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-
-Rebase to 4.3.4
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- configure.ac | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 726c88e..1684df1 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -718,7 +718,16 @@ AC_SUBST(BINDSRCDIR)
-
- # We need to find libxml2 if bind was built with support enabled
- # otherwise we'll fail to build omapip/test.c
--AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],)
-+AC_ARG_WITH(libxml2,
-+ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
-+ with_libxml2="$withval", with_libxml2="no")
-+
-+if test x$with_libxml2 != xno; then
-+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
-+ [if test x$with_libxml2 != xauto; then
-+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
-+ fi])
-+fi
-
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
---
-2.8.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
deleted file mode 100644
index 997b9f6..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 8aed2a9ff09cb0d584ad0a7340fe3a596879d9b1 Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Thu, 21 Jul 2016 19:07:02 -0700
-Subject: [PATCH] remove dhclient-script bash dependency
-
-Take the dash compatible IPv6 link-local address test from the Debian
-version of dhclient-script.
-
-Note that although "echo -e" in the OE version of dhclient-script is
-technically bash specific too, it is supported by Busybox echo when
-Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which
-is the default in the OE Busybox defconfig) therefore leave as-is.
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
----
- client/scripts/linux | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index 232a0aa..1383f46 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- # dhclient-script for Linux. Dan Halbert, March, 1997.
- # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
- # No guarantees about this. I'm a novice at the details of Linux
-@@ -47,11 +47,11 @@ make_resolv_conf() {
- if [ "x${new_dhcp6_domain_search}" != x ] ; then
- resolv_conf="search ${new_dhcp6_domain_search}\n"
- fi
-- shopt -s nocasematch
- for nameserver in ${new_dhcp6_name_servers} ; do
- # If the nameserver has a link-local address
- # add a <zone_id> (interface name) to it.
-- if [[ "$nameserver" =~ ^fe80:: ]]
-+ if [ "${nameserver##fe80::}" != "$nameserver" ] ||
-+ [ "${nameserver##FE80::}" != "$nameserver" ]
- then
- zone_id="%$interface"
- else
-@@ -59,7 +59,6 @@ make_resolv_conf() {
- fi
- resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
- done
-- shopt -u nocasematch
-
- echo -e "${resolv_conf}" > /etc/resolv.conf
- fi
---
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
deleted file mode 100644
index d84df5c..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-Found this patch here:
-https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html
-
-and made some adjustments/updates to make it work with this version.
-Wasn't able to find that why this patch was not accepted by ISC DHCP developers.
-
-Upstream-Status: Pending
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Rebase to 4.3.4
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 82 ++++++++++++++++++++++++++++------------------------
- 1 file changed, 45 insertions(+), 37 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index a02cfd9..232a0aa 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -101,17 +101,11 @@ fi
- if [ x$old_broadcast_address != x ]; then
- old_broadcast_arg="broadcast $old_broadcast_address"
- fi
--if [ x$new_subnet_mask != x ]; then
-- new_subnet_arg="netmask $new_subnet_mask"
-+if [ -n "$new_subnet_mask" ]; then
-+ new_mask="/$new_subnet_mask"
- fi
--if [ x$old_subnet_mask != x ]; then
-- old_subnet_arg="netmask $old_subnet_mask"
--fi
--if [ x$alias_subnet_mask != x ]; then
-- alias_subnet_arg="netmask $alias_subnet_mask"
--fi
--if [ x$new_interface_mtu != x ]; then
-- mtu_arg="mtu $new_interface_mtu"
-+if [ -n "$alias_subnet_mask" ]; then
-+ alias_mask="/$alias_subnet_mask"
- fi
- if [ x$IF_METRIC != x ]; then
- metric_arg="metric $IF_METRIC"
-@@ -125,9 +119,9 @@ fi
- if [ x$reason = xPREINIT ]; then
- if [ x$alias_ip_address != x ]; then
- # Bring down alias interface. Its routes will disappear too.
-- ifconfig $interface:0- inet 0
-+ ${ip} -4 addr flush dev ${interface} label ${interface}:0
- fi
-- ifconfig $interface 0 up
-+ ${ip} link set dev ${interface} up
-
- # We need to give the kernel some time to get the interface up.
- sleep 1
-@@ -154,25 +148,30 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
- if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
- [ x$alias_ip_address != x$old_ip_address ]; then
- # Possible new alias. Remove old alias.
-- ifconfig $interface:0- inet 0
-+ ${ip} -4 addr flush dev ${interface} label ${interface}:0
- fi
- if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
- # IP address changed. Bringing down the interface will delete all routes,
- # and clear the ARP cache.
-- ifconfig $interface inet 0 down
-+ ${ip} -4 addr flush dev ${interface} label ${interface}
-
- fi
- if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
- [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
-
-- ifconfig $interface inet $new_ip_address $new_subnet_arg \
-- $new_broadcast_arg $mtu_arg
-+ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+ dev ${interface} label ${interface}
-+ if [ -n "$new_interface_mtu" ]; then
-+ # set MTU
-+ ${ip} link set dev ${interface} mtu ${new_interface_mtu}
-+ fi
- # Add a network route to the computed network address.
- for router in $new_routers; do
- if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
-- route add -host $router dev $interface
-+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
- fi
-- route add default gw $router $metric_arg dev $interface
-+ ${ip} -4 route add default via ${router} dev ${interface} \
-+ ${metric_arg} >/dev/null 2>&1
- done
- else
- # we haven't changed the address, have we changed other options
-@@ -180,21 +179,23 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
- if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then
- # if we've changed routers delete the old and add the new.
- for router in $old_routers; do
-- route del default gw $router
-+ ${ip} -4 route delete default via ${router}
- done
- for router in $new_routers; do
- if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
-- route add -host $router dev $interface
-- fi
-- route add default gw $router $metric_arg dev $interface
-+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-+ fi
-+ ${ip} -4 route add default via ${router} dev ${interface} \
-+ ${metric_arg} >/dev/null 2>&1
- done
- fi
- fi
- if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
- then
-- ifconfig $interface:0- inet 0
-- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
-- route add -host $alias_ip_address $interface:0
-+ ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+ dev ${interface} label ${interface}:0
-+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
- fi
- make_resolv_conf
- exit_with_hooks 0
-@@ -204,42 +205,49 @@ if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \
- || [ x$reason = xSTOP ]; then
- if [ x$alias_ip_address != x ]; then
- # Turn off alias interface.
-- ifconfig $interface:0- inet 0
-+ ${ip} -4 addr flush dev ${interface} label ${interface}:0
- fi
- if [ x$old_ip_address != x ]; then
- # Shut down interface, which will delete routes and clear arp cache.
-- ifconfig $interface inet 0 down
-+ ${ip} -4 addr flush dev ${interface} label ${interface}
- fi
- if [ x$alias_ip_address != x ]; then
-- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
-- route add -host $alias_ip_address $interface:0
-+ ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \
-+ dev ${interface} label ${interface}:0
-+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
- fi
- exit_with_hooks 0
- fi
-
- if [ x$reason = xTIMEOUT ]; then
- if [ x$alias_ip_address != x ]; then
-- ifconfig $interface:0- inet 0
-+ ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+ fi
-+ ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+ dev ${interface} label ${interface}
-+ if [ -n "$new_interface_mtu" ]; then
-+ # set MTU
-+ ip link set dev ${interface} mtu ${new_interface_mtu}
- fi
-- ifconfig $interface inet $new_ip_address $new_subnet_arg \
-- $new_broadcast_arg $mtu_arg
- set $new_routers
- if ping -q -c 1 $1; then
- if [ x$new_ip_address != x$alias_ip_address ] && \
- [ x$alias_ip_address != x ]; then
-- ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
-- route add -host $alias_ip_address dev $interface:0
-+ ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+ dev ${interface} label ${interface}:0
-+ ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
- fi
- for router in $new_routers; do
- if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
-- route add -host $router dev $interface
-+ ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
- fi
-- route add default gw $router $metric_arg dev $interface
-+ ${ip} -4 route add default via ${router} dev ${interface} \
-+ ${metric_arg} >/dev/null 2>&1
- done
- make_resolv_conf
- exit_with_hooks 0
- fi
-- ifconfig $interface inet 0 down
-+ ${ip} -4 addr flush dev ${interface}
- exit_with_hooks 1
- fi
-
---
-2.8.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch
deleted file mode 100644
index a08a5b7..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-libdns requires libxml2 if bind was built with libxml2 support
-enabled. Compilation will fail for omapip/test.c in case
-lxml2 isn't used during the build. So, we add losely coupled
-search path which will pick up the lib if it is present.
-
-Signed-off-by: Awais Belal <awais_belal@mentor.com>
-Upstream-Status: Pending
-
-diff --git a/configure.ac b/configure.ac
-index c9dc8b5..85f59be 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -602,6 +602,10 @@ no)
- esac
- AC_SUBST([libbind])
-
-+# We need to find libxml2 if bind was built with support enabled
-+# otherwise we'll fail to build omapip/test.c
-+AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],)
-+
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
- AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]),
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb
deleted file mode 100644
index 678c29a..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.5.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-require dhcp.inc
-
-SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
- file://link-with-lcrypto.patch \
- file://fixsepbuild.patch \
- file://dhclient-script-drop-resolv.conf.dhclient.patch \
- file://replace-ifconfig-route.patch \
- file://0001-site.h-enable-gentle-shutdown.patch \
- file://libxml2-configure-argument.patch \
- file://tweak-to-support-external-bind.patch \
- file://remove-dhclient-script-bash-dependency.patch \
- "
-
-SRC_URI[md5sum] = "2b5e5b2fa31c2e27e487039d86f83d3f"
-SRC_URI[sha256sum] = "eb95936bf15d2393c55dd505bc527d1d4408289cec5a9fa8abb99f7577e7f954"
-
-PACKAGECONFIG ?= ""
-PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
new file mode 100644
index 0000000..6615ae2
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -0,0 +1,21 @@
+require dhcp.inc
+
+SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
+ file://0002-dhclient-dbus.patch \
+ file://0003-link-with-lcrypto.patch \
+ file://0004-Fix-out-of-tree-builds.patch \
+ file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
+ file://0006-site.h-enable-gentle-shutdown.patch \
+ file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
+ file://0008-tweak-to-support-external-bind.patch \
+ file://0009-remove-dhclient-script-bash-dependency.patch \
+ file://0010-build-shared-libs.patch \
+ file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
+ file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+ "
+
+SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"
+SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
new file mode 100644
index 0000000..7d0e224
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# In case the interface is used for nfs, skip it.
+nfsroot=0
+interfaces=""
+exec 9<&0 < /proc/mounts
+while read dev mtpt fstype rest; do
+ if test $mtpt = "/" ; then
+ case $fstype in
+ nfs | nfs4)
+ nfsroot=1
+ nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'`
+ break
+ ;;
+ *)
+ ;;
+ esac
+ fi
+done
+exec 0<&9 9<&-
+
+if [ $nfsroot -eq 0 ]; then
+ interfaces="$INTERFACES"
+else
+ if [ -x /bin/ip -o -x /sbin/ip ] ; then
+ nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'`
+ fi
+ for i in $INTERFACES; do
+ if test "x$i" = "x$nfs_iface"; then
+ echo "dhclient skipping nfsroot interface $i"
+ else
+ interfaces="$interfaces $i"
+ fi
+ done
+fi
+
+if test "x$interfaces" != "x"; then
+ /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces
+fi
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service
new file mode 100644
index 0000000..9ddb4d1
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhclient.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Dynamic Host Configuration Protocol (DHCP)
+Wants=network.target
+Before=network.target
+After=systemd-udevd.service
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client
+ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
index ce64888..a578eb3 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -13,7 +13,10 @@
inherit update-alternatives bash-completion pkgconfig
-EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+PACKAGECONFIG ??= "tipc"
+PACKAGECONFIG[tipc] = ",,libmnl,"
+
+EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
do_configure_append () {
sh configure ${STAGING_INCDIR}
@@ -32,7 +35,7 @@
# The .so files in iproute2-tc are modules, not traditional libraries
INSANE_SKIP_${PN}-tc = "dev-so"
-PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss"
+PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}"
FILES_${PN}-tc = "${base_sbindir}/tc* \
${libdir}/tc/*.so"
FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat"
@@ -41,6 +44,7 @@
FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
FILES_${PN}-nstat = "${base_sbindir}/nstat"
FILES_${PN}-ss = "${base_sbindir}/ss"
+FILES_${PN}-tipc = "${base_sbindir}/tipc"
ALTERNATIVE_${PN} = "ip"
ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch
new file mode 100644
index 0000000..eb0c0ab
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-include-stdint.h-explicitly-for-UINT16_MAX.patch
@@ -0,0 +1,32 @@
+From 3c885d87befc706bb923933b9819de6fe2de897e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 20 May 2017 14:03:19 -0700
+Subject: [PATCH] include stdint.h explicitly for UINT16_MAX)
+
+Fixes
+| tc_core.c:190:29: error: 'UINT16_MAX' undeclared (first use in this function); did you mean '__INT16_MAX__'?
+| if ((sz >> s->size_log) > UINT16_MAX) {
+| ^~~~~~~~~~
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ tc/tc_core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tc/tc_core.c b/tc/tc_core.c
+index 7bbe0d7..821b741 100644
+--- a/tc/tc_core.c
++++ b/tc/tc_core.c
+@@ -12,6 +12,7 @@
+
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <stdint.h>
+ #include <unistd.h>
+ #include <syslog.h>
+ #include <fcntl.h>
+--
+2.13.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
new file mode 100644
index 0000000..a9f8db6
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
@@ -0,0 +1,30 @@
+From f58fc99c88a54135e55a6e0956ce8ae71078d1cc Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Mon, 12 Jun 2017 04:29:07 +0000
+Subject: [PATCH] ip: Remove unneed header
+
+Fix redefinition of struct ethhdr with a suitably patched musl libc
+that suppresses the kernel if_ether.h.
+
+Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
+
+Upstream-Status: Submitted [netdev@vger.kernel.org]
+---
+ ip/iplink_bridge.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
+index 818b43c..f065b22 100644
+--- a/ip/iplink_bridge.c
++++ b/ip/iplink_bridge.c
+@@ -15,7 +15,6 @@
+ #include <netinet/in.h>
+ #include <linux/if_link.h>
+ #include <linux/if_bridge.h>
+-#include <netinet/ether.h>
+ #include <net/if.h>
+
+ #include "rt_names.h"
+--
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.10.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.10.0.bb
deleted file mode 100644
index a050e87..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.10.0.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require iproute2.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
- file://configure-cross.patch \
- file://0001-iproute2-de-bash-scripts.patch \
- file://0001-libc-compat.h-add-musl-workaround.patch \
- "
-
-SRC_URI[md5sum] = "b94a2b0edefaeac124dc8f5d006931b9"
-SRC_URI[sha256sum] = "22b1e1c1fc704ad35837e5a66103739727b8b48ac90b48c13f79b7367ff0a9a8"
-
-# CFLAGS are computed in Makefile and reference CCOPTS
-#
-EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.11.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.11.0.bb
new file mode 100644
index 0000000..dbd0545
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.11.0.bb
@@ -0,0 +1,16 @@
+require iproute2.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+ file://configure-cross.patch \
+ file://0001-iproute2-de-bash-scripts.patch \
+ file://0001-libc-compat.h-add-musl-workaround.patch \
+ file://0001-include-stdint.h-explicitly-for-UINT16_MAX.patch \
+ file://0001-ip-Remove-unneed-header.patch \
+ "
+
+SRC_URI[md5sum] = "7a9498de88bcca95c305df6108ae197e"
+SRC_URI[sha256sum] = "72671028bda696d0cb8f48ec8e702581c3a501caeed33eec3a81d7041cbc8026"
+
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
index 6635779..e57ea87 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
@@ -38,3 +38,5 @@
do_configure_prepend () {
sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
}
+
+BBCLASSEXTEND = "native"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index bd488eb..dbc578e 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -1,9 +1,10 @@
SUMMARY = "Mobile Broadband Service Provider Database"
+HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
SECTION = "network"
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "519465766fabc85b9fdea5f2b5ee3d08c2b1f70d"
-PV = "20151214"
+SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
+PV = "20170310"
PE = "1"
SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch
new file mode 100644
index 0000000..235a2c7
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch
@@ -0,0 +1,27 @@
+From 36b48057bce76dced335d67a2894a420967811c9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 20 May 2017 14:07:53 -0700
+Subject: [PATCH] include stdint.h for UINT16_MAX definition
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ support/nsm/rpc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/support/nsm/rpc.c b/support/nsm/rpc.c
+index 4e5f40e..d91c6ea 100644
+--- a/support/nsm/rpc.c
++++ b/support/nsm/rpc.c
+@@ -40,6 +40,7 @@
+
+ #include <time.h>
+ #include <stdbool.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+--
+2.13.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.4.bb b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb
similarity index 95%
rename from import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.4.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb
index 4ca9ab2..d917c4d 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.4.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb
@@ -31,10 +31,11 @@
file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
file://nfs-utils-debianize-start-statd.patch \
file://bugfix-adjust-statd-service-name.patch \
+ file://0001-include-stdint.h-for-UINT16_MAX-definition.patch \
"
-SRC_URI[md5sum] = "54e4119043ec8507a2a0e054cf2889a4"
-SRC_URI[sha256sum] = "b42a5bc0a8d80d04650030ceb9a11f08f4acfbcb1ee297f657fb94e339c45975"
+SRC_URI[md5sum] = "59dfcb2e6254b129f901f40c86086b13"
+SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef"
# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
# pull in the remainder of the dependencies.
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb
deleted file mode 100644
index adebd71..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.19.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require ofono.inc
-
-SRC_URI = "\
- ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
- file://ofono \
-"
-SRC_URI[md5sum] = "a5f8803ace110511b6ff5a2b39782e8b"
-SRC_URI[sha256sum] = "a0e09bdd8b53b8d2e4b54f1863ecd9aebe4786477a6cbf8f655496e8edb31c81"
-
-CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb
new file mode 100644
index 0000000..18f983e
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.20.bb
@@ -0,0 +1,8 @@
+require ofono.inc
+
+SRC_URI = "\
+ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://ofono \
+"
+SRC_URI[md5sum] = "fad0630fce6a9aecdb7db37bc1f1db7d"
+SRC_URI[sha256sum] = "5d7ba8f481a7715d013a79f8d6477eb89d8aaae399395d5d008a1317c34a31d5"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb
deleted file mode 100644
index beafb77..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_git.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require ofono.inc
-
-S = "${WORKDIR}/git"
-SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514"
-PV = "0.12-git${SRCPV}"
-PR = "r5"
-
-SRC_URI = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \
- file://ofono"
-
-do_configure_prepend () {
- ${S}/bootstrap
-}
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch
new file mode 100644
index 0000000..ce9e200
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch
@@ -0,0 +1,33 @@
+From a7e359d4ba345aa2a13c07f1057184e9b4e598a2 Mon Sep 17 00:00:00 2001
+From: sweeaun <swee.aun.khor@intel.com>
+Date: Tue, 22 Aug 2017 11:19:48 -0700
+Subject: [PATCH] openssh: Fix syntax error on x32
+
+Upstream-Status: Backport
+This bug has been fixed in v_7.5 branch https://github.com/openssh/
+openssh-portable/tree/V_7_5 and master branch https://github.com/
+openssh/openssh-portable/tree/master.
+
+Fix compilation error during openssh x32 build due to syntax error.
+
+Signed-off-by: sweeaun <swee.aun.khor@intel.com>
+---
+ sandbox-seccomp-filter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3a1aedc..a8d472a 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = {
+ * x86-64 syscall under some circumstances, e.g.
+ * https://bugs.debian.org/849923
+ */
+- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
++ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT),
+ #endif
+
+ /* Default deny */
+--
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
index df64a14..7e043a2 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -8,7 +8,7 @@
In case of compilation by gcc or clang with -ftrapv option, the overflow
would lead to program abort.
-Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
---
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index f5bba53..5463b1a 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -1,5 +1,35 @@
#! /bin/sh
+generate_key() {
+ local FILE=$1
+ local TYPE=$2
+ local DIR="$(dirname "$FILE")"
+
+ mkdir -p "$DIR"
+ ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
+
+ # Atomically rename file public key
+ mv -f "${FILE}.tmp.pub" "${FILE}.pub"
+
+ # This sync does double duty: Ensuring that the data in the temporary
+ # private key file is on disk before the rename, and ensuring that the
+ # public key rename is completed before the private key rename, since we
+ # switch on the existence of the private key to trigger key generation.
+ # This does mean it is possible for the public key to exist, but be garbage
+ # but this is OK because in that case the private key won't exist and the
+ # keys will be regenerated.
+ #
+ # In the event that sync understands arguments that limit what it tries to
+ # fsync(), we provided them. If it does not, it will simply call sync()
+ # which is just as well
+ sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
+
+ mv "${FILE}.tmp" "$FILE"
+
+ # sync to ensure the atomic rename is committed
+ sync "$DIR"
+}
+
# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
if test -f /etc/default/ssh; then
. /etc/default/ssh
@@ -43,22 +73,18 @@
# create keys if necessary
if [ ! -f $HOST_KEY_RSA ]; then
echo " generating ssh RSA key..."
- mkdir -p $(dirname $HOST_KEY_RSA)
- ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
+ generate_key $HOST_KEY_RSA rsa
fi
if [ ! -f $HOST_KEY_ECDSA ]; then
echo " generating ssh ECDSA key..."
- mkdir -p $(dirname $HOST_KEY_ECDSA)
- ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
+ generate_key $HOST_KEY_ECDSA ecdsa
fi
if [ ! -f $HOST_KEY_DSA ]; then
echo " generating ssh DSA key..."
- mkdir -p $(dirname $HOST_KEY_DSA)
- ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
+ generate_key $HOST_KEY_DSA dsa
fi
if [ ! -f $HOST_KEY_ED25519 ]; then
echo " generating ssh ED25519 key..."
- mkdir -p $(dirname $HOST_KEY_ED25519)
- ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
+ generate_key $HOST_KEY_ED25519 ed25519
fi
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config
index d48bd2b..31fe5d9 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -107,7 +107,6 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
Compression no
ClientAliveInterval 15
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.4p1.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
similarity index 93%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
index e501ead..86ca6ff 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
@@ -8,7 +8,8 @@
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
-DEPENDS = "zlib openssl"
+# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
+DEPENDS = "zlib openssl10"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
@@ -25,13 +26,14 @@
file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+ file://0001-openssh-Fix-syntax-error-on-x32.patch \
file://sshd_check_keys \
"
PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "b2db2a83caf66a208bb78d6d287cdaa3"
-SRC_URI[sha256sum] = "1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1"
+SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23"
+SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0"
inherit useradd update-rc.d update-alternatives systemd
@@ -70,12 +72,6 @@
# We don't want to depend on libblockfile
CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
-# This is a workaround for uclibc because including stdio.h
-# pulls in pthreads.h and causes conflicts in function prototypes.
-# This results in compilation failure, so unless this is fixed,
-# disable pam for uclibc.
-EXTRA_OECONF_append_libc-uclibc=" --without-pam"
-
do_configure_prepend () {
export LD="${CC}"
install -m 0644 ${WORKDIR}/sshd_config ${B}/
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch
similarity index 99%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch
index a249180..557434f 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch
@@ -1,3 +1,6 @@
+
+Upstream-Status: Inappropriate
+
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
===================================================================
--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch
new file mode 100644
index 0000000..dd1a9b1
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch
@@ -0,0 +1,46 @@
+From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001
+From: Randy MacLeod <Randy.MacLeod@windriver.com>
+Date: Tue, 20 Jun 2017 15:32:08 -0400
+Subject: [PATCH] openssl: Force soft link to avoid rare race
+
+This patch works around a rare parallel build race condition.
+The error seen is:
+
+ln: failed to create symbolic link 'libssl.so': File exists
+make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1
+make[4]: Leaving directory
+'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k'
+
+The openssl team is rewriting their build files so it's not
+appropriate for openssl upstream and fixing the root cause of
+the Makefile race condition was also not pursued.
+
+Upstream-Status: Inappropriate [build rules rewrite in progress]
+Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
+---
+ Makefile.shared | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.shared b/Makefile.shared
+index e8d222a..1bff92f 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -118,14 +118,14 @@
+ if [ -n "$$SHLIB_COMPAT" ]; then \
+ for x in $$SHLIB_COMPAT; do \
+ ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
++ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
+ prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
++ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+ fi
+
+--
+2.9.3
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch
similarity index 61%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch
index 249446a..2122fa1 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch
@@ -1,15 +1,28 @@
+From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001
+From: Anders Roxell <anders.roxell@enea.com>
+Date: Thu, 24 Apr 2014 19:28:25 +0200
+Subject: [PATCH 19/28] openssl: enable ptest support
+
Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
cross-compiled.
Signed-off-by: Anders Roxell <anders.roxell@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Upstream-Status: Pending
+
---
-Index: openssl-1.0.2/Makefile.org
-===================================================================
---- openssl-1.0.2.orig/Makefile.org
-+++ openssl-1.0.2/Makefile.org
-@@ -451,8 +451,16 @@ rehash.time: certs apps
+ Makefile.org | 10 +-
+ Makefile.org.orig | 7 +-
+ test/Makefile | 13 +-
+ test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 1009 insertions(+), 8 deletions(-)
+ create mode 100644 test/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 111fbba..8e7936c 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -468,8 +468,16 @@ rehash.time: certs apps
test: tests
tests: rehash
@@ -27,11 +40,11 @@
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
+diff --git a/test/Makefile b/test/Makefile
+index a1f7eeb..b2984c4 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -150,7 +150,7 @@ tests: exe apps $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -40,9 +53,9 @@
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 test_wp \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -148,6 +148,11 @@ alltests: \
- test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- test_constant_time
+@@ -162,6 +162,11 @@ alltests: \
+ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
+ test_dtls test_bad_dtls test_fatalerr
+alltests:
+ @(for i in $(all-tests); do \
@@ -52,7 +65,7 @@
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
+@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe
echo test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
@@ -61,7 +74,7 @@
@sh ./trsa 2>/dev/null
../util/shlib_wrap.sh ./$(RSATEST)
-@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
+@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
sh ./testtsa; \
fi
@@ -75,3 +88,6 @@
@echo "Test JPAKE"
../util/shlib_wrap.sh ./$(JPAKETEST)
+--
+2.15.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch
similarity index 81%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch
index 613dc7b..f357b3f 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch
@@ -16,10 +16,8 @@
"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Configure script adds minimally required -march for assembly support,
# if no -march was specified at command line. mips32 and mips64 below
-@@ -504,6 +504,8 @@ my %table=(
+@@ -504,4 +504,6 @@ my %table=(
"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch
similarity index 88%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch
index 691e74a..1e01589 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch
@@ -11,7 +11,7 @@
===================================================================
--- openssl-1.0.2a.orig/Configure
+++ openssl-1.0.2a/Configure
-@@ -443,6 +443,23 @@ my %table=(
+@@ -443,6 +443,21 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
@@ -21,8 +21,6 @@
+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch
similarity index 93%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch
index f9cdfec..09dd9ea 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch
@@ -1,3 +1,5 @@
+Upstream-Status: Inappropriate
+
Index: openssl-1.0.2d/crypto/opensslv.h
===================================================================
--- openssl-1.0.2d.orig/crypto/opensslv.h
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch
similarity index 99%
copy from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
copy to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch
index a249180..e404ee3 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch
@@ -1,3 +1,5 @@
+Upstream-Status: Inappropriate
+
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
===================================================================
--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
@@ -15,8 +17,8 @@
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4615 @@
-+OPENSSL_1.0.0 {
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
+ global:
+ BIO_f_ssl;
+ BIO_new_buffer_ssl_connect;
@@ -4314,14 +4316,6 @@
+ CRYPTO_cbc128_decrypt;
+ CRYPTO_cfb128_encrypt;
+ CRYPTO_cfb128_8_encrypt;
-+
-+ local:
-+ *;
-+};
-+
-+
-+OPENSSL_1.0.1 {
-+ global:
+ SSL_renegotiate_abbreviated;
+ TLSv1_1_method;
+ TLSv1_1_client_method;
@@ -4483,15 +4477,7 @@
+ BIO_s_datagram_sctp;
+ BIO_dgram_is_sctp;
+ BIO_dgram_sctp_notification_cb;
-+} OPENSSL_1.0.0;
-+
-+OPENSSL_1.0.1d {
-+ global:
+ CRYPTO_memcmp;
-+} OPENSSL_1.0.1;
-+
-+OPENSSL_1.0.2 {
-+ global:
+ SSL_CTX_set_alpn_protos;
+ SSL_set_alpn_protos;
+ SSL_CTX_set_alpn_select_cb;
@@ -4629,14 +4615,23 @@
+ BUF_strnlen;
+ sk_deep_copy;
+ SSL_test_functions;
-+} OPENSSL_1.0.1d;
++
++ local:
++ *;
++};
++
++OPENSSL_1.0.2g {
++ global:
++ SRP_VBASE_get1_by_user;
++ SRP_user_pwd_free;
++} OPENSSL_1.0.2d;
+
Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
++OPENSSL_1.0.2 {
+ global:
+ bind_engine;
+ v_check;
@@ -4651,7 +4646,7 @@
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
++OPENSSL_1.0.2 {
+ global:
+ bind_engine;
+ v_check;
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh
new file mode 100644
index 0000000..6620fdc
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh
@@ -0,0 +1,222 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "NOTE: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${3} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${3} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ REAL_FILE=${FILE}
+ # if we run on build host then get to the real files in rootfs
+ if [ -n "${SYSROOT}" -a -h ${FILE} ]
+ then
+ FILE=$( readlink ${FILE} )
+ # check the symlink is absolute (or dangling in other word)
+ if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
+ then
+ REAL_FILE=${SYSROOT}/${FILE}
+ fi
+ fi
+
+ check_file ${REAL_FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch
similarity index 80%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch
index f3f4c99..e5413bf 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch
@@ -1,4 +1,7 @@
-Fix the parallel races in the Makefiles.
+From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Sat, 5 Mar 2016 00:12:02 +0000
+Subject: [PATCH 24/28] Fix the parallel races in the Makefiles.
This patch was taken from the Gentoo packaging:
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
@@ -9,81 +12,25 @@
Refreshed for 1.0.2i
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-- @target=files; $(RECURSIVE_MAKE)
-+ +@target=files; $(RECURSIVE_MAKE)
-
- links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) | subdirs
- $(AR) $(LIB) $(LIBOBJ)
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- fi
-
- libs:
-- @target=lib; $(RECURSIVE_MAKE)
-+ +@target=lib; $(RECURSIVE_MAKE)
-
- install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- lint:
- @target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) | subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ +@target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
-- @target=install; $(RECURSIVE_MAKE)
-+ +@target=install; $(RECURSIVE_MAKE)
-
- tags:
- ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
+---
+ Makefile.org | 14 +-
+ Makefile.org.orig | 10 +-
+ Makefile.shared | 2 +
+ Makefile.shared.orig | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ crypto/Makefile | 10 +-
+ engines/Makefile | 6 +-
+ engines/Makefile.orig | 338 ++++++++++++++++++++++++++
+ test/Makefile | 92 +++----
+ test/Makefile.orig | 88 ++++---
+ 9 files changed, 1108 insertions(+), 107 deletions(-)
+ create mode 100644 Makefile.shared.orig
+ create mode 100644 engines/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 8e7936c..ed98d2a 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@@ -107,7 +54,7 @@
all_testapps: build_libs build_testapps
build_testapps:
-@@ -544,7 +544,7 @@
+@@ -565,7 +565,7 @@ install_sw:
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@@ -116,17 +63,19 @@
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+diff --git a/Makefile.shared b/Makefile.shared
+index f6f92e7..8164186 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO= \
+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
+@@ -122,6 +123,7 @@ SYMLINK_SO= \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
@@ -134,9 +83,87 @@
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -144,7 +144,7 @@
+diff --git a/crypto/Makefile b/crypto/Makefile
+index 17a87f8..29c2dcf 100644
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@ testapps:
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@ links:
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@ install:
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+diff --git a/engines/Makefile b/engines/Makefile
+index fe8e9ca..a43d21b 100644
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@ top:
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@ install:
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+diff --git a/test/Makefile b/test/Makefile
+index 40abd60..78d3788 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -145,7 +145,7 @@ install:
tags:
ctags $(SRC)
@@ -145,7 +172,7 @@
apps:
@(cd ..; $(MAKE) DIRS=apps all)
-@@ -438,136 +438,136 @@
+@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -316,6 +343,9 @@
- @target=$(BADDTLSTEST) $(BUILD_CMD)
+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
+ $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -326,7 +356,7 @@
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -580,6 +580,6 @@
+@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
@@ -334,4 +364,7 @@
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.
-
\ No newline at end of file
+
+--
+2.15.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest
new file mode 100755
index 0000000..3b20fce
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch
similarity index 100%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
new file mode 100644
index 0000000..736bb39
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
@@ -0,0 +1,49 @@
+From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 7 Apr 2017 18:01:52 +0300
+Subject: [PATCH] Remove test that requires running as non-root
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ test/recipes/40-test_rehash.t | 17 +----------------
+ 1 file changed, 1 insertion(+), 16 deletions(-)
+
+diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t
+index f902c23..c7567c1 100644
+--- a/test/recipes/40-test_rehash.t
++++ b/test/recipes/40-test_rehash.t
+@@ -23,7 +23,7 @@ setup("test_rehash");
+ plan skip_all => "test_rehash is not available on this platform"
+ unless run(app(["openssl", "rehash", "-help"]));
+
+-plan tests => 5;
++plan tests => 3;
+
+ indir "rehash.$$" => sub {
+ prepare();
+@@ -42,21 +42,6 @@ indir "rehash.$$" => sub {
+ 'Testing rehash operations on empty directory');
+ }, create => 1, cleanup => 1;
+
+-indir "rehash.$$" => sub {
+- prepare();
+- chmod 0500, curdir();
+- SKIP: {
+- if (!ok(!open(FOO, ">unwritable.txt"),
+- "Testing that we aren't running as a privileged user, such as root")) {
+- close FOO;
+- skip "It's pointless to run the next test as root", 1;
+- }
+- isnt(run(app(["openssl", "rehash", curdir()])), 1,
+- 'Testing rehash operations on readonly directory');
+- }
+- chmod 0700, curdir(); # make it writable again, so cleanup works
+-}, create => 1, cleanup => 1;
+-
+ sub prepare {
+ my @pemsourcefiles = sort glob(srctop_file('test', "*.pem"));
+ my @destfiles = ();
+--
+2.11.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
new file mode 100644
index 0000000..6ce4e47
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
@@ -0,0 +1,43 @@
+From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Tue, 28 Mar 2017 16:40:12 +0300
+Subject: [PATCH] Take linking flags from LDFLAGS env var
+
+This fixes "No GNU_HASH in the elf binary" issues.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ Configure | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index c029817..43b769b 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -}
+ CC= $(CROSS_COMPILE){- $target{cc} -}
+ CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
+ CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
+-LDFLAGS= {- $target{lflags} -}
++LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -}
+ PLIB_LDFLAGS= {- $target{plib_lflags} -}
+ EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
+ LIB_CFLAGS={- $target{shared_cflag} || "" -}
+diff --git a/Configure b/Configure
+index aee7cc3..274d236 100755
+--- a/Configure
++++ b/Configure
+@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file};
+ $config{defines} = [];
+ $config{cflags} = "";
+ $config{ex_libs} = "";
+-$config{shared_ldflag} = "";
++$config{shared_ldflag} = $ENV{'LDFLAGS'};
+
+ # Make sure build_scheme is consistent.
+ $target{build_scheme} = [ $target{build_scheme} ]
+--
+2.11.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
new file mode 100644
index 0000000..bb0a168
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
@@ -0,0 +1,88 @@
+From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Fri, 3 Nov 2017 23:30:01 +0100
+Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with
+ binutils-2.29.
+
+It's not clear if it's a feature or bug, but binutils-2.29[.1]
+interprets 'adr' instruction with Thumb2 code reference differently,
+in a way that affects calculation of addresses of constants' tables.
+
+Upstream-Status: Backport
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
+(Merged from https://github.com/openssl/openssl/pull/4669)
+
+(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda)
+---
+ crypto/aes/asm/aes-armv4.pl | 6 +++---
+ crypto/aes/asm/bsaes-armv7.pl | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
+index 16d79aae53..c6474b8aad 100644
+--- a/crypto/aes/asm/aes-armv4.pl
++++ b/crypto/aes/asm/aes-armv4.pl
+@@ -200,7 +200,7 @@ AES_encrypt:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_encrypt
+ #else
+- adr r3,AES_encrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ #ifdef __APPLE__
+@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_set_encrypt_key
+ #else
+- adr r3,AES_set_encrypt_key
++ adr r3,.
+ #endif
+ teq r0,#0
+ #ifdef __thumb2__
+@@ -976,7 +976,7 @@ AES_decrypt:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_decrypt
+ #else
+- adr r3,AES_decrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ #ifdef __APPLE__
+diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
+index 9f288660ef..a27bb4a179 100644
+--- a/crypto/aes/asm/bsaes-armv7.pl
++++ b/crypto/aes/asm/bsaes-armv7.pl
+@@ -744,7 +744,7 @@ $code.=<<___;
+ .type _bsaes_decrypt8,%function
+ .align 4
+ _bsaes_decrypt8:
+- adr $const,_bsaes_decrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0ISR
+@@ -843,7 +843,7 @@ _bsaes_const:
+ .type _bsaes_encrypt8,%function
+ .align 4
+ _bsaes_encrypt8:
+- adr $const,_bsaes_encrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0SR
+@@ -951,7 +951,7 @@ $code.=<<___;
+ .type _bsaes_key_convert,%function
+ .align 4
+ _bsaes_key_convert:
+- adr $const,_bsaes_key_convert
++ adr $const,.
+ vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0
+--
+2.15.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
deleted file mode 100644
index 29f11a2..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
+++ /dev/null
@@ -1,4656 +0,0 @@
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- }
- }
-
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4608 @@
-+OPENSSL_1.0.2d {
-+ global:
-+ BIO_f_ssl;
-+ BIO_new_buffer_ssl_connect;
-+ BIO_new_ssl;
-+ BIO_new_ssl_connect;
-+ BIO_proxy_ssl_copy_session_id;
-+ BIO_ssl_copy_session_id;
-+ BIO_ssl_shutdown;
-+ d2i_SSL_SESSION;
-+ DTLSv1_client_method;
-+ DTLSv1_method;
-+ DTLSv1_server_method;
-+ ERR_load_SSL_strings;
-+ i2d_SSL_SESSION;
-+ kssl_build_principal_2;
-+ kssl_cget_tkt;
-+ kssl_check_authent;
-+ kssl_ctx_free;
-+ kssl_ctx_new;
-+ kssl_ctx_setkey;
-+ kssl_ctx_setprinc;
-+ kssl_ctx_setstring;
-+ kssl_ctx_show;
-+ kssl_err_set;
-+ kssl_krb5_free_data_contents;
-+ kssl_sget_tkt;
-+ kssl_skip_confound;
-+ kssl_validate_times;
-+ PEM_read_bio_SSL_SESSION;
-+ PEM_read_SSL_SESSION;
-+ PEM_write_bio_SSL_SESSION;
-+ PEM_write_SSL_SESSION;
-+ SSL_accept;
-+ SSL_add_client_CA;
-+ SSL_add_dir_cert_subjects_to_stack;
-+ SSL_add_dir_cert_subjs_to_stk;
-+ SSL_add_file_cert_subjects_to_stack;
-+ SSL_add_file_cert_subjs_to_stk;
-+ SSL_alert_desc_string;
-+ SSL_alert_desc_string_long;
-+ SSL_alert_type_string;
-+ SSL_alert_type_string_long;
-+ SSL_callback_ctrl;
-+ SSL_check_private_key;
-+ SSL_CIPHER_description;
-+ SSL_CIPHER_get_bits;
-+ SSL_CIPHER_get_name;
-+ SSL_CIPHER_get_version;
-+ SSL_clear;
-+ SSL_COMP_add_compression_method;
-+ SSL_COMP_get_compression_methods;
-+ SSL_COMP_get_compress_methods;
-+ SSL_COMP_get_name;
-+ SSL_connect;
-+ SSL_copy_session_id;
-+ SSL_ctrl;
-+ SSL_CTX_add_client_CA;
-+ SSL_CTX_add_session;
-+ SSL_CTX_callback_ctrl;
-+ SSL_CTX_check_private_key;
-+ SSL_CTX_ctrl;
-+ SSL_CTX_flush_sessions;
-+ SSL_CTX_free;
-+ SSL_CTX_get_cert_store;
-+ SSL_CTX_get_client_CA_list;
-+ SSL_CTX_get_client_cert_cb;
-+ SSL_CTX_get_ex_data;
-+ SSL_CTX_get_ex_new_index;
-+ SSL_CTX_get_info_callback;
-+ SSL_CTX_get_quiet_shutdown;
-+ SSL_CTX_get_timeout;
-+ SSL_CTX_get_verify_callback;
-+ SSL_CTX_get_verify_depth;
-+ SSL_CTX_get_verify_mode;
-+ SSL_CTX_load_verify_locations;
-+ SSL_CTX_new;
-+ SSL_CTX_remove_session;
-+ SSL_CTX_sess_get_get_cb;
-+ SSL_CTX_sess_get_new_cb;
-+ SSL_CTX_sess_get_remove_cb;
-+ SSL_CTX_sessions;
-+ SSL_CTX_sess_set_get_cb;
-+ SSL_CTX_sess_set_new_cb;
-+ SSL_CTX_sess_set_remove_cb;
-+ SSL_CTX_set1_param;
-+ SSL_CTX_set_cert_store;
-+ SSL_CTX_set_cert_verify_callback;
-+ SSL_CTX_set_cert_verify_cb;
-+ SSL_CTX_set_cipher_list;
-+ SSL_CTX_set_client_CA_list;
-+ SSL_CTX_set_client_cert_cb;
-+ SSL_CTX_set_client_cert_engine;
-+ SSL_CTX_set_cookie_generate_cb;
-+ SSL_CTX_set_cookie_verify_cb;
-+ SSL_CTX_set_default_passwd_cb;
-+ SSL_CTX_set_default_passwd_cb_userdata;
-+ SSL_CTX_set_default_verify_paths;
-+ SSL_CTX_set_def_passwd_cb_ud;
-+ SSL_CTX_set_def_verify_paths;
-+ SSL_CTX_set_ex_data;
-+ SSL_CTX_set_generate_session_id;
-+ SSL_CTX_set_info_callback;
-+ SSL_CTX_set_msg_callback;
-+ SSL_CTX_set_psk_client_callback;
-+ SSL_CTX_set_psk_server_callback;
-+ SSL_CTX_set_purpose;
-+ SSL_CTX_set_quiet_shutdown;
-+ SSL_CTX_set_session_id_context;
-+ SSL_CTX_set_ssl_version;
-+ SSL_CTX_set_timeout;
-+ SSL_CTX_set_tmp_dh_callback;
-+ SSL_CTX_set_tmp_ecdh_callback;
-+ SSL_CTX_set_tmp_rsa_callback;
-+ SSL_CTX_set_trust;
-+ SSL_CTX_set_verify;
-+ SSL_CTX_set_verify_depth;
-+ SSL_CTX_use_cert_chain_file;
-+ SSL_CTX_use_certificate;
-+ SSL_CTX_use_certificate_ASN1;
-+ SSL_CTX_use_certificate_chain_file;
-+ SSL_CTX_use_certificate_file;
-+ SSL_CTX_use_PrivateKey;
-+ SSL_CTX_use_PrivateKey_ASN1;
-+ SSL_CTX_use_PrivateKey_file;
-+ SSL_CTX_use_psk_identity_hint;
-+ SSL_CTX_use_RSAPrivateKey;
-+ SSL_CTX_use_RSAPrivateKey_ASN1;
-+ SSL_CTX_use_RSAPrivateKey_file;
-+ SSL_do_handshake;
-+ SSL_dup;
-+ SSL_dup_CA_list;
-+ SSLeay_add_ssl_algorithms;
-+ SSL_free;
-+ SSL_get1_session;
-+ SSL_get_certificate;
-+ SSL_get_cipher_list;
-+ SSL_get_ciphers;
-+ SSL_get_client_CA_list;
-+ SSL_get_current_cipher;
-+ SSL_get_current_compression;
-+ SSL_get_current_expansion;
-+ SSL_get_default_timeout;
-+ SSL_get_error;
-+ SSL_get_ex_data;
-+ SSL_get_ex_data_X509_STORE_CTX_idx;
-+ SSL_get_ex_d_X509_STORE_CTX_idx;
-+ SSL_get_ex_new_index;
-+ SSL_get_fd;
-+ SSL_get_finished;
-+ SSL_get_info_callback;
-+ SSL_get_peer_cert_chain;
-+ SSL_get_peer_certificate;
-+ SSL_get_peer_finished;
-+ SSL_get_privatekey;
-+ SSL_get_psk_identity;
-+ SSL_get_psk_identity_hint;
-+ SSL_get_quiet_shutdown;
-+ SSL_get_rbio;
-+ SSL_get_read_ahead;
-+ SSL_get_rfd;
-+ SSL_get_servername;
-+ SSL_get_servername_type;
-+ SSL_get_session;
-+ SSL_get_shared_ciphers;
-+ SSL_get_shutdown;
-+ SSL_get_SSL_CTX;
-+ SSL_get_ssl_method;
-+ SSL_get_verify_callback;
-+ SSL_get_verify_depth;
-+ SSL_get_verify_mode;
-+ SSL_get_verify_result;
-+ SSL_get_version;
-+ SSL_get_wbio;
-+ SSL_get_wfd;
-+ SSL_has_matching_session_id;
-+ SSL_library_init;
-+ SSL_load_client_CA_file;
-+ SSL_load_error_strings;
-+ SSL_new;
-+ SSL_peek;
-+ SSL_pending;
-+ SSL_read;
-+ SSL_renegotiate;
-+ SSL_renegotiate_pending;
-+ SSL_rstate_string;
-+ SSL_rstate_string_long;
-+ SSL_SESSION_cmp;
-+ SSL_SESSION_free;
-+ SSL_SESSION_get_ex_data;
-+ SSL_SESSION_get_ex_new_index;
-+ SSL_SESSION_get_id;
-+ SSL_SESSION_get_time;
-+ SSL_SESSION_get_timeout;
-+ SSL_SESSION_hash;
-+ SSL_SESSION_new;
-+ SSL_SESSION_print;
-+ SSL_SESSION_print_fp;
-+ SSL_SESSION_set_ex_data;
-+ SSL_SESSION_set_time;
-+ SSL_SESSION_set_timeout;
-+ SSL_set1_param;
-+ SSL_set_accept_state;
-+ SSL_set_bio;
-+ SSL_set_cipher_list;
-+ SSL_set_client_CA_list;
-+ SSL_set_connect_state;
-+ SSL_set_ex_data;
-+ SSL_set_fd;
-+ SSL_set_generate_session_id;
-+ SSL_set_info_callback;
-+ SSL_set_msg_callback;
-+ SSL_set_psk_client_callback;
-+ SSL_set_psk_server_callback;
-+ SSL_set_purpose;
-+ SSL_set_quiet_shutdown;
-+ SSL_set_read_ahead;
-+ SSL_set_rfd;
-+ SSL_set_session;
-+ SSL_set_session_id_context;
-+ SSL_set_session_secret_cb;
-+ SSL_set_session_ticket_ext;
-+ SSL_set_session_ticket_ext_cb;
-+ SSL_set_shutdown;
-+ SSL_set_SSL_CTX;
-+ SSL_set_ssl_method;
-+ SSL_set_tmp_dh_callback;
-+ SSL_set_tmp_ecdh_callback;
-+ SSL_set_tmp_rsa_callback;
-+ SSL_set_trust;
-+ SSL_set_verify;
-+ SSL_set_verify_depth;
-+ SSL_set_verify_result;
-+ SSL_set_wfd;
-+ SSL_shutdown;
-+ SSL_state;
-+ SSL_state_string;
-+ SSL_state_string_long;
-+ SSL_use_certificate;
-+ SSL_use_certificate_ASN1;
-+ SSL_use_certificate_file;
-+ SSL_use_PrivateKey;
-+ SSL_use_PrivateKey_ASN1;
-+ SSL_use_PrivateKey_file;
-+ SSL_use_psk_identity_hint;
-+ SSL_use_RSAPrivateKey;
-+ SSL_use_RSAPrivateKey_ASN1;
-+ SSL_use_RSAPrivateKey_file;
-+ SSLv23_client_method;
-+ SSLv23_method;
-+ SSLv23_server_method;
-+ SSLv2_client_method;
-+ SSLv2_method;
-+ SSLv2_server_method;
-+ SSLv3_client_method;
-+ SSLv3_method;
-+ SSLv3_server_method;
-+ SSL_version;
-+ SSL_want;
-+ SSL_write;
-+ TLSv1_client_method;
-+ TLSv1_method;
-+ TLSv1_server_method;
-+
-+
-+ SSLeay;
-+ SSLeay_version;
-+ ASN1_BIT_STRING_asn1_meth;
-+ ASN1_HEADER_free;
-+ ASN1_HEADER_new;
-+ ASN1_IA5STRING_asn1_meth;
-+ ASN1_INTEGER_get;
-+ ASN1_INTEGER_set;
-+ ASN1_INTEGER_to_BN;
-+ ASN1_OBJECT_create;
-+ ASN1_OBJECT_free;
-+ ASN1_OBJECT_new;
-+ ASN1_PRINTABLE_type;
-+ ASN1_STRING_cmp;
-+ ASN1_STRING_dup;
-+ ASN1_STRING_free;
-+ ASN1_STRING_new;
-+ ASN1_STRING_print;
-+ ASN1_STRING_set;
-+ ASN1_STRING_type_new;
-+ ASN1_TYPE_free;
-+ ASN1_TYPE_new;
-+ ASN1_UNIVERSALSTRING_to_string;
-+ ASN1_UTCTIME_check;
-+ ASN1_UTCTIME_print;
-+ ASN1_UTCTIME_set;
-+ ASN1_check_infinite_end;
-+ ASN1_d2i_bio;
-+ ASN1_d2i_fp;
-+ ASN1_digest;
-+ ASN1_dup;
-+ ASN1_get_object;
-+ ASN1_i2d_bio;
-+ ASN1_i2d_fp;
-+ ASN1_object_size;
-+ ASN1_parse;
-+ ASN1_put_object;
-+ ASN1_sign;
-+ ASN1_verify;
-+ BF_cbc_encrypt;
-+ BF_cfb64_encrypt;
-+ BF_ecb_encrypt;
-+ BF_encrypt;
-+ BF_ofb64_encrypt;
-+ BF_options;
-+ BF_set_key;
-+ BIO_CONNECT_free;
-+ BIO_CONNECT_new;
-+ BIO_accept;
-+ BIO_ctrl;
-+ BIO_int_ctrl;
-+ BIO_debug_callback;
-+ BIO_dump;
-+ BIO_dup_chain;
-+ BIO_f_base64;
-+ BIO_f_buffer;
-+ BIO_f_cipher;
-+ BIO_f_md;
-+ BIO_f_null;
-+ BIO_f_proxy_server;
-+ BIO_fd_non_fatal_error;
-+ BIO_fd_should_retry;
-+ BIO_find_type;
-+ BIO_free;
-+ BIO_free_all;
-+ BIO_get_accept_socket;
-+ BIO_get_filter_bio;
-+ BIO_get_host_ip;
-+ BIO_get_port;
-+ BIO_get_retry_BIO;
-+ BIO_get_retry_reason;
-+ BIO_gethostbyname;
-+ BIO_gets;
-+ BIO_new;
-+ BIO_new_accept;
-+ BIO_new_connect;
-+ BIO_new_fd;
-+ BIO_new_file;
-+ BIO_new_fp;
-+ BIO_new_socket;
-+ BIO_pop;
-+ BIO_printf;
-+ BIO_push;
-+ BIO_puts;
-+ BIO_read;
-+ BIO_s_accept;
-+ BIO_s_connect;
-+ BIO_s_fd;
-+ BIO_s_file;
-+ BIO_s_mem;
-+ BIO_s_null;
-+ BIO_s_proxy_client;
-+ BIO_s_socket;
-+ BIO_set;
-+ BIO_set_cipher;
-+ BIO_set_tcp_ndelay;
-+ BIO_sock_cleanup;
-+ BIO_sock_error;
-+ BIO_sock_init;
-+ BIO_sock_non_fatal_error;
-+ BIO_sock_should_retry;
-+ BIO_socket_ioctl;
-+ BIO_write;
-+ BN_CTX_free;
-+ BN_CTX_new;
-+ BN_MONT_CTX_free;
-+ BN_MONT_CTX_new;
-+ BN_MONT_CTX_set;
-+ BN_add;
-+ BN_add_word;
-+ BN_hex2bn;
-+ BN_bin2bn;
-+ BN_bn2hex;
-+ BN_bn2bin;
-+ BN_clear;
-+ BN_clear_bit;
-+ BN_clear_free;
-+ BN_cmp;
-+ BN_copy;
-+ BN_div;
-+ BN_div_word;
-+ BN_dup;
-+ BN_free;
-+ BN_from_montgomery;
-+ BN_gcd;
-+ BN_generate_prime;
-+ BN_get_word;
-+ BN_is_bit_set;
-+ BN_is_prime;
-+ BN_lshift;
-+ BN_lshift1;
-+ BN_mask_bits;
-+ BN_mod;
-+ BN_mod_exp;
-+ BN_mod_exp_mont;
-+ BN_mod_exp_simple;
-+ BN_mod_inverse;
-+ BN_mod_mul;
-+ BN_mod_mul_montgomery;
-+ BN_mod_word;
-+ BN_mul;
-+ BN_new;
-+ BN_num_bits;
-+ BN_num_bits_word;
-+ BN_options;
-+ BN_print;
-+ BN_print_fp;
-+ BN_rand;
-+ BN_reciprocal;
-+ BN_rshift;
-+ BN_rshift1;
-+ BN_set_bit;
-+ BN_set_word;
-+ BN_sqr;
-+ BN_sub;
-+ BN_to_ASN1_INTEGER;
-+ BN_ucmp;
-+ BN_value_one;
-+ BUF_MEM_free;
-+ BUF_MEM_grow;
-+ BUF_MEM_new;
-+ BUF_strdup;
-+ CONF_free;
-+ CONF_get_number;
-+ CONF_get_section;
-+ CONF_get_string;
-+ CONF_load;
-+ CRYPTO_add_lock;
-+ CRYPTO_dbg_free;
-+ CRYPTO_dbg_malloc;
-+ CRYPTO_dbg_realloc;
-+ CRYPTO_dbg_remalloc;
-+ CRYPTO_free;
-+ CRYPTO_get_add_lock_callback;
-+ CRYPTO_get_id_callback;
-+ CRYPTO_get_lock_name;
-+ CRYPTO_get_locking_callback;
-+ CRYPTO_get_mem_functions;
-+ CRYPTO_lock;
-+ CRYPTO_malloc;
-+ CRYPTO_mem_ctrl;
-+ CRYPTO_mem_leaks;
-+ CRYPTO_mem_leaks_cb;
-+ CRYPTO_mem_leaks_fp;
-+ CRYPTO_realloc;
-+ CRYPTO_remalloc;
-+ CRYPTO_set_add_lock_callback;
-+ CRYPTO_set_id_callback;
-+ CRYPTO_set_locking_callback;
-+ CRYPTO_set_mem_functions;
-+ CRYPTO_thread_id;
-+ DH_check;
-+ DH_compute_key;
-+ DH_free;
-+ DH_generate_key;
-+ DH_generate_parameters;
-+ DH_new;
-+ DH_size;
-+ DHparams_print;
-+ DHparams_print_fp;
-+ DSA_free;
-+ DSA_generate_key;
-+ DSA_generate_parameters;
-+ DSA_is_prime;
-+ DSA_new;
-+ DSA_print;
-+ DSA_print_fp;
-+ DSA_sign;
-+ DSA_sign_setup;
-+ DSA_size;
-+ DSA_verify;
-+ DSAparams_print;
-+ DSAparams_print_fp;
-+ ERR_clear_error;
-+ ERR_error_string;
-+ ERR_free_strings;
-+ ERR_func_error_string;
-+ ERR_get_err_state_table;
-+ ERR_get_error;
-+ ERR_get_error_line;
-+ ERR_get_state;
-+ ERR_get_string_table;
-+ ERR_lib_error_string;
-+ ERR_load_ASN1_strings;
-+ ERR_load_BIO_strings;
-+ ERR_load_BN_strings;
-+ ERR_load_BUF_strings;
-+ ERR_load_CONF_strings;
-+ ERR_load_DH_strings;
-+ ERR_load_DSA_strings;
-+ ERR_load_ERR_strings;
-+ ERR_load_EVP_strings;
-+ ERR_load_OBJ_strings;
-+ ERR_load_PEM_strings;
-+ ERR_load_PROXY_strings;
-+ ERR_load_RSA_strings;
-+ ERR_load_X509_strings;
-+ ERR_load_crypto_strings;
-+ ERR_load_strings;
-+ ERR_peek_error;
-+ ERR_peek_error_line;
-+ ERR_print_errors;
-+ ERR_print_errors_fp;
-+ ERR_put_error;
-+ ERR_reason_error_string;
-+ ERR_remove_state;
-+ EVP_BytesToKey;
-+ EVP_CIPHER_CTX_cleanup;
-+ EVP_CipherFinal;
-+ EVP_CipherInit;
-+ EVP_CipherUpdate;
-+ EVP_DecodeBlock;
-+ EVP_DecodeFinal;
-+ EVP_DecodeInit;
-+ EVP_DecodeUpdate;
-+ EVP_DecryptFinal;
-+ EVP_DecryptInit;
-+ EVP_DecryptUpdate;
-+ EVP_DigestFinal;
-+ EVP_DigestInit;
-+ EVP_DigestUpdate;
-+ EVP_EncodeBlock;
-+ EVP_EncodeFinal;
-+ EVP_EncodeInit;
-+ EVP_EncodeUpdate;
-+ EVP_EncryptFinal;
-+ EVP_EncryptInit;
-+ EVP_EncryptUpdate;
-+ EVP_OpenFinal;
-+ EVP_OpenInit;
-+ EVP_PKEY_assign;
-+ EVP_PKEY_copy_parameters;
-+ EVP_PKEY_free;
-+ EVP_PKEY_missing_parameters;
-+ EVP_PKEY_new;
-+ EVP_PKEY_save_parameters;
-+ EVP_PKEY_size;
-+ EVP_PKEY_type;
-+ EVP_SealFinal;
-+ EVP_SealInit;
-+ EVP_SignFinal;
-+ EVP_VerifyFinal;
-+ EVP_add_alias;
-+ EVP_add_cipher;
-+ EVP_add_digest;
-+ EVP_bf_cbc;
-+ EVP_bf_cfb64;
-+ EVP_bf_ecb;
-+ EVP_bf_ofb;
-+ EVP_cleanup;
-+ EVP_des_cbc;
-+ EVP_des_cfb64;
-+ EVP_des_ecb;
-+ EVP_des_ede;
-+ EVP_des_ede3;
-+ EVP_des_ede3_cbc;
-+ EVP_des_ede3_cfb64;
-+ EVP_des_ede3_ofb;
-+ EVP_des_ede_cbc;
-+ EVP_des_ede_cfb64;
-+ EVP_des_ede_ofb;
-+ EVP_des_ofb;
-+ EVP_desx_cbc;
-+ EVP_dss;
-+ EVP_dss1;
-+ EVP_enc_null;
-+ EVP_get_cipherbyname;
-+ EVP_get_digestbyname;
-+ EVP_get_pw_prompt;
-+ EVP_idea_cbc;
-+ EVP_idea_cfb64;
-+ EVP_idea_ecb;
-+ EVP_idea_ofb;
-+ EVP_md2;
-+ EVP_md5;
-+ EVP_md_null;
-+ EVP_rc2_cbc;
-+ EVP_rc2_cfb64;
-+ EVP_rc2_ecb;
-+ EVP_rc2_ofb;
-+ EVP_rc4;
-+ EVP_read_pw_string;
-+ EVP_set_pw_prompt;
-+ EVP_sha;
-+ EVP_sha1;
-+ MD2;
-+ MD2_Final;
-+ MD2_Init;
-+ MD2_Update;
-+ MD2_options;
-+ MD5;
-+ MD5_Final;
-+ MD5_Init;
-+ MD5_Update;
-+ MDC2;
-+ MDC2_Final;
-+ MDC2_Init;
-+ MDC2_Update;
-+ NETSCAPE_SPKAC_free;
-+ NETSCAPE_SPKAC_new;
-+ NETSCAPE_SPKI_free;
-+ NETSCAPE_SPKI_new;
-+ NETSCAPE_SPKI_sign;
-+ NETSCAPE_SPKI_verify;
-+ OBJ_add_object;
-+ OBJ_bsearch;
-+ OBJ_cleanup;
-+ OBJ_cmp;
-+ OBJ_create;
-+ OBJ_dup;
-+ OBJ_ln2nid;
-+ OBJ_new_nid;
-+ OBJ_nid2ln;
-+ OBJ_nid2obj;
-+ OBJ_nid2sn;
-+ OBJ_obj2nid;
-+ OBJ_sn2nid;
-+ OBJ_txt2nid;
-+ PEM_ASN1_read;
-+ PEM_ASN1_read_bio;
-+ PEM_ASN1_write;
-+ PEM_ASN1_write_bio;
-+ PEM_SealFinal;
-+ PEM_SealInit;
-+ PEM_SealUpdate;
-+ PEM_SignFinal;
-+ PEM_SignInit;
-+ PEM_SignUpdate;
-+ PEM_X509_INFO_read;
-+ PEM_X509_INFO_read_bio;
-+ PEM_X509_INFO_write_bio;
-+ PEM_dek_info;
-+ PEM_do_header;
-+ PEM_get_EVP_CIPHER_INFO;
-+ PEM_proc_type;
-+ PEM_read;
-+ PEM_read_DHparams;
-+ PEM_read_DSAPrivateKey;
-+ PEM_read_DSAparams;
-+ PEM_read_PKCS7;
-+ PEM_read_PrivateKey;
-+ PEM_read_RSAPrivateKey;
-+ PEM_read_X509;
-+ PEM_read_X509_CRL;
-+ PEM_read_X509_REQ;
-+ PEM_read_bio;
-+ PEM_read_bio_DHparams;
-+ PEM_read_bio_DSAPrivateKey;
-+ PEM_read_bio_DSAparams;
-+ PEM_read_bio_PKCS7;
-+ PEM_read_bio_PrivateKey;
-+ PEM_read_bio_RSAPrivateKey;
-+ PEM_read_bio_X509;
-+ PEM_read_bio_X509_CRL;
-+ PEM_read_bio_X509_REQ;
-+ PEM_write;
-+ PEM_write_DHparams;
-+ PEM_write_DSAPrivateKey;
-+ PEM_write_DSAparams;
-+ PEM_write_PKCS7;
-+ PEM_write_PrivateKey;
-+ PEM_write_RSAPrivateKey;
-+ PEM_write_X509;
-+ PEM_write_X509_CRL;
-+ PEM_write_X509_REQ;
-+ PEM_write_bio;
-+ PEM_write_bio_DHparams;
-+ PEM_write_bio_DSAPrivateKey;
-+ PEM_write_bio_DSAparams;
-+ PEM_write_bio_PKCS7;
-+ PEM_write_bio_PrivateKey;
-+ PEM_write_bio_RSAPrivateKey;
-+ PEM_write_bio_X509;
-+ PEM_write_bio_X509_CRL;
-+ PEM_write_bio_X509_REQ;
-+ PKCS7_DIGEST_free;
-+ PKCS7_DIGEST_new;
-+ PKCS7_ENCRYPT_free;
-+ PKCS7_ENCRYPT_new;
-+ PKCS7_ENC_CONTENT_free;
-+ PKCS7_ENC_CONTENT_new;
-+ PKCS7_ENVELOPE_free;
-+ PKCS7_ENVELOPE_new;
-+ PKCS7_ISSUER_AND_SERIAL_digest;
-+ PKCS7_ISSUER_AND_SERIAL_free;
-+ PKCS7_ISSUER_AND_SERIAL_new;
-+ PKCS7_RECIP_INFO_free;
-+ PKCS7_RECIP_INFO_new;
-+ PKCS7_SIGNED_free;
-+ PKCS7_SIGNED_new;
-+ PKCS7_SIGNER_INFO_free;
-+ PKCS7_SIGNER_INFO_new;
-+ PKCS7_SIGN_ENVELOPE_free;
-+ PKCS7_SIGN_ENVELOPE_new;
-+ PKCS7_dup;
-+ PKCS7_free;
-+ PKCS7_new;
-+ PROXY_ENTRY_add_noproxy;
-+ PROXY_ENTRY_clear_noproxy;
-+ PROXY_ENTRY_free;
-+ PROXY_ENTRY_get_noproxy;
-+ PROXY_ENTRY_new;
-+ PROXY_ENTRY_set_server;
-+ PROXY_add_noproxy;
-+ PROXY_add_server;
-+ PROXY_check_by_host;
-+ PROXY_check_url;
-+ PROXY_clear_noproxy;
-+ PROXY_free;
-+ PROXY_get_noproxy;
-+ PROXY_get_proxies;
-+ PROXY_get_proxy_entry;
-+ PROXY_load_conf;
-+ PROXY_new;
-+ PROXY_print;
-+ RAND_bytes;
-+ RAND_cleanup;
-+ RAND_file_name;
-+ RAND_load_file;
-+ RAND_screen;
-+ RAND_seed;
-+ RAND_write_file;
-+ RC2_cbc_encrypt;
-+ RC2_cfb64_encrypt;
-+ RC2_ecb_encrypt;
-+ RC2_encrypt;
-+ RC2_ofb64_encrypt;
-+ RC2_set_key;
-+ RC4;
-+ RC4_options;
-+ RC4_set_key;
-+ RSAPrivateKey_asn1_meth;
-+ RSAPrivateKey_dup;
-+ RSAPublicKey_dup;
-+ RSA_PKCS1_SSLeay;
-+ RSA_free;
-+ RSA_generate_key;
-+ RSA_new;
-+ RSA_new_method;
-+ RSA_print;
-+ RSA_print_fp;
-+ RSA_private_decrypt;
-+ RSA_private_encrypt;
-+ RSA_public_decrypt;
-+ RSA_public_encrypt;
-+ RSA_set_default_method;
-+ RSA_sign;
-+ RSA_sign_ASN1_OCTET_STRING;
-+ RSA_size;
-+ RSA_verify;
-+ RSA_verify_ASN1_OCTET_STRING;
-+ SHA;
-+ SHA1;
-+ SHA1_Final;
-+ SHA1_Init;
-+ SHA1_Update;
-+ SHA_Final;
-+ SHA_Init;
-+ SHA_Update;
-+ OpenSSL_add_all_algorithms;
-+ OpenSSL_add_all_ciphers;
-+ OpenSSL_add_all_digests;
-+ TXT_DB_create_index;
-+ TXT_DB_free;
-+ TXT_DB_get_by_index;
-+ TXT_DB_insert;
-+ TXT_DB_read;
-+ TXT_DB_write;
-+ X509_ALGOR_free;
-+ X509_ALGOR_new;
-+ X509_ATTRIBUTE_free;
-+ X509_ATTRIBUTE_new;
-+ X509_CINF_free;
-+ X509_CINF_new;
-+ X509_CRL_INFO_free;
-+ X509_CRL_INFO_new;
-+ X509_CRL_add_ext;
-+ X509_CRL_cmp;
-+ X509_CRL_delete_ext;
-+ X509_CRL_dup;
-+ X509_CRL_free;
-+ X509_CRL_get_ext;
-+ X509_CRL_get_ext_by_NID;
-+ X509_CRL_get_ext_by_OBJ;
-+ X509_CRL_get_ext_by_critical;
-+ X509_CRL_get_ext_count;
-+ X509_CRL_new;
-+ X509_CRL_sign;
-+ X509_CRL_verify;
-+ X509_EXTENSION_create_by_NID;
-+ X509_EXTENSION_create_by_OBJ;
-+ X509_EXTENSION_dup;
-+ X509_EXTENSION_free;
-+ X509_EXTENSION_get_critical;
-+ X509_EXTENSION_get_data;
-+ X509_EXTENSION_get_object;
-+ X509_EXTENSION_new;
-+ X509_EXTENSION_set_critical;
-+ X509_EXTENSION_set_data;
-+ X509_EXTENSION_set_object;
-+ X509_INFO_free;
-+ X509_INFO_new;
-+ X509_LOOKUP_by_alias;
-+ X509_LOOKUP_by_fingerprint;
-+ X509_LOOKUP_by_issuer_serial;
-+ X509_LOOKUP_by_subject;
-+ X509_LOOKUP_ctrl;
-+ X509_LOOKUP_file;
-+ X509_LOOKUP_free;
-+ X509_LOOKUP_hash_dir;
-+ X509_LOOKUP_init;
-+ X509_LOOKUP_new;
-+ X509_LOOKUP_shutdown;
-+ X509_NAME_ENTRY_create_by_NID;
-+ X509_NAME_ENTRY_create_by_OBJ;
-+ X509_NAME_ENTRY_dup;
-+ X509_NAME_ENTRY_free;
-+ X509_NAME_ENTRY_get_data;
-+ X509_NAME_ENTRY_get_object;
-+ X509_NAME_ENTRY_new;
-+ X509_NAME_ENTRY_set_data;
-+ X509_NAME_ENTRY_set_object;
-+ X509_NAME_add_entry;
-+ X509_NAME_cmp;
-+ X509_NAME_delete_entry;
-+ X509_NAME_digest;
-+ X509_NAME_dup;
-+ X509_NAME_entry_count;
-+ X509_NAME_free;
-+ X509_NAME_get_entry;
-+ X509_NAME_get_index_by_NID;
-+ X509_NAME_get_index_by_OBJ;
-+ X509_NAME_get_text_by_NID;
-+ X509_NAME_get_text_by_OBJ;
-+ X509_NAME_hash;
-+ X509_NAME_new;
-+ X509_NAME_oneline;
-+ X509_NAME_print;
-+ X509_NAME_set;
-+ X509_OBJECT_free_contents;
-+ X509_OBJECT_retrieve_by_subject;
-+ X509_OBJECT_up_ref_count;
-+ X509_PKEY_free;
-+ X509_PKEY_new;
-+ X509_PUBKEY_free;
-+ X509_PUBKEY_get;
-+ X509_PUBKEY_new;
-+ X509_PUBKEY_set;
-+ X509_REQ_INFO_free;
-+ X509_REQ_INFO_new;
-+ X509_REQ_dup;
-+ X509_REQ_free;
-+ X509_REQ_get_pubkey;
-+ X509_REQ_new;
-+ X509_REQ_print;
-+ X509_REQ_print_fp;
-+ X509_REQ_set_pubkey;
-+ X509_REQ_set_subject_name;
-+ X509_REQ_set_version;
-+ X509_REQ_sign;
-+ X509_REQ_to_X509;
-+ X509_REQ_verify;
-+ X509_REVOKED_add_ext;
-+ X509_REVOKED_delete_ext;
-+ X509_REVOKED_free;
-+ X509_REVOKED_get_ext;
-+ X509_REVOKED_get_ext_by_NID;
-+ X509_REVOKED_get_ext_by_OBJ;
-+ X509_REVOKED_get_ext_by_critical;
-+ X509_REVOKED_get_ext_by_critic;
-+ X509_REVOKED_get_ext_count;
-+ X509_REVOKED_new;
-+ X509_SIG_free;
-+ X509_SIG_new;
-+ X509_STORE_CTX_cleanup;
-+ X509_STORE_CTX_init;
-+ X509_STORE_add_cert;
-+ X509_STORE_add_lookup;
-+ X509_STORE_free;
-+ X509_STORE_get_by_subject;
-+ X509_STORE_load_locations;
-+ X509_STORE_new;
-+ X509_STORE_set_default_paths;
-+ X509_VAL_free;
-+ X509_VAL_new;
-+ X509_add_ext;
-+ X509_asn1_meth;
-+ X509_certificate_type;
-+ X509_check_private_key;
-+ X509_cmp_current_time;
-+ X509_delete_ext;
-+ X509_digest;
-+ X509_dup;
-+ X509_free;
-+ X509_get_default_cert_area;
-+ X509_get_default_cert_dir;
-+ X509_get_default_cert_dir_env;
-+ X509_get_default_cert_file;
-+ X509_get_default_cert_file_env;
-+ X509_get_default_private_dir;
-+ X509_get_ext;
-+ X509_get_ext_by_NID;
-+ X509_get_ext_by_OBJ;
-+ X509_get_ext_by_critical;
-+ X509_get_ext_count;
-+ X509_get_issuer_name;
-+ X509_get_pubkey;
-+ X509_get_pubkey_parameters;
-+ X509_get_serialNumber;
-+ X509_get_subject_name;
-+ X509_gmtime_adj;
-+ X509_issuer_and_serial_cmp;
-+ X509_issuer_and_serial_hash;
-+ X509_issuer_name_cmp;
-+ X509_issuer_name_hash;
-+ X509_load_cert_file;
-+ X509_new;
-+ X509_print;
-+ X509_print_fp;
-+ X509_set_issuer_name;
-+ X509_set_notAfter;
-+ X509_set_notBefore;
-+ X509_set_pubkey;
-+ X509_set_serialNumber;
-+ X509_set_subject_name;
-+ X509_set_version;
-+ X509_sign;
-+ X509_subject_name_cmp;
-+ X509_subject_name_hash;
-+ X509_to_X509_REQ;
-+ X509_verify;
-+ X509_verify_cert;
-+ X509_verify_cert_error_string;
-+ X509v3_add_ext;
-+ X509v3_add_extension;
-+ X509v3_add_netscape_extensions;
-+ X509v3_add_standard_extensions;
-+ X509v3_cleanup_extensions;
-+ X509v3_data_type_by_NID;
-+ X509v3_data_type_by_OBJ;
-+ X509v3_delete_ext;
-+ X509v3_get_ext;
-+ X509v3_get_ext_by_NID;
-+ X509v3_get_ext_by_OBJ;
-+ X509v3_get_ext_by_critical;
-+ X509v3_get_ext_count;
-+ X509v3_pack_string;
-+ X509v3_pack_type_by_NID;
-+ X509v3_pack_type_by_OBJ;
-+ X509v3_unpack_string;
-+ _des_crypt;
-+ a2d_ASN1_OBJECT;
-+ a2i_ASN1_INTEGER;
-+ a2i_ASN1_STRING;
-+ asn1_Finish;
-+ asn1_GetSequence;
-+ bn_div_words;
-+ bn_expand2;
-+ bn_mul_add_words;
-+ bn_mul_words;
-+ BN_uadd;
-+ BN_usub;
-+ bn_sqr_words;
-+ _ossl_old_crypt;
-+ d2i_ASN1_BIT_STRING;
-+ d2i_ASN1_BOOLEAN;
-+ d2i_ASN1_HEADER;
-+ d2i_ASN1_IA5STRING;
-+ d2i_ASN1_INTEGER;
-+ d2i_ASN1_OBJECT;
-+ d2i_ASN1_OCTET_STRING;
-+ d2i_ASN1_PRINTABLE;
-+ d2i_ASN1_PRINTABLESTRING;
-+ d2i_ASN1_SET;
-+ d2i_ASN1_T61STRING;
-+ d2i_ASN1_TYPE;
-+ d2i_ASN1_UTCTIME;
-+ d2i_ASN1_bytes;
-+ d2i_ASN1_type_bytes;
-+ d2i_DHparams;
-+ d2i_DSAPrivateKey;
-+ d2i_DSAPrivateKey_bio;
-+ d2i_DSAPrivateKey_fp;
-+ d2i_DSAPublicKey;
-+ d2i_DSAparams;
-+ d2i_NETSCAPE_SPKAC;
-+ d2i_NETSCAPE_SPKI;
-+ d2i_Netscape_RSA;
-+ d2i_PKCS7;
-+ d2i_PKCS7_DIGEST;
-+ d2i_PKCS7_ENCRYPT;
-+ d2i_PKCS7_ENC_CONTENT;
-+ d2i_PKCS7_ENVELOPE;
-+ d2i_PKCS7_ISSUER_AND_SERIAL;
-+ d2i_PKCS7_RECIP_INFO;
-+ d2i_PKCS7_SIGNED;
-+ d2i_PKCS7_SIGNER_INFO;
-+ d2i_PKCS7_SIGN_ENVELOPE;
-+ d2i_PKCS7_bio;
-+ d2i_PKCS7_fp;
-+ d2i_PrivateKey;
-+ d2i_PublicKey;
-+ d2i_RSAPrivateKey;
-+ d2i_RSAPrivateKey_bio;
-+ d2i_RSAPrivateKey_fp;
-+ d2i_RSAPublicKey;
-+ d2i_X509;
-+ d2i_X509_ALGOR;
-+ d2i_X509_ATTRIBUTE;
-+ d2i_X509_CINF;
-+ d2i_X509_CRL;
-+ d2i_X509_CRL_INFO;
-+ d2i_X509_CRL_bio;
-+ d2i_X509_CRL_fp;
-+ d2i_X509_EXTENSION;
-+ d2i_X509_NAME;
-+ d2i_X509_NAME_ENTRY;
-+ d2i_X509_PKEY;
-+ d2i_X509_PUBKEY;
-+ d2i_X509_REQ;
-+ d2i_X509_REQ_INFO;
-+ d2i_X509_REQ_bio;
-+ d2i_X509_REQ_fp;
-+ d2i_X509_REVOKED;
-+ d2i_X509_SIG;
-+ d2i_X509_VAL;
-+ d2i_X509_bio;
-+ d2i_X509_fp;
-+ DES_cbc_cksum;
-+ DES_cbc_encrypt;
-+ DES_cblock_print_file;
-+ DES_cfb64_encrypt;
-+ DES_cfb_encrypt;
-+ DES_decrypt3;
-+ DES_ecb3_encrypt;
-+ DES_ecb_encrypt;
-+ DES_ede3_cbc_encrypt;
-+ DES_ede3_cfb64_encrypt;
-+ DES_ede3_ofb64_encrypt;
-+ DES_enc_read;
-+ DES_enc_write;
-+ DES_encrypt1;
-+ DES_encrypt2;
-+ DES_encrypt3;
-+ DES_fcrypt;
-+ DES_is_weak_key;
-+ DES_key_sched;
-+ DES_ncbc_encrypt;
-+ DES_ofb64_encrypt;
-+ DES_ofb_encrypt;
-+ DES_options;
-+ DES_pcbc_encrypt;
-+ DES_quad_cksum;
-+ DES_random_key;
-+ _ossl_old_des_random_seed;
-+ _ossl_old_des_read_2passwords;
-+ _ossl_old_des_read_password;
-+ _ossl_old_des_read_pw;
-+ _ossl_old_des_read_pw_string;
-+ DES_set_key;
-+ DES_set_odd_parity;
-+ DES_string_to_2keys;
-+ DES_string_to_key;
-+ DES_xcbc_encrypt;
-+ DES_xwhite_in2out;
-+ fcrypt_body;
-+ i2a_ASN1_INTEGER;
-+ i2a_ASN1_OBJECT;
-+ i2a_ASN1_STRING;
-+ i2d_ASN1_BIT_STRING;
-+ i2d_ASN1_BOOLEAN;
-+ i2d_ASN1_HEADER;
-+ i2d_ASN1_IA5STRING;
-+ i2d_ASN1_INTEGER;
-+ i2d_ASN1_OBJECT;
-+ i2d_ASN1_OCTET_STRING;
-+ i2d_ASN1_PRINTABLE;
-+ i2d_ASN1_SET;
-+ i2d_ASN1_TYPE;
-+ i2d_ASN1_UTCTIME;
-+ i2d_ASN1_bytes;
-+ i2d_DHparams;
-+ i2d_DSAPrivateKey;
-+ i2d_DSAPrivateKey_bio;
-+ i2d_DSAPrivateKey_fp;
-+ i2d_DSAPublicKey;
-+ i2d_DSAparams;
-+ i2d_NETSCAPE_SPKAC;
-+ i2d_NETSCAPE_SPKI;
-+ i2d_Netscape_RSA;
-+ i2d_PKCS7;
-+ i2d_PKCS7_DIGEST;
-+ i2d_PKCS7_ENCRYPT;
-+ i2d_PKCS7_ENC_CONTENT;
-+ i2d_PKCS7_ENVELOPE;
-+ i2d_PKCS7_ISSUER_AND_SERIAL;
-+ i2d_PKCS7_RECIP_INFO;
-+ i2d_PKCS7_SIGNED;
-+ i2d_PKCS7_SIGNER_INFO;
-+ i2d_PKCS7_SIGN_ENVELOPE;
-+ i2d_PKCS7_bio;
-+ i2d_PKCS7_fp;
-+ i2d_PrivateKey;
-+ i2d_PublicKey;
-+ i2d_RSAPrivateKey;
-+ i2d_RSAPrivateKey_bio;
-+ i2d_RSAPrivateKey_fp;
-+ i2d_RSAPublicKey;
-+ i2d_X509;
-+ i2d_X509_ALGOR;
-+ i2d_X509_ATTRIBUTE;
-+ i2d_X509_CINF;
-+ i2d_X509_CRL;
-+ i2d_X509_CRL_INFO;
-+ i2d_X509_CRL_bio;
-+ i2d_X509_CRL_fp;
-+ i2d_X509_EXTENSION;
-+ i2d_X509_NAME;
-+ i2d_X509_NAME_ENTRY;
-+ i2d_X509_PKEY;
-+ i2d_X509_PUBKEY;
-+ i2d_X509_REQ;
-+ i2d_X509_REQ_INFO;
-+ i2d_X509_REQ_bio;
-+ i2d_X509_REQ_fp;
-+ i2d_X509_REVOKED;
-+ i2d_X509_SIG;
-+ i2d_X509_VAL;
-+ i2d_X509_bio;
-+ i2d_X509_fp;
-+ idea_cbc_encrypt;
-+ idea_cfb64_encrypt;
-+ idea_ecb_encrypt;
-+ idea_encrypt;
-+ idea_ofb64_encrypt;
-+ idea_options;
-+ idea_set_decrypt_key;
-+ idea_set_encrypt_key;
-+ lh_delete;
-+ lh_doall;
-+ lh_doall_arg;
-+ lh_free;
-+ lh_insert;
-+ lh_new;
-+ lh_node_stats;
-+ lh_node_stats_bio;
-+ lh_node_usage_stats;
-+ lh_node_usage_stats_bio;
-+ lh_retrieve;
-+ lh_stats;
-+ lh_stats_bio;
-+ lh_strhash;
-+ sk_delete;
-+ sk_delete_ptr;
-+ sk_dup;
-+ sk_find;
-+ sk_free;
-+ sk_insert;
-+ sk_new;
-+ sk_pop;
-+ sk_pop_free;
-+ sk_push;
-+ sk_set_cmp_func;
-+ sk_shift;
-+ sk_unshift;
-+ sk_zero;
-+ BIO_f_nbio_test;
-+ ASN1_TYPE_get;
-+ ASN1_TYPE_set;
-+ PKCS7_content_free;
-+ ERR_load_PKCS7_strings;
-+ X509_find_by_issuer_and_serial;
-+ X509_find_by_subject;
-+ PKCS7_ctrl;
-+ PKCS7_set_type;
-+ PKCS7_set_content;
-+ PKCS7_SIGNER_INFO_set;
-+ PKCS7_add_signer;
-+ PKCS7_add_certificate;
-+ PKCS7_add_crl;
-+ PKCS7_content_new;
-+ PKCS7_dataSign;
-+ PKCS7_dataVerify;
-+ PKCS7_dataInit;
-+ PKCS7_add_signature;
-+ PKCS7_cert_from_signer_info;
-+ PKCS7_get_signer_info;
-+ EVP_delete_alias;
-+ EVP_mdc2;
-+ PEM_read_bio_RSAPublicKey;
-+ PEM_write_bio_RSAPublicKey;
-+ d2i_RSAPublicKey_bio;
-+ i2d_RSAPublicKey_bio;
-+ PEM_read_RSAPublicKey;
-+ PEM_write_RSAPublicKey;
-+ d2i_RSAPublicKey_fp;
-+ i2d_RSAPublicKey_fp;
-+ BIO_copy_next_retry;
-+ RSA_flags;
-+ X509_STORE_add_crl;
-+ X509_load_crl_file;
-+ EVP_rc2_40_cbc;
-+ EVP_rc4_40;
-+ EVP_CIPHER_CTX_init;
-+ HMAC;
-+ HMAC_Init;
-+ HMAC_Update;
-+ HMAC_Final;
-+ ERR_get_next_error_library;
-+ EVP_PKEY_cmp_parameters;
-+ HMAC_cleanup;
-+ BIO_ptr_ctrl;
-+ BIO_new_file_internal;
-+ BIO_new_fp_internal;
-+ BIO_s_file_internal;
-+ BN_BLINDING_convert;
-+ BN_BLINDING_invert;
-+ BN_BLINDING_update;
-+ RSA_blinding_on;
-+ RSA_blinding_off;
-+ i2t_ASN1_OBJECT;
-+ BN_BLINDING_new;
-+ BN_BLINDING_free;
-+ EVP_cast5_cbc;
-+ EVP_cast5_cfb64;
-+ EVP_cast5_ecb;
-+ EVP_cast5_ofb;
-+ BF_decrypt;
-+ CAST_set_key;
-+ CAST_encrypt;
-+ CAST_decrypt;
-+ CAST_ecb_encrypt;
-+ CAST_cbc_encrypt;
-+ CAST_cfb64_encrypt;
-+ CAST_ofb64_encrypt;
-+ RC2_decrypt;
-+ OBJ_create_objects;
-+ BN_exp;
-+ BN_mul_word;
-+ BN_sub_word;
-+ BN_dec2bn;
-+ BN_bn2dec;
-+ BIO_ghbn_ctrl;
-+ CRYPTO_free_ex_data;
-+ CRYPTO_get_ex_data;
-+ CRYPTO_set_ex_data;
-+ ERR_load_CRYPTO_strings;
-+ ERR_load_CRYPTOlib_strings;
-+ EVP_PKEY_bits;
-+ MD5_Transform;
-+ SHA1_Transform;
-+ SHA_Transform;
-+ X509_STORE_CTX_get_chain;
-+ X509_STORE_CTX_get_current_cert;
-+ X509_STORE_CTX_get_error;
-+ X509_STORE_CTX_get_error_depth;
-+ X509_STORE_CTX_get_ex_data;
-+ X509_STORE_CTX_set_cert;
-+ X509_STORE_CTX_set_chain;
-+ X509_STORE_CTX_set_error;
-+ X509_STORE_CTX_set_ex_data;
-+ CRYPTO_dup_ex_data;
-+ CRYPTO_get_new_lockid;
-+ CRYPTO_new_ex_data;
-+ RSA_set_ex_data;
-+ RSA_get_ex_data;
-+ RSA_get_ex_new_index;
-+ RSA_padding_add_PKCS1_type_1;
-+ RSA_padding_add_PKCS1_type_2;
-+ RSA_padding_add_SSLv23;
-+ RSA_padding_add_none;
-+ RSA_padding_check_PKCS1_type_1;
-+ RSA_padding_check_PKCS1_type_2;
-+ RSA_padding_check_SSLv23;
-+ RSA_padding_check_none;
-+ bn_add_words;
-+ d2i_Netscape_RSA_2;
-+ CRYPTO_get_ex_new_index;
-+ RIPEMD160_Init;
-+ RIPEMD160_Update;
-+ RIPEMD160_Final;
-+ RIPEMD160;
-+ RIPEMD160_Transform;
-+ RC5_32_set_key;
-+ RC5_32_ecb_encrypt;
-+ RC5_32_encrypt;
-+ RC5_32_decrypt;
-+ RC5_32_cbc_encrypt;
-+ RC5_32_cfb64_encrypt;
-+ RC5_32_ofb64_encrypt;
-+ BN_bn2mpi;
-+ BN_mpi2bn;
-+ ASN1_BIT_STRING_get_bit;
-+ ASN1_BIT_STRING_set_bit;
-+ BIO_get_ex_data;
-+ BIO_get_ex_new_index;
-+ BIO_set_ex_data;
-+ X509v3_get_key_usage;
-+ X509v3_set_key_usage;
-+ a2i_X509v3_key_usage;
-+ i2a_X509v3_key_usage;
-+ EVP_PKEY_decrypt;
-+ EVP_PKEY_encrypt;
-+ PKCS7_RECIP_INFO_set;
-+ PKCS7_add_recipient;
-+ PKCS7_add_recipient_info;
-+ PKCS7_set_cipher;
-+ ASN1_TYPE_get_int_octetstring;
-+ ASN1_TYPE_get_octetstring;
-+ ASN1_TYPE_set_int_octetstring;
-+ ASN1_TYPE_set_octetstring;
-+ ASN1_UTCTIME_set_string;
-+ ERR_add_error_data;
-+ ERR_set_error_data;
-+ EVP_CIPHER_asn1_to_param;
-+ EVP_CIPHER_param_to_asn1;
-+ EVP_CIPHER_get_asn1_iv;
-+ EVP_CIPHER_set_asn1_iv;
-+ EVP_rc5_32_12_16_cbc;
-+ EVP_rc5_32_12_16_cfb64;
-+ EVP_rc5_32_12_16_ecb;
-+ EVP_rc5_32_12_16_ofb;
-+ asn1_add_error;
-+ d2i_ASN1_BMPSTRING;
-+ i2d_ASN1_BMPSTRING;
-+ BIO_f_ber;
-+ BN_init;
-+ COMP_CTX_new;
-+ COMP_CTX_free;
-+ COMP_CTX_compress_block;
-+ COMP_CTX_expand_block;
-+ X509_STORE_CTX_get_ex_new_index;
-+ OBJ_NAME_add;
-+ BIO_socket_nbio;
-+ EVP_rc2_64_cbc;
-+ OBJ_NAME_cleanup;
-+ OBJ_NAME_get;
-+ OBJ_NAME_init;
-+ OBJ_NAME_new_index;
-+ OBJ_NAME_remove;
-+ BN_MONT_CTX_copy;
-+ BIO_new_socks4a_connect;
-+ BIO_s_socks4a_connect;
-+ PROXY_set_connect_mode;
-+ RAND_SSLeay;
-+ RAND_set_rand_method;
-+ RSA_memory_lock;
-+ bn_sub_words;
-+ bn_mul_normal;
-+ bn_mul_comba8;
-+ bn_mul_comba4;
-+ bn_sqr_normal;
-+ bn_sqr_comba8;
-+ bn_sqr_comba4;
-+ bn_cmp_words;
-+ bn_mul_recursive;
-+ bn_mul_part_recursive;
-+ bn_sqr_recursive;
-+ bn_mul_low_normal;
-+ BN_RECP_CTX_init;
-+ BN_RECP_CTX_new;
-+ BN_RECP_CTX_free;
-+ BN_RECP_CTX_set;
-+ BN_mod_mul_reciprocal;
-+ BN_mod_exp_recp;
-+ BN_div_recp;
-+ BN_CTX_init;
-+ BN_MONT_CTX_init;
-+ RAND_get_rand_method;
-+ PKCS7_add_attribute;
-+ PKCS7_add_signed_attribute;
-+ PKCS7_digest_from_attributes;
-+ PKCS7_get_attribute;
-+ PKCS7_get_issuer_and_serial;
-+ PKCS7_get_signed_attribute;
-+ COMP_compress_block;
-+ COMP_expand_block;
-+ COMP_rle;
-+ COMP_zlib;
-+ ms_time_diff;
-+ ms_time_new;
-+ ms_time_free;
-+ ms_time_cmp;
-+ ms_time_get;
-+ PKCS7_set_attributes;
-+ PKCS7_set_signed_attributes;
-+ X509_ATTRIBUTE_create;
-+ X509_ATTRIBUTE_dup;
-+ ASN1_GENERALIZEDTIME_check;
-+ ASN1_GENERALIZEDTIME_print;
-+ ASN1_GENERALIZEDTIME_set;
-+ ASN1_GENERALIZEDTIME_set_string;
-+ ASN1_TIME_print;
-+ BASIC_CONSTRAINTS_free;
-+ BASIC_CONSTRAINTS_new;
-+ ERR_load_X509V3_strings;
-+ NETSCAPE_CERT_SEQUENCE_free;
-+ NETSCAPE_CERT_SEQUENCE_new;
-+ OBJ_txt2obj;
-+ PEM_read_NETSCAPE_CERT_SEQUENCE;
-+ PEM_read_NS_CERT_SEQ;
-+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+ PEM_read_bio_NS_CERT_SEQ;
-+ PEM_write_NETSCAPE_CERT_SEQUENCE;
-+ PEM_write_NS_CERT_SEQ;
-+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+ PEM_write_bio_NS_CERT_SEQ;
-+ X509V3_EXT_add;
-+ X509V3_EXT_add_alias;
-+ X509V3_EXT_add_conf;
-+ X509V3_EXT_cleanup;
-+ X509V3_EXT_conf;
-+ X509V3_EXT_conf_nid;
-+ X509V3_EXT_get;
-+ X509V3_EXT_get_nid;
-+ X509V3_EXT_print;
-+ X509V3_EXT_print_fp;
-+ X509V3_add_standard_extensions;
-+ X509V3_add_value;
-+ X509V3_add_value_bool;
-+ X509V3_add_value_int;
-+ X509V3_conf_free;
-+ X509V3_get_value_bool;
-+ X509V3_get_value_int;
-+ X509V3_parse_list;
-+ d2i_ASN1_GENERALIZEDTIME;
-+ d2i_ASN1_TIME;
-+ d2i_BASIC_CONSTRAINTS;
-+ d2i_NETSCAPE_CERT_SEQUENCE;
-+ d2i_ext_ku;
-+ ext_ku_free;
-+ ext_ku_new;
-+ i2d_ASN1_GENERALIZEDTIME;
-+ i2d_ASN1_TIME;
-+ i2d_BASIC_CONSTRAINTS;
-+ i2d_NETSCAPE_CERT_SEQUENCE;
-+ i2d_ext_ku;
-+ EVP_MD_CTX_copy;
-+ i2d_ASN1_ENUMERATED;
-+ d2i_ASN1_ENUMERATED;
-+ ASN1_ENUMERATED_set;
-+ ASN1_ENUMERATED_get;
-+ BN_to_ASN1_ENUMERATED;
-+ ASN1_ENUMERATED_to_BN;
-+ i2a_ASN1_ENUMERATED;
-+ a2i_ASN1_ENUMERATED;
-+ i2d_GENERAL_NAME;
-+ d2i_GENERAL_NAME;
-+ GENERAL_NAME_new;
-+ GENERAL_NAME_free;
-+ GENERAL_NAMES_new;
-+ GENERAL_NAMES_free;
-+ d2i_GENERAL_NAMES;
-+ i2d_GENERAL_NAMES;
-+ i2v_GENERAL_NAMES;
-+ i2s_ASN1_OCTET_STRING;
-+ s2i_ASN1_OCTET_STRING;
-+ X509V3_EXT_check_conf;
-+ hex_to_string;
-+ string_to_hex;
-+ DES_ede3_cbcm_encrypt;
-+ RSA_padding_add_PKCS1_OAEP;
-+ RSA_padding_check_PKCS1_OAEP;
-+ X509_CRL_print_fp;
-+ X509_CRL_print;
-+ i2v_GENERAL_NAME;
-+ v2i_GENERAL_NAME;
-+ i2d_PKEY_USAGE_PERIOD;
-+ d2i_PKEY_USAGE_PERIOD;
-+ PKEY_USAGE_PERIOD_new;
-+ PKEY_USAGE_PERIOD_free;
-+ v2i_GENERAL_NAMES;
-+ i2s_ASN1_INTEGER;
-+ X509V3_EXT_d2i;
-+ name_cmp;
-+ str_dup;
-+ i2s_ASN1_ENUMERATED;
-+ i2s_ASN1_ENUMERATED_TABLE;
-+ BIO_s_log;
-+ BIO_f_reliable;
-+ PKCS7_dataFinal;
-+ PKCS7_dataDecode;
-+ X509V3_EXT_CRL_add_conf;
-+ BN_set_params;
-+ BN_get_params;
-+ BIO_get_ex_num;
-+ BIO_set_ex_free_func;
-+ EVP_ripemd160;
-+ ASN1_TIME_set;
-+ i2d_AUTHORITY_KEYID;
-+ d2i_AUTHORITY_KEYID;
-+ AUTHORITY_KEYID_new;
-+ AUTHORITY_KEYID_free;
-+ ASN1_seq_unpack;
-+ ASN1_seq_pack;
-+ ASN1_unpack_string;
-+ ASN1_pack_string;
-+ PKCS12_pack_safebag;
-+ PKCS12_MAKE_KEYBAG;
-+ PKCS8_encrypt;
-+ PKCS12_MAKE_SHKEYBAG;
-+ PKCS12_pack_p7data;
-+ PKCS12_pack_p7encdata;
-+ PKCS12_add_localkeyid;
-+ PKCS12_add_friendlyname_asc;
-+ PKCS12_add_friendlyname_uni;
-+ PKCS12_get_friendlyname;
-+ PKCS12_pbe_crypt;
-+ PKCS12_decrypt_d2i;
-+ PKCS12_i2d_encrypt;
-+ PKCS12_init;
-+ PKCS12_key_gen_asc;
-+ PKCS12_key_gen_uni;
-+ PKCS12_gen_mac;
-+ PKCS12_verify_mac;
-+ PKCS12_set_mac;
-+ PKCS12_setup_mac;
-+ OPENSSL_asc2uni;
-+ OPENSSL_uni2asc;
-+ i2d_PKCS12_BAGS;
-+ PKCS12_BAGS_new;
-+ d2i_PKCS12_BAGS;
-+ PKCS12_BAGS_free;
-+ i2d_PKCS12;
-+ d2i_PKCS12;
-+ PKCS12_new;
-+ PKCS12_free;
-+ i2d_PKCS12_MAC_DATA;
-+ PKCS12_MAC_DATA_new;
-+ d2i_PKCS12_MAC_DATA;
-+ PKCS12_MAC_DATA_free;
-+ i2d_PKCS12_SAFEBAG;
-+ PKCS12_SAFEBAG_new;
-+ d2i_PKCS12_SAFEBAG;
-+ PKCS12_SAFEBAG_free;
-+ ERR_load_PKCS12_strings;
-+ PKCS12_PBE_add;
-+ PKCS8_add_keyusage;
-+ PKCS12_get_attr_gen;
-+ PKCS12_parse;
-+ PKCS12_create;
-+ i2d_PKCS12_bio;
-+ i2d_PKCS12_fp;
-+ d2i_PKCS12_bio;
-+ d2i_PKCS12_fp;
-+ i2d_PBEPARAM;
-+ PBEPARAM_new;
-+ d2i_PBEPARAM;
-+ PBEPARAM_free;
-+ i2d_PKCS8_PRIV_KEY_INFO;
-+ PKCS8_PRIV_KEY_INFO_new;
-+ d2i_PKCS8_PRIV_KEY_INFO;
-+ PKCS8_PRIV_KEY_INFO_free;
-+ EVP_PKCS82PKEY;
-+ EVP_PKEY2PKCS8;
-+ PKCS8_set_broken;
-+ EVP_PBE_ALGOR_CipherInit;
-+ EVP_PBE_alg_add;
-+ PKCS5_pbe_set;
-+ EVP_PBE_cleanup;
-+ i2d_SXNET;
-+ d2i_SXNET;
-+ SXNET_new;
-+ SXNET_free;
-+ i2d_SXNETID;
-+ d2i_SXNETID;
-+ SXNETID_new;
-+ SXNETID_free;
-+ DSA_SIG_new;
-+ DSA_SIG_free;
-+ DSA_do_sign;
-+ DSA_do_verify;
-+ d2i_DSA_SIG;
-+ i2d_DSA_SIG;
-+ i2d_ASN1_VISIBLESTRING;
-+ d2i_ASN1_VISIBLESTRING;
-+ i2d_ASN1_UTF8STRING;
-+ d2i_ASN1_UTF8STRING;
-+ i2d_DIRECTORYSTRING;
-+ d2i_DIRECTORYSTRING;
-+ i2d_DISPLAYTEXT;
-+ d2i_DISPLAYTEXT;
-+ d2i_ASN1_SET_OF_X509;
-+ i2d_ASN1_SET_OF_X509;
-+ i2d_PBKDF2PARAM;
-+ PBKDF2PARAM_new;
-+ d2i_PBKDF2PARAM;
-+ PBKDF2PARAM_free;
-+ i2d_PBE2PARAM;
-+ PBE2PARAM_new;
-+ d2i_PBE2PARAM;
-+ PBE2PARAM_free;
-+ d2i_ASN1_SET_OF_GENERAL_NAME;
-+ i2d_ASN1_SET_OF_GENERAL_NAME;
-+ d2i_ASN1_SET_OF_SXNETID;
-+ i2d_ASN1_SET_OF_SXNETID;
-+ d2i_ASN1_SET_OF_POLICYQUALINFO;
-+ i2d_ASN1_SET_OF_POLICYQUALINFO;
-+ d2i_ASN1_SET_OF_POLICYINFO;
-+ i2d_ASN1_SET_OF_POLICYINFO;
-+ SXNET_add_id_asc;
-+ SXNET_add_id_ulong;
-+ SXNET_add_id_INTEGER;
-+ SXNET_get_id_asc;
-+ SXNET_get_id_ulong;
-+ SXNET_get_id_INTEGER;
-+ X509V3_set_conf_lhash;
-+ i2d_CERTIFICATEPOLICIES;
-+ CERTIFICATEPOLICIES_new;
-+ CERTIFICATEPOLICIES_free;
-+ d2i_CERTIFICATEPOLICIES;
-+ i2d_POLICYINFO;
-+ POLICYINFO_new;
-+ d2i_POLICYINFO;
-+ POLICYINFO_free;
-+ i2d_POLICYQUALINFO;
-+ POLICYQUALINFO_new;
-+ d2i_POLICYQUALINFO;
-+ POLICYQUALINFO_free;
-+ i2d_USERNOTICE;
-+ USERNOTICE_new;
-+ d2i_USERNOTICE;
-+ USERNOTICE_free;
-+ i2d_NOTICEREF;
-+ NOTICEREF_new;
-+ d2i_NOTICEREF;
-+ NOTICEREF_free;
-+ X509V3_get_string;
-+ X509V3_get_section;
-+ X509V3_string_free;
-+ X509V3_section_free;
-+ X509V3_set_ctx;
-+ s2i_ASN1_INTEGER;
-+ CRYPTO_set_locked_mem_functions;
-+ CRYPTO_get_locked_mem_functions;
-+ CRYPTO_malloc_locked;
-+ CRYPTO_free_locked;
-+ BN_mod_exp2_mont;
-+ ERR_get_error_line_data;
-+ ERR_peek_error_line_data;
-+ PKCS12_PBE_keyivgen;
-+ X509_ALGOR_dup;
-+ d2i_ASN1_SET_OF_DIST_POINT;
-+ i2d_ASN1_SET_OF_DIST_POINT;
-+ i2d_CRL_DIST_POINTS;
-+ CRL_DIST_POINTS_new;
-+ CRL_DIST_POINTS_free;
-+ d2i_CRL_DIST_POINTS;
-+ i2d_DIST_POINT;
-+ DIST_POINT_new;
-+ d2i_DIST_POINT;
-+ DIST_POINT_free;
-+ i2d_DIST_POINT_NAME;
-+ DIST_POINT_NAME_new;
-+ DIST_POINT_NAME_free;
-+ d2i_DIST_POINT_NAME;
-+ X509V3_add_value_uchar;
-+ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+ i2d_ASN1_SET_OF_ASN1_TYPE;
-+ d2i_ASN1_SET_OF_X509_EXTENSION;
-+ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+ d2i_ASN1_SET_OF_ASN1_TYPE;
-+ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+ i2d_ASN1_SET_OF_X509_EXTENSION;
-+ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+ X509V3_EXT_i2d;
-+ X509V3_EXT_val_prn;
-+ X509V3_EXT_add_list;
-+ EVP_CIPHER_type;
-+ EVP_PBE_CipherInit;
-+ X509V3_add_value_bool_nf;
-+ d2i_ASN1_UINTEGER;
-+ sk_value;
-+ sk_num;
-+ sk_set;
-+ i2d_ASN1_SET_OF_X509_REVOKED;
-+ sk_sort;
-+ d2i_ASN1_SET_OF_X509_REVOKED;
-+ i2d_ASN1_SET_OF_X509_ALGOR;
-+ i2d_ASN1_SET_OF_X509_CRL;
-+ d2i_ASN1_SET_OF_X509_ALGOR;
-+ d2i_ASN1_SET_OF_X509_CRL;
-+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+ PKCS5_PBE_add;
-+ PEM_write_bio_PKCS8;
-+ i2d_PKCS8_fp;
-+ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+ PEM_read_bio_P8_PRIV_KEY_INFO;
-+ d2i_PKCS8_bio;
-+ d2i_PKCS8_PRIV_KEY_INFO_fp;
-+ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+ PEM_write_bio_P8_PRIV_KEY_INFO;
-+ PEM_read_PKCS8;
-+ d2i_PKCS8_PRIV_KEY_INFO_bio;
-+ d2i_PKCS8_fp;
-+ PEM_write_PKCS8;
-+ PEM_read_PKCS8_PRIV_KEY_INFO;
-+ PEM_read_P8_PRIV_KEY_INFO;
-+ PEM_read_bio_PKCS8;
-+ PEM_write_PKCS8_PRIV_KEY_INFO;
-+ PEM_write_P8_PRIV_KEY_INFO;
-+ PKCS5_PBE_keyivgen;
-+ i2d_PKCS8_bio;
-+ i2d_PKCS8_PRIV_KEY_INFO_fp;
-+ i2d_PKCS8_PRIV_KEY_INFO_bio;
-+ BIO_s_bio;
-+ PKCS5_pbe2_set;
-+ PKCS5_PBKDF2_HMAC_SHA1;
-+ PKCS5_v2_PBE_keyivgen;
-+ PEM_write_bio_PKCS8PrivateKey;
-+ PEM_write_PKCS8PrivateKey;
-+ BIO_ctrl_get_read_request;
-+ BIO_ctrl_pending;
-+ BIO_ctrl_wpending;
-+ BIO_new_bio_pair;
-+ BIO_ctrl_get_write_guarantee;
-+ CRYPTO_num_locks;
-+ CONF_load_bio;
-+ CONF_load_fp;
-+ i2d_ASN1_SET_OF_ASN1_OBJECT;
-+ d2i_ASN1_SET_OF_ASN1_OBJECT;
-+ PKCS7_signatureVerify;
-+ RSA_set_method;
-+ RSA_get_method;
-+ RSA_get_default_method;
-+ RSA_check_key;
-+ OBJ_obj2txt;
-+ DSA_dup_DH;
-+ X509_REQ_get_extensions;
-+ X509_REQ_set_extension_nids;
-+ BIO_nwrite;
-+ X509_REQ_extension_nid;
-+ BIO_nread;
-+ X509_REQ_get_extension_nids;
-+ BIO_nwrite0;
-+ X509_REQ_add_extensions_nid;
-+ BIO_nread0;
-+ X509_REQ_add_extensions;
-+ BIO_new_mem_buf;
-+ DH_set_ex_data;
-+ DH_set_method;
-+ DSA_OpenSSL;
-+ DH_get_ex_data;
-+ DH_get_ex_new_index;
-+ DSA_new_method;
-+ DH_new_method;
-+ DH_OpenSSL;
-+ DSA_get_ex_new_index;
-+ DH_get_default_method;
-+ DSA_set_ex_data;
-+ DH_set_default_method;
-+ DSA_get_ex_data;
-+ X509V3_EXT_REQ_add_conf;
-+ NETSCAPE_SPKI_print;
-+ NETSCAPE_SPKI_set_pubkey;
-+ NETSCAPE_SPKI_b64_encode;
-+ NETSCAPE_SPKI_get_pubkey;
-+ NETSCAPE_SPKI_b64_decode;
-+ UTF8_putc;
-+ UTF8_getc;
-+ RSA_null_method;
-+ ASN1_tag2str;
-+ BIO_ctrl_reset_read_request;
-+ DISPLAYTEXT_new;
-+ ASN1_GENERALIZEDTIME_free;
-+ X509_REVOKED_get_ext_d2i;
-+ X509_set_ex_data;
-+ X509_reject_set_bit_asc;
-+ X509_NAME_add_entry_by_txt;
-+ X509_NAME_add_entry_by_NID;
-+ X509_PURPOSE_get0;
-+ PEM_read_X509_AUX;
-+ d2i_AUTHORITY_INFO_ACCESS;
-+ PEM_write_PUBKEY;
-+ ACCESS_DESCRIPTION_new;
-+ X509_CERT_AUX_free;
-+ d2i_ACCESS_DESCRIPTION;
-+ X509_trust_clear;
-+ X509_TRUST_add;
-+ ASN1_VISIBLESTRING_new;
-+ X509_alias_set1;
-+ ASN1_PRINTABLESTRING_free;
-+ EVP_PKEY_get1_DSA;
-+ ASN1_BMPSTRING_new;
-+ ASN1_mbstring_copy;
-+ ASN1_UTF8STRING_new;
-+ DSA_get_default_method;
-+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+ ASN1_T61STRING_free;
-+ DSA_set_method;
-+ X509_get_ex_data;
-+ ASN1_STRING_type;
-+ X509_PURPOSE_get_by_sname;
-+ ASN1_TIME_free;
-+ ASN1_OCTET_STRING_cmp;
-+ ASN1_BIT_STRING_new;
-+ X509_get_ext_d2i;
-+ PEM_read_bio_X509_AUX;
-+ ASN1_STRING_set_default_mask_asc;
-+ ASN1_STRING_set_def_mask_asc;
-+ PEM_write_bio_RSA_PUBKEY;
-+ ASN1_INTEGER_cmp;
-+ d2i_RSA_PUBKEY_fp;
-+ X509_trust_set_bit_asc;
-+ PEM_write_bio_DSA_PUBKEY;
-+ X509_STORE_CTX_free;
-+ EVP_PKEY_set1_DSA;
-+ i2d_DSA_PUBKEY_fp;
-+ X509_load_cert_crl_file;
-+ ASN1_TIME_new;
-+ i2d_RSA_PUBKEY;
-+ X509_STORE_CTX_purpose_inherit;
-+ PEM_read_RSA_PUBKEY;
-+ d2i_X509_AUX;
-+ i2d_DSA_PUBKEY;
-+ X509_CERT_AUX_print;
-+ PEM_read_DSA_PUBKEY;
-+ i2d_RSA_PUBKEY_bio;
-+ ASN1_BIT_STRING_num_asc;
-+ i2d_PUBKEY;
-+ ASN1_UTCTIME_free;
-+ DSA_set_default_method;
-+ X509_PURPOSE_get_by_id;
-+ ACCESS_DESCRIPTION_free;
-+ PEM_read_bio_PUBKEY;
-+ ASN1_STRING_set_by_NID;
-+ X509_PURPOSE_get_id;
-+ DISPLAYTEXT_free;
-+ OTHERNAME_new;
-+ X509_CERT_AUX_new;
-+ X509_TRUST_cleanup;
-+ X509_NAME_add_entry_by_OBJ;
-+ X509_CRL_get_ext_d2i;
-+ X509_PURPOSE_get0_name;
-+ PEM_read_PUBKEY;
-+ i2d_DSA_PUBKEY_bio;
-+ i2d_OTHERNAME;
-+ ASN1_OCTET_STRING_free;
-+ ASN1_BIT_STRING_set_asc;
-+ X509_get_ex_new_index;
-+ ASN1_STRING_TABLE_cleanup;
-+ X509_TRUST_get_by_id;
-+ X509_PURPOSE_get_trust;
-+ ASN1_STRING_length;
-+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+ ASN1_PRINTABLESTRING_new;
-+ X509V3_get_d2i;
-+ ASN1_ENUMERATED_free;
-+ i2d_X509_CERT_AUX;
-+ X509_STORE_CTX_set_trust;
-+ ASN1_STRING_set_default_mask;
-+ X509_STORE_CTX_new;
-+ EVP_PKEY_get1_RSA;
-+ DIRECTORYSTRING_free;
-+ PEM_write_X509_AUX;
-+ ASN1_OCTET_STRING_set;
-+ d2i_DSA_PUBKEY_fp;
-+ d2i_RSA_PUBKEY;
-+ X509_TRUST_get0_name;
-+ X509_TRUST_get0;
-+ AUTHORITY_INFO_ACCESS_free;
-+ ASN1_IA5STRING_new;
-+ d2i_DSA_PUBKEY;
-+ X509_check_purpose;
-+ ASN1_ENUMERATED_new;
-+ d2i_RSA_PUBKEY_bio;
-+ d2i_PUBKEY;
-+ X509_TRUST_get_trust;
-+ X509_TRUST_get_flags;
-+ ASN1_BMPSTRING_free;
-+ ASN1_T61STRING_new;
-+ ASN1_UTCTIME_new;
-+ i2d_AUTHORITY_INFO_ACCESS;
-+ EVP_PKEY_set1_RSA;
-+ X509_STORE_CTX_set_purpose;
-+ ASN1_IA5STRING_free;
-+ PEM_write_bio_X509_AUX;
-+ X509_PURPOSE_get_count;
-+ CRYPTO_add_info;
-+ X509_NAME_ENTRY_create_by_txt;
-+ ASN1_STRING_get_default_mask;
-+ X509_alias_get0;
-+ ASN1_STRING_data;
-+ i2d_ACCESS_DESCRIPTION;
-+ X509_trust_set_bit;
-+ ASN1_BIT_STRING_free;
-+ PEM_read_bio_RSA_PUBKEY;
-+ X509_add1_reject_object;
-+ X509_check_trust;
-+ PEM_read_bio_DSA_PUBKEY;
-+ X509_PURPOSE_add;
-+ ASN1_STRING_TABLE_get;
-+ ASN1_UTF8STRING_free;
-+ d2i_DSA_PUBKEY_bio;
-+ PEM_write_RSA_PUBKEY;
-+ d2i_OTHERNAME;
-+ X509_reject_set_bit;
-+ PEM_write_DSA_PUBKEY;
-+ X509_PURPOSE_get0_sname;
-+ EVP_PKEY_set1_DH;
-+ ASN1_OCTET_STRING_dup;
-+ ASN1_BIT_STRING_set;
-+ X509_TRUST_get_count;
-+ ASN1_INTEGER_free;
-+ OTHERNAME_free;
-+ i2d_RSA_PUBKEY_fp;
-+ ASN1_INTEGER_dup;
-+ d2i_X509_CERT_AUX;
-+ PEM_write_bio_PUBKEY;
-+ ASN1_VISIBLESTRING_free;
-+ X509_PURPOSE_cleanup;
-+ ASN1_mbstring_ncopy;
-+ ASN1_GENERALIZEDTIME_new;
-+ EVP_PKEY_get1_DH;
-+ ASN1_OCTET_STRING_new;
-+ ASN1_INTEGER_new;
-+ i2d_X509_AUX;
-+ ASN1_BIT_STRING_name_print;
-+ X509_cmp;
-+ ASN1_STRING_length_set;
-+ DIRECTORYSTRING_new;
-+ X509_add1_trust_object;
-+ PKCS12_newpass;
-+ SMIME_write_PKCS7;
-+ SMIME_read_PKCS7;
-+ DES_set_key_checked;
-+ PKCS7_verify;
-+ PKCS7_encrypt;
-+ DES_set_key_unchecked;
-+ SMIME_crlf_copy;
-+ i2d_ASN1_PRINTABLESTRING;
-+ PKCS7_get0_signers;
-+ PKCS7_decrypt;
-+ SMIME_text;
-+ PKCS7_simple_smimecap;
-+ PKCS7_get_smimecap;
-+ PKCS7_sign;
-+ PKCS7_add_attrib_smimecap;
-+ CRYPTO_dbg_set_options;
-+ CRYPTO_remove_all_info;
-+ CRYPTO_get_mem_debug_functions;
-+ CRYPTO_is_mem_check_on;
-+ CRYPTO_set_mem_debug_functions;
-+ CRYPTO_pop_info;
-+ CRYPTO_push_info_;
-+ CRYPTO_set_mem_debug_options;
-+ PEM_write_PKCS8PrivateKey_nid;
-+ PEM_write_bio_PKCS8PrivateKey_nid;
-+ PEM_write_bio_PKCS8PrivKey_nid;
-+ d2i_PKCS8PrivateKey_bio;
-+ ASN1_NULL_free;
-+ d2i_ASN1_NULL;
-+ ASN1_NULL_new;
-+ i2d_PKCS8PrivateKey_bio;
-+ i2d_PKCS8PrivateKey_fp;
-+ i2d_ASN1_NULL;
-+ i2d_PKCS8PrivateKey_nid_fp;
-+ d2i_PKCS8PrivateKey_fp;
-+ i2d_PKCS8PrivateKey_nid_bio;
-+ i2d_PKCS8PrivateKeyInfo_fp;
-+ i2d_PKCS8PrivateKeyInfo_bio;
-+ PEM_cb;
-+ i2d_PrivateKey_fp;
-+ d2i_PrivateKey_bio;
-+ d2i_PrivateKey_fp;
-+ i2d_PrivateKey_bio;
-+ X509_reject_clear;
-+ X509_TRUST_set_default;
-+ d2i_AutoPrivateKey;
-+ X509_ATTRIBUTE_get0_type;
-+ X509_ATTRIBUTE_set1_data;
-+ X509at_get_attr;
-+ X509at_get_attr_count;
-+ X509_ATTRIBUTE_create_by_NID;
-+ X509_ATTRIBUTE_set1_object;
-+ X509_ATTRIBUTE_count;
-+ X509_ATTRIBUTE_create_by_OBJ;
-+ X509_ATTRIBUTE_get0_object;
-+ X509at_get_attr_by_NID;
-+ X509at_add1_attr;
-+ X509_ATTRIBUTE_get0_data;
-+ X509at_delete_attr;
-+ X509at_get_attr_by_OBJ;
-+ RAND_add;
-+ BIO_number_written;
-+ BIO_number_read;
-+ X509_STORE_CTX_get1_chain;
-+ ERR_load_RAND_strings;
-+ RAND_pseudo_bytes;
-+ X509_REQ_get_attr_by_NID;
-+ X509_REQ_get_attr;
-+ X509_REQ_add1_attr_by_NID;
-+ X509_REQ_get_attr_by_OBJ;
-+ X509at_add1_attr_by_NID;
-+ X509_REQ_add1_attr_by_OBJ;
-+ X509_REQ_get_attr_count;
-+ X509_REQ_add1_attr;
-+ X509_REQ_delete_attr;
-+ X509at_add1_attr_by_OBJ;
-+ X509_REQ_add1_attr_by_txt;
-+ X509_ATTRIBUTE_create_by_txt;
-+ X509at_add1_attr_by_txt;
-+ BN_pseudo_rand;
-+ BN_is_prime_fasttest;
-+ BN_CTX_end;
-+ BN_CTX_start;
-+ BN_CTX_get;
-+ EVP_PKEY2PKCS8_broken;
-+ ASN1_STRING_TABLE_add;
-+ CRYPTO_dbg_get_options;
-+ AUTHORITY_INFO_ACCESS_new;
-+ CRYPTO_get_mem_debug_options;
-+ DES_crypt;
-+ PEM_write_bio_X509_REQ_NEW;
-+ PEM_write_X509_REQ_NEW;
-+ BIO_callback_ctrl;
-+ RAND_egd;
-+ RAND_status;
-+ bn_dump1;
-+ DES_check_key_parity;
-+ lh_num_items;
-+ RAND_event;
-+ DSO_new;
-+ DSO_new_method;
-+ DSO_free;
-+ DSO_flags;
-+ DSO_up;
-+ DSO_set_default_method;
-+ DSO_get_default_method;
-+ DSO_get_method;
-+ DSO_set_method;
-+ DSO_load;
-+ DSO_bind_var;
-+ DSO_METHOD_null;
-+ DSO_METHOD_openssl;
-+ DSO_METHOD_dlfcn;
-+ DSO_METHOD_win32;
-+ ERR_load_DSO_strings;
-+ DSO_METHOD_dl;
-+ NCONF_load;
-+ NCONF_load_fp;
-+ NCONF_new;
-+ NCONF_get_string;
-+ NCONF_free;
-+ NCONF_get_number;
-+ CONF_dump_fp;
-+ NCONF_load_bio;
-+ NCONF_dump_fp;
-+ NCONF_get_section;
-+ NCONF_dump_bio;
-+ CONF_dump_bio;
-+ NCONF_free_data;
-+ CONF_set_default_method;
-+ ERR_error_string_n;
-+ BIO_snprintf;
-+ DSO_ctrl;
-+ i2d_ASN1_SET_OF_ASN1_INTEGER;
-+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+ i2d_ASN1_SET_OF_PKCS7;
-+ BIO_vfree;
-+ d2i_ASN1_SET_OF_ASN1_INTEGER;
-+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+ ASN1_UTCTIME_get;
-+ X509_REQ_digest;
-+ X509_CRL_digest;
-+ d2i_ASN1_SET_OF_PKCS7;
-+ EVP_CIPHER_CTX_set_key_length;
-+ EVP_CIPHER_CTX_ctrl;
-+ BN_mod_exp_mont_word;
-+ RAND_egd_bytes;
-+ X509_REQ_get1_email;
-+ X509_get1_email;
-+ X509_email_free;
-+ i2d_RSA_NET;
-+ d2i_RSA_NET_2;
-+ d2i_RSA_NET;
-+ DSO_bind_func;
-+ CRYPTO_get_new_dynlockid;
-+ sk_new_null;
-+ CRYPTO_set_dynlock_destroy_callback;
-+ CRYPTO_set_dynlock_destroy_cb;
-+ CRYPTO_destroy_dynlockid;
-+ CRYPTO_set_dynlock_size;
-+ CRYPTO_set_dynlock_create_callback;
-+ CRYPTO_set_dynlock_create_cb;
-+ CRYPTO_set_dynlock_lock_callback;
-+ CRYPTO_set_dynlock_lock_cb;
-+ CRYPTO_get_dynlock_lock_callback;
-+ CRYPTO_get_dynlock_lock_cb;
-+ CRYPTO_get_dynlock_destroy_callback;
-+ CRYPTO_get_dynlock_destroy_cb;
-+ CRYPTO_get_dynlock_value;
-+ CRYPTO_get_dynlock_create_callback;
-+ CRYPTO_get_dynlock_create_cb;
-+ c2i_ASN1_BIT_STRING;
-+ i2c_ASN1_BIT_STRING;
-+ RAND_poll;
-+ c2i_ASN1_INTEGER;
-+ i2c_ASN1_INTEGER;
-+ BIO_dump_indent;
-+ ASN1_parse_dump;
-+ c2i_ASN1_OBJECT;
-+ X509_NAME_print_ex_fp;
-+ ASN1_STRING_print_ex_fp;
-+ X509_NAME_print_ex;
-+ ASN1_STRING_print_ex;
-+ MD4;
-+ MD4_Transform;
-+ MD4_Final;
-+ MD4_Update;
-+ MD4_Init;
-+ EVP_md4;
-+ i2d_PUBKEY_bio;
-+ i2d_PUBKEY_fp;
-+ d2i_PUBKEY_bio;
-+ ASN1_STRING_to_UTF8;
-+ BIO_vprintf;
-+ BIO_vsnprintf;
-+ d2i_PUBKEY_fp;
-+ X509_cmp_time;
-+ X509_STORE_CTX_set_time;
-+ X509_STORE_CTX_get1_issuer;
-+ X509_OBJECT_retrieve_match;
-+ X509_OBJECT_idx_by_subject;
-+ X509_STORE_CTX_set_flags;
-+ X509_STORE_CTX_trusted_stack;
-+ X509_time_adj;
-+ X509_check_issued;
-+ ASN1_UTCTIME_cmp_time_t;
-+ DES_set_weak_key_flag;
-+ DES_check_key;
-+ DES_rw_mode;
-+ RSA_PKCS1_RSAref;
-+ X509_keyid_set1;
-+ BIO_next;
-+ DSO_METHOD_vms;
-+ BIO_f_linebuffer;
-+ BN_bntest_rand;
-+ OPENSSL_issetugid;
-+ BN_rand_range;
-+ ERR_load_ENGINE_strings;
-+ ENGINE_set_DSA;
-+ ENGINE_get_finish_function;
-+ ENGINE_get_default_RSA;
-+ ENGINE_get_BN_mod_exp;
-+ DSA_get_default_openssl_method;
-+ ENGINE_set_DH;
-+ ENGINE_set_def_BN_mod_exp_crt;
-+ ENGINE_set_default_BN_mod_exp_crt;
-+ ENGINE_init;
-+ DH_get_default_openssl_method;
-+ RSA_set_default_openssl_method;
-+ ENGINE_finish;
-+ ENGINE_load_public_key;
-+ ENGINE_get_DH;
-+ ENGINE_ctrl;
-+ ENGINE_get_init_function;
-+ ENGINE_set_init_function;
-+ ENGINE_set_default_DSA;
-+ ENGINE_get_name;
-+ ENGINE_get_last;
-+ ENGINE_get_prev;
-+ ENGINE_get_default_DH;
-+ ENGINE_get_RSA;
-+ ENGINE_set_default;
-+ ENGINE_get_RAND;
-+ ENGINE_get_first;
-+ ENGINE_by_id;
-+ ENGINE_set_finish_function;
-+ ENGINE_get_def_BN_mod_exp_crt;
-+ ENGINE_get_default_BN_mod_exp_crt;
-+ RSA_get_default_openssl_method;
-+ ENGINE_set_RSA;
-+ ENGINE_load_private_key;
-+ ENGINE_set_default_RAND;
-+ ENGINE_set_BN_mod_exp;
-+ ENGINE_remove;
-+ ENGINE_free;
-+ ENGINE_get_BN_mod_exp_crt;
-+ ENGINE_get_next;
-+ ENGINE_set_name;
-+ ENGINE_get_default_DSA;
-+ ENGINE_set_default_BN_mod_exp;
-+ ENGINE_set_default_RSA;
-+ ENGINE_get_default_RAND;
-+ ENGINE_get_default_BN_mod_exp;
-+ ENGINE_set_RAND;
-+ ENGINE_set_id;
-+ ENGINE_set_BN_mod_exp_crt;
-+ ENGINE_set_default_DH;
-+ ENGINE_new;
-+ ENGINE_get_id;
-+ DSA_set_default_openssl_method;
-+ ENGINE_add;
-+ DH_set_default_openssl_method;
-+ ENGINE_get_DSA;
-+ ENGINE_get_ctrl_function;
-+ ENGINE_set_ctrl_function;
-+ BN_pseudo_rand_range;
-+ X509_STORE_CTX_set_verify_cb;
-+ ERR_load_COMP_strings;
-+ PKCS12_item_decrypt_d2i;
-+ ASN1_UTF8STRING_it;
-+ ENGINE_unregister_ciphers;
-+ ENGINE_get_ciphers;
-+ d2i_OCSP_BASICRESP;
-+ KRB5_CHECKSUM_it;
-+ EC_POINT_add;
-+ ASN1_item_ex_i2d;
-+ OCSP_CERTID_it;
-+ d2i_OCSP_RESPBYTES;
-+ X509V3_add1_i2d;
-+ PKCS7_ENVELOPE_it;
-+ UI_add_input_boolean;
-+ ENGINE_unregister_RSA;
-+ X509V3_EXT_nconf;
-+ ASN1_GENERALSTRING_free;
-+ d2i_OCSP_CERTSTATUS;
-+ X509_REVOKED_set_serialNumber;
-+ X509_print_ex;
-+ OCSP_ONEREQ_get1_ext_d2i;
-+ ENGINE_register_all_RAND;
-+ ENGINE_load_dynamic;
-+ PBKDF2PARAM_it;
-+ EXTENDED_KEY_USAGE_new;
-+ EC_GROUP_clear_free;
-+ OCSP_sendreq_bio;
-+ ASN1_item_digest;
-+ OCSP_BASICRESP_delete_ext;
-+ OCSP_SIGNATURE_it;
-+ X509_CRL_it;
-+ OCSP_BASICRESP_add_ext;
-+ KRB5_ENCKEY_it;
-+ UI_method_set_closer;
-+ X509_STORE_set_purpose;
-+ i2d_ASN1_GENERALSTRING;
-+ OCSP_response_status;
-+ i2d_OCSP_SERVICELOC;
-+ ENGINE_get_digest_engine;
-+ EC_GROUP_set_curve_GFp;
-+ OCSP_REQUEST_get_ext_by_OBJ;
-+ _ossl_old_des_random_key;
-+ ASN1_T61STRING_it;
-+ EC_GROUP_method_of;
-+ i2d_KRB5_APREQ;
-+ _ossl_old_des_encrypt;
-+ ASN1_PRINTABLE_new;
-+ HMAC_Init_ex;
-+ d2i_KRB5_AUTHENT;
-+ OCSP_archive_cutoff_new;
-+ EC_POINT_set_Jprojective_coordinates_GFp;
-+ EC_POINT_set_Jproj_coords_GFp;
-+ _ossl_old_des_is_weak_key;
-+ OCSP_BASICRESP_get_ext_by_OBJ;
-+ EC_POINT_oct2point;
-+ OCSP_SINGLERESP_get_ext_count;
-+ UI_ctrl;
-+ _shadow_DES_rw_mode;
-+ asn1_do_adb;
-+ ASN1_template_i2d;
-+ ENGINE_register_DH;
-+ UI_construct_prompt;
-+ X509_STORE_set_trust;
-+ UI_dup_input_string;
-+ d2i_KRB5_APREQ;
-+ EVP_MD_CTX_copy_ex;
-+ OCSP_request_is_signed;
-+ i2d_OCSP_REQINFO;
-+ KRB5_ENCKEY_free;
-+ OCSP_resp_get0;
-+ GENERAL_NAME_it;
-+ ASN1_GENERALIZEDTIME_it;
-+ X509_STORE_set_flags;
-+ EC_POINT_set_compressed_coordinates_GFp;
-+ EC_POINT_set_compr_coords_GFp;
-+ OCSP_response_status_str;
-+ d2i_OCSP_REVOKEDINFO;
-+ OCSP_basic_add1_cert;
-+ ERR_get_implementation;
-+ EVP_CipherFinal_ex;
-+ OCSP_CERTSTATUS_new;
-+ CRYPTO_cleanup_all_ex_data;
-+ OCSP_resp_find;
-+ BN_nnmod;
-+ X509_CRL_sort;
-+ X509_REVOKED_set_revocationDate;
-+ ENGINE_register_RAND;
-+ OCSP_SERVICELOC_new;
-+ EC_POINT_set_affine_coordinates_GFp;
-+ EC_POINT_set_affine_coords_GFp;
-+ _ossl_old_des_options;
-+ SXNET_it;
-+ UI_dup_input_boolean;
-+ PKCS12_add_CSPName_asc;
-+ EC_POINT_is_at_infinity;
-+ ENGINE_load_cryptodev;
-+ DSO_convert_filename;
-+ POLICYQUALINFO_it;
-+ ENGINE_register_ciphers;
-+ BN_mod_lshift_quick;
-+ DSO_set_filename;
-+ ASN1_item_free;
-+ KRB5_TKTBODY_free;
-+ AUTHORITY_KEYID_it;
-+ KRB5_APREQBODY_new;
-+ X509V3_EXT_REQ_add_nconf;
-+ ENGINE_ctrl_cmd_string;
-+ i2d_OCSP_RESPDATA;
-+ EVP_MD_CTX_init;
-+ EXTENDED_KEY_USAGE_free;
-+ PKCS7_ATTR_SIGN_it;
-+ UI_add_error_string;
-+ KRB5_CHECKSUM_free;
-+ OCSP_REQUEST_get_ext;
-+ ENGINE_load_ubsec;
-+ ENGINE_register_all_digests;
-+ PKEY_USAGE_PERIOD_it;
-+ PKCS12_unpack_authsafes;
-+ ASN1_item_unpack;
-+ NETSCAPE_SPKAC_it;
-+ X509_REVOKED_it;
-+ ASN1_STRING_encode;
-+ EVP_aes_128_ecb;
-+ KRB5_AUTHENT_free;
-+ OCSP_BASICRESP_get_ext_by_critical;
-+ OCSP_BASICRESP_get_ext_by_crit;
-+ OCSP_cert_status_str;
-+ d2i_OCSP_REQUEST;
-+ UI_dup_info_string;
-+ _ossl_old_des_xwhite_in2out;
-+ PKCS12_it;
-+ OCSP_SINGLERESP_get_ext_by_critical;
-+ OCSP_SINGLERESP_get_ext_by_crit;
-+ OCSP_CERTSTATUS_free;
-+ _ossl_old_des_crypt;
-+ ASN1_item_i2d;
-+ EVP_DecryptFinal_ex;
-+ ENGINE_load_openssl;
-+ ENGINE_get_cmd_defns;
-+ ENGINE_set_load_privkey_function;
-+ ENGINE_set_load_privkey_fn;
-+ EVP_EncryptFinal_ex;
-+ ENGINE_set_default_digests;
-+ X509_get0_pubkey_bitstr;
-+ asn1_ex_i2c;
-+ ENGINE_register_RSA;
-+ ENGINE_unregister_DSA;
-+ _ossl_old_des_key_sched;
-+ X509_EXTENSION_it;
-+ i2d_KRB5_AUTHENT;
-+ SXNETID_it;
-+ d2i_OCSP_SINGLERESP;
-+ EDIPARTYNAME_new;
-+ PKCS12_certbag2x509;
-+ _ossl_old_des_ofb64_encrypt;
-+ d2i_EXTENDED_KEY_USAGE;
-+ ERR_print_errors_cb;
-+ ENGINE_set_ciphers;
-+ d2i_KRB5_APREQBODY;
-+ UI_method_get_flusher;
-+ X509_PUBKEY_it;
-+ _ossl_old_des_enc_read;
-+ PKCS7_ENCRYPT_it;
-+ i2d_OCSP_RESPONSE;
-+ EC_GROUP_get_cofactor;
-+ PKCS12_unpack_p7data;
-+ d2i_KRB5_AUTHDATA;
-+ OCSP_copy_nonce;
-+ KRB5_AUTHDATA_new;
-+ OCSP_RESPDATA_new;
-+ EC_GFp_mont_method;
-+ OCSP_REVOKEDINFO_free;
-+ UI_get_ex_data;
-+ KRB5_APREQBODY_free;
-+ EC_GROUP_get0_generator;
-+ UI_get_default_method;
-+ X509V3_set_nconf;
-+ PKCS12_item_i2d_encrypt;
-+ X509_add1_ext_i2d;
-+ PKCS7_SIGNER_INFO_it;
-+ KRB5_PRINCNAME_new;
-+ PKCS12_SAFEBAG_it;
-+ EC_GROUP_get_order;
-+ d2i_OCSP_RESPID;
-+ OCSP_request_verify;
-+ NCONF_get_number_e;
-+ _ossl_old_des_decrypt3;
-+ X509_signature_print;
-+ OCSP_SINGLERESP_free;
-+ ENGINE_load_builtin_engines;
-+ i2d_OCSP_ONEREQ;
-+ OCSP_REQUEST_add_ext;
-+ OCSP_RESPBYTES_new;
-+ EVP_MD_CTX_create;
-+ OCSP_resp_find_status;
-+ X509_ALGOR_it;
-+ ASN1_TIME_it;
-+ OCSP_request_set1_name;
-+ OCSP_ONEREQ_get_ext_count;
-+ UI_get0_result;
-+ PKCS12_AUTHSAFES_it;
-+ EVP_aes_256_ecb;
-+ PKCS12_pack_authsafes;
-+ ASN1_IA5STRING_it;
-+ UI_get_input_flags;
-+ EC_GROUP_set_generator;
-+ _ossl_old_des_string_to_2keys;
-+ OCSP_CERTID_free;
-+ X509_CERT_AUX_it;
-+ CERTIFICATEPOLICIES_it;
-+ _ossl_old_des_ede3_cbc_encrypt;
-+ RAND_set_rand_engine;
-+ DSO_get_loaded_filename;
-+ X509_ATTRIBUTE_it;
-+ OCSP_ONEREQ_get_ext_by_NID;
-+ PKCS12_decrypt_skey;
-+ KRB5_AUTHENT_it;
-+ UI_dup_error_string;
-+ RSAPublicKey_it;
-+ i2d_OCSP_REQUEST;
-+ PKCS12_x509crl2certbag;
-+ OCSP_SERVICELOC_it;
-+ ASN1_item_sign;
-+ X509_CRL_set_issuer_name;
-+ OBJ_NAME_do_all_sorted;
-+ i2d_OCSP_BASICRESP;
-+ i2d_OCSP_RESPBYTES;
-+ PKCS12_unpack_p7encdata;
-+ HMAC_CTX_init;
-+ ENGINE_get_digest;
-+ OCSP_RESPONSE_print;
-+ KRB5_TKTBODY_it;
-+ ACCESS_DESCRIPTION_it;
-+ PKCS7_ISSUER_AND_SERIAL_it;
-+ PBE2PARAM_it;
-+ PKCS12_certbag2x509crl;
-+ PKCS7_SIGNED_it;
-+ ENGINE_get_cipher;
-+ i2d_OCSP_CRLID;
-+ OCSP_SINGLERESP_new;
-+ ENGINE_cmd_is_executable;
-+ RSA_up_ref;
-+ ASN1_GENERALSTRING_it;
-+ ENGINE_register_DSA;
-+ X509V3_EXT_add_nconf_sk;
-+ ENGINE_set_load_pubkey_function;
-+ PKCS8_decrypt;
-+ PEM_bytes_read_bio;
-+ DIRECTORYSTRING_it;
-+ d2i_OCSP_CRLID;
-+ EC_POINT_is_on_curve;
-+ CRYPTO_set_locked_mem_ex_functions;
-+ CRYPTO_set_locked_mem_ex_funcs;
-+ d2i_KRB5_CHECKSUM;
-+ ASN1_item_dup;
-+ X509_it;
-+ BN_mod_add;
-+ KRB5_AUTHDATA_free;
-+ _ossl_old_des_cbc_cksum;
-+ ASN1_item_verify;
-+ CRYPTO_set_mem_ex_functions;
-+ EC_POINT_get_Jprojective_coordinates_GFp;
-+ EC_POINT_get_Jproj_coords_GFp;
-+ ZLONG_it;
-+ CRYPTO_get_locked_mem_ex_functions;
-+ CRYPTO_get_locked_mem_ex_funcs;
-+ ASN1_TIME_check;
-+ UI_get0_user_data;
-+ HMAC_CTX_cleanup;
-+ DSA_up_ref;
-+ _ossl_old_des_ede3_cfb64_encrypt;
-+ _ossl_odes_ede3_cfb64_encrypt;
-+ ASN1_BMPSTRING_it;
-+ ASN1_tag2bit;
-+ UI_method_set_flusher;
-+ X509_ocspid_print;
-+ KRB5_ENCDATA_it;
-+ ENGINE_get_load_pubkey_function;
-+ UI_add_user_data;
-+ OCSP_REQUEST_delete_ext;
-+ UI_get_method;
-+ OCSP_ONEREQ_free;
-+ ASN1_PRINTABLESTRING_it;
-+ X509_CRL_set_nextUpdate;
-+ OCSP_REQUEST_it;
-+ OCSP_BASICRESP_it;
-+ AES_ecb_encrypt;
-+ BN_mod_sqr;
-+ NETSCAPE_CERT_SEQUENCE_it;
-+ GENERAL_NAMES_it;
-+ AUTHORITY_INFO_ACCESS_it;
-+ ASN1_FBOOLEAN_it;
-+ UI_set_ex_data;
-+ _ossl_old_des_string_to_key;
-+ ENGINE_register_all_RSA;
-+ d2i_KRB5_PRINCNAME;
-+ OCSP_RESPBYTES_it;
-+ X509_CINF_it;
-+ ENGINE_unregister_digests;
-+ d2i_EDIPARTYNAME;
-+ d2i_OCSP_SERVICELOC;
-+ ENGINE_get_digests;
-+ _ossl_old_des_set_odd_parity;
-+ OCSP_RESPDATA_free;
-+ d2i_KRB5_TICKET;
-+ OTHERNAME_it;
-+ EVP_MD_CTX_cleanup;
-+ d2i_ASN1_GENERALSTRING;
-+ X509_CRL_set_version;
-+ BN_mod_sub;
-+ OCSP_SINGLERESP_get_ext_by_NID;
-+ ENGINE_get_ex_new_index;
-+ OCSP_REQUEST_free;
-+ OCSP_REQUEST_add1_ext_i2d;
-+ X509_VAL_it;
-+ EC_POINTs_make_affine;
-+ EC_POINT_mul;
-+ X509V3_EXT_add_nconf;
-+ X509_TRUST_set;
-+ X509_CRL_add1_ext_i2d;
-+ _ossl_old_des_fcrypt;
-+ DISPLAYTEXT_it;
-+ X509_CRL_set_lastUpdate;
-+ OCSP_BASICRESP_free;
-+ OCSP_BASICRESP_add1_ext_i2d;
-+ d2i_KRB5_AUTHENTBODY;
-+ CRYPTO_set_ex_data_implementation;
-+ CRYPTO_set_ex_data_impl;
-+ KRB5_ENCDATA_new;
-+ DSO_up_ref;
-+ OCSP_crl_reason_str;
-+ UI_get0_result_string;
-+ ASN1_GENERALSTRING_new;
-+ X509_SIG_it;
-+ ERR_set_implementation;
-+ ERR_load_EC_strings;
-+ UI_get0_action_string;
-+ OCSP_ONEREQ_get_ext;
-+ EC_POINT_method_of;
-+ i2d_KRB5_APREQBODY;
-+ _ossl_old_des_ecb3_encrypt;
-+ CRYPTO_get_mem_ex_functions;
-+ ENGINE_get_ex_data;
-+ UI_destroy_method;
-+ ASN1_item_i2d_bio;
-+ OCSP_ONEREQ_get_ext_by_OBJ;
-+ ASN1_primitive_new;
-+ ASN1_PRINTABLE_it;
-+ EVP_aes_192_ecb;
-+ OCSP_SIGNATURE_new;
-+ LONG_it;
-+ ASN1_VISIBLESTRING_it;
-+ OCSP_SINGLERESP_add1_ext_i2d;
-+ d2i_OCSP_CERTID;
-+ ASN1_item_d2i_fp;
-+ CRL_DIST_POINTS_it;
-+ GENERAL_NAME_print;
-+ OCSP_SINGLERESP_delete_ext;
-+ PKCS12_SAFEBAGS_it;
-+ d2i_OCSP_SIGNATURE;
-+ OCSP_request_add1_nonce;
-+ ENGINE_set_cmd_defns;
-+ OCSP_SERVICELOC_free;
-+ EC_GROUP_free;
-+ ASN1_BIT_STRING_it;
-+ X509_REQ_it;
-+ _ossl_old_des_cbc_encrypt;
-+ ERR_unload_strings;
-+ PKCS7_SIGN_ENVELOPE_it;
-+ EDIPARTYNAME_free;
-+ OCSP_REQINFO_free;
-+ EC_GROUP_new_curve_GFp;
-+ OCSP_REQUEST_get1_ext_d2i;
-+ PKCS12_item_pack_safebag;
-+ asn1_ex_c2i;
-+ ENGINE_register_digests;
-+ i2d_OCSP_REVOKEDINFO;
-+ asn1_enc_restore;
-+ UI_free;
-+ UI_new_method;
-+ EVP_EncryptInit_ex;
-+ X509_pubkey_digest;
-+ EC_POINT_invert;
-+ OCSP_basic_sign;
-+ i2d_OCSP_RESPID;
-+ OCSP_check_nonce;
-+ ENGINE_ctrl_cmd;
-+ d2i_KRB5_ENCKEY;
-+ OCSP_parse_url;
-+ OCSP_SINGLERESP_get_ext;
-+ OCSP_CRLID_free;
-+ OCSP_BASICRESP_get1_ext_d2i;
-+ RSAPrivateKey_it;
-+ ENGINE_register_all_DH;
-+ i2d_EDIPARTYNAME;
-+ EC_POINT_get_affine_coordinates_GFp;
-+ EC_POINT_get_affine_coords_GFp;
-+ OCSP_CRLID_new;
-+ ENGINE_get_flags;
-+ OCSP_ONEREQ_it;
-+ UI_process;
-+ ASN1_INTEGER_it;
-+ EVP_CipherInit_ex;
-+ UI_get_string_type;
-+ ENGINE_unregister_DH;
-+ ENGINE_register_all_DSA;
-+ OCSP_ONEREQ_get_ext_by_critical;
-+ bn_dup_expand;
-+ OCSP_cert_id_new;
-+ BASIC_CONSTRAINTS_it;
-+ BN_mod_add_quick;
-+ EC_POINT_new;
-+ EVP_MD_CTX_destroy;
-+ OCSP_RESPBYTES_free;
-+ EVP_aes_128_cbc;
-+ OCSP_SINGLERESP_get1_ext_d2i;
-+ EC_POINT_free;
-+ DH_up_ref;
-+ X509_NAME_ENTRY_it;
-+ UI_get_ex_new_index;
-+ BN_mod_sub_quick;
-+ OCSP_ONEREQ_add_ext;
-+ OCSP_request_sign;
-+ EVP_DigestFinal_ex;
-+ ENGINE_set_digests;
-+ OCSP_id_issuer_cmp;
-+ OBJ_NAME_do_all;
-+ EC_POINTs_mul;
-+ ENGINE_register_complete;
-+ X509V3_EXT_nconf_nid;
-+ ASN1_SEQUENCE_it;
-+ UI_set_default_method;
-+ RAND_query_egd_bytes;
-+ UI_method_get_writer;
-+ UI_OpenSSL;
-+ PEM_def_callback;
-+ ENGINE_cleanup;
-+ DIST_POINT_it;
-+ OCSP_SINGLERESP_it;
-+ d2i_KRB5_TKTBODY;
-+ EC_POINT_cmp;
-+ OCSP_REVOKEDINFO_new;
-+ i2d_OCSP_CERTSTATUS;
-+ OCSP_basic_add1_nonce;
-+ ASN1_item_ex_d2i;
-+ BN_mod_lshift1_quick;
-+ UI_set_method;
-+ OCSP_id_get0_info;
-+ BN_mod_sqrt;
-+ EC_GROUP_copy;
-+ KRB5_ENCDATA_free;
-+ _ossl_old_des_cfb_encrypt;
-+ OCSP_SINGLERESP_get_ext_by_OBJ;
-+ OCSP_cert_to_id;
-+ OCSP_RESPID_new;
-+ OCSP_RESPDATA_it;
-+ d2i_OCSP_RESPDATA;
-+ ENGINE_register_all_complete;
-+ OCSP_check_validity;
-+ PKCS12_BAGS_it;
-+ OCSP_url_svcloc_new;
-+ ASN1_template_free;
-+ OCSP_SINGLERESP_add_ext;
-+ KRB5_AUTHENTBODY_it;
-+ X509_supported_extension;
-+ i2d_KRB5_AUTHDATA;
-+ UI_method_get_opener;
-+ ENGINE_set_ex_data;
-+ OCSP_REQUEST_print;
-+ CBIGNUM_it;
-+ KRB5_TICKET_new;
-+ KRB5_APREQ_new;
-+ EC_GROUP_get_curve_GFp;
-+ KRB5_ENCKEY_new;
-+ ASN1_template_d2i;
-+ _ossl_old_des_quad_cksum;
-+ OCSP_single_get0_status;
-+ BN_swap;
-+ POLICYINFO_it;
-+ ENGINE_set_destroy_function;
-+ asn1_enc_free;
-+ OCSP_RESPID_it;
-+ EC_GROUP_new;
-+ EVP_aes_256_cbc;
-+ i2d_KRB5_PRINCNAME;
-+ _ossl_old_des_encrypt2;
-+ _ossl_old_des_encrypt3;
-+ PKCS8_PRIV_KEY_INFO_it;
-+ OCSP_REQINFO_it;
-+ PBEPARAM_it;
-+ KRB5_AUTHENTBODY_new;
-+ X509_CRL_add0_revoked;
-+ EDIPARTYNAME_it;
-+ NETSCAPE_SPKI_it;
-+ UI_get0_test_string;
-+ ENGINE_get_cipher_engine;
-+ ENGINE_register_all_ciphers;
-+ EC_POINT_copy;
-+ BN_kronecker;
-+ _ossl_old_des_ede3_ofb64_encrypt;
-+ _ossl_odes_ede3_ofb64_encrypt;
-+ UI_method_get_reader;
-+ OCSP_BASICRESP_get_ext_count;
-+ ASN1_ENUMERATED_it;
-+ UI_set_result;
-+ i2d_KRB5_TICKET;
-+ X509_print_ex_fp;
-+ EVP_CIPHER_CTX_set_padding;
-+ d2i_OCSP_RESPONSE;
-+ ASN1_UTCTIME_it;
-+ _ossl_old_des_enc_write;
-+ OCSP_RESPONSE_new;
-+ AES_set_encrypt_key;
-+ OCSP_resp_count;
-+ KRB5_CHECKSUM_new;
-+ ENGINE_load_cswift;
-+ OCSP_onereq_get0_id;
-+ ENGINE_set_default_ciphers;
-+ NOTICEREF_it;
-+ X509V3_EXT_CRL_add_nconf;
-+ OCSP_REVOKEDINFO_it;
-+ AES_encrypt;
-+ OCSP_REQUEST_new;
-+ ASN1_ANY_it;
-+ CRYPTO_ex_data_new_class;
-+ _ossl_old_des_ncbc_encrypt;
-+ i2d_KRB5_TKTBODY;
-+ EC_POINT_clear_free;
-+ AES_decrypt;
-+ asn1_enc_init;
-+ UI_get_result_maxsize;
-+ OCSP_CERTID_new;
-+ ENGINE_unregister_RAND;
-+ UI_method_get_closer;
-+ d2i_KRB5_ENCDATA;
-+ OCSP_request_onereq_count;
-+ OCSP_basic_verify;
-+ KRB5_AUTHENTBODY_free;
-+ ASN1_item_d2i;
-+ ASN1_primitive_free;
-+ i2d_EXTENDED_KEY_USAGE;
-+ i2d_OCSP_SIGNATURE;
-+ asn1_enc_save;
-+ ENGINE_load_nuron;
-+ _ossl_old_des_pcbc_encrypt;
-+ PKCS12_MAC_DATA_it;
-+ OCSP_accept_responses_new;
-+ asn1_do_lock;
-+ PKCS7_ATTR_VERIFY_it;
-+ KRB5_APREQBODY_it;
-+ i2d_OCSP_SINGLERESP;
-+ ASN1_item_ex_new;
-+ UI_add_verify_string;
-+ _ossl_old_des_set_key;
-+ KRB5_PRINCNAME_it;
-+ EVP_DecryptInit_ex;
-+ i2d_OCSP_CERTID;
-+ ASN1_item_d2i_bio;
-+ EC_POINT_dbl;
-+ asn1_get_choice_selector;
-+ i2d_KRB5_CHECKSUM;
-+ ENGINE_set_table_flags;
-+ AES_options;
-+ ENGINE_load_chil;
-+ OCSP_id_cmp;
-+ OCSP_BASICRESP_new;
-+ OCSP_REQUEST_get_ext_by_NID;
-+ KRB5_APREQ_it;
-+ ENGINE_get_destroy_function;
-+ CONF_set_nconf;
-+ ASN1_PRINTABLE_free;
-+ OCSP_BASICRESP_get_ext_by_NID;
-+ DIST_POINT_NAME_it;
-+ X509V3_extensions_print;
-+ _ossl_old_des_cfb64_encrypt;
-+ X509_REVOKED_add1_ext_i2d;
-+ _ossl_old_des_ofb_encrypt;
-+ KRB5_TKTBODY_new;
-+ ASN1_OCTET_STRING_it;
-+ ERR_load_UI_strings;
-+ i2d_KRB5_ENCKEY;
-+ ASN1_template_new;
-+ OCSP_SIGNATURE_free;
-+ ASN1_item_i2d_fp;
-+ KRB5_PRINCNAME_free;
-+ PKCS7_RECIP_INFO_it;
-+ EXTENDED_KEY_USAGE_it;
-+ EC_GFp_simple_method;
-+ EC_GROUP_precompute_mult;
-+ OCSP_request_onereq_get0;
-+ UI_method_set_writer;
-+ KRB5_AUTHENT_new;
-+ X509_CRL_INFO_it;
-+ DSO_set_name_converter;
-+ AES_set_decrypt_key;
-+ PKCS7_DIGEST_it;
-+ PKCS12_x5092certbag;
-+ EVP_DigestInit_ex;
-+ i2a_ACCESS_DESCRIPTION;
-+ OCSP_RESPONSE_it;
-+ PKCS7_ENC_CONTENT_it;
-+ OCSP_request_add0_id;
-+ EC_POINT_make_affine;
-+ DSO_get_filename;
-+ OCSP_CERTSTATUS_it;
-+ OCSP_request_add1_cert;
-+ UI_get0_output_string;
-+ UI_dup_verify_string;
-+ BN_mod_lshift;
-+ KRB5_AUTHDATA_it;
-+ asn1_set_choice_selector;
-+ OCSP_basic_add1_status;
-+ OCSP_RESPID_free;
-+ asn1_get_field_ptr;
-+ UI_add_input_string;
-+ OCSP_CRLID_it;
-+ i2d_KRB5_AUTHENTBODY;
-+ OCSP_REQUEST_get_ext_count;
-+ ENGINE_load_atalla;
-+ X509_NAME_it;
-+ USERNOTICE_it;
-+ OCSP_REQINFO_new;
-+ OCSP_BASICRESP_get_ext;
-+ CRYPTO_get_ex_data_implementation;
-+ CRYPTO_get_ex_data_impl;
-+ ASN1_item_pack;
-+ i2d_KRB5_ENCDATA;
-+ X509_PURPOSE_set;
-+ X509_REQ_INFO_it;
-+ UI_method_set_opener;
-+ ASN1_item_ex_free;
-+ ASN1_BOOLEAN_it;
-+ ENGINE_get_table_flags;
-+ UI_create_method;
-+ OCSP_ONEREQ_add1_ext_i2d;
-+ _shadow_DES_check_key;
-+ d2i_OCSP_REQINFO;
-+ UI_add_info_string;
-+ UI_get_result_minsize;
-+ ASN1_NULL_it;
-+ BN_mod_lshift1;
-+ d2i_OCSP_ONEREQ;
-+ OCSP_ONEREQ_new;
-+ KRB5_TICKET_it;
-+ EVP_aes_192_cbc;
-+ KRB5_TICKET_free;
-+ UI_new;
-+ OCSP_response_create;
-+ _ossl_old_des_xcbc_encrypt;
-+ PKCS7_it;
-+ OCSP_REQUEST_get_ext_by_critical;
-+ OCSP_REQUEST_get_ext_by_crit;
-+ ENGINE_set_flags;
-+ _ossl_old_des_ecb_encrypt;
-+ OCSP_response_get1_basic;
-+ EVP_Digest;
-+ OCSP_ONEREQ_delete_ext;
-+ ASN1_TBOOLEAN_it;
-+ ASN1_item_new;
-+ ASN1_TIME_to_generalizedtime;
-+ BIGNUM_it;
-+ AES_cbc_encrypt;
-+ ENGINE_get_load_privkey_function;
-+ ENGINE_get_load_privkey_fn;
-+ OCSP_RESPONSE_free;
-+ UI_method_set_reader;
-+ i2d_ASN1_T61STRING;
-+ EC_POINT_set_to_infinity;
-+ ERR_load_OCSP_strings;
-+ EC_POINT_point2oct;
-+ KRB5_APREQ_free;
-+ ASN1_OBJECT_it;
-+ OCSP_crlID_new;
-+ OCSP_crlID2_new;
-+ CONF_modules_load_file;
-+ CONF_imodule_set_usr_data;
-+ ENGINE_set_default_string;
-+ CONF_module_get_usr_data;
-+ ASN1_add_oid_module;
-+ CONF_modules_finish;
-+ OPENSSL_config;
-+ CONF_modules_unload;
-+ CONF_imodule_get_value;
-+ CONF_module_set_usr_data;
-+ CONF_parse_list;
-+ CONF_module_add;
-+ CONF_get1_default_config_file;
-+ CONF_imodule_get_flags;
-+ CONF_imodule_get_module;
-+ CONF_modules_load;
-+ CONF_imodule_get_name;
-+ ERR_peek_top_error;
-+ CONF_imodule_get_usr_data;
-+ CONF_imodule_set_flags;
-+ ENGINE_add_conf_module;
-+ ERR_peek_last_error_line;
-+ ERR_peek_last_error_line_data;
-+ ERR_peek_last_error;
-+ DES_read_2passwords;
-+ DES_read_password;
-+ UI_UTIL_read_pw;
-+ UI_UTIL_read_pw_string;
-+ ENGINE_load_aep;
-+ ENGINE_load_sureware;
-+ OPENSSL_add_all_algorithms_noconf;
-+ OPENSSL_add_all_algo_noconf;
-+ OPENSSL_add_all_algorithms_conf;
-+ OPENSSL_add_all_algo_conf;
-+ OPENSSL_load_builtin_modules;
-+ AES_ofb128_encrypt;
-+ AES_ctr128_encrypt;
-+ AES_cfb128_encrypt;
-+ ENGINE_load_4758cca;
-+ _ossl_096_des_random_seed;
-+ EVP_aes_256_ofb;
-+ EVP_aes_192_ofb;
-+ EVP_aes_128_cfb128;
-+ EVP_aes_256_cfb128;
-+ EVP_aes_128_ofb;
-+ EVP_aes_192_cfb128;
-+ CONF_modules_free;
-+ NCONF_default;
-+ OPENSSL_no_config;
-+ NCONF_WIN32;
-+ ASN1_UNIVERSALSTRING_new;
-+ EVP_des_ede_ecb;
-+ i2d_ASN1_UNIVERSALSTRING;
-+ ASN1_UNIVERSALSTRING_free;
-+ ASN1_UNIVERSALSTRING_it;
-+ d2i_ASN1_UNIVERSALSTRING;
-+ EVP_des_ede3_ecb;
-+ X509_REQ_print_ex;
-+ ENGINE_up_ref;
-+ BUF_MEM_grow_clean;
-+ CRYPTO_realloc_clean;
-+ BUF_strlcat;
-+ BIO_indent;
-+ BUF_strlcpy;
-+ OpenSSLDie;
-+ OPENSSL_cleanse;
-+ ENGINE_setup_bsd_cryptodev;
-+ ERR_release_err_state_table;
-+ EVP_aes_128_cfb8;
-+ FIPS_corrupt_rsa;
-+ FIPS_selftest_des;
-+ EVP_aes_128_cfb1;
-+ EVP_aes_192_cfb8;
-+ FIPS_mode_set;
-+ FIPS_selftest_dsa;
-+ EVP_aes_256_cfb8;
-+ FIPS_allow_md5;
-+ DES_ede3_cfb_encrypt;
-+ EVP_des_ede3_cfb8;
-+ FIPS_rand_seeded;
-+ AES_cfbr_encrypt_block;
-+ AES_cfb8_encrypt;
-+ FIPS_rand_seed;
-+ FIPS_corrupt_des;
-+ EVP_aes_192_cfb1;
-+ FIPS_selftest_aes;
-+ FIPS_set_prng_key;
-+ EVP_des_cfb8;
-+ FIPS_corrupt_dsa;
-+ FIPS_test_mode;
-+ FIPS_rand_method;
-+ EVP_aes_256_cfb1;
-+ ERR_load_FIPS_strings;
-+ FIPS_corrupt_aes;
-+ FIPS_selftest_sha1;
-+ FIPS_selftest_rsa;
-+ FIPS_corrupt_sha1;
-+ EVP_des_cfb1;
-+ FIPS_dsa_check;
-+ AES_cfb1_encrypt;
-+ EVP_des_ede3_cfb1;
-+ FIPS_rand_check;
-+ FIPS_md5_allowed;
-+ FIPS_mode;
-+ FIPS_selftest_failed;
-+ sk_is_sorted;
-+ X509_check_ca;
-+ HMAC_CTX_set_flags;
-+ d2i_PROXY_CERT_INFO_EXTENSION;
-+ PROXY_POLICY_it;
-+ i2d_PROXY_POLICY;
-+ i2d_PROXY_CERT_INFO_EXTENSION;
-+ d2i_PROXY_POLICY;
-+ PROXY_CERT_INFO_EXTENSION_new;
-+ PROXY_CERT_INFO_EXTENSION_free;
-+ PROXY_CERT_INFO_EXTENSION_it;
-+ PROXY_POLICY_free;
-+ PROXY_POLICY_new;
-+ BN_MONT_CTX_set_locked;
-+ FIPS_selftest_rng;
-+ EVP_sha384;
-+ EVP_sha512;
-+ EVP_sha224;
-+ EVP_sha256;
-+ FIPS_selftest_hmac;
-+ FIPS_corrupt_rng;
-+ BN_mod_exp_mont_consttime;
-+ RSA_X931_hash_id;
-+ RSA_padding_check_X931;
-+ RSA_verify_PKCS1_PSS;
-+ RSA_padding_add_X931;
-+ RSA_padding_add_PKCS1_PSS;
-+ PKCS1_MGF1;
-+ BN_X931_generate_Xpq;
-+ RSA_X931_generate_key;
-+ BN_X931_derive_prime;
-+ BN_X931_generate_prime;
-+ RSA_X931_derive;
-+ BIO_new_dgram;
-+ BN_get0_nist_prime_384;
-+ ERR_set_mark;
-+ X509_STORE_CTX_set0_crls;
-+ ENGINE_set_STORE;
-+ ENGINE_register_ECDSA;
-+ STORE_meth_set_list_start_fn;
-+ STORE_method_set_list_start_function;
-+ BN_BLINDING_invert_ex;
-+ NAME_CONSTRAINTS_free;
-+ STORE_ATTR_INFO_set_number;
-+ BN_BLINDING_get_thread_id;
-+ X509_STORE_CTX_set0_param;
-+ POLICY_MAPPING_it;
-+ STORE_parse_attrs_start;
-+ POLICY_CONSTRAINTS_free;
-+ EVP_PKEY_add1_attr_by_NID;
-+ BN_nist_mod_192;
-+ EC_GROUP_get_trinomial_basis;
-+ STORE_set_method;
-+ GENERAL_SUBTREE_free;
-+ NAME_CONSTRAINTS_it;
-+ ECDH_get_default_method;
-+ PKCS12_add_safe;
-+ EC_KEY_new_by_curve_name;
-+ STORE_meth_get_update_store_fn;
-+ STORE_method_get_update_store_function;
-+ ENGINE_register_ECDH;
-+ SHA512_Update;
-+ i2d_ECPrivateKey;
-+ BN_get0_nist_prime_192;
-+ STORE_modify_certificate;
-+ EC_POINT_set_affine_coordinates_GF2m;
-+ EC_POINT_set_affine_coords_GF2m;
-+ BN_GF2m_mod_exp_arr;
-+ STORE_ATTR_INFO_modify_number;
-+ X509_keyid_get0;
-+ ENGINE_load_gmp;
-+ pitem_new;
-+ BN_GF2m_mod_mul_arr;
-+ STORE_list_public_key_endp;
-+ o2i_ECPublicKey;
-+ EC_KEY_copy;
-+ BIO_dump_fp;
-+ X509_policy_node_get0_parent;
-+ EC_GROUP_check_discriminant;
-+ i2o_ECPublicKey;
-+ EC_KEY_precompute_mult;
-+ a2i_IPADDRESS;
-+ STORE_meth_set_initialise_fn;
-+ STORE_method_set_initialise_function;
-+ X509_STORE_CTX_set_depth;
-+ X509_VERIFY_PARAM_inherit;
-+ EC_POINT_point2bn;
-+ STORE_ATTR_INFO_set_dn;
-+ X509_policy_tree_get0_policies;
-+ EC_GROUP_new_curve_GF2m;
-+ STORE_destroy_method;
-+ ENGINE_unregister_STORE;
-+ EVP_PKEY_get1_EC_KEY;
-+ STORE_ATTR_INFO_get0_number;
-+ ENGINE_get_default_ECDH;
-+ EC_KEY_get_conv_form;
-+ ASN1_OCTET_STRING_NDEF_it;
-+ STORE_delete_public_key;
-+ STORE_get_public_key;
-+ STORE_modify_arbitrary;
-+ ENGINE_get_static_state;
-+ pqueue_iterator;
-+ ECDSA_SIG_new;
-+ OPENSSL_DIR_end;
-+ BN_GF2m_mod_sqr;
-+ EC_POINT_bn2point;
-+ X509_VERIFY_PARAM_set_depth;
-+ EC_KEY_set_asn1_flag;
-+ STORE_get_method;
-+ EC_KEY_get_key_method_data;
-+ ECDSA_sign_ex;
-+ STORE_parse_attrs_end;
-+ EC_GROUP_get_point_conversion_form;
-+ EC_GROUP_get_point_conv_form;
-+ STORE_method_set_store_function;
-+ STORE_ATTR_INFO_in;
-+ PEM_read_bio_ECPKParameters;
-+ EC_GROUP_get_pentanomial_basis;
-+ EVP_PKEY_add1_attr_by_txt;
-+ BN_BLINDING_set_flags;
-+ X509_VERIFY_PARAM_set1_policies;
-+ X509_VERIFY_PARAM_set1_name;
-+ X509_VERIFY_PARAM_set_purpose;
-+ STORE_get_number;
-+ ECDSA_sign_setup;
-+ BN_GF2m_mod_solve_quad_arr;
-+ EC_KEY_up_ref;
-+ POLICY_MAPPING_free;
-+ BN_GF2m_mod_div;
-+ X509_VERIFY_PARAM_set_flags;
-+ EC_KEY_free;
-+ STORE_meth_set_list_next_fn;
-+ STORE_method_set_list_next_function;
-+ PEM_write_bio_ECPrivateKey;
-+ d2i_EC_PUBKEY;
-+ STORE_meth_get_generate_fn;
-+ STORE_method_get_generate_function;
-+ STORE_meth_set_list_end_fn;
-+ STORE_method_set_list_end_function;
-+ pqueue_print;
-+ EC_GROUP_have_precompute_mult;
-+ EC_KEY_print_fp;
-+ BN_GF2m_mod_arr;
-+ PEM_write_bio_X509_CERT_PAIR;
-+ EVP_PKEY_cmp;
-+ X509_policy_level_node_count;
-+ STORE_new_engine;
-+ STORE_list_public_key_start;
-+ X509_VERIFY_PARAM_new;
-+ ECDH_get_ex_data;
-+ EVP_PKEY_get_attr;
-+ ECDSA_do_sign;
-+ ENGINE_unregister_ECDH;
-+ ECDH_OpenSSL;
-+ EC_KEY_set_conv_form;
-+ EC_POINT_dup;
-+ GENERAL_SUBTREE_new;
-+ STORE_list_crl_endp;
-+ EC_get_builtin_curves;
-+ X509_policy_node_get0_qualifiers;
-+ X509_pcy_node_get0_qualifiers;
-+ STORE_list_crl_end;
-+ EVP_PKEY_set1_EC_KEY;
-+ BN_GF2m_mod_sqrt_arr;
-+ i2d_ECPrivateKey_bio;
-+ ECPKParameters_print_fp;
-+ pqueue_find;
-+ ECDSA_SIG_free;
-+ PEM_write_bio_ECPKParameters;
-+ STORE_method_set_ctrl_function;
-+ STORE_list_public_key_end;
-+ EC_KEY_set_private_key;
-+ pqueue_peek;
-+ STORE_get_arbitrary;
-+ STORE_store_crl;
-+ X509_policy_node_get0_policy;
-+ PKCS12_add_safes;
-+ BN_BLINDING_convert_ex;
-+ X509_policy_tree_free;
-+ OPENSSL_ia32cap_loc;
-+ BN_GF2m_poly2arr;
-+ STORE_ctrl;
-+ STORE_ATTR_INFO_compare;
-+ BN_get0_nist_prime_224;
-+ i2d_ECParameters;
-+ i2d_ECPKParameters;
-+ BN_GENCB_call;
-+ d2i_ECPKParameters;
-+ STORE_meth_set_generate_fn;
-+ STORE_method_set_generate_function;
-+ ENGINE_set_ECDH;
-+ NAME_CONSTRAINTS_new;
-+ SHA256_Init;
-+ EC_KEY_get0_public_key;
-+ PEM_write_bio_EC_PUBKEY;
-+ STORE_ATTR_INFO_set_cstr;
-+ STORE_list_crl_next;
-+ STORE_ATTR_INFO_in_range;
-+ ECParameters_print;
-+ STORE_meth_set_delete_fn;
-+ STORE_method_set_delete_function;
-+ STORE_list_certificate_next;
-+ ASN1_generate_nconf;
-+ BUF_memdup;
-+ BN_GF2m_mod_mul;
-+ STORE_meth_get_list_next_fn;
-+ STORE_method_get_list_next_function;
-+ STORE_ATTR_INFO_get0_dn;
-+ STORE_list_private_key_next;
-+ EC_GROUP_set_seed;
-+ X509_VERIFY_PARAM_set_trust;
-+ STORE_ATTR_INFO_free;
-+ STORE_get_private_key;
-+ EVP_PKEY_get_attr_count;
-+ STORE_ATTR_INFO_new;
-+ EC_GROUP_get_curve_GF2m;
-+ STORE_meth_set_revoke_fn;
-+ STORE_method_set_revoke_function;
-+ STORE_store_number;
-+ BN_is_prime_ex;
-+ STORE_revoke_public_key;
-+ X509_STORE_CTX_get0_param;
-+ STORE_delete_arbitrary;
-+ PEM_read_X509_CERT_PAIR;
-+ X509_STORE_set_depth;
-+ ECDSA_get_ex_data;
-+ SHA224;
-+ BIO_dump_indent_fp;
-+ EC_KEY_set_group;
-+ BUF_strndup;
-+ STORE_list_certificate_start;
-+ BN_GF2m_mod;
-+ X509_REQ_check_private_key;
-+ EC_GROUP_get_seed_len;
-+ ERR_load_STORE_strings;
-+ PEM_read_bio_EC_PUBKEY;
-+ STORE_list_private_key_end;
-+ i2d_EC_PUBKEY;
-+ ECDSA_get_default_method;
-+ ASN1_put_eoc;
-+ X509_STORE_CTX_get_explicit_policy;
-+ X509_STORE_CTX_get_expl_policy;
-+ X509_VERIFY_PARAM_table_cleanup;
-+ STORE_modify_private_key;
-+ X509_VERIFY_PARAM_free;
-+ EC_METHOD_get_field_type;
-+ EC_GFp_nist_method;
-+ STORE_meth_set_modify_fn;
-+ STORE_method_set_modify_function;
-+ STORE_parse_attrs_next;
-+ ENGINE_load_padlock;
-+ EC_GROUP_set_curve_name;
-+ X509_CERT_PAIR_it;
-+ STORE_meth_get_revoke_fn;
-+ STORE_method_get_revoke_function;
-+ STORE_method_set_get_function;
-+ STORE_modify_number;
-+ STORE_method_get_store_function;
-+ STORE_store_private_key;
-+ BN_GF2m_mod_sqr_arr;
-+ RSA_setup_blinding;
-+ BIO_s_datagram;
-+ STORE_Memory;
-+ sk_find_ex;
-+ EC_GROUP_set_curve_GF2m;
-+ ENGINE_set_default_ECDSA;
-+ POLICY_CONSTRAINTS_new;
-+ BN_GF2m_mod_sqrt;
-+ ECDH_set_default_method;
-+ EC_KEY_generate_key;
-+ SHA384_Update;
-+ BN_GF2m_arr2poly;
-+ STORE_method_get_get_function;
-+ STORE_meth_set_cleanup_fn;
-+ STORE_method_set_cleanup_function;
-+ EC_GROUP_check;
-+ d2i_ECPrivateKey_bio;
-+ EC_KEY_insert_key_method_data;
-+ STORE_meth_get_lock_store_fn;
-+ STORE_method_get_lock_store_function;
-+ X509_VERIFY_PARAM_get_depth;
-+ SHA224_Final;
-+ STORE_meth_set_update_store_fn;
-+ STORE_method_set_update_store_function;
-+ SHA224_Update;
-+ d2i_ECPrivateKey;
-+ ASN1_item_ndef_i2d;
-+ STORE_delete_private_key;
-+ ERR_pop_to_mark;
-+ ENGINE_register_all_STORE;
-+ X509_policy_level_get0_node;
-+ i2d_PKCS7_NDEF;
-+ EC_GROUP_get_degree;
-+ ASN1_generate_v3;
-+ STORE_ATTR_INFO_modify_cstr;
-+ X509_policy_tree_level_count;
-+ BN_GF2m_add;
-+ EC_KEY_get0_group;
-+ STORE_generate_crl;
-+ STORE_store_public_key;
-+ X509_CERT_PAIR_free;
-+ STORE_revoke_private_key;
-+ BN_nist_mod_224;
-+ SHA512_Final;
-+ STORE_ATTR_INFO_modify_dn;
-+ STORE_meth_get_initialise_fn;
-+ STORE_method_get_initialise_function;
-+ STORE_delete_number;
-+ i2d_EC_PUBKEY_bio;
-+ BIO_dgram_non_fatal_error;
-+ EC_GROUP_get_asn1_flag;
-+ STORE_ATTR_INFO_in_ex;
-+ STORE_list_crl_start;
-+ ECDH_get_ex_new_index;
-+ STORE_meth_get_modify_fn;
-+ STORE_method_get_modify_function;
-+ v2i_ASN1_BIT_STRING;
-+ STORE_store_certificate;
-+ OBJ_bsearch_ex;
-+ X509_STORE_CTX_set_default;
-+ STORE_ATTR_INFO_set_sha1str;
-+ BN_GF2m_mod_inv;
-+ BN_GF2m_mod_exp;
-+ STORE_modify_public_key;
-+ STORE_meth_get_list_start_fn;
-+ STORE_method_get_list_start_function;
-+ EC_GROUP_get0_seed;
-+ STORE_store_arbitrary;
-+ STORE_meth_set_unlock_store_fn;
-+ STORE_method_set_unlock_store_function;
-+ BN_GF2m_mod_div_arr;
-+ ENGINE_set_ECDSA;
-+ STORE_create_method;
-+ ECPKParameters_print;
-+ EC_KEY_get0_private_key;
-+ PEM_write_EC_PUBKEY;
-+ X509_VERIFY_PARAM_set1;
-+ ECDH_set_method;
-+ v2i_GENERAL_NAME_ex;
-+ ECDH_set_ex_data;
-+ STORE_generate_key;
-+ BN_nist_mod_521;
-+ X509_policy_tree_get0_level;
-+ EC_GROUP_set_point_conversion_form;
-+ EC_GROUP_set_point_conv_form;
-+ PEM_read_EC_PUBKEY;
-+ i2d_ECDSA_SIG;
-+ ECDSA_OpenSSL;
-+ STORE_delete_crl;
-+ EC_KEY_get_enc_flags;
-+ ASN1_const_check_infinite_end;
-+ EVP_PKEY_delete_attr;
-+ ECDSA_set_default_method;
-+ EC_POINT_set_compressed_coordinates_GF2m;
-+ EC_POINT_set_compr_coords_GF2m;
-+ EC_GROUP_cmp;
-+ STORE_revoke_certificate;
-+ BN_get0_nist_prime_256;
-+ STORE_meth_get_delete_fn;
-+ STORE_method_get_delete_function;
-+ SHA224_Init;
-+ PEM_read_ECPrivateKey;
-+ SHA512_Init;
-+ STORE_parse_attrs_endp;
-+ BN_set_negative;
-+ ERR_load_ECDSA_strings;
-+ EC_GROUP_get_basis_type;
-+ STORE_list_public_key_next;
-+ i2v_ASN1_BIT_STRING;
-+ STORE_OBJECT_free;
-+ BN_nist_mod_384;
-+ i2d_X509_CERT_PAIR;
-+ PEM_write_ECPKParameters;
-+ ECDH_compute_key;
-+ STORE_ATTR_INFO_get0_sha1str;
-+ ENGINE_register_all_ECDH;
-+ pqueue_pop;
-+ STORE_ATTR_INFO_get0_cstr;
-+ POLICY_CONSTRAINTS_it;
-+ STORE_get_ex_new_index;
-+ EVP_PKEY_get_attr_by_OBJ;
-+ X509_VERIFY_PARAM_add0_policy;
-+ BN_GF2m_mod_solve_quad;
-+ SHA256;
-+ i2d_ECPrivateKey_fp;
-+ X509_policy_tree_get0_user_policies;
-+ X509_pcy_tree_get0_usr_policies;
-+ OPENSSL_DIR_read;
-+ ENGINE_register_all_ECDSA;
-+ X509_VERIFY_PARAM_lookup;
-+ EC_POINT_get_affine_coordinates_GF2m;
-+ EC_POINT_get_affine_coords_GF2m;
-+ EC_GROUP_dup;
-+ ENGINE_get_default_ECDSA;
-+ EC_KEY_new;
-+ SHA256_Transform;
-+ EC_KEY_set_enc_flags;
-+ ECDSA_verify;
-+ EC_POINT_point2hex;
-+ ENGINE_get_STORE;
-+ SHA512;
-+ STORE_get_certificate;
-+ ECDSA_do_sign_ex;
-+ ECDSA_do_verify;
-+ d2i_ECPrivateKey_fp;
-+ STORE_delete_certificate;
-+ SHA512_Transform;
-+ X509_STORE_set1_param;
-+ STORE_method_get_ctrl_function;
-+ STORE_free;
-+ PEM_write_ECPrivateKey;
-+ STORE_meth_get_unlock_store_fn;
-+ STORE_method_get_unlock_store_function;
-+ STORE_get_ex_data;
-+ EC_KEY_set_public_key;
-+ PEM_read_ECPKParameters;
-+ X509_CERT_PAIR_new;
-+ ENGINE_register_STORE;
-+ RSA_generate_key_ex;
-+ DSA_generate_parameters_ex;
-+ ECParameters_print_fp;
-+ X509V3_NAME_from_section;
-+ EVP_PKEY_add1_attr;
-+ STORE_modify_crl;
-+ STORE_list_private_key_start;
-+ POLICY_MAPPINGS_it;
-+ GENERAL_SUBTREE_it;
-+ EC_GROUP_get_curve_name;
-+ PEM_write_X509_CERT_PAIR;
-+ BIO_dump_indent_cb;
-+ d2i_X509_CERT_PAIR;
-+ STORE_list_private_key_endp;
-+ asn1_const_Finish;
-+ i2d_EC_PUBKEY_fp;
-+ BN_nist_mod_256;
-+ X509_VERIFY_PARAM_add0_table;
-+ pqueue_free;
-+ BN_BLINDING_create_param;
-+ ECDSA_size;
-+ d2i_EC_PUBKEY_bio;
-+ BN_get0_nist_prime_521;
-+ STORE_ATTR_INFO_modify_sha1str;
-+ BN_generate_prime_ex;
-+ EC_GROUP_new_by_curve_name;
-+ SHA256_Final;
-+ DH_generate_parameters_ex;
-+ PEM_read_bio_ECPrivateKey;
-+ STORE_meth_get_cleanup_fn;
-+ STORE_method_get_cleanup_function;
-+ ENGINE_get_ECDH;
-+ d2i_ECDSA_SIG;
-+ BN_is_prime_fasttest_ex;
-+ ECDSA_sign;
-+ X509_policy_check;
-+ EVP_PKEY_get_attr_by_NID;
-+ STORE_set_ex_data;
-+ ENGINE_get_ECDSA;
-+ EVP_ecdsa;
-+ BN_BLINDING_get_flags;
-+ PKCS12_add_cert;
-+ STORE_OBJECT_new;
-+ ERR_load_ECDH_strings;
-+ EC_KEY_dup;
-+ EVP_CIPHER_CTX_rand_key;
-+ ECDSA_set_method;
-+ a2i_IPADDRESS_NC;
-+ d2i_ECParameters;
-+ STORE_list_certificate_end;
-+ STORE_get_crl;
-+ X509_POLICY_NODE_print;
-+ SHA384_Init;
-+ EC_GF2m_simple_method;
-+ ECDSA_set_ex_data;
-+ SHA384_Final;
-+ PKCS7_set_digest;
-+ EC_KEY_print;
-+ STORE_meth_set_lock_store_fn;
-+ STORE_method_set_lock_store_function;
-+ ECDSA_get_ex_new_index;
-+ SHA384;
-+ POLICY_MAPPING_new;
-+ STORE_list_certificate_endp;
-+ X509_STORE_CTX_get0_policy_tree;
-+ EC_GROUP_set_asn1_flag;
-+ EC_KEY_check_key;
-+ d2i_EC_PUBKEY_fp;
-+ PKCS7_set0_type_other;
-+ PEM_read_bio_X509_CERT_PAIR;
-+ pqueue_next;
-+ STORE_meth_get_list_end_fn;
-+ STORE_method_get_list_end_function;
-+ EVP_PKEY_add1_attr_by_OBJ;
-+ X509_VERIFY_PARAM_set_time;
-+ pqueue_new;
-+ ENGINE_set_default_ECDH;
-+ STORE_new_method;
-+ PKCS12_add_key;
-+ DSO_merge;
-+ EC_POINT_hex2point;
-+ BIO_dump_cb;
-+ SHA256_Update;
-+ pqueue_insert;
-+ pitem_free;
-+ BN_GF2m_mod_inv_arr;
-+ ENGINE_unregister_ECDSA;
-+ BN_BLINDING_set_thread_id;
-+ get_rfc3526_prime_8192;
-+ X509_VERIFY_PARAM_clear_flags;
-+ get_rfc2409_prime_1024;
-+ DH_check_pub_key;
-+ get_rfc3526_prime_2048;
-+ get_rfc3526_prime_6144;
-+ get_rfc3526_prime_1536;
-+ get_rfc3526_prime_3072;
-+ get_rfc3526_prime_4096;
-+ get_rfc2409_prime_768;
-+ X509_VERIFY_PARAM_get_flags;
-+ EVP_CIPHER_CTX_new;
-+ EVP_CIPHER_CTX_free;
-+ Camellia_cbc_encrypt;
-+ Camellia_cfb128_encrypt;
-+ Camellia_cfb1_encrypt;
-+ Camellia_cfb8_encrypt;
-+ Camellia_ctr128_encrypt;
-+ Camellia_cfbr_encrypt_block;
-+ Camellia_decrypt;
-+ Camellia_ecb_encrypt;
-+ Camellia_encrypt;
-+ Camellia_ofb128_encrypt;
-+ Camellia_set_key;
-+ EVP_camellia_128_cbc;
-+ EVP_camellia_128_cfb128;
-+ EVP_camellia_128_cfb1;
-+ EVP_camellia_128_cfb8;
-+ EVP_camellia_128_ecb;
-+ EVP_camellia_128_ofb;
-+ EVP_camellia_192_cbc;
-+ EVP_camellia_192_cfb128;
-+ EVP_camellia_192_cfb1;
-+ EVP_camellia_192_cfb8;
-+ EVP_camellia_192_ecb;
-+ EVP_camellia_192_ofb;
-+ EVP_camellia_256_cbc;
-+ EVP_camellia_256_cfb128;
-+ EVP_camellia_256_cfb1;
-+ EVP_camellia_256_cfb8;
-+ EVP_camellia_256_ecb;
-+ EVP_camellia_256_ofb;
-+ a2i_ipadd;
-+ ASIdentifiers_free;
-+ i2d_ASIdOrRange;
-+ EVP_CIPHER_block_size;
-+ v3_asid_is_canonical;
-+ IPAddressChoice_free;
-+ EVP_CIPHER_CTX_set_app_data;
-+ BIO_set_callback_arg;
-+ v3_addr_add_prefix;
-+ IPAddressOrRange_it;
-+ BIO_set_flags;
-+ ASIdentifiers_it;
-+ v3_addr_get_range;
-+ BIO_method_type;
-+ v3_addr_inherits;
-+ IPAddressChoice_it;
-+ AES_ige_encrypt;
-+ v3_addr_add_range;
-+ EVP_CIPHER_CTX_nid;
-+ d2i_ASRange;
-+ v3_addr_add_inherit;
-+ v3_asid_add_id_or_range;
-+ v3_addr_validate_resource_set;
-+ EVP_CIPHER_iv_length;
-+ EVP_MD_type;
-+ v3_asid_canonize;
-+ IPAddressRange_free;
-+ v3_asid_add_inherit;
-+ EVP_CIPHER_CTX_key_length;
-+ IPAddressRange_new;
-+ ASIdOrRange_new;
-+ EVP_MD_size;
-+ EVP_MD_CTX_test_flags;
-+ BIO_clear_flags;
-+ i2d_ASRange;
-+ IPAddressRange_it;
-+ IPAddressChoice_new;
-+ ASIdentifierChoice_new;
-+ ASRange_free;
-+ EVP_MD_pkey_type;
-+ EVP_MD_CTX_clear_flags;
-+ IPAddressFamily_free;
-+ i2d_IPAddressFamily;
-+ IPAddressOrRange_new;
-+ EVP_CIPHER_flags;
-+ v3_asid_validate_resource_set;
-+ d2i_IPAddressRange;
-+ AES_bi_ige_encrypt;
-+ BIO_get_callback;
-+ IPAddressOrRange_free;
-+ v3_addr_subset;
-+ d2i_IPAddressFamily;
-+ v3_asid_subset;
-+ BIO_test_flags;
-+ i2d_ASIdentifierChoice;
-+ ASRange_it;
-+ d2i_ASIdentifiers;
-+ ASRange_new;
-+ d2i_IPAddressChoice;
-+ v3_addr_get_afi;
-+ EVP_CIPHER_key_length;
-+ EVP_Cipher;
-+ i2d_IPAddressOrRange;
-+ ASIdOrRange_it;
-+ EVP_CIPHER_nid;
-+ i2d_IPAddressChoice;
-+ EVP_CIPHER_CTX_block_size;
-+ ASIdentifiers_new;
-+ v3_addr_validate_path;
-+ IPAddressFamily_new;
-+ EVP_MD_CTX_set_flags;
-+ v3_addr_is_canonical;
-+ i2d_IPAddressRange;
-+ IPAddressFamily_it;
-+ v3_asid_inherits;
-+ EVP_CIPHER_CTX_cipher;
-+ EVP_CIPHER_CTX_get_app_data;
-+ EVP_MD_block_size;
-+ EVP_CIPHER_CTX_flags;
-+ v3_asid_validate_path;
-+ d2i_IPAddressOrRange;
-+ v3_addr_canonize;
-+ ASIdentifierChoice_it;
-+ EVP_MD_CTX_md;
-+ d2i_ASIdentifierChoice;
-+ BIO_method_name;
-+ EVP_CIPHER_CTX_iv_length;
-+ ASIdOrRange_free;
-+ ASIdentifierChoice_free;
-+ BIO_get_callback_arg;
-+ BIO_set_callback;
-+ d2i_ASIdOrRange;
-+ i2d_ASIdentifiers;
-+ SEED_decrypt;
-+ SEED_encrypt;
-+ SEED_cbc_encrypt;
-+ EVP_seed_ofb;
-+ SEED_cfb128_encrypt;
-+ SEED_ofb128_encrypt;
-+ EVP_seed_cbc;
-+ SEED_ecb_encrypt;
-+ EVP_seed_ecb;
-+ SEED_set_key;
-+ EVP_seed_cfb128;
-+ X509_EXTENSIONS_it;
-+ X509_get1_ocsp;
-+ OCSP_REQ_CTX_free;
-+ i2d_X509_EXTENSIONS;
-+ OCSP_sendreq_nbio;
-+ OCSP_sendreq_new;
-+ d2i_X509_EXTENSIONS;
-+ X509_ALGORS_it;
-+ X509_ALGOR_get0;
-+ X509_ALGOR_set0;
-+ AES_unwrap_key;
-+ AES_wrap_key;
-+ X509at_get0_data_by_OBJ;
-+ ASN1_TYPE_set1;
-+ ASN1_STRING_set0;
-+ i2d_X509_ALGORS;
-+ BIO_f_zlib;
-+ COMP_zlib_cleanup;
-+ d2i_X509_ALGORS;
-+ CMS_ReceiptRequest_free;
-+ PEM_write_CMS;
-+ CMS_add0_CertificateChoices;
-+ CMS_unsigned_add1_attr_by_OBJ;
-+ ERR_load_CMS_strings;
-+ CMS_sign_receipt;
-+ i2d_CMS_ContentInfo;
-+ CMS_signed_delete_attr;
-+ d2i_CMS_bio;
-+ CMS_unsigned_get_attr_by_NID;
-+ CMS_verify;
-+ SMIME_read_CMS;
-+ CMS_decrypt_set1_key;
-+ CMS_SignerInfo_get0_algs;
-+ CMS_add1_cert;
-+ CMS_set_detached;
-+ CMS_encrypt;
-+ CMS_EnvelopedData_create;
-+ CMS_uncompress;
-+ CMS_add0_crl;
-+ CMS_SignerInfo_verify_content;
-+ CMS_unsigned_get0_data_by_OBJ;
-+ PEM_write_bio_CMS;
-+ CMS_unsigned_get_attr;
-+ CMS_RecipientInfo_ktri_cert_cmp;
-+ CMS_RecipientInfo_ktri_get0_algs;
-+ CMS_RecipInfo_ktri_get0_algs;
-+ CMS_ContentInfo_free;
-+ CMS_final;
-+ CMS_add_simple_smimecap;
-+ CMS_SignerInfo_verify;
-+ CMS_data;
-+ CMS_ContentInfo_it;
-+ d2i_CMS_ReceiptRequest;
-+ CMS_compress;
-+ CMS_digest_create;
-+ CMS_SignerInfo_cert_cmp;
-+ CMS_SignerInfo_sign;
-+ CMS_data_create;
-+ i2d_CMS_bio;
-+ CMS_EncryptedData_set1_key;
-+ CMS_decrypt;
-+ int_smime_write_ASN1;
-+ CMS_unsigned_delete_attr;
-+ CMS_unsigned_get_attr_count;
-+ CMS_add_smimecap;
-+ PEM_read_CMS;
-+ CMS_signed_get_attr_by_OBJ;
-+ d2i_CMS_ContentInfo;
-+ CMS_add_standard_smimecap;
-+ CMS_ContentInfo_new;
-+ CMS_RecipientInfo_type;
-+ CMS_get0_type;
-+ CMS_is_detached;
-+ CMS_sign;
-+ CMS_signed_add1_attr;
-+ CMS_unsigned_get_attr_by_OBJ;
-+ SMIME_write_CMS;
-+ CMS_EncryptedData_decrypt;
-+ CMS_get0_RecipientInfos;
-+ CMS_add0_RevocationInfoChoice;
-+ CMS_decrypt_set1_pkey;
-+ CMS_SignerInfo_set1_signer_cert;
-+ CMS_get0_signers;
-+ CMS_ReceiptRequest_get0_values;
-+ CMS_signed_get0_data_by_OBJ;
-+ CMS_get0_SignerInfos;
-+ CMS_add0_cert;
-+ CMS_EncryptedData_encrypt;
-+ CMS_digest_verify;
-+ CMS_set1_signers_certs;
-+ CMS_signed_get_attr;
-+ CMS_RecipientInfo_set0_key;
-+ CMS_SignedData_init;
-+ CMS_RecipientInfo_kekri_get0_id;
-+ CMS_verify_receipt;
-+ CMS_ReceiptRequest_it;
-+ PEM_read_bio_CMS;
-+ CMS_get1_crls;
-+ CMS_add0_recipient_key;
-+ SMIME_read_ASN1;
-+ CMS_ReceiptRequest_new;
-+ CMS_get0_content;
-+ CMS_get1_ReceiptRequest;
-+ CMS_signed_add1_attr_by_OBJ;
-+ CMS_RecipientInfo_kekri_id_cmp;
-+ CMS_add1_ReceiptRequest;
-+ CMS_SignerInfo_get0_signer_id;
-+ CMS_unsigned_add1_attr_by_NID;
-+ CMS_unsigned_add1_attr;
-+ CMS_signed_get_attr_by_NID;
-+ CMS_get1_certs;
-+ CMS_signed_add1_attr_by_NID;
-+ CMS_unsigned_add1_attr_by_txt;
-+ CMS_dataFinal;
-+ CMS_RecipientInfo_ktri_get0_signer_id;
-+ CMS_RecipInfo_ktri_get0_sigr_id;
-+ i2d_CMS_ReceiptRequest;
-+ CMS_add1_recipient_cert;
-+ CMS_dataInit;
-+ CMS_signed_add1_attr_by_txt;
-+ CMS_RecipientInfo_decrypt;
-+ CMS_signed_get_attr_count;
-+ CMS_get0_eContentType;
-+ CMS_set1_eContentType;
-+ CMS_ReceiptRequest_create0;
-+ CMS_add1_signer;
-+ CMS_RecipientInfo_set0_pkey;
-+ ENGINE_set_load_ssl_client_cert_function;
-+ ENGINE_set_ld_ssl_clnt_cert_fn;
-+ ENGINE_get_ssl_client_cert_function;
-+ ENGINE_get_ssl_client_cert_fn;
-+ ENGINE_load_ssl_client_cert;
-+ ENGINE_load_capi;
-+ OPENSSL_isservice;
-+ FIPS_dsa_sig_decode;
-+ EVP_CIPHER_CTX_clear_flags;
-+ FIPS_rand_status;
-+ FIPS_rand_set_key;
-+ CRYPTO_set_mem_info_functions;
-+ RSA_X931_generate_key_ex;
-+ int_ERR_set_state_func;
-+ int_EVP_MD_set_engine_callbacks;
-+ int_CRYPTO_set_do_dynlock_callback;
-+ FIPS_rng_stick;
-+ EVP_CIPHER_CTX_set_flags;
-+ BN_X931_generate_prime_ex;
-+ FIPS_selftest_check;
-+ FIPS_rand_set_dt;
-+ CRYPTO_dbg_pop_info;
-+ FIPS_dsa_free;
-+ RSA_X931_derive_ex;
-+ FIPS_rsa_new;
-+ FIPS_rand_bytes;
-+ fips_cipher_test;
-+ EVP_CIPHER_CTX_test_flags;
-+ CRYPTO_malloc_debug_init;
-+ CRYPTO_dbg_push_info;
-+ FIPS_corrupt_rsa_keygen;
-+ FIPS_dh_new;
-+ FIPS_corrupt_dsa_keygen;
-+ FIPS_dh_free;
-+ fips_pkey_signature_test;
-+ EVP_add_alg_module;
-+ int_RAND_init_engine_callbacks;
-+ int_EVP_CIPHER_set_engine_callbacks;
-+ int_EVP_MD_init_engine_callbacks;
-+ FIPS_rand_test_mode;
-+ FIPS_rand_reset;
-+ FIPS_dsa_new;
-+ int_RAND_set_callbacks;
-+ BN_X931_derive_prime_ex;
-+ int_ERR_lib_init;
-+ int_EVP_CIPHER_init_engine_callbacks;
-+ FIPS_rsa_free;
-+ FIPS_dsa_sig_encode;
-+ CRYPTO_dbg_remove_all_info;
-+ OPENSSL_init;
-+ CRYPTO_strdup;
-+ JPAKE_STEP3A_process;
-+ JPAKE_STEP1_release;
-+ JPAKE_get_shared_key;
-+ JPAKE_STEP3B_init;
-+ JPAKE_STEP1_generate;
-+ JPAKE_STEP1_init;
-+ JPAKE_STEP3B_process;
-+ JPAKE_STEP2_generate;
-+ JPAKE_CTX_new;
-+ JPAKE_CTX_free;
-+ JPAKE_STEP3B_release;
-+ JPAKE_STEP3A_release;
-+ JPAKE_STEP2_process;
-+ JPAKE_STEP3B_generate;
-+ JPAKE_STEP1_process;
-+ JPAKE_STEP3A_generate;
-+ JPAKE_STEP2_release;
-+ JPAKE_STEP3A_init;
-+ ERR_load_JPAKE_strings;
-+ JPAKE_STEP2_init;
-+ pqueue_size;
-+ i2d_TS_ACCURACY;
-+ i2d_TS_MSG_IMPRINT_fp;
-+ i2d_TS_MSG_IMPRINT;
-+ EVP_PKEY_print_public;
-+ EVP_PKEY_CTX_new;
-+ i2d_TS_TST_INFO;
-+ EVP_PKEY_asn1_find;
-+ DSO_METHOD_beos;
-+ TS_CONF_load_cert;
-+ TS_REQ_get_ext;
-+ EVP_PKEY_sign_init;
-+ ASN1_item_print;
-+ TS_TST_INFO_set_nonce;
-+ TS_RESP_dup;
-+ ENGINE_register_pkey_meths;
-+ EVP_PKEY_asn1_add0;
-+ PKCS7_add0_attrib_signing_time;
-+ i2d_TS_TST_INFO_fp;
-+ BIO_asn1_get_prefix;
-+ TS_TST_INFO_set_time;
-+ EVP_PKEY_meth_set_decrypt;
-+ EVP_PKEY_set_type_str;
-+ EVP_PKEY_CTX_get_keygen_info;
-+ TS_REQ_set_policy_id;
-+ d2i_TS_RESP_fp;
-+ ENGINE_get_pkey_asn1_meth_engine;
-+ ENGINE_get_pkey_asn1_meth_eng;
-+ WHIRLPOOL_Init;
-+ TS_RESP_set_status_info;
-+ EVP_PKEY_keygen;
-+ EVP_DigestSignInit;
-+ TS_ACCURACY_set_millis;
-+ TS_REQ_dup;
-+ GENERAL_NAME_dup;
-+ ASN1_SEQUENCE_ANY_it;
-+ WHIRLPOOL;
-+ X509_STORE_get1_crls;
-+ ENGINE_get_pkey_asn1_meth;
-+ EVP_PKEY_asn1_new;
-+ BIO_new_NDEF;
-+ ENGINE_get_pkey_meth;
-+ TS_MSG_IMPRINT_set_algo;
-+ i2d_TS_TST_INFO_bio;
-+ TS_TST_INFO_set_ordering;
-+ TS_TST_INFO_get_ext_by_OBJ;
-+ CRYPTO_THREADID_set_pointer;
-+ TS_CONF_get_tsa_section;
-+ SMIME_write_ASN1;
-+ TS_RESP_CTX_set_signer_key;
-+ EVP_PKEY_encrypt_old;
-+ EVP_PKEY_encrypt_init;
-+ CRYPTO_THREADID_cpy;
-+ ASN1_PCTX_get_cert_flags;
-+ i2d_ESS_SIGNING_CERT;
-+ TS_CONF_load_key;
-+ i2d_ASN1_SEQUENCE_ANY;
-+ d2i_TS_MSG_IMPRINT_bio;
-+ EVP_PKEY_asn1_set_public;
-+ b2i_PublicKey_bio;
-+ BIO_asn1_set_prefix;
-+ EVP_PKEY_new_mac_key;
-+ BIO_new_CMS;
-+ CRYPTO_THREADID_cmp;
-+ TS_REQ_ext_free;
-+ EVP_PKEY_asn1_set_free;
-+ EVP_PKEY_get0_asn1;
-+ d2i_NETSCAPE_X509;
-+ EVP_PKEY_verify_recover_init;
-+ EVP_PKEY_CTX_set_data;
-+ EVP_PKEY_keygen_init;
-+ TS_RESP_CTX_set_status_info;
-+ TS_MSG_IMPRINT_get_algo;
-+ TS_REQ_print_bio;
-+ EVP_PKEY_CTX_ctrl_str;
-+ EVP_PKEY_get_default_digest_nid;
-+ PEM_write_bio_PKCS7_stream;
-+ TS_MSG_IMPRINT_print_bio;
-+ BN_asc2bn;
-+ TS_REQ_get_policy_id;
-+ ENGINE_set_default_pkey_asn1_meths;
-+ ENGINE_set_def_pkey_asn1_meths;
-+ d2i_TS_ACCURACY;
-+ DSO_global_lookup;
-+ TS_CONF_set_tsa_name;
-+ i2d_ASN1_SET_ANY;
-+ ENGINE_load_gost;
-+ WHIRLPOOL_BitUpdate;
-+ ASN1_PCTX_get_flags;
-+ TS_TST_INFO_get_ext_by_NID;
-+ TS_RESP_new;
-+ ESS_CERT_ID_dup;
-+ TS_STATUS_INFO_dup;
-+ TS_REQ_delete_ext;
-+ EVP_DigestVerifyFinal;
-+ EVP_PKEY_print_params;
-+ i2d_CMS_bio_stream;
-+ TS_REQ_get_msg_imprint;
-+ OBJ_find_sigid_by_algs;
-+ TS_TST_INFO_get_serial;
-+ TS_REQ_get_nonce;
-+ X509_PUBKEY_set0_param;
-+ EVP_PKEY_CTX_set0_keygen_info;
-+ DIST_POINT_set_dpname;
-+ i2d_ISSUING_DIST_POINT;
-+ ASN1_SET_ANY_it;
-+ EVP_PKEY_CTX_get_data;
-+ TS_STATUS_INFO_print_bio;
-+ EVP_PKEY_derive_init;
-+ d2i_TS_TST_INFO;
-+ EVP_PKEY_asn1_add_alias;
-+ d2i_TS_RESP_bio;
-+ OTHERNAME_cmp;
-+ GENERAL_NAME_set0_value;
-+ PKCS7_RECIP_INFO_get0_alg;
-+ TS_RESP_CTX_new;
-+ TS_RESP_set_tst_info;
-+ PKCS7_final;
-+ EVP_PKEY_base_id;
-+ TS_RESP_CTX_set_signer_cert;
-+ TS_REQ_set_msg_imprint;
-+ EVP_PKEY_CTX_ctrl;
-+ TS_CONF_set_digests;
-+ d2i_TS_MSG_IMPRINT;
-+ EVP_PKEY_meth_set_ctrl;
-+ TS_REQ_get_ext_by_NID;
-+ PKCS5_pbe_set0_algor;
-+ BN_BLINDING_thread_id;
-+ TS_ACCURACY_new;
-+ X509_CRL_METHOD_free;
-+ ASN1_PCTX_get_nm_flags;
-+ EVP_PKEY_meth_set_sign;
-+ CRYPTO_THREADID_current;
-+ EVP_PKEY_decrypt_init;
-+ NETSCAPE_X509_free;
-+ i2b_PVK_bio;
-+ EVP_PKEY_print_private;
-+ GENERAL_NAME_get0_value;
-+ b2i_PVK_bio;
-+ ASN1_UTCTIME_adj;
-+ TS_TST_INFO_new;
-+ EVP_MD_do_all_sorted;
-+ TS_CONF_set_default_engine;
-+ TS_ACCURACY_set_seconds;
-+ TS_TST_INFO_get_time;
-+ PKCS8_pkey_get0;
-+ EVP_PKEY_asn1_get0;
-+ OBJ_add_sigid;
-+ PKCS7_SIGNER_INFO_sign;
-+ EVP_PKEY_paramgen_init;
-+ EVP_PKEY_sign;
-+ OBJ_sigid_free;
-+ EVP_PKEY_meth_set_init;
-+ d2i_ESS_ISSUER_SERIAL;
-+ ISSUING_DIST_POINT_new;
-+ ASN1_TIME_adj;
-+ TS_OBJ_print_bio;
-+ EVP_PKEY_meth_set_verify_recover;
-+ EVP_PKEY_meth_set_vrfy_recover;
-+ TS_RESP_get_status_info;
-+ CMS_stream;
-+ EVP_PKEY_CTX_set_cb;
-+ PKCS7_to_TS_TST_INFO;
-+ ASN1_PCTX_get_oid_flags;
-+ TS_TST_INFO_add_ext;
-+ EVP_PKEY_meth_set_derive;
-+ i2d_TS_RESP_fp;
-+ i2d_TS_MSG_IMPRINT_bio;
-+ TS_RESP_CTX_set_accuracy;
-+ TS_REQ_set_nonce;
-+ ESS_CERT_ID_new;
-+ ENGINE_pkey_asn1_find_str;
-+ TS_REQ_get_ext_count;
-+ BUF_reverse;
-+ TS_TST_INFO_print_bio;
-+ d2i_ISSUING_DIST_POINT;
-+ ENGINE_get_pkey_meths;
-+ i2b_PrivateKey_bio;
-+ i2d_TS_RESP;
-+ b2i_PublicKey;
-+ TS_VERIFY_CTX_cleanup;
-+ TS_STATUS_INFO_free;
-+ TS_RESP_verify_token;
-+ OBJ_bsearch_ex_;
-+ ASN1_bn_print;
-+ EVP_PKEY_asn1_get_count;
-+ ENGINE_register_pkey_asn1_meths;
-+ ASN1_PCTX_set_nm_flags;
-+ EVP_DigestVerifyInit;
-+ ENGINE_set_default_pkey_meths;
-+ TS_TST_INFO_get_policy_id;
-+ TS_REQ_get_cert_req;
-+ X509_CRL_set_meth_data;
-+ PKCS8_pkey_set0;
-+ ASN1_STRING_copy;
-+ d2i_TS_TST_INFO_fp;
-+ X509_CRL_match;
-+ EVP_PKEY_asn1_set_private;
-+ TS_TST_INFO_get_ext_d2i;
-+ TS_RESP_CTX_add_policy;
-+ d2i_TS_RESP;
-+ TS_CONF_load_certs;
-+ TS_TST_INFO_get_msg_imprint;
-+ ERR_load_TS_strings;
-+ TS_TST_INFO_get_version;
-+ EVP_PKEY_CTX_dup;
-+ EVP_PKEY_meth_set_verify;
-+ i2b_PublicKey_bio;
-+ TS_CONF_set_certs;
-+ EVP_PKEY_asn1_get0_info;
-+ TS_VERIFY_CTX_free;
-+ TS_REQ_get_ext_by_critical;
-+ TS_RESP_CTX_set_serial_cb;
-+ X509_CRL_get_meth_data;
-+ TS_RESP_CTX_set_time_cb;
-+ TS_MSG_IMPRINT_get_msg;
-+ TS_TST_INFO_ext_free;
-+ TS_REQ_get_version;
-+ TS_REQ_add_ext;
-+ EVP_PKEY_CTX_set_app_data;
-+ OBJ_bsearch_;
-+ EVP_PKEY_meth_set_verifyctx;
-+ i2d_PKCS7_bio_stream;
-+ CRYPTO_THREADID_set_numeric;
-+ PKCS7_sign_add_signer;
-+ d2i_TS_TST_INFO_bio;
-+ TS_TST_INFO_get_ordering;
-+ TS_RESP_print_bio;
-+ TS_TST_INFO_get_exts;
-+ HMAC_CTX_copy;
-+ PKCS5_pbe2_set_iv;
-+ ENGINE_get_pkey_asn1_meths;
-+ b2i_PrivateKey;
-+ EVP_PKEY_CTX_get_app_data;
-+ TS_REQ_set_cert_req;
-+ CRYPTO_THREADID_set_callback;
-+ TS_CONF_set_serial;
-+ TS_TST_INFO_free;
-+ d2i_TS_REQ_fp;
-+ TS_RESP_verify_response;
-+ i2d_ESS_ISSUER_SERIAL;
-+ TS_ACCURACY_get_seconds;
-+ EVP_CIPHER_do_all;
-+ b2i_PrivateKey_bio;
-+ OCSP_CERTID_dup;
-+ X509_PUBKEY_get0_param;
-+ TS_MSG_IMPRINT_dup;
-+ PKCS7_print_ctx;
-+ i2d_TS_REQ_bio;
-+ EVP_whirlpool;
-+ EVP_PKEY_asn1_set_param;
-+ EVP_PKEY_meth_set_encrypt;
-+ ASN1_PCTX_set_flags;
-+ i2d_ESS_CERT_ID;
-+ TS_VERIFY_CTX_new;
-+ TS_RESP_CTX_set_extension_cb;
-+ ENGINE_register_all_pkey_meths;
-+ TS_RESP_CTX_set_status_info_cond;
-+ TS_RESP_CTX_set_stat_info_cond;
-+ EVP_PKEY_verify;
-+ WHIRLPOOL_Final;
-+ X509_CRL_METHOD_new;
-+ EVP_DigestSignFinal;
-+ TS_RESP_CTX_set_def_policy;
-+ NETSCAPE_X509_it;
-+ TS_RESP_create_response;
-+ PKCS7_SIGNER_INFO_get0_algs;
-+ TS_TST_INFO_get_nonce;
-+ EVP_PKEY_decrypt_old;
-+ TS_TST_INFO_set_policy_id;
-+ TS_CONF_set_ess_cert_id_chain;
-+ EVP_PKEY_CTX_get0_pkey;
-+ d2i_TS_REQ;
-+ EVP_PKEY_asn1_find_str;
-+ BIO_f_asn1;
-+ ESS_SIGNING_CERT_new;
-+ EVP_PBE_find;
-+ X509_CRL_get0_by_cert;
-+ EVP_PKEY_derive;
-+ i2d_TS_REQ;
-+ TS_TST_INFO_delete_ext;
-+ ESS_ISSUER_SERIAL_free;
-+ ASN1_PCTX_set_str_flags;
-+ ENGINE_get_pkey_asn1_meth_str;
-+ TS_CONF_set_signer_key;
-+ TS_ACCURACY_get_millis;
-+ TS_RESP_get_token;
-+ TS_ACCURACY_dup;
-+ ENGINE_register_all_pkey_asn1_meths;
-+ ENGINE_reg_all_pkey_asn1_meths;
-+ X509_CRL_set_default_method;
-+ CRYPTO_THREADID_hash;
-+ CMS_ContentInfo_print_ctx;
-+ TS_RESP_free;
-+ ISSUING_DIST_POINT_free;
-+ ESS_ISSUER_SERIAL_new;
-+ CMS_add1_crl;
-+ PKCS7_add1_attrib_digest;
-+ TS_RESP_CTX_add_md;
-+ TS_TST_INFO_dup;
-+ ENGINE_set_pkey_asn1_meths;
-+ PEM_write_bio_Parameters;
-+ TS_TST_INFO_get_accuracy;
-+ X509_CRL_get0_by_serial;
-+ TS_TST_INFO_set_version;
-+ TS_RESP_CTX_get_tst_info;
-+ TS_RESP_verify_signature;
-+ CRYPTO_THREADID_get_callback;
-+ TS_TST_INFO_get_tsa;
-+ TS_STATUS_INFO_new;
-+ EVP_PKEY_CTX_get_cb;
-+ TS_REQ_get_ext_d2i;
-+ GENERAL_NAME_set0_othername;
-+ TS_TST_INFO_get_ext_count;
-+ TS_RESP_CTX_get_request;
-+ i2d_NETSCAPE_X509;
-+ ENGINE_get_pkey_meth_engine;
-+ EVP_PKEY_meth_set_signctx;
-+ EVP_PKEY_asn1_copy;
-+ ASN1_TYPE_cmp;
-+ EVP_CIPHER_do_all_sorted;
-+ EVP_PKEY_CTX_free;
-+ ISSUING_DIST_POINT_it;
-+ d2i_TS_MSG_IMPRINT_fp;
-+ X509_STORE_get1_certs;
-+ EVP_PKEY_CTX_get_operation;
-+ d2i_ESS_SIGNING_CERT;
-+ TS_CONF_set_ordering;
-+ EVP_PBE_alg_add_type;
-+ TS_REQ_set_version;
-+ EVP_PKEY_get0;
-+ BIO_asn1_set_suffix;
-+ i2d_TS_STATUS_INFO;
-+ EVP_MD_do_all;
-+ TS_TST_INFO_set_accuracy;
-+ PKCS7_add_attrib_content_type;
-+ ERR_remove_thread_state;
-+ EVP_PKEY_meth_add0;
-+ TS_TST_INFO_set_tsa;
-+ EVP_PKEY_meth_new;
-+ WHIRLPOOL_Update;
-+ TS_CONF_set_accuracy;
-+ ASN1_PCTX_set_oid_flags;
-+ ESS_SIGNING_CERT_dup;
-+ d2i_TS_REQ_bio;
-+ X509_time_adj_ex;
-+ TS_RESP_CTX_add_flags;
-+ d2i_TS_STATUS_INFO;
-+ TS_MSG_IMPRINT_set_msg;
-+ BIO_asn1_get_suffix;
-+ TS_REQ_free;
-+ EVP_PKEY_meth_free;
-+ TS_REQ_get_exts;
-+ TS_RESP_CTX_set_clock_precision_digits;
-+ TS_RESP_CTX_set_clk_prec_digits;
-+ TS_RESP_CTX_add_failure_info;
-+ i2d_TS_RESP_bio;
-+ EVP_PKEY_CTX_get0_peerkey;
-+ PEM_write_bio_CMS_stream;
-+ TS_REQ_new;
-+ TS_MSG_IMPRINT_new;
-+ EVP_PKEY_meth_find;
-+ EVP_PKEY_id;
-+ TS_TST_INFO_set_serial;
-+ a2i_GENERAL_NAME;
-+ TS_CONF_set_crypto_device;
-+ EVP_PKEY_verify_init;
-+ TS_CONF_set_policies;
-+ ASN1_PCTX_new;
-+ ESS_CERT_ID_free;
-+ ENGINE_unregister_pkey_meths;
-+ TS_MSG_IMPRINT_free;
-+ TS_VERIFY_CTX_init;
-+ PKCS7_stream;
-+ TS_RESP_CTX_set_certs;
-+ TS_CONF_set_def_policy;
-+ ASN1_GENERALIZEDTIME_adj;
-+ NETSCAPE_X509_new;
-+ TS_ACCURACY_free;
-+ TS_RESP_get_tst_info;
-+ EVP_PKEY_derive_set_peer;
-+ PEM_read_bio_Parameters;
-+ TS_CONF_set_clock_precision_digits;
-+ TS_CONF_set_clk_prec_digits;
-+ ESS_ISSUER_SERIAL_dup;
-+ TS_ACCURACY_get_micros;
-+ ASN1_PCTX_get_str_flags;
-+ NAME_CONSTRAINTS_check;
-+ ASN1_BIT_STRING_check;
-+ X509_check_akid;
-+ ENGINE_unregister_pkey_asn1_meths;
-+ ENGINE_unreg_pkey_asn1_meths;
-+ ASN1_PCTX_free;
-+ PEM_write_bio_ASN1_stream;
-+ i2d_ASN1_bio_stream;
-+ TS_X509_ALGOR_print_bio;
-+ EVP_PKEY_meth_set_cleanup;
-+ EVP_PKEY_asn1_free;
-+ ESS_SIGNING_CERT_free;
-+ TS_TST_INFO_set_msg_imprint;
-+ GENERAL_NAME_cmp;
-+ d2i_ASN1_SET_ANY;
-+ ENGINE_set_pkey_meths;
-+ i2d_TS_REQ_fp;
-+ d2i_ASN1_SEQUENCE_ANY;
-+ GENERAL_NAME_get0_otherName;
-+ d2i_ESS_CERT_ID;
-+ OBJ_find_sigid_algs;
-+ EVP_PKEY_meth_set_keygen;
-+ PKCS5_PBKDF2_HMAC;
-+ EVP_PKEY_paramgen;
-+ EVP_PKEY_meth_set_paramgen;
-+ BIO_new_PKCS7;
-+ EVP_PKEY_verify_recover;
-+ TS_ext_print_bio;
-+ TS_ASN1_INTEGER_print_bio;
-+ check_defer;
-+ DSO_pathbyaddr;
-+ EVP_PKEY_set_type;
-+ TS_ACCURACY_set_micros;
-+ TS_REQ_to_TS_VERIFY_CTX;
-+ EVP_PKEY_meth_set_copy;
-+ ASN1_PCTX_set_cert_flags;
-+ TS_TST_INFO_get_ext;
-+ EVP_PKEY_asn1_set_ctrl;
-+ TS_TST_INFO_get_ext_by_critical;
-+ EVP_PKEY_CTX_new_id;
-+ TS_REQ_get_ext_by_OBJ;
-+ TS_CONF_set_signer_cert;
-+ X509_NAME_hash_old;
-+ ASN1_TIME_set_string;
-+ EVP_MD_flags;
-+ TS_RESP_CTX_free;
-+ DSAparams_dup;
-+ DHparams_dup;
-+ OCSP_REQ_CTX_add1_header;
-+ OCSP_REQ_CTX_set1_req;
-+ X509_STORE_set_verify_cb;
-+ X509_STORE_CTX_get0_current_crl;
-+ X509_STORE_CTX_get0_parent_ctx;
-+ X509_STORE_CTX_get0_current_issuer;
-+ X509_STORE_CTX_get0_cur_issuer;
-+ X509_issuer_name_hash_old;
-+ X509_subject_name_hash_old;
-+ EVP_CIPHER_CTX_copy;
-+ UI_method_get_prompt_constructor;
-+ UI_method_get_prompt_constructr;
-+ UI_method_set_prompt_constructor;
-+ UI_method_set_prompt_constructr;
-+ EVP_read_pw_string_min;
-+ CRYPTO_cts128_encrypt;
-+ CRYPTO_cts128_decrypt_block;
-+ CRYPTO_cfb128_1_encrypt;
-+ CRYPTO_cbc128_encrypt;
-+ CRYPTO_ctr128_encrypt;
-+ CRYPTO_ofb128_encrypt;
-+ CRYPTO_cts128_decrypt;
-+ CRYPTO_cts128_encrypt_block;
-+ CRYPTO_cbc128_decrypt;
-+ CRYPTO_cfb128_encrypt;
-+ CRYPTO_cfb128_8_encrypt;
-+ SSL_renegotiate_abbreviated;
-+ TLSv1_1_method;
-+ TLSv1_1_client_method;
-+ TLSv1_1_server_method;
-+ SSL_CTX_set_srp_client_pwd_callback;
-+ SSL_CTX_set_srp_client_pwd_cb;
-+ SSL_get_srp_g;
-+ SSL_CTX_set_srp_username_callback;
-+ SSL_CTX_set_srp_un_cb;
-+ SSL_get_srp_userinfo;
-+ SSL_set_srp_server_param;
-+ SSL_set_srp_server_param_pw;
-+ SSL_get_srp_N;
-+ SSL_get_srp_username;
-+ SSL_CTX_set_srp_password;
-+ SSL_CTX_set_srp_strength;
-+ SSL_CTX_set_srp_verify_param_callback;
-+ SSL_CTX_set_srp_vfy_param_cb;
-+ SSL_CTX_set_srp_cb_arg;
-+ SSL_CTX_set_srp_username;
-+ SSL_CTX_SRP_CTX_init;
-+ SSL_SRP_CTX_init;
-+ SRP_Calc_A_param;
-+ SRP_generate_server_master_secret;
-+ SRP_gen_server_master_secret;
-+ SSL_CTX_SRP_CTX_free;
-+ SRP_generate_client_master_secret;
-+ SRP_gen_client_master_secret;
-+ SSL_srp_server_param_with_username;
-+ SSL_srp_server_param_with_un;
-+ SSL_SRP_CTX_free;
-+ SSL_set_debug;
-+ SSL_SESSION_get0_peer;
-+ TLSv1_2_client_method;
-+ SSL_SESSION_set1_id_context;
-+ TLSv1_2_server_method;
-+ SSL_cache_hit;
-+ SSL_get0_kssl_ctx;
-+ SSL_set0_kssl_ctx;
-+ SSL_set_state;
-+ SSL_CIPHER_get_id;
-+ TLSv1_2_method;
-+ kssl_ctx_get0_client_princ;
-+ SSL_export_keying_material;
-+ SSL_set_tlsext_use_srtp;
-+ SSL_CTX_set_next_protos_advertised_cb;
-+ SSL_CTX_set_next_protos_adv_cb;
-+ SSL_get0_next_proto_negotiated;
-+ SSL_get_selected_srtp_profile;
-+ SSL_CTX_set_tlsext_use_srtp;
-+ SSL_select_next_proto;
-+ SSL_get_srtp_profiles;
-+ SSL_CTX_set_next_proto_select_cb;
-+ SSL_CTX_set_next_proto_sel_cb;
-+ SSL_SESSION_get_compress_id;
-+
-+ SRP_VBASE_get_by_user;
-+ SRP_Calc_server_key;
-+ SRP_create_verifier;
-+ SRP_create_verifier_BN;
-+ SRP_Calc_u;
-+ SRP_VBASE_free;
-+ SRP_Calc_client_key;
-+ SRP_get_default_gN;
-+ SRP_Calc_x;
-+ SRP_Calc_B;
-+ SRP_VBASE_new;
-+ SRP_check_known_gN_param;
-+ SRP_Calc_A;
-+ SRP_Verify_A_mod_N;
-+ SRP_VBASE_init;
-+ SRP_Verify_B_mod_N;
-+ EC_KEY_set_public_key_affine_coordinates;
-+ EC_KEY_set_pub_key_aff_coords;
-+ EVP_aes_192_ctr;
-+ EVP_PKEY_meth_get0_info;
-+ EVP_PKEY_meth_copy;
-+ ERR_add_error_vdata;
-+ EVP_aes_128_ctr;
-+ EVP_aes_256_ctr;
-+ EC_GFp_nistp224_method;
-+ EC_KEY_get_flags;
-+ RSA_padding_add_PKCS1_PSS_mgf1;
-+ EVP_aes_128_xts;
-+ EVP_aes_256_xts;
-+ EVP_aes_128_gcm;
-+ EC_KEY_clear_flags;
-+ EC_KEY_set_flags;
-+ EVP_aes_256_ccm;
-+ RSA_verify_PKCS1_PSS_mgf1;
-+ EVP_aes_128_ccm;
-+ EVP_aes_192_gcm;
-+ X509_ALGOR_set_md;
-+ RAND_init_fips;
-+ EVP_aes_256_gcm;
-+ EVP_aes_192_ccm;
-+ CMAC_CTX_copy;
-+ CMAC_CTX_free;
-+ CMAC_CTX_get0_cipher_ctx;
-+ CMAC_CTX_cleanup;
-+ CMAC_Init;
-+ CMAC_Update;
-+ CMAC_resume;
-+ CMAC_CTX_new;
-+ CMAC_Final;
-+ CRYPTO_ctr128_encrypt_ctr32;
-+ CRYPTO_gcm128_release;
-+ CRYPTO_ccm128_decrypt_ccm64;
-+ CRYPTO_ccm128_encrypt;
-+ CRYPTO_gcm128_encrypt;
-+ CRYPTO_xts128_encrypt;
-+ EVP_rc4_hmac_md5;
-+ CRYPTO_nistcts128_decrypt_block;
-+ CRYPTO_gcm128_setiv;
-+ CRYPTO_nistcts128_encrypt;
-+ EVP_aes_128_cbc_hmac_sha1;
-+ CRYPTO_gcm128_tag;
-+ CRYPTO_ccm128_encrypt_ccm64;
-+ ENGINE_load_rdrand;
-+ CRYPTO_ccm128_setiv;
-+ CRYPTO_nistcts128_encrypt_block;
-+ CRYPTO_gcm128_aad;
-+ CRYPTO_ccm128_init;
-+ CRYPTO_nistcts128_decrypt;
-+ CRYPTO_gcm128_new;
-+ CRYPTO_ccm128_tag;
-+ CRYPTO_ccm128_decrypt;
-+ CRYPTO_ccm128_aad;
-+ CRYPTO_gcm128_init;
-+ CRYPTO_gcm128_decrypt;
-+ ENGINE_load_rsax;
-+ CRYPTO_gcm128_decrypt_ctr32;
-+ CRYPTO_gcm128_encrypt_ctr32;
-+ CRYPTO_gcm128_finish;
-+ EVP_aes_256_cbc_hmac_sha1;
-+ PKCS5_pbkdf2_set;
-+ CMS_add0_recipient_password;
-+ CMS_decrypt_set1_password;
-+ CMS_RecipientInfo_set0_password;
-+ RAND_set_fips_drbg_type;
-+ X509_REQ_sign_ctx;
-+ RSA_PSS_PARAMS_new;
-+ X509_CRL_sign_ctx;
-+ X509_signature_dump;
-+ d2i_RSA_PSS_PARAMS;
-+ RSA_PSS_PARAMS_it;
-+ RSA_PSS_PARAMS_free;
-+ X509_sign_ctx;
-+ i2d_RSA_PSS_PARAMS;
-+ ASN1_item_sign_ctx;
-+ EC_GFp_nistp521_method;
-+ EC_GFp_nistp256_method;
-+ OPENSSL_stderr;
-+ OPENSSL_cpuid_setup;
-+ OPENSSL_showfatal;
-+ BIO_new_dgram_sctp;
-+ BIO_dgram_sctp_msg_waiting;
-+ BIO_dgram_sctp_wait_for_dry;
-+ BIO_s_datagram_sctp;
-+ BIO_dgram_is_sctp;
-+ BIO_dgram_sctp_notification_cb;
-+ CRYPTO_memcmp;
-+ SSL_CTX_set_alpn_protos;
-+ SSL_set_alpn_protos;
-+ SSL_CTX_set_alpn_select_cb;
-+ SSL_get0_alpn_selected;
-+ SSL_CTX_set_custom_cli_ext;
-+ SSL_CTX_set_custom_srv_ext;
-+ SSL_CTX_set_srv_supp_data;
-+ SSL_CTX_set_cli_supp_data;
-+ SSL_set_cert_cb;
-+ SSL_CTX_use_serverinfo;
-+ SSL_CTX_use_serverinfo_file;
-+ SSL_CTX_set_cert_cb;
-+ SSL_CTX_get0_param;
-+ SSL_get0_param;
-+ SSL_certs_clear;
-+ DTLSv1_2_method;
-+ DTLSv1_2_server_method;
-+ DTLSv1_2_client_method;
-+ DTLS_method;
-+ DTLS_server_method;
-+ DTLS_client_method;
-+ SSL_CTX_get_ssl_method;
-+ SSL_CTX_get0_certificate;
-+ SSL_CTX_get0_privatekey;
-+ SSL_COMP_set0_compression_methods;
-+ SSL_COMP_free_compression_methods;
-+ SSL_CIPHER_find;
-+ SSL_is_server;
-+ SSL_CONF_CTX_new;
-+ SSL_CONF_CTX_finish;
-+ SSL_CONF_CTX_free;
-+ SSL_CONF_CTX_set_flags;
-+ SSL_CONF_CTX_clear_flags;
-+ SSL_CONF_CTX_set1_prefix;
-+ SSL_CONF_CTX_set_ssl;
-+ SSL_CONF_CTX_set_ssl_ctx;
-+ SSL_CONF_cmd;
-+ SSL_CONF_cmd_argv;
-+ SSL_CONF_cmd_value_type;
-+ SSL_trace;
-+ SSL_CIPHER_standard_name;
-+ SSL_get_tlsa_record_byname;
-+ ASN1_TIME_diff;
-+ BIO_hex_string;
-+ CMS_RecipientInfo_get0_pkey_ctx;
-+ CMS_RecipientInfo_encrypt;
-+ CMS_SignerInfo_get0_pkey_ctx;
-+ CMS_SignerInfo_get0_md_ctx;
-+ CMS_SignerInfo_get0_signature;
-+ CMS_RecipientInfo_kari_get0_alg;
-+ CMS_RecipientInfo_kari_get0_reks;
-+ CMS_RecipientInfo_kari_get0_orig_id;
-+ CMS_RecipientInfo_kari_orig_id_cmp;
-+ CMS_RecipientEncryptedKey_get0_id;
-+ CMS_RecipientEncryptedKey_cert_cmp;
-+ CMS_RecipientInfo_kari_set0_pkey;
-+ CMS_RecipientInfo_kari_get0_ctx;
-+ CMS_RecipientInfo_kari_decrypt;
-+ CMS_SharedInfo_encode;
-+ DH_compute_key_padded;
-+ d2i_DHxparams;
-+ i2d_DHxparams;
-+ DH_get_1024_160;
-+ DH_get_2048_224;
-+ DH_get_2048_256;
-+ DH_KDF_X9_42;
-+ ECDH_KDF_X9_62;
-+ ECDSA_METHOD_new;
-+ ECDSA_METHOD_free;
-+ ECDSA_METHOD_set_app_data;
-+ ECDSA_METHOD_get_app_data;
-+ ECDSA_METHOD_set_sign;
-+ ECDSA_METHOD_set_sign_setup;
-+ ECDSA_METHOD_set_verify;
-+ ECDSA_METHOD_set_flags;
-+ ECDSA_METHOD_set_name;
-+ EVP_des_ede3_wrap;
-+ EVP_aes_128_wrap;
-+ EVP_aes_192_wrap;
-+ EVP_aes_256_wrap;
-+ EVP_aes_128_cbc_hmac_sha256;
-+ EVP_aes_256_cbc_hmac_sha256;
-+ CRYPTO_128_wrap;
-+ CRYPTO_128_unwrap;
-+ OCSP_REQ_CTX_nbio;
-+ OCSP_REQ_CTX_new;
-+ OCSP_set_max_response_length;
-+ OCSP_REQ_CTX_i2d;
-+ OCSP_REQ_CTX_nbio_d2i;
-+ OCSP_REQ_CTX_get0_mem_bio;
-+ OCSP_REQ_CTX_http;
-+ RSA_padding_add_PKCS1_OAEP_mgf1;
-+ RSA_padding_check_PKCS1_OAEP_mgf1;
-+ RSA_OAEP_PARAMS_free;
-+ RSA_OAEP_PARAMS_it;
-+ RSA_OAEP_PARAMS_new;
-+ SSL_get_sigalgs;
-+ SSL_get_shared_sigalgs;
-+ SSL_check_chain;
-+ X509_chain_up_ref;
-+ X509_http_nbio;
-+ X509_CRL_http_nbio;
-+ X509_REVOKED_dup;
-+ i2d_re_X509_tbs;
-+ X509_get0_signature;
-+ X509_get_signature_nid;
-+ X509_CRL_diff;
-+ X509_chain_check_suiteb;
-+ X509_CRL_check_suiteb;
-+ X509_check_host;
-+ X509_check_email;
-+ X509_check_ip;
-+ X509_check_ip_asc;
-+ X509_STORE_set_lookup_crls_cb;
-+ X509_STORE_CTX_get0_store;
-+ X509_VERIFY_PARAM_set1_host;
-+ X509_VERIFY_PARAM_add1_host;
-+ X509_VERIFY_PARAM_set_hostflags;
-+ X509_VERIFY_PARAM_get0_peername;
-+ X509_VERIFY_PARAM_set1_email;
-+ X509_VERIFY_PARAM_set1_ip;
-+ X509_VERIFY_PARAM_set1_ip_asc;
-+ X509_VERIFY_PARAM_get0_name;
-+ X509_VERIFY_PARAM_get_count;
-+ X509_VERIFY_PARAM_get0;
-+ X509V3_EXT_free;
-+ EC_GROUP_get_mont_data;
-+ EC_curve_nid2nist;
-+ EC_curve_nist2nid;
-+ PEM_write_bio_DHxparams;
-+ PEM_write_DHxparams;
-+ SSL_CTX_add_client_custom_ext;
-+ SSL_CTX_add_server_custom_ext;
-+ SSL_extension_supported;
-+ BUF_strnlen;
-+ sk_deep_copy;
-+ SSL_test_functions;
-+
-+ local:
-+ *;
-+};
-+
-+OPENSSL_1.0.2g {
-+ global:
-+ SRP_VBASE_get1_by_user;
-+ SRP_user_pwd_free;
-+} OPENSSL_1.0.2d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+ global:
-+ bind_engine;
-+ v_check;
-+ OPENSSL_init;
-+ OPENSSL_finish;
-+ local:
-+ *;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+ global:
-+ bind_engine;
-+ v_check;
-+ OPENSSL_init;
-+ OPENSSL_finish;
-+ local:
-+ *;
-+};
-+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
deleted file mode 100644
index 2a318a4..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Submitted
-
-This patch adds the fix for one of the ciphers used in openssl, namely
-the cipher des-ede3-cfb1. Complete bug log and patch is present here:
-http://rt.openssl.org/Ticket/Display.html?id=2867
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Index: openssl-1.0.2/crypto/evp/e_des3.c
-===================================================================
---- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
- size_t n;
- unsigned char c[1], d[1];
-
-- for (n = 0; n < inl; ++n) {
-+ for (n = 0; n * 8 < inl; ++n) {
- c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c, d, 1, 1,
- &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
deleted file mode 100644
index f736e5c..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
-
-We should avoid accessing the type pointer if it's NULL,
-this could happen if ctx->digest is not NULL.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2h/crypto/evp/digest.c
-===================================================================
---- openssl-1.0.2h.orig/crypto/evp/digest.c
-+++ openssl-1.0.2h/crypto/evp/digest.c
-@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- type = ctx->digest;
- }
- #endif
-- if (ctx->digest != type) {
-+ if (type && (ctx->digest != type)) {
- if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
- ctx->md_data = NULL;
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest
old mode 100755
new mode 100644
index 3b20fce..65c6cc7
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -1,2 +1,4 @@
#!/bin/sh
-make -k runtest
+cd test
+OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl
+cd ..
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc
similarity index 88%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc
index 8f2a797..23f97d7 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc
@@ -11,11 +11,15 @@
DEPENDS = "makedepend-native hostperl-runtime-native"
DEPENDS_append_class-target = " openssl-native"
+PROVIDES += "openssl10"
+
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
"
S = "${WORKDIR}/openssl-${PV}"
+PACKAGECONFIG ?= "cryptodev-linux"
PACKAGECONFIG[perl] = ",,,"
+PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
TERMIO_libc-musl = "-DTERMIOS"
TERMIO ?= "-DTERMIO"
@@ -37,8 +41,6 @@
FILES_${PN}-misc = "${libdir}/ssl/misc"
RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
-PROVIDES += "openssl10"
-
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
@@ -64,12 +66,11 @@
os=${HOST_OS}
case $os in
- linux-uclibc |\
- linux-uclibceabi |\
linux-gnueabi |\
- linux-uclibcspe |\
linux-gnuspe |\
- linux-musl*)
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
os=linux
;;
*)
@@ -101,7 +102,7 @@
linux-i686)
target=debian-i386-i686/cmov
;;
- linux-gnux32-x86_64)
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
@@ -125,7 +126,7 @@
linux-mips*)
target=debian-mips
;;
- linux-microblaze*|linux-nios2*)
+ linux-microblaze*|linux-nios2*|linux-gnu*ilp32**)
target=linux-generic32
;;
linux-powerpc)
@@ -202,6 +203,16 @@
ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+
+ # Rename man pages to prefix openssl10-*
+ for f in `find ${D}${mandir} -type f`; do
+ mv $f $(dirname $f)/openssl10-$(basename $f)
+ done
+ for f in `find ${D}${mandir} -type l`; do
+ ln_f=`readlink $f`
+ rm -f $f
+ ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
+ done
}
do_install_ptest () {
@@ -239,6 +250,17 @@
# modified again later when stripping them, but that's okay.
touch ${D}${PTEST_PATH}
find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+
+ # exclude binary files or the package won't install
+ for d in ssltest_old v3ext x509aux; do
+ rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+ done
+
+ # Remove build host references
+ sed -i \
+ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's|${DEBUG_PREFIX_MAP}||g' \
+ ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
}
do_install_append_class-native() {
@@ -250,3 +272,4 @@
}
BBCLASSEXTEND = "native nativesdk"
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
deleted file mode 100644
index 83d1a50..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ /dev/null
@@ -1,62 +0,0 @@
-require openssl.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-CFLAG_append_class-native = " -fPIC"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://find.pl;subdir=${BP}/util/ \
- file://run-ptest \
- file://openssl-c_rehash.sh \
- file://configure-targets.patch \
- file://shared-libs.patch \
- file://oe-ldflags.patch \
- file://engines-install-in-libdir-ssl.patch \
- file://debian1.0.2/block_diginotar.patch \
- file://debian1.0.2/block_digicert_malaysia.patch \
- file://debian/ca.patch \
- file://debian/c_rehash-compat.patch \
- file://debian/debian-targets.patch \
- file://debian/man-dir.patch \
- file://debian/man-section.patch \
- file://debian/no-rpath.patch \
- file://debian/no-symbolic.patch \
- file://debian/pic.patch \
- file://debian1.0.2/version-script.patch \
- file://debian1.0.2/soname.patch \
- file://openssl_fix_for_x32.patch \
- file://fix-cipher-des-ede3-cfb1.patch \
- file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
- file://openssl-fix-des.pod-error.patch \
- file://Makefiles-ptest.patch \
- file://ptest-deps.patch \
- file://openssl-1.0.2a-x32-asm.patch \
- file://ptest_makefile_deps.patch \
- file://configure-musl-target.patch \
- file://parallel.patch \
- file://openssl-util-perlpath.pl-cwd.patch \
- file://Use-SHA256-not-MD5-as-default-digest.patch \
- file://0001-Fix-build-with-clang-using-external-assembler.patch \
- "
-SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
-SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default. As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
- if ! perl -Mbigint -e true; then
- bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
- fi
-}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
new file mode 100644
index 0000000..32444c6
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
@@ -0,0 +1,60 @@
+require openssl10.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG_append_class-native = " -fPIC"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/ca.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://debian1.0.2/soname.patch \
+ file://openssl_fix_for_x32.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://openssl-1.0.2a-x32-asm.patch \
+ file://ptest_makefile_deps.patch \
+ file://configure-musl-target.patch \
+ file://parallel.patch \
+ file://openssl-util-perlpath.pl-cwd.patch \
+ file://Use-SHA256-not-MD5-as-default-digest.patch \
+ file://0001-Fix-build-with-clang-using-external-assembler.patch \
+ file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+ "
+SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4"
+SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default. As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
new file mode 100644
index 0000000..1649bff
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
@@ -0,0 +1,156 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32"
+
+BBCLASSEXTEND = "native nativesdk"
+
+SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6"
+SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+ file://0001-Remove-test-that-requires-running-as-non-root.patch \
+ file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \
+ "
+
+S = "${WORKDIR}/openssl-${PV}"
+
+inherit lib_package multilib_header ptest
+
+do_configure () {
+ os=${HOST_OS}
+ case $os in
+ linux-uclibc |\
+ linux-uclibceabi |\
+ linux-gnueabi |\
+ linux-uclibcspe |\
+ linux-gnuspe |\
+ linux-musl*)
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm)
+ target=linux-armv4
+ ;;
+ linux-armeb)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-sh3)
+ target=linux-generic32
+ ;;
+ linux-sh4)
+ target=linux-generic32
+ ;;
+ linux-i486)
+ target=linux-elf
+ ;;
+ linux-i586 | linux-viac3)
+ target=linux-elf
+ ;;
+ linux-i686)
+ target=linux-elf
+ ;;
+ linux-gnux32-x86_64)
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-mipsel)
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64)
+ target=linux64-mips64
+ ;;
+ linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-microblaze*|linux-nios2*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ linux-sparc)
+ target=linux-sparcv9
+ ;;
+ darwin-i386)
+ target=darwin-i386-cc
+ ;;
+ esac
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target
+}
+
+#| engines/afalg/e_afalg.c: In function 'eventfd':
+#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
+#| return syscall(__NR_eventfd, n);
+#| ^~~~~~~~~~~~
+EXTRA_OECONF_aarch64 += "no-afalgeng"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+ oe_multilib_header openssl/opensslconf.h
+}
+
+do_install_append_class-native () {
+ # Install a custom version of c_rehash that can handle sysroots properly.
+ # This version is used for example when installing ca-certificates during
+ # image creation.
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+}
+
+do_install_ptest() {
+ cp -r * ${D}${PTEST_PATH}
+
+ # Putting .so files in ptest package will mess up the dependencies of the main openssl package
+ # so we rename them to .so.ptest and patch the test accordingly
+ mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
+ mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
+ sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
+}
+
+RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
+
+FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc
deleted file mode 100644
index 338af33..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap.inc
+++ /dev/null
@@ -1,17 +0,0 @@
-SUMMARY = "RPC program number mapper"
-HOMEPAGE = "http://neil.brown.name/portmap/"
-SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \
- file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1"
-
-INITSCRIPT_NAME = "portmap"
-INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ."
-
-inherit update-rc.d systemd
-
-SYSTEMD_SERVICE_${PN} = "portmap.service"
-
-PACKAGES =+ "portmap-utils"
-FILES_portmap-utils = "${base_sbindir}/pmap_set ${base_sbindir}/pmap_dump"
-FILES_${PN}-doc += "${docdir}"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
deleted file mode 100644
index 2fbf784..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:15:12 +0000 (-0400)
-Subject: respect DESTDIR and dont use -s with install
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d
-
-respect DESTDIR and dont use -s with install
-
-$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ...
-so I've converted the Makefile to use that. I've also left in $(BASEDIR) as a
-default to support old installs; not sure if you'd just cut it.
-
-Stripping should be left to the person to handle, not automatically done by
-the install step. Also, `install -s` always calls `strip` which is
-wrong/undesired in cross-compiling scenarios.
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/Makefile b/Makefile
-index 9e9a4b4..5343428 100644
---- a/Makefile
-+++ b/Makefile
-@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST
- portmap.man : portmap.8
- sed $(MAN_SED) < portmap.8 > portmap.man
-
-+DESTDIR = $(BASEDIR)
- install: all
-- install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
-- install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
-- install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
-- install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8
-- install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
-- install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
-+ install -o root -g root -m 0755 portmap $(DESTDIR)/sbin
-+ install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin
-+ install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin
-+ install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8
-+ install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8
-+ install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8
-
- clean:
- rm -f *.o portmap pmap_dump pmap_set from_local \
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init
deleted file mode 100755
index 621aa17..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.init
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-#
-### BEGIN INIT INFO
-# Provides: portmap
-# Required-Start: $network
-# Required-Stop: $network
-# Default-Start: S 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: The RPC portmapper
-# Description: Portmap is a server that converts RPC (Remote
-# Procedure Call) program numbers into DARPA
-# protocol port numbers. It must be running in
-# order to make RPC calls. Services that use
-# RPC include NFS and NIS.
-### END INIT INFO
-
-test -f /sbin/portmap || exit 0
-
-case "$1" in
- start)
- echo "Starting portmap daemon..."
- start-stop-daemon --start --quiet --exec /sbin/portmap
-
- if [ -f /var/run/portmap.upgrade-state ]; then
- echo "Restoring old RPC service information..."
- sleep 1 # needs a short pause or pmap_set won't work. :(
- pmap_set </var/run/portmap.upgrade-state
- rm -f /var/run/portmap.upgrade-state
- echo "done."
- fi
-
- ;;
- stop)
- echo "Stopping portmap daemon..."
- start-stop-daemon --stop --quiet --exec /sbin/portmap
- ;;
- reload)
- ;;
- force-reload)
- $0 restart
- ;;
- restart)
- # pmap_dump and pmap_set may be in a different package and not installed...
- if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then
- do_state=1
- else
- do_state=0
- fi
- [ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state
- $0 stop
- $0 start
- if [ $do_state -eq 1 ]; then
- if [ ! -f /var/run/portmap.upgrade-state ]; then
- sleep 1
- pmap_set </var/run/portmap.state
- fi
- rm -f /var/run/portmap.state
- fi
- ;;
- *)
- echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}"
- exit 1
- ;;
-esac
-
-exit 0
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service
deleted file mode 100644
index 7ef9d7b..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/portmap.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=The RPC portmapper
-After=network.target
-
-[Service]
-Type=forking
-ExecStart=@BASE_SBINDIR@/portmap
-
-[Install]
-WantedBy=multi-user.target
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
deleted file mode 100644
index 2f25058..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:17:32 +0000 (-0400)
-Subject: fix building with tcpd support disabled
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5
-
-fix building with tcpd support disabled
-
-Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined.
-
-Signed-off-by: Timothy Redaelli <drizzt@gentoo.org>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/pmap_check.c b/pmap_check.c
-index 84f2c12..443a822 100644
---- a/pmap_check.c
-+++ b/pmap_check.c
-@@ -44,7 +44,9 @@
- #include <netinet/in.h>
- #include <rpc/rpcent.h>
- #endif
-+#ifdef HOSTS_ACCESS
- #include <tcpd.h>
-+#endif
- #include <arpa/inet.h>
- #include <grp.h>
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb
deleted file mode 100644
index d970095..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/portmap/portmap_6.0.bb
+++ /dev/null
@@ -1,35 +0,0 @@
-require portmap.inc
-
-DEPENDS_append_libc-musl = " libtirpc "
-
-PR = "r9"
-
-SRC_URI = "https://fossies.org/linux/misc/old/portmap-6.0.tgz \
- file://destdir-no-strip.patch \
- file://tcpd-config.patch \
- file://portmap.init \
- file://portmap.service"
-
-SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff"
-SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de"
-
-S = "${WORKDIR}/${BPN}_${PV}/"
-
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
-
-CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS"
-CFLAGS += "-Wall -Wstrict-prototypes -fPIC"
-EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'"
-CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc "
-LDFLAGS_append_libc-musl = " -ltirpc "
-
-do_install() {
- install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d
- install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap
- oe_runmake install DESTDIR=${D}
-
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system
- sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service
-}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
index 5c9e5d3..35a1aa6 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -4,6 +4,7 @@
WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
WPA_SUP_PNAME="wpa_supplicant"
WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
VERBOSITY=0