diff options
author | jeff <jhatch@multitech.com> | 2023-01-24 09:37:57 -0600 |
---|---|---|
committer | jeff <jhatch@multitech.com> | 2023-01-24 09:37:57 -0600 |
commit | c94c9986362ebf4084734a3963415c5d894cf3a6 (patch) | |
tree | 1f5d79df115e23318d93bfc9e99dddecf9be8748 | |
parent | 8400520cffdd3c133c684eac60ab438a7ecaa050 (diff) | |
parent | 2eaa3fd064097eb221b56d5df0e7136ba705a0cd (diff) | |
download | meta-mlinux-c94c9986362ebf4084734a3963415c5d894cf3a6.tar.gz meta-mlinux-c94c9986362ebf4084734a3963415c5d894cf3a6.tar.bz2 meta-mlinux-c94c9986362ebf4084734a3963415c5d894cf3a6.zip |
Merge branch 'md/cve-fixes2-squashed' into 6
105 files changed, 7491 insertions, 1 deletions
diff --git a/recipes-connectivity/hostapd/files/hostapd.service b/recipes-connectivity/hostapd/files/hostapd.service new file mode 100644 index 0000000..151c050 --- /dev/null +++ b/recipes-connectivity/hostapd/files/hostapd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +After=network.target + +[Service] +Type=forking +PIDFile=/run/hostapd.pid +ExecStart=@SBINDIR@/hostapd @SYSCONFDIR@/hostapd.conf -P /run/hostapd.pid -B + +[Install] +WantedBy=multi-user.target diff --git a/recipes-connectivity/hostapd/hostapd_2.10.bb b/recipes-connectivity/hostapd/hostapd_2.10.bb new file mode 100644 index 0000000..04b70d9 --- /dev/null +++ b/recipes-connectivity/hostapd/hostapd_2.10.bb @@ -0,0 +1,51 @@ +SUMMARY = "User space daemon for extended IEEE 802.11 management" +HOMEPAGE = "http://w1.fi/hostapd/" +SECTION = "kernel/userland" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://hostapd/README;md5=c905478466c90f1cefc0df987c40e172" + +DEPENDS = "libnl openssl" + +SRC_URI = " \ + http://w1.fi/releases/hostapd-${PV}.tar.gz \ + file://defconfig \ + file://init \ + file://hostapd.service \ +" + + +SRC_URI[sha256sum] = "206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d" + +S = "${WORKDIR}/hostapd-${PV}" +B = "${WORKDIR}/hostapd-${PV}/hostapd" + +inherit update-rc.d systemd pkgconfig features_check + +CONFLICT_DISTRO_FEATURES = "openssl-no-weak-ciphers" + +INITSCRIPT_NAME = "hostapd" + +SYSTEMD_SERVICE_${PN} = "hostapd.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +do_configure_append() { + install -m 0644 ${WORKDIR}/defconfig ${B}/.config +} + +do_compile() { + export CFLAGS="-MMD -O2 -Wall -g" + export EXTRA_CFLAGS="${CFLAGS}" + make V=1 +} + +do_install() { + install -d ${D}${sbindir} ${D}${sysconfdir}/init.d ${D}${systemd_unitdir}/system/ + install -m 0644 ${B}/hostapd.conf ${D}${sysconfdir} + install -m 0755 ${B}/hostapd ${D}${sbindir} + install -m 0755 ${B}/hostapd_cli ${D}${sbindir} + install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/hostapd + install -m 0644 ${WORKDIR}/hostapd.service ${D}${systemd_unitdir}/system/ + sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/hostapd.service +} + +CONFFILES_${PN} += "${sysconfdir}/hostapd.conf" diff --git a/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch b/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch new file mode 100644 index 0000000..9fd7e93 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch @@ -0,0 +1,20 @@ +Description: fix double-free memory corruption in ssh-agent +Author: Marc Deslauriers <marc.deslauriers@canonical.com> +Origin: minimal fix for https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db + +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +CVE: CVE-2021-28041 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.3.debian.tar.xz] +Comment: No change in any hunk + +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e) + goto err; + } + free(ext_name); ++ ext_name = NULL; + break; + default: + error("%s: Unknown constraint %d", __func__, ctype); diff --git a/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch new file mode 100644 index 0000000..bda896f --- /dev/null +++ b/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch @@ -0,0 +1,52 @@ +From a6414400ec94a17871081f7df24f910a6ee01b8b Mon Sep 17 00:00:00 2001 +From: Ali Abdallah <aabdallah@suse.de> +Date: Wed, 24 Nov 2021 13:33:39 +0100 +Subject: [PATCH] CVE-2021-41617 fix + +backport of the following two upstream commits + +f3cbe43e28fe71427d41cfe3a17125b972710455 +bf944e3794eff5413f2df1ef37cddf96918c6bde + +CVE-2021-41617 failed to correctly initialise supplemental groups +when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, +where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser +directive has been set to run the command as a different user. Instead +these commands would inherit the groups that sshd(8) was started with. +--- + auth.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +CVE: CVE-2021-41617 +Upstream-Status: Backport [https://bugzilla.suse.com/attachment.cgi?id=854015] +Comment: No change in any hunk +Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> + +diff --git a/auth.c b/auth.c +index 163038f..a47b267 100644 +--- a/auth.c ++++ b/auth.c +@@ -52,6 +52,7 @@ + #include <limits.h> + #include <netdb.h> + #include <time.h> ++#include <grp.h> + + #include "xmalloc.h" + #include "match.h" +@@ -851,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command, + } + closefrom(STDERR_FILENO + 1); + ++ if (geteuid() == 0 && ++ initgroups(pw->pw_name, pw->pw_gid) == -1) { ++ error("%s: initgroups(%s, %u): %s", tag, ++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); ++ _exit(1); ++ } ++ + /* Don't use permanently_set_uid() here to avoid fatal() */ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, +-- +2.26.2 diff --git a/recipes-connectivity/openssh/openssh_8.4p1.bb b/recipes-connectivity/openssh/openssh_8.4p1.bb index a65ab70..0cadaf9 100644 --- a/recipes-connectivity/openssh/openssh_8.4p1.bb +++ b/recipes-connectivity/openssh/openssh_8.4p1.bb @@ -27,13 +27,40 @@ SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.ta file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://0f90440ca70abab947acbd77795e9f130967956c.patch \ + file://CVE-2021-28041.patch \ + file://CVE-2021-41617.patch \ " SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here +CVE_CHECK_WHITELIST += "CVE-2007-2768" + # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded CVE_CHECK_WHITELIST += "CVE-2014-9278" +# CVE-2008-3844 was reported in OpenSSH on Red Hat Enterprise Linux and +# certain packages may have been compromised. This CVE is not applicable +# as our source is OpenBSD. https://securitytracker.com/id?1020730 +# https://www.securityfocus.com/bid/30794 +CVE_CHECK_WHITELIST += "CVE-2008-3844" + +# openssh-ssh1 is provided for compatibility with old devices that +# cannot be upgraded to modern protocols. Thus they may not provide security +# support for this package because doing so would prevent access to equipment. +# The upstream OpenSSH developers see this as an important +# security feature and do not intend to 'fix' it. +# https://security-tracker.debian.org/tracker/CVE-2016-20012 +# https://ubuntu.com/security/CVE-2016-20012 +CVE_CHECK_WHITELIST += "CVE-2016-20012" + +# As per debian, the issue is fixed by a feature called "agent restriction" in openssh 8.9 +# Urgency is unimportant as per debian, Hence this CVE is whitelisting. +# https://security-tracker.debian.org/tracker/CVE-2021-36368 +# https://bugzilla.mindrot.org/show_bug.cgi?id=3316#c2 +# https://docs.ssh-mitm.at/trivialauth.html +CVE_CHECK_WHITELIST += "CVE-2021-36368" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd diff --git a/recipes-connectivity/strongswan/strongswan_%.bbappend b/recipes-connectivity/strongswan/strongswan_%.bbappend index c68b45e..3286caa 100644 --- a/recipes-connectivity/strongswan/strongswan_%.bbappend +++ b/recipes-connectivity/strongswan/strongswan_%.bbappend @@ -1,3 +1,19 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:${THISDIR}/files:" + +PR.=".mts2" PACKAGECONFIG_remove = "sqlite3" + +PACKAGECONFIG_append = "stroke" + +do_install_append() { + install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/ipsec.d/ + ln -sf /var/run/ipsec/ipsec.conf ${D}${sysconfdir}/ipsec.conf + ln -sf /var/run/ipsec/ipsec.secrets ${D}${sysconfdir}/ipsec.secrets + rm -rf ${D}${sysconfdir}/ipsec.d/cacerts + ln -sf /var/run/ipsec/cacerts ${D}${sysconfdir}/ipsec.d/cacerts + rm -rf ${D}${sysconfdir}/ipsec.d/certs + ln -sf /var/run/ipsec/certs ${D}${sysconfdir}/ipsec.d/certs + rm -rf ${D}${sysconfdir}/ipsec.d/private + ln -sf /var/run/ipsec/private ${D}${sysconfdir}/ipsec.d/private +} diff --git a/recipes-connectivity/strongswan/strongswan_5.9.8.bb b/recipes-connectivity/strongswan/strongswan_5.9.8.bb new file mode 100644 index 0000000..9025f68 --- /dev/null +++ b/recipes-connectivity/strongswan/strongswan_5.9.8.bb @@ -0,0 +1,189 @@ +DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \ +Linux operating system." +SUMMARY = "strongSwan is an OpenSource IPsec implementation" +HOMEPAGE = "http://www.strongswan.org" +SECTION = "net" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "flex-native flex bison-native" +DEPENDS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" + +SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + " + +SRC_URI[sha256sum] = "d3303a43c0bd7b75a12b64855e8edcb53696f06190364f26d1533bde1f2e453c" + +UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" + +EXTRA_OECONF = " \ + --without-lib-prefix \ + --with-dev-headers=${includedir}/strongswan \ +" + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" + +PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl curve25519 \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imc imc-hcd imc-os imc-scanner imc-attestation', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imv imv-hcd imv-os imv-scanner imv-attestation', '', d)} \ +" + +PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" +PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils" +PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl" +PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity" +PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2" +PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" +PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" +PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" +PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" +PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" +PACKAGECONFIG[curve25519] = "--enable-curve25519,--disable-curve25519,, ${PN}-plugin-curve25519" + +# requires swanctl +PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," + +# tpm needs meta-tpm layer +PACKAGECONFIG[tpm2] = "--enable-tpm,--disable-tpm,,${PN}-plugin-tpm" + + +# integraty configuration needs meta-integraty +#imc +PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,, ${PN}-plugin-tnc-imc ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,," +PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,," +PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,," +PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,," +PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima, json-c," +PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,," + +#imv set +PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,, ${PN}-plugin-tnc-imv ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,," +PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,," +PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,," +PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,," +PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima, json-c," +PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,," + +PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap, libxml2, ${PN}-plugin-tnc-ifmap" +PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,, ${PN}-plugin-tnc-pdp" + +PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2, ${PN}-plugin-tnccs-11" +PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,, ${PN}-plugin-tnccs-20" +PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,${PN}-plugin-tnccs-dynamic" + +inherit autotools systemd pkgconfig + +RRECOMMENDS_${PN} = "kernel-module-ah4 \ + kernel-module-esp4 \ + kernel-module-xfrm-user \ + " + +FILES_${PN} += "${libdir}/ipsec/lib*${SOLIBS}" +FILES_${PN}-dbg += "${bindir}/.debug ${sbindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.debug" +FILES_${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/include/config.h" +FILES_${PN}-staticdev += "${libdir}/ipsec/*.a" + +CONFFILES_${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.conf" + +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY_${PN}-plugins = "1" + +PACKAGE_BEFORE_PN = "${PN}-imcvs ${PN}-imcvs-dbg" +ALLOW_EMPTY_${PN}-imcvs = "1" + +FILES_${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so" +FILES_${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +python split_strongswan_plugins () { + sysconfdir = d.expand('${sysconfdir}/strongswan.d/charon') + libdir = d.expand('${libdir}/ipsec/plugins') + dbglibdir = os.path.join(libdir, '.debug') + + def add_plugin_conf(f, pkg, file_regex, output_pattern, modulename): + dvar = d.getVar('PKGD') + oldfiles = d.getVar('CONFFILES_' + pkg) + newfile = '/' + os.path.relpath(f, dvar) + + if not oldfiles: + d.setVar('CONFFILES_' + pkg, newfile) + else: + d.setVar('CONFFILES_' + pkg, oldfiles + " " + newfile) + + split_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) + do_split_packages(d, sysconfdir, r'(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) + + split_dbg_packages = do_split_packages(d, dbglibdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + split_dev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') + split_staticdev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS_' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-dev', ' ' + ' '.join(split_dev_packages)) + d.appendVar('RRECOMMENDS_' + pn + '-staticdev', ' ' + ' '.join(split_staticdev_packages)) +} + +PACKAGESPLITFUNCS_prepend = "split_strongswan_plugins " + +# Install some default plugins based on default strongSwan ./configure options +# See https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist +RDEPENDS_${PN} += "\ + ${PN}-plugin-aes \ + ${PN}-plugin-attr \ + ${PN}-plugin-cmac \ + ${PN}-plugin-constraints \ + ${PN}-plugin-des \ + ${PN}-plugin-dnskey \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ + ${PN}-plugin-gcm \ + ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ + ${PN}-plugin-kernel-netlink \ + ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ + ${PN}-plugin-nonce \ + ${PN}-plugin-pem \ + ${PN}-plugin-pgp \ + ${PN}-plugin-pkcs1 \ + ${PN}-plugin-pkcs7 \ + ${PN}-plugin-pkcs8 \ + ${PN}-plugin-pkcs12 \ + ${PN}-plugin-pubkey \ + ${PN}-plugin-random \ + ${PN}-plugin-rc2 \ + ${PN}-plugin-resolve \ + ${PN}-plugin-revocation \ + ${PN}-plugin-sha1 \ + ${PN}-plugin-sha2 \ + ${PN}-plugin-socket-default \ + ${PN}-plugin-sshkey \ + ${PN}-plugin-updown \ + ${PN}-plugin-vici \ + ${PN}-plugin-x509 \ + ${PN}-plugin-xauth-generic \ + ${PN}-plugin-xcbc \ + " + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" + +# The deprecated legacy 'strongswan-starter' service should only be used when charon and +# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed. +# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd +SYSTEMD_SERVICE_${PN} = " \ + ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \ +" diff --git a/recipes-core/expat/expat_2.5.0.bb b/recipes-core/expat/expat_2.5.0.bb new file mode 100644 index 0000000..47334ed --- /dev/null +++ b/recipes-core/expat/expat_2.5.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "A stream-oriented XML parser library" +DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" +HOMEPAGE = "https://github.com/libexpat/libexpat" +SECTION = "libs" +LICENSE = "MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb" + +VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" + +SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ + file://run-ptest \ + " + +GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" +UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" + +SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67" + +EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" + +RDEPENDS:${PN}-ptest += "bash" + +inherit cmake lib_package ptest + +do_install_ptest:class-target() { + install -m 755 ${B}/tests/* ${D}${PTEST_PATH} +} + +BBCLASSEXTEND += "native nativesdk" + +CVE_PRODUCT = "expat libexpat" diff --git a/recipes-core/expat/files/run-ptest b/recipes-core/expat/files/run-ptest new file mode 100644 index 0000000..dbf602c --- /dev/null +++ b/recipes-core/expat/files/run-ptest @@ -0,0 +1,9 @@ +#!/bin/bash + +TIME=$(which time) + +echo "runtests" +${TIME} -f 'Execution time: %e s' bash -c "./runtests -v" +echo "runtestspp" +${TIME} -f 'Execution time: %e s' bash -c "./runtestspp -v" +echo diff --git a/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch b/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch new file mode 100644 index 0000000..5e9a0a5 --- /dev/null +++ b/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch @@ -0,0 +1,98 @@ +From 2b5fb416aa275fd2a17a0139a2f783998bcb42cc Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt <pkj@axis.com> +Date: Fri, 9 Jun 2017 17:50:46 +0200 +Subject: [PATCH] Make ptest run the python tests if python is enabled + +One of the tests (tstLastError.py) needed a minor correction. It might +be due to the fact that the tests are forced to run with Python 3. + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> + +--- + Makefile.am | 2 +- + python/Makefile.am | 9 +++++++++ + python/tests/Makefile.am | 10 ++++++++++ + python/tests/tstLastError.py | 2 +- + 4 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index ae62274..bd1e425 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -203,9 +203,9 @@ install-ptest: + install $(check_PROGRAMS) $(DESTDIR)) + cp -r $(srcdir)/test $(DESTDIR) + cp -r $(srcdir)/result $(DESTDIR) +- cp -r $(srcdir)/python $(DESTDIR) + cp Makefile $(DESTDIR) + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile ++ $(MAKE) -C python install-ptest + + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) +diff --git a/python/Makefile.am b/python/Makefile.am +index 34aed96..ba3ec6a 100644 +--- a/python/Makefile.am ++++ b/python/Makefile.am +@@ -48,7 +48,16 @@ GENERATED = libxml2class.py libxml2class.txt $(BUILT_SOURCES) + + $(GENERATED): $(srcdir)/generator.py $(API_DESC) + $(PYTHON) $(srcdir)/generator.py $(srcdir) ++ ++install-ptest: ++ cp -r $(srcdir) $(DESTDIR) ++ sed -e 's|^Makefile:|_Makefile:|' \ ++ -e 's|^\(tests test:\) all|\1|' Makefile >$(DESTDIR)/python/Makefile ++ $(MAKE) -C tests install-ptest ++else ++install-ptest: + endif + ++.PHONY: tests test + tests test: all + cd tests && $(MAKE) tests +diff --git a/python/tests/Makefile.am b/python/tests/Makefile.am +index 227e24d..021bb29 100644 +--- a/python/tests/Makefile.am ++++ b/python/tests/Makefile.am +@@ -59,6 +59,11 @@ XMLS= \ + CLEANFILES = core tmp.xml *.pyc + + if WITH_PYTHON ++install-ptest: ++ cp -r $(srcdir) $(DESTDIR)/python ++ sed -e 's|^Makefile:|_Makefile:|' \ ++ -e 's|^\(srcdir = \).*|\1.|' Makefile >$(DESTDIR)/python/tests/Makefile ++ + tests: $(PYTESTS) + @for f in $(XMLS) ; do test -f $$f || $(LN_S) $(srcdir)/$$f . ; done + @echo "## running Python regression tests" +@@ -70,9 +75,14 @@ tests: $(PYTESTS) + if [ "$$?" -ne 0 ] ; then \ + echo "-- $$test" ; \ + echo "$$log" ; \ ++ echo "FAIL: $$test"; \ + exit 1 ; \ ++ else \ ++ echo "PASS: $$test"; \ + fi ; \ + done) + else ++install-ptest: ++ + tests: + endif +diff --git a/python/tests/tstLastError.py b/python/tests/tstLastError.py +index 81d0acc..162c8db 100755 +--- a/python/tests/tstLastError.py ++++ b/python/tests/tstLastError.py +@@ -25,7 +25,7 @@ class TestCase(unittest.TestCase): + when the exception is raised, check the libxml2.lastError for + expected values.""" + # disable the default error handler +- libxml2.registerErrorHandler(None,None) ++ libxml2.registerErrorHandler(lambda ctx,str: None,None) + try: + f(*args) + except exc: diff --git a/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch b/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch new file mode 100644 index 0000000..b0d26d1 --- /dev/null +++ b/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch @@ -0,0 +1,813 @@ +From b5125000917810731bc28055c0445d571121f80e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 21 Apr 2022 00:45:58 +0200 +Subject: [PATCH] Port gentest.py to Python 3 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb] + +* fixes: + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 11 + print "libxml2 python bindings not available, skipping testapi.c generation" + ^ +SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")? +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 271 + return 1 + ^ +TabError: inconsistent use of tabs and spaces in indentation +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +aarch64-oe-linux-gcc: error: testapi.c: No such file or directory +aarch64-oe-linux-gcc: fatal error: no input files +compilation terminated. +make[1]: *** [Makefile:1275: testapi.o] Error 1 + +But there is still a bit mystery why it worked before, because check-am +calls gentest.py with $(PYTHON), so it ignores the shebang in the script +and libxml2 is using python3native (through python3targetconfig.bbclass) +so something like: + +libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py + +But that still fails (now without SyntaxError) with: +libxml2 python bindings not available, skipping testapi.c generation + +because we don't have dependency on libxml2-native (to provide libxml2 +python bindings form python3native) and exported PYTHON_SITE_PACKAGES +might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10 +which uses python 3.10 and there is no site-packages with libxml2) + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + gentest.py | 421 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 209 insertions(+), 212 deletions(-) + +diff --git a/gentest.py b/gentest.py +index b763300..0756706 100755 +--- a/gentest.py ++++ b/gentest.py +@@ -8,7 +8,7 @@ import string + try: + import libxml2 + except: +- print "libxml2 python bindings not available, skipping testapi.c generation" ++ print("libxml2 python bindings not available, skipping testapi.c generation") + sys.exit(0) + + if len(sys.argv) > 1: +@@ -227,7 +227,7 @@ extra_post_call = { + if (old != NULL) { + xmlUnlinkNode(old); + xmlFreeNode(old) ; old = NULL ; } +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlTextMerge": + """if ((first != NULL) && (first->type != XML_TEXT_NODE)) { + xmlUnlinkNode(second); +@@ -236,7 +236,7 @@ extra_post_call = { + """if ((ret_val != NULL) && (ret_val != ncname) && + (ret_val != prefix) && (ret_val != memory)) + xmlFree(ret_val); +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlNewDocElementContent": + """xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""", + "xmlDictReference": "xmlDictFree(dict);", +@@ -268,29 +268,29 @@ modules = [] + def is_skipped_module(name): + for mod in skipped_modules: + if mod == name: +- return 1 ++ return 1 + return 0 + + def is_skipped_function(name): + for fun in skipped_functions: + if fun == name: +- return 1 ++ return 1 + # Do not test destructors +- if string.find(name, 'Free') != -1: ++ if name.find('Free') != -1: + return 1 + return 0 + + def is_skipped_memcheck(name): + for fun in skipped_memcheck: + if fun == name: +- return 1 ++ return 1 + return 0 + + missing_types = {} + def add_missing_type(name, func): + try: + list = missing_types[name] +- list.append(func) ++ list.append(func) + except: + missing_types[name] = [func] + +@@ -310,7 +310,7 @@ def add_missing_functions(name, module): + missing_functions_nr = missing_functions_nr + 1 + try: + list = missing_functions[module] +- list.append(name) ++ list.append(name) + except: + missing_functions[module] = [name] + +@@ -319,45 +319,45 @@ def add_missing_functions(name, module): + # + + def type_convert(str, name, info, module, function, pos): +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +- res = string.replace(str, " *", "_ptr") +-# res = string.replace(str, "*", "_ptr") +- res = string.replace(res, " ", "_") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++ res = str.replace(" *", "_ptr") ++# res = str.replace("*", "_ptr") ++ res = res.replace(" ", "_") + if res == 'const_char_ptr': +- if string.find(name, "file") != -1 or \ +- string.find(name, "uri") != -1 or \ +- string.find(name, "URI") != -1 or \ +- string.find(info, "filename") != -1 or \ +- string.find(info, "URI") != -1 or \ +- string.find(info, "URL") != -1: +- if string.find(function, "Save") != -1 or \ +- string.find(function, "Create") != -1 or \ +- string.find(function, "Write") != -1 or \ +- string.find(function, "Fetch") != -1: +- return('fileoutput') +- return('filepath') ++ if name.find("file") != -1 or \ ++ name.find("uri") != -1 or \ ++ name.find("URI") != -1 or \ ++ info.find("filename") != -1 or \ ++ info.find("URI") != -1 or \ ++ info.find("URL") != -1: ++ if function.find("Save") != -1 or \ ++ function.find("Create") != -1 or \ ++ function.find("Write") != -1 or \ ++ function.find("Fetch") != -1: ++ return('fileoutput') ++ return('filepath') + if res == 'void_ptr': + if module == 'nanoftp' and name == 'ctx': +- return('xmlNanoFTPCtxtPtr') ++ return('xmlNanoFTPCtxtPtr') + if function == 'xmlNanoFTPNewCtxt' or \ +- function == 'xmlNanoFTPConnectTo' or \ +- function == 'xmlNanoFTPOpen': +- return('xmlNanoFTPCtxtPtr') ++ function == 'xmlNanoFTPConnectTo' or \ ++ function == 'xmlNanoFTPOpen': ++ return('xmlNanoFTPCtxtPtr') + if module == 'nanohttp' and name == 'ctx': +- return('xmlNanoHTTPCtxtPtr') +- if function == 'xmlNanoHTTPMethod' or \ +- function == 'xmlNanoHTTPMethodRedir' or \ +- function == 'xmlNanoHTTPOpen' or \ +- function == 'xmlNanoHTTPOpenRedir': +- return('xmlNanoHTTPCtxtPtr'); ++ return('xmlNanoHTTPCtxtPtr') ++ if function == 'xmlNanoHTTPMethod' or \ ++ function == 'xmlNanoHTTPMethodRedir' or \ ++ function == 'xmlNanoHTTPOpen' or \ ++ function == 'xmlNanoHTTPOpenRedir': ++ return('xmlNanoHTTPCtxtPtr'); + if function == 'xmlIOHTTPOpen': +- return('xmlNanoHTTPCtxtPtr') +- if string.find(name, "data") != -1: +- return('userdata') +- if string.find(name, "user") != -1: +- return('userdata') ++ return('xmlNanoHTTPCtxtPtr') ++ if name.find("data") != -1: ++ return('userdata') ++ if name.find("user") != -1: ++ return('userdata') + if res == 'xmlDoc_ptr': + res = 'xmlDocPtr' + if res == 'xmlNode_ptr': +@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos): + res = 'xmlDictPtr' + if res == 'xmlNodePtr' and pos != 0: + if (function == 'xmlAddChild' and pos == 2) or \ +- (function == 'xmlAddChildList' and pos == 2) or \ ++ (function == 'xmlAddChildList' and pos == 2) or \ + (function == 'xmlAddNextSibling' and pos == 2) or \ + (function == 'xmlAddSibling' and pos == 2) or \ + (function == 'xmlDocSetRootElement' and pos == 2) or \ + (function == 'xmlReplaceNode' and pos == 2) or \ + (function == 'xmlTextMerge') or \ +- (function == 'xmlAddPrevSibling' and pos == 2): +- return('xmlNodePtr_in'); ++ (function == 'xmlAddPrevSibling' and pos == 2): ++ return('xmlNodePtr_in'); + if res == 'const xmlBufferPtr': + res = 'xmlBufferPtr' + if res == 'xmlChar_ptr' and name == 'name' and \ +- string.find(function, "EatName") != -1: ++ function.find("EatName") != -1: + return('eaten_name') + if res == 'void_ptr*': + res = 'void_ptr_ptr' +@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos): + res = 'debug_FILE_ptr'; + if res == 'int' and name == 'options': + if module == 'parser' or module == 'xmlreader': +- res = 'parseroptions' ++ res = 'parseroptions' + + return res + +@@ -402,28 +402,28 @@ known_param_types = [] + def is_known_param_type(name): + for type in known_param_types: + if type == name: +- return 1 ++ return 1 + return name[-3:] == 'Ptr' or name[-4:] == '_ptr' + + def generate_param_type(name, rtype): + global test + for type in known_param_types: + if type == name: +- return ++ return + for type in generated_param_types: + if type == name: +- return ++ return + + if name[-3:] == 'Ptr' or name[-4:] == '_ptr': + if rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype ++ crtype = rtype[6:] ++ else: ++ crtype = rtype + + define = 0 +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write(""" + #define gen_nb_%s 1 + static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { +@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR + } + """ % (name, crtype, name, name, rtype)) + if define == 1: +- test.write("#endif\n\n") ++ test.write("#endif\n\n") + add_generated_param_type(name) + + # +@@ -445,7 +445,7 @@ known_return_types = [] + def is_known_return_type(name): + for type in known_return_types: + if type == name: +- return 1 ++ return 1 + return 0 + + # +@@ -471,7 +471,7 @@ def compare_and_save(): + try: + os.system("rm testapi.c; mv testapi.c.new testapi.c") + except: +- os.system("mv testapi.c.new testapi.c") ++ os.system("mv testapi.c.new testapi.c") + print("Updated testapi.c") + else: + print("Generated testapi.c is identical") +@@ -481,17 +481,17 @@ while line != "": + if line == "/* CUT HERE: everything below that line is generated */\n": + break; + if line[0:15] == "#define gen_nb_": +- type = string.split(line[15:])[0] +- known_param_types.append(type) ++ type = line[15:].split()[0] ++ known_param_types.append(type) + if line[0:19] == "static void desret_": +- type = string.split(line[19:], '(')[0] +- known_return_types.append(type) ++ type = line[19:].split('(')[0] ++ known_return_types.append(type) + test.write(line) + line = input.readline() + input.close() + + if line == "": +- print "Could not find the CUT marker in testapi.c skipping generation" ++ print("Could not find the CUT marker in testapi.c skipping generation") + test.close() + sys.exit(0) + +@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n") + # + doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0) + if doc == None: +- print "Failed to load doc/libxml2-api.xml" ++ print("Failed to load doc/libxml2-api.xml") + sys.exit(1) + ctxt = doc.xpathNewContext() + +@@ -519,9 +519,9 @@ for arg in args: + mod = arg.xpathEval('string(../@file)') + func = arg.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): +- type = arg.xpathEval('string(@type)') +- if not argtypes.has_key(type): +- argtypes[type] = func ++ type = arg.xpathEval('string(@type)') ++ if type not in argtypes: ++ argtypes[type] = func + + # similarly for return types + rettypes = {} +@@ -531,8 +531,8 @@ for ret in rets: + func = ret.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): + type = ret.xpathEval('string(@type)') +- if not rettypes.has_key(type): +- rettypes[type] = func ++ if type not in rettypes: ++ rettypes[type] = func + + # + # Generate constructors and return type handling for all enums +@@ -549,49 +549,49 @@ for enum in enums: + continue; + define = 0 + +- if argtypes.has_key(name) and is_known_param_type(name) == 0: +- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) +- i = 0 +- vals = [] +- for value in values: +- vname = value.xpathEval('string(@name)') +- if vname == None: +- continue; +- i = i + 1 +- if i >= 5: +- break; +- vals.append(vname) +- if vals == []: +- print "Didn't find any value for enum %s" % (name) +- continue +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 +- test.write("#define gen_nb_%s %d\n" % (name, len(vals))) +- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % +- (name, name)) +- i = 1 +- for value in vals: +- test.write(" if (no == %d) return(%s);\n" % (i, value)) +- i = i + 1 +- test.write(""" return(0); ++ if (name in argtypes) and is_known_param_type(name) == 0: ++ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) ++ i = 0 ++ vals = [] ++ for value in values: ++ vname = value.xpathEval('string(@name)') ++ if vname == None: ++ continue; ++ i = i + 1 ++ if i >= 5: ++ break; ++ vals.append(vname) ++ if vals == []: ++ print("Didn't find any value for enum %s" % (name)) ++ continue ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 ++ test.write("#define gen_nb_%s %d\n" % (name, len(vals))) ++ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % ++ (name, name)) ++ i = 1 ++ for value in vals: ++ test.write(" if (no == %d) return(%s);\n" % (i, value)) ++ i = i + 1 ++ test.write(""" return(0); + } + + static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { + } + + """ % (name, name)); +- known_param_types.append(name) ++ known_param_types.append(name) + + if (is_known_return_type(name) == 0) and (name in rettypes): +- if define == 0 and modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if define == 0 and (module in modules_defines): ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) { + } + + """ % (name, name)) +- known_return_types.append(name) ++ known_return_types.append(name) + if define == 1: + test.write("#endif\n\n") + +@@ -615,9 +615,9 @@ for file in headers: + # do not test deprecated APIs + # + desc = file.xpathEval('string(description)') +- if string.find(desc, 'DEPRECATED') != -1: +- print "Skipping deprecated interface %s" % name +- continue; ++ if desc.find('DEPRECATED') != -1: ++ print("Skipping deprecated interface %s" % name) ++ continue; + + test.write("#include <libxml/%s.h>\n" % name) + modules.append(name) +@@ -679,7 +679,7 @@ def generate_test(module, node): + # and store the informations for the generation + # + try: +- args = node.xpathEval("arg") ++ args = node.xpathEval("arg") + except: + args = [] + t_args = [] +@@ -687,37 +687,37 @@ def generate_test(module, node): + for arg in args: + n = n + 1 + rtype = arg.xpathEval("string(@type)") +- if rtype == 'void': +- break; +- info = arg.xpathEval("string(@info)") +- nam = arg.xpathEval("string(@name)") ++ if rtype == 'void': ++ break; ++ info = arg.xpathEval("string(@info)") ++ nam = arg.xpathEval("string(@name)") + type = type_convert(rtype, nam, info, module, name, n) +- if is_known_param_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 ++ if is_known_param_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 + if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \ +- rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype +- t_args.append((nam, type, rtype, crtype, info)) ++ rtype[0:6] == 'const ': ++ crtype = rtype[6:] ++ else: ++ crtype = rtype ++ t_args.append((nam, type, rtype, crtype, info)) + + try: +- rets = node.xpathEval("return") ++ rets = node.xpathEval("return") + except: + rets = [] + t_ret = None + for ret in rets: + rtype = ret.xpathEval("string(@type)") +- info = ret.xpathEval("string(@info)") ++ info = ret.xpathEval("string(@info)") + type = type_convert(rtype, 'return', info, module, name, 0) +- if rtype == 'void': +- break +- if is_known_return_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 +- t_ret = (type, rtype, info) +- break ++ if rtype == 'void': ++ break ++ if is_known_return_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 ++ t_ret = (type, rtype, info) ++ break + + if no_gen == 0: + for t_arg in t_args: +@@ -733,7 +733,7 @@ test_%s(void) { + + if no_gen == 1: + add_missing_functions(name, module) +- test.write(""" ++ test.write(""" + /* missing type support */ + return(test_ret); + } +@@ -742,22 +742,22 @@ test_%s(void) { + return + + try: +- conds = node.xpathEval("cond") +- for cond in conds: +- test.write("#if %s\n" % (cond.get_content())) +- nb_cond = nb_cond + 1 ++ conds = node.xpathEval("cond") ++ for cond in conds: ++ test.write("#if %s\n" % (cond.get_content())) ++ nb_cond = nb_cond + 1 + except: + pass + + define = 0 +- if function_defines.has_key(name): ++ if name in function_defines: + test.write("#ifdef %s\n" % (function_defines[name])) +- define = 1 ++ define = 1 + + # Declare the memory usage counter + no_mem = is_skipped_memcheck(name) + if no_mem == 0: +- test.write(" int mem_base;\n"); ++ test.write(" int mem_base;\n"); + + # Declare the return value + if t_ret != None: +@@ -766,29 +766,29 @@ test_%s(void) { + # Declare the arguments + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # add declaration +- test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) +- test.write(" int n_%s;\n" % (nam)) ++ # add declaration ++ test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) ++ test.write(" int n_%s;\n" % (nam)) + test.write("\n") + + # Cascade loop on of each argument list of values + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( +- nam, nam, type, nam)) ++ # ++ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( ++ nam, nam, type, nam)) + + # log the memory usage + if no_mem == 0: +- test.write(" mem_base = xmlMemBlocks();\n"); ++ test.write(" mem_base = xmlMemBlocks();\n"); + + # prepare the call + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) +- i = i + 1; ++ # ++ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) ++ i = i + 1; + + # add checks to avoid out-of-bounds array access + i = 0; +@@ -797,7 +797,7 @@ test_%s(void) { + # assume that "size", "len", and "start" parameters apply to either + # the nearest preceding or following char pointer + if type == "int" and (nam == "size" or nam == "len" or nam == "start"): +- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)): ++ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))): + (bnam, btype) = t_args[j][:2] + if btype == "const_char_ptr" or btype == "const_xmlChar_ptr": + test.write( +@@ -806,42 +806,42 @@ test_%s(void) { + " continue;\n" + % (bnam, nam, bnam)) + break +- i = i + 1; ++ i = i + 1; + + # do the call, and clanup the result +- if extra_pre_call.has_key(name): +- test.write(" %s\n"% (extra_pre_call[name])) ++ if name in extra_pre_call: ++ test.write(" %s\n"% (extra_pre_call[name])) + if t_ret != None: +- test.write("\n ret_val = %s(" % (name)) +- need = 0 +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam); +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) +- test.write(" desret_%s(ret_val);\n" % t_ret[0]) ++ test.write("\n ret_val = %s(" % (name)) ++ need = 0 ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam); ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) ++ test.write(" desret_%s(ret_val);\n" % t_ret[0]) + else: +- test.write("\n %s(" % (name)); +- need = 0; +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam) +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) ++ test.write("\n %s(" % (name)); ++ need = 0; ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam) ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) + + test.write(" call_tests++;\n"); + +@@ -849,32 +849,32 @@ test_%s(void) { + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # This is a hack to prevent generating a destructor for the +- # 'input' argument in xmlTextReaderSetup. There should be +- # a better, more generic way to do this! +- if string.find(info, 'destroy') == -1: +- test.write(" des_%s(n_%s, " % (type, nam)) +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s, %d);\n" % (nam, i)) +- i = i + 1; ++ # This is a hack to prevent generating a destructor for the ++ # 'input' argument in xmlTextReaderSetup. There should be ++ # a better, more generic way to do this! ++ if info.find('destroy') == -1: ++ test.write(" des_%s(n_%s, " % (type, nam)) ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s, %d);\n" % (nam, i)) ++ i = i + 1; + + test.write(" xmlResetLastError();\n"); + # Check the memory usage + if no_mem == 0: +- test.write(""" if (mem_base != xmlMemBlocks()) { ++ test.write(""" if (mem_base != xmlMemBlocks()) { + printf("Leak of %%d blocks found in %s", +- xmlMemBlocks() - mem_base); +- test_ret++; ++\t xmlMemBlocks() - mem_base); ++\t test_ret++; + """ % (name)); +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- test.write(""" printf(" %%d", n_%s);\n""" % (nam)) +- test.write(""" printf("\\n");\n""") +- test.write(" }\n") ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ test.write(""" printf(" %%d", n_%s);\n""" % (nam)) ++ test.write(""" printf("\\n");\n""") ++ test.write(" }\n") + + for arg in t_args: +- test.write(" }\n") ++ test.write(" }\n") + + test.write(" function_tests++;\n") + # +@@ -882,7 +882,7 @@ test_%s(void) { + # + while nb_cond > 0: + test.write("#endif\n") +- nb_cond = nb_cond -1 ++ nb_cond = nb_cond -1 + if define == 1: + test.write("#endif\n") + +@@ -900,10 +900,10 @@ test_%s(void) { + for module in modules: + # gather all the functions exported by that module + try: +- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) ++ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) + except: +- print "Failed to gather functions from module %s" % (module) +- continue; ++ print("Failed to gather functions from module %s" % (module)) ++ continue; + + # iterate over all functions in the module generating the test + i = 0 +@@ -923,14 +923,14 @@ test_%s(void) { + # iterate over all functions in the module generating the call + for function in functions: + name = function.xpathEval('string(@name)') +- if is_skipped_function(name): +- continue +- test.write(" test_ret += test_%s();\n" % (name)) ++ if is_skipped_function(name): ++ continue ++ test.write(" test_ret += test_%s();\n" % (name)) + + # footer + test.write(""" + if (test_ret != 0) +- printf("Module %s: %%d errors\\n", test_ret); ++\tprintf("Module %s: %%d errors\\n", test_ret); + return(test_ret); + } + """ % (module)) +@@ -948,7 +948,7 @@ test.write(""" return(0); + } + """); + +-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests) ++print("Generated test for %d modules and %d functions" %(len(modules), nb_tests)) + + compare_and_save() + +@@ -960,11 +960,8 @@ for missing in missing_types.keys(): + n = len(missing_types[missing]) + missing_list.append((n, missing)) + +-def compare_missing(a, b): +- return b[0] - a[0] +- +-missing_list.sort(compare_missing) +-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)) ++missing_list.sort(key=lambda a: a[0]) ++print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))) + lst = open("missing.lst", "w") + lst.write("Missing support for %d types" % (len(missing_list))) + lst.write("\n") +@@ -974,9 +971,9 @@ for miss in missing_list: + for n in missing_types[miss[1]]: + i = i + 1 + if i > 5: +- lst.write(" ...") +- break +- lst.write(" %s" % (n)) ++ lst.write(" ...") ++ break ++ lst.write(" %s" % (n)) + lst.write("\n") + lst.write("\n") + lst.write("\n") diff --git a/recipes-core/libxml/libxml2/CVE-2016-3709.patch b/recipes-core/libxml/libxml2/CVE-2016-3709.patch new file mode 100644 index 0000000..5301d05 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2016-3709.patch @@ -0,0 +1,89 @@ +From c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 15 Aug 2020 18:32:29 +0200 +Subject: [PATCH] Revert "Do not URI escape in server side includes" + +This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588. + +This commit introduced + +- an infinite loop, found by OSS-Fuzz, which could be easily fixed. +- an algorithm with quadratic runtime +- a security issue, see + https://bugzilla.gnome.org/show_bug.cgi?id=769760 + +A better approach is to add an option not to escape URLs at all +which libxml2 should have possibly done in the first place. + +CVE: CVE-2016-3709 +Upstream-Status: Backport [https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f] +Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> +--- + HTMLtree.c | 49 +++++++++++-------------------------------------- + 1 file changed, 11 insertions(+), 38 deletions(-) + +diff --git a/HTMLtree.c b/HTMLtree.c +index 8d236bb35..cdb7f86a6 100644 +--- a/HTMLtree.c ++++ b/HTMLtree.c +@@ -706,49 +706,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur, + (!xmlStrcasecmp(cur->name, BAD_CAST "src")) || + ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) && + (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) { ++ xmlChar *escaped; + xmlChar *tmp = value; +- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */ +- xmlBufCCat(buf->buffer, "\""); + + while (IS_BLANK_CH(*tmp)) tmp++; + +- /* URI Escape everything, except server side includes. */ +- for ( ; ; ) { +- xmlChar *escaped; +- xmlChar endChar; +- xmlChar *end = NULL; +- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--"); +- if (start != NULL) { +- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->"); +- if (end != NULL) { +- *start = '\0'; +- } +- } +- +- /* Escape the whole string, or until start (set to '\0'). */ +- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+"); +- if (escaped != NULL) { +- xmlBufCat(buf->buffer, escaped); +- xmlFree(escaped); +- } else { +- xmlBufCat(buf->buffer, tmp); +- } +- +- if (end == NULL) { /* Everything has been written. */ +- break; +- } +- +- /* Do not escape anything within server side includes. */ +- *start = '<'; /* Restore the first character of "<!--". */ +- end += 3; /* strlen("-->") */ +- endChar = *end; +- *end = '\0'; +- xmlBufCat(buf->buffer, start); +- *end = endChar; +- tmp = end; ++ /* ++ * the < and > have already been escaped at the entity level ++ * And doing so here breaks server side includes ++ */ ++ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>"); ++ if (escaped != NULL) { ++ xmlBufWriteQuotedString(buf->buffer, escaped); ++ xmlFree(escaped); ++ } else { ++ xmlBufWriteQuotedString(buf->buffer, value); + } +- +- xmlBufCCat(buf->buffer, "\""); + } else { + xmlBufWriteQuotedString(buf->buffer, value); + } diff --git a/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/recipes-core/libxml/libxml2/CVE-2019-20388.patch new file mode 100644 index 0000000..88eb65a --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2019-20388.patch @@ -0,0 +1,37 @@ +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a] +CVE: CVE-2019-20388 + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2020-24977.patch b/recipes-core/libxml/libxml2/CVE-2020-24977.patch new file mode 100644 index 0000000..8224346 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2020-24977.patch @@ -0,0 +1,41 @@ +From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Aug 2020 21:54:27 +0200 +Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' + +Make sure that truncated UTF-8 sequences don't cause an out-of-bounds +array access. + +Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for +the report. + +Fixes #178. + +CVE: CVE-2020-24977 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + xmllint.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/xmllint.c b/xmllint.c +index f6a8e463..c647486f 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -528,6 +528,12 @@ static void + xmlHTMLEncodeSend(void) { + char *result; + ++ /* ++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might ++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid ++ * an out-of-bounds read. ++ */ ++ memset(&buffer[sizeof(buffer)-4], 0, 4); + result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); + if (result) { + xmlGenericError(xmlGenericErrorContext, "%s", result); +-- +2.17.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/recipes-core/libxml/libxml2/CVE-2020-7595.patch new file mode 100644 index 0000000..facfefd --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2020-7595.patch @@ -0,0 +1,36 @@ +From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076] +CVE: CVE-2020-7595 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c31963..a34bb6cd 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { +-- +2.24.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3517.patch b/recipes-core/libxml/libxml2/CVE-2021-3517.patch new file mode 100644 index 0000000..e88a8ae --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3517.patch @@ -0,0 +1,53 @@ +From bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 Mon Sep 17 00:00:00 2001 +From: Joel Hockey <joel.hockey@gmail.com> +Date: Sun, 16 Aug 2020 17:19:35 -0700 +Subject: [PATCH] Validate UTF8 in xmlEncodeEntities + +Code is currently assuming UTF-8 without validating. Truncated UTF-8 +input can cause out-of-bounds array access. + +Adds further checks to partial fix in 50f06b3e. + +Fixes #178 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2] +CVE: CVE-2021-3517 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + entities.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/entities.c b/entities.c +index 37b99a56..1a8f86f0 100644 +--- a/entities.c ++++ b/entities.c +@@ -704,11 +704,25 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) { + } else { + /* + * We assume we have UTF-8 input. ++ * It must match either: ++ * 110xxxxx 10xxxxxx ++ * 1110xxxx 10xxxxxx 10xxxxxx ++ * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx ++ * That is: ++ * cur[0] is 11xxxxxx ++ * cur[1] is 10xxxxxx ++ * cur[2] is 10xxxxxx if cur[0] is 111xxxxx ++ * cur[3] is 10xxxxxx if cur[0] is 1111xxxx ++ * cur[0] is not 11111xxx + */ + char buf[11], *ptr; + int val = 0, l = 1; + +- if (*cur < 0xC0) { ++ if (((cur[0] & 0xC0) != 0xC0) || ++ ((cur[1] & 0xC0) != 0x80) || ++ (((cur[0] & 0xE0) == 0xE0) && ((cur[2] & 0xC0) != 0x80)) || ++ (((cur[0] & 0xF0) == 0xF0) && ((cur[3] & 0xC0) != 0x80)) || ++ (((cur[0] & 0xF8) == 0xF8))) { + xmlEntitiesErr(XML_CHECK_NOT_UTF8, + "xmlEncodeEntities: input not UTF-8"); + if (doc != NULL) +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3518.patch b/recipes-core/libxml/libxml2/CVE-2021-3518.patch new file mode 100644 index 0000000..40d3deb --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3518.patch @@ -0,0 +1,112 @@ +From ac82a514e16eb81b4506e2cba1a1ee45b9f025b5 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 10 Jun 2020 16:34:52 +0200 +Subject: [PATCH 1/2] Don't recurse into xi:include children in + xmlXIncludeDoProcess + +Otherwise, nested xi:include nodes might result in a use-after-free +if XML_PARSE_NOXINCNODE is specified. + +Found with libFuzzer and ASan. + +Upstream-Status: Backport [from fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1954243] + +The upstream patch 752e5f71d7cea2ca5a7e7c0b8f72ed04ce654be4 has been modified, +as to avoid unnecessary modifications to fallback files. + +CVE: CVE-2021-3518 +Signed-off-by: Jasper Orschulko <Jasper.Orschulko@iris-sensing.com> +--- + xinclude.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/xinclude.c b/xinclude.c +index ba850fa5..f260c1a7 100644 +--- a/xinclude.c ++++ b/xinclude.c +@@ -2392,21 +2392,19 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + * First phase: lookup the elements in the document + */ + cur = tree; +- if (xmlXIncludeTestNode(ctxt, cur) == 1) +- xmlXIncludePreProcessNode(ctxt, cur); + while ((cur != NULL) && (cur != tree->parent)) { + /* TODO: need to work on entities -> stack */ +- if ((cur->children != NULL) && +- (cur->children->type != XML_ENTITY_DECL) && +- (cur->children->type != XML_XINCLUDE_START) && +- (cur->children->type != XML_XINCLUDE_END)) { +- cur = cur->children; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); +- } else if (cur->next != NULL) { ++ if (xmlXIncludeTestNode(ctxt, cur) == 1) { ++ xmlXIncludePreProcessNode(ctxt, cur); ++ } else if ((cur->children != NULL) && ++ (cur->children->type != XML_ENTITY_DECL) && ++ (cur->children->type != XML_XINCLUDE_START) && ++ (cur->children->type != XML_XINCLUDE_END)) { ++ cur = cur->children; ++ continue; ++ } ++ if (cur->next != NULL) { + cur = cur->next; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); + } else { + if (cur == tree) + break; +@@ -2416,8 +2414,6 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + break; /* do */ + if (cur->next != NULL) { + cur = cur->next; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); + break; /* do */ + } + } while (cur != NULL); +-- +2.32.0 + + +From 3ad5ac1e39e3cd42f838c1cd27ffd4e9b79e6121 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 22 Apr 2021 19:26:28 +0200 +Subject: [PATCH 2/2] Fix user-after-free with `xmllint --xinclude --dropdtd` + +The --dropdtd option can leave dangling pointers in entity reference +nodes. Make sure to skip these nodes when processing XIncludes. + +This also avoids scanning entity declarations and even modifying +them inadvertently during XInclude processing. + +Move from a block list to an allow list approach to avoid descending +into other node types that can't contain elements. + +Fixes #237. +Upstream-Status: Backport +CVE: CVE-2021-3518 +Signed-off-by: Jasper Orschulko <Jasper.Orschulko@iris-sensing.com> +--- + xinclude.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/xinclude.c b/xinclude.c +index f260c1a7..d7648529 100644 +--- a/xinclude.c ++++ b/xinclude.c +@@ -2397,9 +2397,8 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + if (xmlXIncludeTestNode(ctxt, cur) == 1) { + xmlXIncludePreProcessNode(ctxt, cur); + } else if ((cur->children != NULL) && +- (cur->children->type != XML_ENTITY_DECL) && +- (cur->children->type != XML_XINCLUDE_START) && +- (cur->children->type != XML_XINCLUDE_END)) { ++ ((cur->type == XML_DOCUMENT_NODE) || ++ (cur->type == XML_ELEMENT_NODE))) { + cur = cur->children; + continue; + } +-- +2.32.0 + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/recipes-core/libxml/libxml2/CVE-2021-3537.patch new file mode 100644 index 0000000..9e64c2a --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3537.patch @@ -0,0 +1,50 @@ +From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 1 May 2021 16:53:33 +0200 +Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv + +Check return value of recursive calls to +xmlParseElementChildrenContentDeclPriv and return immediately in case +of errors. Otherwise, struct xmlElementContent could contain unexpected +null pointers, leading to a null deref when post-validating documents +which aren't well-formed and parsed in recovery mode. + +Fixes #243. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61] +CVE: CVE-2021-3537 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + parser.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/parser.c b/parser.c +index b42e6043..73c27edd 100644 +--- a/parser.c ++++ b/parser.c +@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (cur == NULL) ++ return(NULL); + SKIP_BLANKS; + GROW; + } else { +@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (last == NULL) { ++ if (ret != NULL) ++ xmlFreeDocElementContent(ctxt->myDoc, ret); ++ return(NULL); ++ } + SKIP_BLANKS; + } else { + elem = xmlParseName(ctxt); +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3541.patch b/recipes-core/libxml/libxml2/CVE-2021-3541.patch new file mode 100644 index 0000000..1f392b4 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3541.patch @@ -0,0 +1,73 @@ +From 8598060bacada41a0eb09d95c97744ff4e428f8e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 13 May 2021 14:55:12 +0200 +Subject: [PATCH] Patch for security issue CVE-2021-3541 + +This is relapted to parameter entities expansion and following +the line of the billion laugh attack. Somehow in that path the +counting of parameters was missed and the normal algorithm based +on entities "density" was useless. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e] +CVE: CVE-2021-3541 +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + parser.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/parser.c b/parser.c +index f5e5e169..c9312fa4 100644 +--- a/parser.c ++++ b/parser.c +@@ -140,6 +140,7 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, + xmlEntityPtr ent, size_t replacement) + { + size_t consumed = 0; ++ int i; + + if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) + return (0); +@@ -177,6 +178,28 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, + rep = NULL; + } + } ++ ++ /* ++ * Prevent entity exponential check, not just replacement while ++ * parsing the DTD ++ * The check is potentially costly so do that only once in a thousand ++ */ ++ if ((ctxt->instate == XML_PARSER_DTD) && (ctxt->nbentities > 10000) && ++ (ctxt->nbentities % 1024 == 0)) { ++ for (i = 0;i < ctxt->inputNr;i++) { ++ consumed += ctxt->inputTab[i]->consumed + ++ (ctxt->inputTab[i]->cur - ctxt->inputTab[i]->base); ++ } ++ if (ctxt->nbentities > consumed * XML_PARSER_NON_LINEAR) { ++ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); ++ ctxt->instate = XML_PARSER_EOF; ++ return (1); ++ } ++ consumed = 0; ++ } ++ ++ ++ + if (replacement != 0) { + if (replacement < XML_MAX_TEXT_LENGTH) + return(0); +@@ -7963,6 +7986,9 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) + xmlChar start[4]; + xmlCharEncoding enc; + ++ if (xmlParserEntityCheck(ctxt, 0, entity, 0)) ++ return; ++ + if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && + ((ctxt->options & XML_PARSE_NOENT) == 0) && + ((ctxt->options & XML_PARSE_DTDVALID) == 0) && +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch new file mode 100644 index 0000000..7fc243e --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch @@ -0,0 +1,98 @@ +From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 22 Feb 2022 11:51:08 +0100 +Subject: [PATCH] Fix --without-valid build + +Regressed in commit 652dd12a. +--- + valid.c | 58 ++++++++++++++++++++++++++++----------------------------- + 1 file changed, 29 insertions(+), 29 deletions(-) +--- + +From https://github.com/GNOME/libxml2.git + commit 646fe48d1c8a74310c409ddf81fe7df6700052af + +CVE: CVE-2022-23308 +Upstream-Status: Backport + +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> + +diff --git a/valid.c b/valid.c +index 8e596f1d..9684683a 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + +-/** +- * xmlValidNormalizeString: +- * @str: a string +- * +- * Normalize a string in-place. +- */ +-static void +-xmlValidNormalizeString(xmlChar *str) { +- xmlChar *dst; +- const xmlChar *src; +- +- if (str == NULL) +- return; +- src = str; +- dst = str; +- +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; +-} +- + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + static int + xmlIsStreaming(xmlValidCtxtPtr ctxt) { + xmlParserCtxtPtr pctxt; +-- +2.35.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2022-23308.patch b/recipes-core/libxml/libxml2/CVE-2022-23308.patch new file mode 100644 index 0000000..bf5604e --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-23308.patch @@ -0,0 +1,204 @@ +From 8b66850de350f0fcd786ae776a65ba15a5999e50 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Feb 2022 03:29:24 +0100 +Subject: [PATCH] Use-after-free of ID and IDREF attributes + +If a document is parsed with XML_PARSE_DTDVALID and without +XML_PARSE_NOENT, the value of ID attributes has to be normalized after +potentially expanding entities in xmlRemoveID. Otherwise, later calls +to xmlGetID can return a pointer to previously freed memory. + +ID attributes which are empty or contain only whitespace after +entity expansion are affected in a similar way. This is fixed by +not storing such attributes in the ID table. + +The test to detect streaming mode when validating against a DTD was +broken. In connection with the defects above, this could result in a +use-after-free when using the xmlReader interface with validation. +Fix detection of streaming mode to avoid similar issues. (This changes +the expected result of a test case. But as far as I can tell, using the +XML reader with XIncludes referencing the root document never worked +properly, anyway.) + +All of these issues can result in denial of service. Using xmlReader +with validation could result in disclosure of memory via the error +channel, typically stderr. The security impact of xmlGetID returning +a pointer to freed memory depends on the application. The typical use +case of calling xmlGetID on an unmodified document is not affected. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e] + +The upstream patch 652dd12a858989b14eed4e84e453059cd3ba340e has been modified +to skip the patch to the testsuite result (result/XInclude/ns1.xml.rdr), as +this particular test does not exist in v2.9.10 (it was added later). + +CVE: CVE-2022-23308 +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> + +--- + valid.c | 88 +++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 55 insertions(+), 33 deletions(-) + +diff --git a/valid.c b/valid.c +index 07963e7..ee75311 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++static int ++xmlIsStreaming(xmlValidCtxtPtr ctxt) { ++ xmlParserCtxtPtr pctxt; ++ ++ if (ctxt == NULL) ++ return(0); ++ /* ++ * These magic values are also abused to detect whether we're validating ++ * while parsing a document. In this case, userData points to the parser ++ * context. ++ */ ++ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) && ++ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1)) ++ return(0); ++ pctxt = ctxt->userData; ++ return(pctxt->parseMode == XML_PARSE_READER); ++} ++ + /** + * xmlFreeID: + * @not: A id +@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + if (doc == NULL) { + return(NULL); + } +- if (value == NULL) { ++ if ((value == NULL) || (value[0] == 0)) { + return(NULL); + } + if (attr == NULL) { +@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + */ + ret->value = xmlStrdup(value); + ret->doc = doc; +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + ID = xmlNodeListGetString(doc, attr->children, 1); + if (ID == NULL) + return(-1); ++ xmlValidNormalizeString(ID); + + id = xmlHashLookup(table, ID); + if (id == NULL || id->attr != attr) { +@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + * fill the structure. + */ + ret->value = xmlStrdup(value); +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + int extsubset = 0; + +@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { + xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, + "standalone: %s on %s value had to be normalized based on external subset declaration\n", +@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + + if (doc == NULL) return(NULL); +@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + return(ret); + } + diff --git a/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch b/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch new file mode 100644 index 0000000..63d613c --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch @@ -0,0 +1,53 @@ +From b07251215ef48c70c6e56f7351406c47cfca4d5b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 10 Jan 2020 15:55:07 +0100 +Subject: [PATCH] Fix integer overflow in xmlBufferResize + +Found by OSS-Fuzz. + +CVE: CVE-2022-29824 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b] + +Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> + +--- + tree.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tree.c b/tree.c +index 0d7fc98c..f43f6de1 100644 +--- a/tree.c ++++ b/tree.c +@@ -7424,12 +7424,17 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + if (size < buf->size) + return 1; + ++ if (size > UINT_MAX - 10) { ++ xmlTreeErrMemory("growing buffer"); ++ return 0; ++ } ++ + /* figure out new size */ + switch (buf->alloc){ + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size*2 : size + 10); ++ newSize = (buf->size ? buf->size : size + 10); + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +@@ -7445,7 +7450,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + if (buf->use < BASE_BUFFER_SIZE) + newSize = size; + else { +- newSize = buf->size * 2; ++ newSize = buf->size; + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +-- +GitLab + + diff --git a/recipes-core/libxml/libxml2/CVE-2022-29824.patch b/recipes-core/libxml/libxml2/CVE-2022-29824.patch new file mode 100644 index 0000000..ad7b87d --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-29824.patch @@ -0,0 +1,348 @@ +From 2554a2408e09f13652049e5ffb0d26196b02ebab Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Mar 2022 20:10:02 +0100 +Subject: [PATCH] [CVE-2022-29824] Fix integer overflows in xmlBuf and + xmlBuffer + +In several places, the code handling string buffers didn't check for +integer overflow or used wrong types for buffer sizes. This could +result in out-of-bounds writes or other memory errors when working on +large, multi-gigabyte buffers. + +Thanks to Felix Wilhelm for the report. + +CVE: CVE-2022-29824 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab] + +Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> + +--- + buf.c | 86 +++++++++++++++++++++++----------------------------------- + tree.c | 72 ++++++++++++++++++------------------------------ + 2 files changed, 61 insertions(+), 97 deletions(-) + +diff --git a/buf.c b/buf.c +index 24368d37..40a5ee06 100644 +--- a/buf.c ++++ b/buf.c +@@ -30,6 +30,10 @@ + #include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */ + #include "buf.h" + ++#ifndef SIZE_MAX ++#define SIZE_MAX ((size_t) -1) ++#endif ++ + #define WITH_BUFFER_COMPAT + + /** +@@ -156,6 +160,8 @@ xmlBufPtr + xmlBufCreateSize(size_t size) { + xmlBufPtr ret; + ++ if (size == SIZE_MAX) ++ return(NULL); + ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf)); + if (ret == NULL) { + xmlBufMemoryError(NULL, "creating buffer"); +@@ -166,8 +172,8 @@ xmlBufCreateSize(size_t size) { + ret->error = 0; + ret->buffer = NULL; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ +- ret->compat_size = (int) ret->size; ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ ++ ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size); + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -442,23 +448,17 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) { + CHECK_COMPAT(buf) + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (buf->use + len < buf->size) ++ if (len < buf->size - buf->use) + return(buf->size - buf->use); ++ if (len > SIZE_MAX - buf->use) ++ return(0); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > (size_t) len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100; ++ } + + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* +@@ -744,7 +744,7 @@ xmlBufIsEmpty(const xmlBufPtr buf) + int + xmlBufResize(xmlBufPtr buf, size_t size) + { +- unsigned int newSize; ++ size_t newSize; + xmlChar* rebuf = NULL; + size_t start_buf; + +@@ -772,9 +772,13 @@ xmlBufResize(xmlBufPtr buf, size_t size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size*2 : size + 10); ++ if (buf->size == 0) { ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); ++ } else { ++ newSize = buf->size; ++ } + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -782,15 +786,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) + newSize = size; + else { +- newSize = buf->size * 2; ++ newSize = buf->size; + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -800,7 +804,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + break; + + default: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + } + +@@ -866,7 +870,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + */ + int + xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { +- unsigned int needSize; ++ size_t needSize; + + if ((str == NULL) || (buf == NULL) || (buf->error)) + return -1; +@@ -888,8 +892,10 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((size_t) len >= buf->size - buf->use) { ++ if ((size_t) len >= SIZE_MAX - buf->use) ++ return(-1); ++ needSize = buf->use + len + 1; + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits +@@ -1025,31 +1031,7 @@ xmlBufCat(xmlBufPtr buf, const xmlChar *str) { + */ + int + xmlBufCCat(xmlBufPtr buf, const char *str) { +- const char *cur; +- +- if ((buf == NULL) || (buf->error)) +- return(-1); +- CHECK_COMPAT(buf) +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufResize(buf, buf->use+10)){ +- xmlBufMemoryError(buf, "growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- UPDATE_COMPAT(buf) +- return 0; ++ return xmlBufCat(buf, (const xmlChar *) str); + } + + /** +diff --git a/tree.c b/tree.c +index 9d94aa42..86afb7d6 100644 +--- a/tree.c ++++ b/tree.c +@@ -7104,6 +7104,8 @@ xmlBufferPtr + xmlBufferCreateSize(size_t size) { + xmlBufferPtr ret; + ++ if (size >= UINT_MAX) ++ return(NULL); + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { + xmlTreeErrMemory("creating buffer"); +@@ -7111,7 +7113,7 @@ xmlBufferCreateSize(size_t size) { + } + ret->use = 0; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -7171,6 +7173,8 @@ xmlBufferCreateStatic(void *mem, size_t size) { + + if ((mem == NULL) || (size == 0)) + return(NULL); ++ if (size > UINT_MAX) ++ return(NULL); + + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { +@@ -7318,28 +7322,23 @@ xmlBufferShrink(xmlBufferPtr buf, unsigned int len) { + */ + int + xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { +- int size; ++ unsigned int size; + xmlChar *newbuf; + + if (buf == NULL) return(-1); + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (len + buf->use < buf->size) return(0); ++ if (len < buf->size - buf->use) ++ return(0); ++ if (len > UINT_MAX - buf->use) ++ return(-1); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > UINT_MAX / 2 ? UINT_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > UINT_MAX - 100 ? UINT_MAX : size + 100; ++ } + + if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { + size_t start_buf = buf->content - buf->contentIO; +@@ -7466,7 +7465,10 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size : size + 10); ++ if (buf->size == 0) ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10); ++ else ++ newSize = buf->size; + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +@@ -7476,7 +7478,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) +@@ -7494,7 +7496,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + break; + + default: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + } + +@@ -7580,8 +7582,10 @@ xmlBufferAdd(xmlBufferPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((unsigned) len >= buf->size - buf->use) { ++ if ((unsigned) len >= UINT_MAX - buf->use) ++ return XML_ERR_NO_MEMORY; ++ needSize = buf->use + len + 1; + if (!xmlBufferResize(buf, needSize)){ + xmlTreeErrMemory("growing buffer"); + return XML_ERR_NO_MEMORY; +@@ -7694,29 +7698,7 @@ xmlBufferCat(xmlBufferPtr buf, const xmlChar *str) { + */ + int + xmlBufferCCat(xmlBufferPtr buf, const char *str) { +- const char *cur; +- +- if (buf == NULL) +- return(-1); +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufferCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufferResize(buf, buf->use+10)){ +- xmlTreeErrMemory("growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- return 0; ++ return xmlBufferCat(buf, (const xmlChar *) str); + } + + /** +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch new file mode 100644 index 0000000..ad719d4 --- /dev/null +++ b/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch @@ -0,0 +1,33 @@ +From 395c0f53ec226aaabedb166e6b3a7f8590b95a5f Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:39:15 +0800 +Subject: [PATCH] Make sure that Makefile doesn't try to compile these tests + again on the target where the source dependencies won't be available. + +Upstream-Status: Inappropriate [cross-compile specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +Rebase to 2.9.9 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 8f4e43d..5edb930 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -211,8 +211,7 @@ install-ptest: + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + $(MAKE) -C python install-ptest + +-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ +- testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) ++runtests: + [ -d test ] || $(LN_S) $(srcdir)/test . + [ -d result ] || $(LN_S) $(srcdir)/result . + $(CHECKER) ./runtest$(EXEEXT) && \ +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/libxml-64bit.patch b/recipes-core/libxml/libxml2/libxml-64bit.patch new file mode 100644 index 0000000..fd8e469 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml-64bit.patch @@ -0,0 +1,28 @@ +From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:26:51 +0800 +Subject: [PATCH] libxml 64bit + +Upstream-Status: Backport [from debian: bugs.debian.org/439843] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + libxml.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libxml.h b/libxml.h +index 64e30f7..4e80d90 100644 +--- a/libxml.h ++++ b/libxml.h +@@ -15,6 +15,9 @@ + #ifndef _LARGEFILE_SOURCE + #define _LARGEFILE_SOURCE + #endif ++#ifndef _LARGEFILE64_SOURCE ++#define _LARGEFILE64_SOURCE ++#endif + #ifndef _FILE_OFFSET_BITS + #define _FILE_OFFSET_BITS 64 + #endif +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch new file mode 100644 index 0000000..e6998f6 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -0,0 +1,216 @@ +From 43edc9a445ed66cceb7533eadeef242940b4592c Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:37:12 +0800 +Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through +binconfig-disabled.bbclass, so port it to use pkg-config instead. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Rebase to 2.9.9 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + libxml.m4 | 186 ++------------------------------------------------------------ + 1 file changed, 5 insertions(+), 181 deletions(-) + +diff --git a/libxml.m4 b/libxml.m4 +index 2d7a6f5..1c53585 100644 +--- a/libxml.m4 ++++ b/libxml.m4 +@@ -1,188 +1,12 @@ +-# Configure paths for LIBXML2 +-# Mike Hommey 2004-06-19 +-# use CPPFLAGS instead of CFLAGS +-# Toshio Kuratomi 2001-04-21 +-# Adapted from: +-# Configure paths for GLIB +-# Owen Taylor 97-11-3 +- + dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) + dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS + dnl +-AC_DEFUN([AM_PATH_XML2],[ +-AC_ARG_WITH(xml-prefix, +- [ --with-xml-prefix=PFX Prefix where libxml is installed (optional)], +- xml_config_prefix="$withval", xml_config_prefix="") +-AC_ARG_WITH(xml-exec-prefix, +- [ --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)], +- xml_config_exec_prefix="$withval", xml_config_exec_prefix="") +-AC_ARG_ENABLE(xmltest, +- [ --disable-xmltest Do not try to compile and run a test LIBXML program],, +- enable_xmltest=yes) +- +- if test x$xml_config_exec_prefix != x ; then +- xml_config_args="$xml_config_args" +- if test x${XML2_CONFIG+set} != xset ; then +- XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config +- fi +- fi +- if test x$xml_config_prefix != x ; then +- xml_config_args="$xml_config_args --prefix=$xml_config_prefix" +- if test x${XML2_CONFIG+set} != xset ; then +- XML2_CONFIG=$xml_config_prefix/bin/xml2-config +- fi +- fi +- +- AC_PATH_PROG(XML2_CONFIG, xml2-config, no) +- min_xml_version=ifelse([$1], ,2.0.0,[$1]) +- AC_MSG_CHECKING(for libxml - version >= $min_xml_version) +- no_xml="" +- if test "$XML2_CONFIG" = "no" ; then +- no_xml=yes +- else +- XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags` +- XML_LIBS=`$XML2_CONFIG $xml_config_args --libs` +- xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'` +- xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'` +- xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'` +- if test "x$enable_xmltest" = "xyes" ; then +- ac_save_CPPFLAGS="$CPPFLAGS" +- ac_save_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" +- LIBS="$XML_LIBS $LIBS" +-dnl +-dnl Now check if the installed libxml is sufficiently new. +-dnl (Also sanity checks the results of xml2-config to some extent) +-dnl +- rm -f conf.xmltest +- AC_TRY_RUN([ +-#include <stdlib.h> +-#include <stdio.h> +-#include <string.h> +-#include <libxml/xmlversion.h> +- +-int +-main() +-{ +- int xml_major_version, xml_minor_version, xml_micro_version; +- int major, minor, micro; +- char *tmp_version; +- +- system("touch conf.xmltest"); +- +- /* Capture xml2-config output via autoconf/configure variables */ +- /* HP/UX 9 (%@#!) writes to sscanf strings */ +- tmp_version = (char *)strdup("$min_xml_version"); +- if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { +- printf("%s, bad version string from xml2-config\n", "$min_xml_version"); +- exit(1); +- } +- free(tmp_version); +- +- /* Capture the version information from the header files */ +- tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION); +- if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) { +- printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION"); +- exit(1); +- } +- free(tmp_version); +- +- /* Compare xml2-config output to the libxml headers */ +- if ((xml_major_version != $xml_config_major_version) || +- (xml_minor_version != $xml_config_minor_version) || +- (xml_micro_version != $xml_config_micro_version)) +- { +- printf("*** libxml header files (version %d.%d.%d) do not match\n", +- xml_major_version, xml_minor_version, xml_micro_version); +- printf("*** xml2-config (version %d.%d.%d)\n", +- $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version); +- return 1; +- } +-/* Compare the headers to the library to make sure we match */ +- /* Less than ideal -- doesn't provide us with return value feedback, +- * only exits if there's a serious mismatch between header and library. +- */ +- LIBXML_TEST_VERSION; +- +- /* Test that the library is greater than our minimum version */ +- if ((xml_major_version > major) || +- ((xml_major_version == major) && (xml_minor_version > minor)) || +- ((xml_major_version == major) && (xml_minor_version == minor) && +- (xml_micro_version >= micro))) +- { +- return 0; +- } +- else +- { +- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n", +- xml_major_version, xml_minor_version, xml_micro_version); +- printf("*** You need a version of libxml newer than %d.%d.%d. The latest version of\n", +- major, minor, micro); +- printf("*** libxml is always available from ftp://ftp.xmlsoft.org.\n"); +- printf("***\n"); +- printf("*** If you have already installed a sufficiently new version, this error\n"); +- printf("*** probably means that the wrong copy of the xml2-config shell script is\n"); +- printf("*** being found. The easiest way to fix this is to remove the old version\n"); +- printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n"); +- printf("*** correct copy of xml2-config. (In this case, you will have to\n"); +- printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); +- printf("*** so that the correct libraries are found at run-time))\n"); +- } +- return 1; +-} +-],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) +- CPPFLAGS="$ac_save_CPPFLAGS" +- LIBS="$ac_save_LIBS" +- fi +- fi ++AC_DEFUN([AM_PATH_XML2],[ ++ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) + +- if test "x$no_xml" = x ; then +- AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version)) +- ifelse([$2], , :, [$2]) +- else +- AC_MSG_RESULT(no) +- if test "$XML2_CONFIG" = "no" ; then +- echo "*** The xml2-config script installed by LIBXML could not be found" +- echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in" +- echo "*** your path, or set the XML2_CONFIG environment variable to the" +- echo "*** full path to xml2-config." +- else +- if test -f conf.xmltest ; then +- : +- else +- echo "*** Could not run libxml test program, checking why..." +- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" +- LIBS="$LIBS $XML_LIBS" +- AC_TRY_LINK([ +-#include <libxml/xmlversion.h> +-#include <stdio.h> +-], [ LIBXML_TEST_VERSION; return 0;], +- [ echo "*** The test program compiled, but did not run. This usually means" +- echo "*** that the run-time linker is not finding LIBXML or finding the wrong" +- echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your" +- echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" +- echo "*** to the installed location Also, make sure you have run ldconfig if that" +- echo "*** is required on your system" +- echo "***" +- echo "*** If you have an old version installed, it is best to remove it, although" +- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], +- [ echo "*** The test program failed to compile or link. See the file config.log for the" +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" +- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" +- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) +- CPPFLAGS="$ac_save_CPPFLAGS" +- LIBS="$ac_save_LIBS" +- fi +- fi ++ verdep=ifelse([$1], [], [], [">= $1"]) ++ PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3]) + +- XML_CPPFLAGS="" +- XML_LIBS="" +- ifelse([$3], , :, [$3]) +- fi ++ XML_CPPFLAGS=$XML_CFLAGS + AC_SUBST(XML_CPPFLAGS) +- AC_SUBST(XML_LIBS) +- rm -f conf.xmltest + ]) +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/python-sitepackages-dir.patch b/recipes-core/libxml/libxml2/python-sitepackages-dir.patch new file mode 100644 index 0000000..956ff3f --- /dev/null +++ b/recipes-core/libxml/libxml2/python-sitepackages-dir.patch @@ -0,0 +1,35 @@ +From b038c3452667ed17ddb0e791cd7bdc7f8774ac29 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:35:20 +0800 +Subject: [PATCH] Allow us to pass in PYTHON_SITE_PACKAGES + +The python binary used when building for nativesdk doesn't give us the +correct path here so we need to be able to specify it ourselves. + +Upstream-Status: Inappropriate [config] +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> + +Rebase to 2.9.9 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index ca911f3..3bbd654 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -808,7 +808,8 @@ dnl + + PYTHON_VERSION= + PYTHON_INCLUDES= +-PYTHON_SITE_PACKAGES= ++# Allow this to be set externally ++#PYTHON_SITE_PACKAGES= + PYTHON_TESTS= + pythondir= + if test "$with_python" != "no" ; then +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/run-ptest b/recipes-core/libxml/libxml2/run-ptest new file mode 100644 index 0000000..c313d83 --- /dev/null +++ b/recipes-core/libxml/libxml2/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh + +export LC_ALL=en_US.UTF-8 +make -k runtests diff --git a/recipes-core/libxml/libxml2/runtest.patch b/recipes-core/libxml/libxml2/runtest.patch new file mode 100644 index 0000000..c7a90cd --- /dev/null +++ b/recipes-core/libxml/libxml2/runtest.patch @@ -0,0 +1,847 @@ +From 6172ccd1e74bc181f5298f19e240234e12876abe Mon Sep 17 00:00:00 2001 +From: Tony Tascioglu <tony.tascioglu@windriver.com> +Date: Tue, 11 May 2021 11:57:46 -0400 +Subject: [PATCH] Add 'install-ptest' rule. + +Print a standard result line for each test. + +Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Upstream-Status: Pending + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + Makefile.am | 9 +++ + runsuite.c | 1 + + runtest.c | 2 + + runxmlconf.c | 1 + + testapi.c | 122 ++++++++++++++++++++++++++------------- + testchar.c | 156 +++++++++++++++++++++++++++++++++++--------------- + testdict.c | 1 + + testlimits.c | 1 + + testrecurse.c | 2 + + 9 files changed, 210 insertions(+), 85 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 05d1671f..ae622745 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -198,6 +198,15 @@ runxmlconf_LDADD= $(LDADDS) + #testOOM_DEPENDENCIES = $(DEPS) + #testOOM_LDADD= $(LDADDS) + ++install-ptest: ++ @(if [ -d .libs ] ; then cd .libs; fi; \ ++ install $(check_PROGRAMS) $(DESTDIR)) ++ cp -r $(srcdir)/test $(DESTDIR) ++ cp -r $(srcdir)/result $(DESTDIR) ++ cp -r $(srcdir)/python $(DESTDIR) ++ cp Makefile $(DESTDIR) ++ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile ++ + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) + [ -d test ] || $(LN_S) $(srcdir)/test . +diff --git a/runsuite.c b/runsuite.c +index d24b5ec3..f7ff2521 100644 +--- a/runsuite.c ++++ b/runsuite.c +@@ -1147,6 +1147,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + + if (logfile != NULL) + fclose(logfile); ++ printf("%s: runsuite\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + #else /* !SCHEMAS */ +diff --git a/runtest.c b/runtest.c +index ffa98d04..470f95cb 100644 +--- a/runtest.c ++++ b/runtest.c +@@ -4508,6 +4508,7 @@ launchTests(testDescPtr tst) { + xmlCharEncCloseFunc(ebcdicHandler); + xmlCharEncCloseFunc(eucJpHandler); + ++ printf("%s: %s\n", (err == 0) ? "PASS" : "FAIL", tst->desc); + return(err); + } + +@@ -4588,6 +4589,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: runtest\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + +diff --git a/runxmlconf.c b/runxmlconf.c +index 70f61017..e882b3a1 100644 +--- a/runxmlconf.c ++++ b/runxmlconf.c +@@ -595,6 +595,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + + if (logfile != NULL) + fclose(logfile); ++ printf("%s: runxmlconf\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + +diff --git a/testapi.c b/testapi.c +index ff8b470d..52b51d78 100644 +--- a/testapi.c ++++ b/testapi.c +@@ -1246,49 +1246,91 @@ static int + testlibxml2(void) + { + int test_ret = 0; +- +- test_ret += test_HTMLparser(); +- test_ret += test_HTMLtree(); +- test_ret += test_SAX2(); +- test_ret += test_c14n(); +- test_ret += test_catalog(); +- test_ret += test_chvalid(); +- test_ret += test_debugXML(); +- test_ret += test_dict(); +- test_ret += test_encoding(); +- test_ret += test_entities(); +- test_ret += test_hash(); +- test_ret += test_list(); +- test_ret += test_nanoftp(); +- test_ret += test_nanohttp(); +- test_ret += test_parser(); +- test_ret += test_parserInternals(); +- test_ret += test_pattern(); +- test_ret += test_relaxng(); +- test_ret += test_schemasInternals(); +- test_ret += test_schematron(); +- test_ret += test_tree(); +- test_ret += test_uri(); +- test_ret += test_valid(); +- test_ret += test_xinclude(); +- test_ret += test_xmlIO(); +- test_ret += test_xmlautomata(); +- test_ret += test_xmlerror(); +- test_ret += test_xmlmodule(); +- test_ret += test_xmlreader(); +- test_ret += test_xmlregexp(); +- test_ret += test_xmlsave(); +- test_ret += test_xmlschemas(); +- test_ret += test_xmlschemastypes(); +- test_ret += test_xmlstring(); +- test_ret += test_xmlunicode(); +- test_ret += test_xmlwriter(); +- test_ret += test_xpath(); +- test_ret += test_xpathInternals(); +- test_ret += test_xpointer(); ++ int ret = 0; ++ ++ test_ret += (ret = test_HTMLparser()); ++ printf("%s: HTMLparser\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_HTMLtree()); ++ printf("%s: HTMLtree\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_SAX2()); ++ printf("%s: SAX2\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_c14n()); ++ printf("%s: c14n\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_catalog()); ++ printf("%s: catalog\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_chvalid()); ++ printf("%s: chvalid\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_debugXML()); ++ printf("%s: debugXML\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_dict()); ++ printf("%s: dict\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_encoding()); ++ printf("%s: encoding\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_entities()); ++ printf("%s: entities\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_hash()); ++ printf("%s: hash\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_list()); ++ printf("%s: list\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_nanoftp()); ++ printf("%s: nanoftp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_nanohttp()); ++ printf("%s: nanohttp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_parser()); ++ printf("%s: parser\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_parserInternals()); ++ printf("%s: parserInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_pattern()); ++ printf("%s: pattern\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_relaxng()); ++ printf("%s: relaxng\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_schemasInternals()); ++ printf("%s: schemasInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_schematron()); ++ printf("%s: schematron\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_tree()); ++ printf("%s: tree\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_uri()); ++ printf("%s: uri\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_valid()); ++ printf("%s: valid\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xinclude()); ++ printf("%s: xinclude\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlIO()); ++ printf("%s: xmlIO\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlautomata()); ++ printf("%s: xmlautomata\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlerror()); ++ printf("%s: xmlerror\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlmodule()); ++ printf("%s: xmlmodule\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlreader()); ++ printf("%s: xmlreader\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlregexp()); ++ printf("%s: xmlregexp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlsave()); ++ printf("%s: xmlsave\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlschemas()); ++ printf("%s: xmlschemas\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlschemastypes()); ++ printf("%s: xmlschemastypes\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlstring()); ++ printf("%s: xmlstring\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlunicode()); ++ printf("%s: xmlunicode\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlwriter()); ++ printf("%s: xmlwriter\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpath()); ++ printf("%s: xpath\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpathInternals()); ++ printf("%s: xpathInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpointer()); ++ printf("%s: xpointer\n", (ret == 0) ? "PASS" : "FAIL"); + + printf("Total: %d functions, %d tests, %d errors\n", + function_tests, call_tests, test_ret); ++ ++ printf("%s: testapi\n\n", (test_ret == 0) ? "PASS" : "FAIL"); + return(test_ret); + } + +diff --git a/testchar.c b/testchar.c +index 6866a175..7bce0132 100644 +--- a/testchar.c ++++ b/testchar.c +@@ -23,7 +23,7 @@ static void errorHandler(void *unused, xmlErrorPtr err) { + char document1[100] = "<doc>XXXX</doc>"; + char document2[100] = "<doc foo='XXXX'/>"; + +-static void testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, ++static int testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, + int len, char *data, int forbid1, int forbid2) { + int i; + xmlDocPtr res; +@@ -37,33 +37,41 @@ static void testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, + res = xmlReadMemory(document, len, "test", NULL, 0); + + if ((i == forbid1) || (i == forbid2)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X: %c\n", + i, i); ++ return(1); ++ } + } + + else if ((i == '<') || (i == '&')) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect illegal char %c for Byte 0x%02X\n", i, i); ++ return(1); ++ } + } + else if (((i < 0x20) || (i >= 0x80)) && + (i != 0x9) && (i != 0xA) && (i != 0xD)) { +- if ((lastError != XML_ERR_INVALID_CHAR) && (res != NULL)) ++ if ((lastError != XML_ERR_INVALID_CHAR) && (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X\n", i); ++ return(1); ++ } + } + else if (res == NULL) { + fprintf(stderr, + "Failed to parse valid char for Byte 0x%02X : %c\n", i, i); ++ return(1); + } + if (res != NULL) + xmlFreeDoc(res); + } ++ return(0); + } + +-static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, ++static int testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + int len, char *data) { + int i, j; + xmlDocPtr res; +@@ -80,10 +88,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + + /* if first bit of first char is set, then second bit must too */ + if ((i & 0x80) && ((i & 0x40) == 0)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -91,10 +101,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * bits must be 10 + */ + else if ((i & 0x80) && ((j & 0xC0) != 0x80)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -102,10 +114,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * than 0x80, i.e. one of bits 5 to 1 of i must be set + */ + else if ((i & 0x80) && ((i & 0x1E) == 0)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -113,10 +127,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * at least 3 bytes, but we give only 2 ! + */ + else if ((i & 0xE0) == 0xE0) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x00\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -125,11 +141,13 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + else if ((lastError != 0) || (res == NULL)) { + fprintf(stderr, + "Failed to parse document for Bytes 0x%02X 0x%02X\n", i, j); ++ return(1); + } + if (res != NULL) + xmlFreeDoc(res); + } + } ++ return(0); + } + + /** +@@ -141,9 +159,10 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * CDATA in text or in attribute values. + */ + +-static void testDocumentRanges(void) { ++static int testDocumentRanges(void) { + xmlParserCtxtPtr ctxt; + char *data; ++ int test_ret = 0; + + /* + * Set up a parsing context using the first document as +@@ -152,7 +171,7 @@ static void testDocumentRanges(void) { + ctxt = xmlNewParserCtxt(); + if (ctxt == NULL) { + fprintf(stderr, "Failed to allocate parser context\n"); +- return; ++ return(1); + } + + printf("testing 1 byte char in document: 1"); +@@ -163,7 +182,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at beginning of area */ +- testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), + data, -1, -1); + printf(" 2"); + fflush(stdout); +@@ -172,7 +191,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at end of area */ +- testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), + data + 3, -1, -1); + + printf(" 3"); +@@ -183,7 +202,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at beginning of area */ +- testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), + data, '\'', -1); + printf(" 4"); + fflush(stdout); +@@ -192,7 +211,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at end of area */ +- testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), + data + 3, '\'', -1); + printf(" done\n"); + +@@ -204,7 +223,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at beginning of area */ +- testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), + data); + printf(" 2"); + fflush(stdout); +@@ -213,7 +232,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at end of area */ +- testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), + data + 2); + + printf(" 3"); +@@ -224,7 +243,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at beginning of area */ +- testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), + data); + printf(" 4"); + fflush(stdout); +@@ -233,14 +252,15 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at end of area */ +- testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), + data + 2); + printf(" done\n"); + + xmlFreeParserCtxt(ctxt); ++ return(test_ret); + } + +-static void testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { + int i = 0; + int len, c; + +@@ -255,19 +275,25 @@ static void testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { + c = xmlCurrentChar(ctxt, &len); + if ((i == 0) || (i >= 0x80)) { + /* we must see an error there */ +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X\n", i); ++ return(1); ++ } + } else if (i == 0xD) { +- if ((c != 0xA) || (len != 1)) ++ if ((c != 0xA) || (len != 1)) { + fprintf(stderr, "Failed to convert char for Byte 0x%02X\n", i); ++ return(1); ++ } + } else if ((c != i) || (len != 1)) { + fprintf(stderr, "Failed to parse char for Byte 0x%02X\n", i); ++ return(1); + } + } ++ return(0); + } + +-static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + int i, j; + int len, c; + +@@ -284,10 +310,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + + /* if first bit of first char is set, then second bit must too */ + if ((i & 0x80) && ((i & 0x40) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -295,10 +323,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * bits must be 10 + */ + else if ((i & 0x80) && ((j & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X: %d\n", + i, j, c); ++ return(1); ++ } + } + + /* +@@ -306,10 +336,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * than 0x80, i.e. one of bits 5 to 1 of i must be set + */ + else if ((i & 0x80) && ((i & 0x1E) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X: %d\n", + i, j, c); ++ return(1); ++ } + } + + /* +@@ -317,10 +349,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * at least 3 bytes, but we give only 2 ! + */ + else if ((i & 0xE0) == 0xE0) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x00\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -329,6 +363,7 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + else if ((lastError != 0) || (len != 2)) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X\n", i, j); ++ return(1); + } + + /* +@@ -338,12 +373,14 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X: expect %d got %d\n", + i, j, ((j & 0x3F) + ((i & 0x1F) << 6)), c); ++ return(1); + } + } + } ++ return(0); + } + +-static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + int i, j, k, K; + int len, c; + unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF}; +@@ -368,20 +405,24 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + * at least 4 bytes, but we give only 3 ! + */ + if ((i & 0xF0) == 0xF0) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, data[3]); ++ return(1); ++ } + } + + /* + * The second and the third bytes must start with 10 + */ + else if (((j & 0xC0) != 0x80) || ((K & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); ++ } + } + + /* +@@ -390,10 +431,12 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + * the 6th byte of data[1] must be set + */ + else if (((i & 0xF) == 0) && ((j & 0x20) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); ++ } + } + + /* +@@ -401,10 +444,12 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + */ + else if (((value > 0xD7FF) && (value <0xE000)) || + ((value > 0xFFFD) && (value <0x10000))) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char 0x%04X for Bytes 0x%02X 0x%02X 0x%02X\n", + value, i, j, K); ++ return(1); ++ } + } + + /* +@@ -414,6 +459,7 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); + } + + /* +@@ -423,13 +469,15 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X: expect %d got %d\n", + i, j, data[2], value, c); ++ return(1); + } + } + } + } ++ return(0); + } + +-static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + int i, j, k, K, l, L; + int len, c; + unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF}; +@@ -458,10 +506,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * at least 5 bytes, but we give only 4 ! + */ + if ((i & 0xF8) == 0xF8) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, data[3]); ++ return(1); ++ } + } + + /* +@@ -469,10 +519,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + */ + else if (((j & 0xC0) != 0x80) || ((K & 0xC0) != 0x80) || + ((L & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -481,10 +533,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * the 6 or 5th byte of j must be set + */ + else if (((i & 0x7) == 0) && ((j & 0x30) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -493,10 +547,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + else if (((value > 0xD7FF) && (value <0xE000)) || + ((value > 0xFFFD) && (value <0x10000)) || + (value > 0x10FFFF)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char 0x%04X for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + value, i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -506,6 +562,7 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); + } + + /* +@@ -515,11 +572,13 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X: expect %d got %d\n", + i, j, data[2], value, c); ++ return(1); + } + } + } + } + } ++ return(0); + } + + /** +@@ -530,11 +589,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * cover the full range of UTF-8 chars accepted by XML-1.0 + */ + +-static void testCharRanges(void) { ++static int testCharRanges(void) { + char data[5]; + xmlParserCtxtPtr ctxt; + xmlParserInputBufferPtr buf; + xmlParserInputPtr input; ++ int test_ret = 0; + + memset(data, 0, 5); + +@@ -545,17 +605,19 @@ static void testCharRanges(void) { + ctxt = xmlNewParserCtxt(); + if (ctxt == NULL) { + fprintf(stderr, "Failed to allocate parser context\n"); +- return; ++ return(1); + } + buf = xmlParserInputBufferCreateStatic(data, sizeof(data), + XML_CHAR_ENCODING_NONE); + if (buf == NULL) { + fprintf(stderr, "Failed to allocate input buffer\n"); ++ test_ret = 1; + goto error; + } + input = xmlNewInputStream(ctxt); + if (input == NULL) { + xmlFreeParserInputBuffer(buf); ++ test_ret = 1; + goto error; + } + input->filename = NULL; +@@ -567,25 +629,28 @@ static void testCharRanges(void) { + + printf("testing char range: 1"); + fflush(stdout); +- testCharRangeByte1(ctxt, data); ++ test_ret += testCharRangeByte1(ctxt, data); + printf(" 2"); + fflush(stdout); +- testCharRangeByte2(ctxt, data); ++ test_ret += testCharRangeByte2(ctxt, data); + printf(" 3"); + fflush(stdout); +- testCharRangeByte3(ctxt, data); ++ test_ret += testCharRangeByte3(ctxt, data); + printf(" 4"); + fflush(stdout); +- testCharRangeByte4(ctxt, data); ++ test_ret += testCharRangeByte4(ctxt, data); + printf(" done\n"); + fflush(stdout); + + error: + xmlFreeParserCtxt(ctxt); ++ return(test_ret); + } + + int main(void) { + ++ int ret = 0; ++ + /* + * this initialize the library and check potential ABI mismatches + * between the version it was compiled for and the actual shared +@@ -602,8 +667,9 @@ int main(void) { + /* + * Run the tests + */ +- testCharRanges(); +- testDocumentRanges(); ++ ret += testCharRanges(); ++ ret += testDocumentRanges(); ++ printf("%s: testchar\n\n", (ret == 0) ? "PASS" : "FAIL"); + + /* + * Cleanup function for the XML library. +diff --git a/testdict.c b/testdict.c +index 40bebd05..114b9347 100644 +--- a/testdict.c ++++ b/testdict.c +@@ -440,5 +440,6 @@ int main(void) + clean_strings(); + xmlCleanupParser(); + xmlMemoryDump(); ++ printf("%s: testdict\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +diff --git a/testlimits.c b/testlimits.c +index 059116a6..f0bee68d 100644 +--- a/testlimits.c ++++ b/testlimits.c +@@ -1634,5 +1634,6 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: testlimits\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +diff --git a/testrecurse.c b/testrecurse.c +index 0cbe25a6..3ecadb40 100644 +--- a/testrecurse.c ++++ b/testrecurse.c +@@ -892,6 +892,7 @@ launchTests(testDescPtr tst) { + err++; + } + } ++ printf("%s: %s\n", (err == 0) ? "PASS" : "FAIL", tst->desc); + return(err); + } + +@@ -961,5 +962,6 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: testrecurse\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +-- +2.25.1 + diff --git a/recipes-core/libxml/libxml2_2.9.10.bb b/recipes-core/libxml/libxml2_2.9.10.bb new file mode 100644 index 0000000..dc62991 --- /dev/null +++ b/recipes-core/libxml/libxml2_2.9.10.bb @@ -0,0 +1,133 @@ +SUMMARY = "XML C Parser Library and Toolkit" +DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat." +HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2" +BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2" +SECTION = "libs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \ + file://hash.c;beginline=6;endline=15;md5=96f7296605eae807670fb08947829969 \ + file://list.c;beginline=4;endline=13;md5=cdbfa3dee51c099edb04e39f762ee907 \ + file://trio.c;beginline=5;endline=14;md5=6c025753c86d958722ec76e94cae932e" + +DEPENDS = "zlib virtual/libiconv" + +inherit gnomebase + +SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ + file://libxml-64bit.patch \ + file://runtest.patch \ + file://run-ptest \ + file://python-sitepackages-dir.patch \ + file://libxml-m4-use-pkgconfig.patch \ + file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ + file://fix-execution-of-ptests.patch \ + file://CVE-2020-7595.patch \ + file://CVE-2019-20388.patch \ + file://CVE-2020-24977.patch \ + file://CVE-2021-3517.patch \ + file://CVE-2021-3537.patch \ + file://CVE-2021-3518.patch \ + file://CVE-2021-3541.patch \ + file://CVE-2022-23308.patch \ + file://CVE-2022-23308-fix-regression.patch \ + file://CVE-2022-29824-dependent.patch \ + file://CVE-2022-29824.patch \ + file://0001-Port-gentest.py-to-Python-3.patch \ + file://CVE-2016-3709.patch \ + " + +SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" +SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" +SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" + +BINCONFIG = "${bindir}/xml2-config" + +PACKAGECONFIG ??= "python \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +inherit autotools pkgconfig binconfig-disabled ptest features_check + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)} + +RDEPENDS_${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}" + +RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}" + +RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us \ + glibc-gconv-ibm1141 \ + glibc-gconv-iso8859-5 \ + glibc-gconv-euc-jp \ + locale-base-en-us \ + " + +export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}" + +# WARNING: zlib is required for RPM use +EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma --with-fexceptions" +EXTRA_OECONF_class-native = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF_class-nativesdk = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF_linuxstdbase = "--with-debug --with-legacy --with-docbook --with-c14n --without-lzma --with-zlib" + +python populate_packages_prepend () { + # autonamer would call this libxml2-2, but we don't want that + if d.getVar('DEBIAN_NAMES'): + d.setVar('PKG_libxml2', '${MLPREFIX}libxml2') +} + +PACKAGE_BEFORE_PN += "${PN}-utils" +PACKAGES += "${PN}-python" + +FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a" +FILES_${PN}-dev += "${libdir}/xml2Conf.sh ${libdir}/cmake/*" +FILES_${PN}-utils = "${bindir}/*" +FILES_${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" + +do_configure_prepend () { + # executables take longer to package: these should not be executable + find ${S}/xmlconf/ -type f -exec chmod -x {} \+ +} + +do_compile_ptest() { + # Make sure that testapi.c is newer than gentests.py, because + # with reproducible builds, they will both get e.g. Jan 1 1970 + # modification time from SOURCE_DATE_EPOCH and then check-am + # might try to rebuild_testapi, which will fail even with + # 0001-Port-gentest.py-to-Python-3.patch, because it needs + # libxml2 module (libxml2-native dependency and correctly + # set PYTHON_SITE_PACKAGES), it's easier to + # just rely on pre-generated testapi.c from the release + touch ${S}/testapi.c + + oe_runmake check-am +} + +do_install_ptest () { + cp -r ${S}/xmlconf ${D}${PTEST_PATH} + if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then + sed -i -e 's|^\(PYTHON = \).*|\1${USRBINPATH}/${PYTHON_PN}|' \ + ${D}${PTEST_PATH}/python/tests/Makefile + grep -lrZ '#!/usr/bin/python' ${D}${PTEST_PATH}/python | + xargs -0 sed -i -e 's|/usr/bin/python|${USRBINPATH}/${PYTHON_PN}|' + fi + #Remove build host references from various Makefiles + find "${D}${PTEST_PATH}" -name Makefile -type f -exec \ + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ + -e 's:${RECIPE_SYSROOT}::g' \ + -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ + -e '/^RELDATE/d' \ + {} + +} + +do_install_append_class-native () { + # Docs are not needed in the native case + rm ${D}${datadir}/gtk-doc -rf +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-core/openvpn/openvpn/openvpn b/recipes-core/openvpn/openvpn/openvpn new file mode 100755 index 0000000..e5af4b2 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn @@ -0,0 +1,112 @@ +#!/bin/sh -e +# +# Original version by Robert Leslie +# <rob@mars.org>, edited by iwj and cs +# Modified for openvpn by Alberto Gonzalez Iniesta <agi@agi.as> +# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net> +# Modified for respecting pid file on service start by Fabian Klemp <fabian.klemp@axino-group.com> + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +DAEMON=/usr/sbin/openvpn +CONFIG_DIR=/etc/openvpn +test -x $DAEMON || exit 0 +test -d $CONFIG_DIR || exit 0 + +start_vpn () { + modprobe tun >/dev/null 2>&1 || true + start-stop-daemon --start --quiet --pidfile /var/run/openvpn.$NAME.pid \ + --exec $DAEMON -- \ + --daemon --writepid /var/run/openvpn.$NAME.pid \ + --config $CONFIG_DIR/$NAME.conf --cd $CONFIG_DIR || rc="$?" + case $rc in + 1) echo -n " ALREADY STARTED->";; + 3) echo -n " FAILED->";; + esac + echo -n " $NAME" +} + +stop_vpn () { + kill `cat $PIDFILE` || true + rm $PIDFILE +} + +case "$1" in +start) + echo -n "Starting openvpn:" + + if test -z $2 ; then + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + start_vpn + done + else + if test -e $CONFIG_DIR/$2.conf ; then + NAME=$2 + start_vpn + else + echo -n " No such VPN: $2" + fi + fi + echo "." + + ;; +stop) + echo -n "Stopping openvpn:" + + if test -z $2 ; then + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + stop_vpn + echo -n " $NAME" + done + else + if test -e /var/run/openvpn.$2.pid ; then + PIDFILE=`ls /var/run/openvpn.$2.pid 2> /dev/null` + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + stop_vpn + echo -n " $NAME" + else + echo -n " No such VPN: $2" + fi + fi + echo "." + ;; +# We only 'reload' for running VPNs. New ones will only start with 'start' or 'restart'. +reload|force-reload) + echo -n "Reloading openvpn:" + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} +# If openvpn if running under a different user than root we'll need to restart + if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then + stop_vpn + sleep 1 + start_vpn + echo -n "(restarted)" + else + kill -HUP `cat $PIDFILE` || true +# start-stop-daemon --stop --signal HUP --quiet --oknodo \ +# --exec $DAEMON --pidfile $PIDFILE + echo -n " $NAME" + fi + done + echo "." + ;; + +restart) + $0 stop $2 + sleep 1 + $0 start $2 + ;; +*) + echo "Usage: $0 {start|stop|reload|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 + +# vim:set ai et sts=2 sw=2 tw=0: diff --git a/recipes-core/openvpn/openvpn/openvpn-volatile.conf b/recipes-core/openvpn/openvpn/openvpn-volatile.conf new file mode 100644 index 0000000..1205806 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn-volatile.conf @@ -0,0 +1 @@ +d @LOCALSTATEDIR@/run/openvpn 0755 root root - diff --git a/recipes-core/openvpn/openvpn/openvpn@.service b/recipes-core/openvpn/openvpn/openvpn@.service new file mode 100644 index 0000000..358dcb7 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn@.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I +After=syslog.target network.target + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf + +[Install] +WantedBy=multi-user.target diff --git a/recipes-core/openvpn/openvpn_2.4.12.bb b/recipes-core/openvpn/openvpn_2.4.12.bb new file mode 100644 index 0000000..55e6603 --- /dev/null +++ b/recipes-core/openvpn/openvpn_2.4.12.bb @@ -0,0 +1,76 @@ +SUMMARY = "A full-featured SSL VPN solution via tun device." +HOMEPAGE = "https://openvpn.net/" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=7aee596ed2deefe3e8a861e24292abba" +DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +inherit autotools systemd update-rc.d + +SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ + file://openvpn \ + file://openvpn@.service \ + file://openvpn-volatile.conf" + +UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" + +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc" +SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee" + +# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. +CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" + +SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" +SYSTEMD_AUTO_ENABLE = "disable" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME_${PN} = "openvpn" +INITSCRIPT_PARAMS_${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." + +CFLAGS += "-fno-inline" + +# I want openvpn to be able to read password from file (hrw) +EXTRA_OECONF += "--enable-iproute2" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" + +# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. +EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d + + install -d ${D}/${sysconfdir}/openvpn + install -d ${D}/${sysconfdir}/openvpn/sample + install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf + install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys + install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service + + install -d ${D}/${localstatedir} + install -d ${D}/${localstatedir}/lib + install -d -m 710 ${D}/${localstatedir}/lib/openvpn + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + fi +} + +PACKAGES =+ " ${PN}-sample " + +RRECOMMENDS_${PN} = "kernel-module-tun" + +FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug" +FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \ + ${sysconfdir}/tmpfiles.d \ + " +FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \ + ${systemd_unitdir}/system/openvpn@loopback-client.service \ + ${sysconfdir}/openvpn/sample/" diff --git a/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch b/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch new file mode 100644 index 0000000..e6cc915 --- /dev/null +++ b/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch @@ -0,0 +1,80 @@ +Upstream-Status: Submitted [https://github.com/madler/zlib/pull/599] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From f15584918a7fbbe3cc794ad59100e5e8153ea9f6 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 8 Mar 2022 22:38:47 -0800 +Subject: [PATCH] configure: Pass LDFLAGS to link tests + +LDFLAGS can contain critical flags without which linking wont succeed +therefore ensure that all configure tests involving link time checks are +using LDFLAGS on compiler commandline along with CFLAGS to ensure the +tests perform correctly. Without this some tests may fail resulting in +wrong confgure result, ending in miscompiling the package + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure b/configure +index 52ff4a0..d04ee59 100755 +--- a/configure ++++ b/configure +@@ -427,7 +427,7 @@ if test $shared -eq 1; then + echo Checking for shared library support... | tee -a configure.log + # we must test in two steps (cc then ld), required at least on SunOS 4.x + if try $CC -w -c $SFLAGS $test.c && +- try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then ++ try $LDSHARED $SFLAGS $LDFLAGS -o $test$shared_ext $test.o; then + echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log + elif test -z "$old_cc" -a -z "$old_cflags"; then + echo No shared library support. | tee -a configure.log +@@ -503,7 +503,7 @@ int main(void) { + } + EOF + fi +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + sizet=`./$test` + echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log + CFLAGS="${CFLAGS} -DNO_SIZE_T=${sizet}" +@@ -537,7 +537,7 @@ int main(void) { + return 0; + } + EOF +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for fseeko... Yes." | tee -a configure.log + else + CFLAGS="${CFLAGS} -DNO_FSEEKO" +@@ -554,7 +554,7 @@ cat > $test.c <<EOF + #include <errno.h> + int main() { return strlen(strerror(errno)); } + EOF +-if try $CC $CFLAGS -o $test $test.c; then ++if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for strerror... Yes." | tee -a configure.log + else + CFLAGS="${CFLAGS} -DNO_STRERROR" +@@ -661,7 +661,7 @@ int main() + return (mytest("Hello%d\n", 1)); + } + EOF +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log + + echo >> configure.log +@@ -751,7 +751,7 @@ int main() + } + EOF + +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log + + echo >> configure.log +-- +2.25.1 + diff --git a/recipes-core/zlib/zlib/run-ptest b/recipes-core/zlib/zlib/run-ptest new file mode 100644 index 0000000..065863e --- /dev/null +++ b/recipes-core/zlib/zlib/run-ptest @@ -0,0 +1,7 @@ +#!/bin/sh + +if ./examplesh ; then + echo "PASS: zlib" +else + echo "FAIL: zlib" +fi diff --git a/recipes-core/zlib/zlib_1.2.13.bb b/recipes-core/zlib/zlib_1.2.13.bb new file mode 100644 index 0000000..ec977a3 --- /dev/null +++ b/recipes-core/zlib/zlib_1.2.13.bb @@ -0,0 +1,47 @@ +SUMMARY = "Zlib Compression Library" +DESCRIPTION = "Zlib is a general-purpose, patent-free, lossless data compression \ +library which is used by many different programs." +HOMEPAGE = "http://zlib.net/" +SECTION = "libs" +LICENSE = "Zlib" +LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0" + +# The source tarball needs to be .gz as only the .gz ends up in fossils/ +SRC_URI = "https://zlib.net/${BP}.tar.gz \ + file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ + file://run-ptest \ + " +UPSTREAM_CHECK_URI = "http://zlib.net/" + +SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" + +# When a new release is made the previous release is moved to fossils/, so add this +# to PREMIRRORS so it is also searched automatically. +PREMIRRORS:append = " https://zlib.net/ https://zlib.net/fossils/" + +CFLAGS += "-D_REENTRANT" + +RDEPENDS:${PN}-ptest += "make" + +inherit ptest + +B = "${WORKDIR}/build" + +do_configure() { + LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU +} +do_configure[cleandirs] += "${B}" + +do_compile() { + oe_runmake shared +} + +do_install() { + oe_runmake DESTDIR=${D} install +} + +do_install_ptest() { + install ${B}/examplesh ${D}${PTEST_PATH} +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb new file mode 100644 index 0000000..4f8bbf0 --- /dev/null +++ b/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb @@ -0,0 +1,105 @@ +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ +device-mapper mappings. These include plain dm-crypt volumes and \ +LUKS volumes. The difference is that LUKS uses a metadata header \ +and can hence offer more features than plain dm-crypt. On the other \ +hand, the header is visible and vulnerable to damage." +HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" +SECTION = "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS = " \ + json-c \ + libdevmapper \ + popt \ + util-linux-libuuid \ +" + +DEPENDS:append:libc-musl = " argp-standalone" +LDFLAGS:append:libc-musl = " -largp" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" +SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507" + +inherit autotools gettext pkgconfig + +# Use openssl because libgcrypt drops root privileges +# if libgcrypt is linked with libcap support +PACKAGECONFIG ??= " \ + keyring \ + cryptsetup \ + veritysetup \ + cryptsetup-reencrypt \ + integritysetup \ + ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ + kernel_crypto \ + internal-argon2 \ + blkid \ + luks-adjust-xts-keysize \ + openssl \ + ssh-token \ +" +PACKAGECONFIG:append:class-target = " \ + udev \ +" + +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt" +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't +# recognized. +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" +PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" + +EXTRA_OECONF = "--enable-static" +# Building without largefile is not supported by upstream +EXTRA_OECONF += "--enable-largefile" +# Requires a static popt library +EXTRA_OECONF += "--disable-static-cryptsetup" +# There's no recipe for libargon2 yet +EXTRA_OECONF += "--disable-libargon2" + +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} + +FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" + +RDEPENDS:${PN} = " \ + libdevmapper \ +" + +RRECOMMENDS:${PN}:class-target = " \ + kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-devtools/cmake/cmake-native_3.24.2.bb b/recipes-devtools/cmake/cmake-native_3.24.2.bb new file mode 100644 index 0000000..bcc87eb --- /dev/null +++ b/recipes-devtools/cmake/cmake-native_3.24.2.bb @@ -0,0 +1,65 @@ +require cmake.inc +inherit native + +DEPENDS += "bzip2-replacement-native xz-native zlib-native curl-native ncurses-native zstd-native" + +SRC_URI += "file://OEToolchainConfig.cmake \ + file://environment.d-cmake.sh \ + file://0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch \ + file://0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch \ + " + +LICENSE:append = " & BSD-1-Clause & MIT & BSD-2-Clause" +LIC_FILES_CHKSUM:append = " \ + file://Utilities/cmjsoncpp/LICENSE;md5=5d73c165a0f9e86a1342f32d19ec5926 \ + file://Utilities/cmlibarchive/COPYING;md5=d499814247adaee08d88080841cb5665 \ + file://Utilities/cmexpat/COPYING;md5=9e2ce3b3c4c0f2670883a23bbd7c37a9 \ + file://Utilities/cmlibrhash/COPYING;md5=a8c2a557a5c53b1c12cddbee98c099af \ + file://Utilities/cmlibuv/LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d \ +" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +CMAKE_EXTRACONF = "\ + -DCMAKE_LIBRARY_PATH=${STAGING_LIBDIR_NATIVE} \ + -DBUILD_CursesDialog=1 \ + -DCMAKE_USE_SYSTEM_LIBRARIES=1 \ + -DCMAKE_USE_SYSTEM_LIBRARY_JSONCPP=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_LIBARCHIVE=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_LIBUV=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_LIBRHASH=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_EXPAT=0 \ + -DENABLE_ACL=0 -DHAVE_ACL_LIBACL_H=0 \ + -DHAVE_SYS_ACL_H=0 \ + -DCURL_LIBRARIES=-lcurl \ +" + +do_configure () { + ${S}/configure --verbose --prefix=${prefix} \ + ${@oe.utils.parallel_make_argument(d, '--parallel=%d')} \ + ${@bb.utils.contains('CCACHE', 'ccache ', '--enable-ccache', '', d)} \ + -- ${CMAKE_EXTRACONF} +} + +do_compile() { + oe_runmake +} + +do_install() { + oe_runmake 'DESTDIR=${D}' install + + # The following codes are here because eSDK needs to provide compatibilty + # for SDK. That is, eSDK could also be used like traditional SDK. + mkdir -p ${D}${datadir}/cmake + install -m 644 ${WORKDIR}/OEToolchainConfig.cmake ${D}${datadir}/cmake/ + mkdir -p ${D}${base_prefix}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-cmake.sh ${D}${base_prefix}/environment-setup.d/cmake.sh + + # Help docs create tons of files in the native sysroot and aren't needed there + rm -rf ${D}${datadir}/cmake-*/Help +} + +do_compile[progress] = "percent" + +SYSROOT_DIRS_NATIVE += "${datadir}/cmake ${base_prefix}/environment-setup.d" diff --git a/recipes-devtools/cmake/cmake.inc b/recipes-devtools/cmake/cmake.inc new file mode 100644 index 0000000..7561e85 --- /dev/null +++ b/recipes-devtools/cmake/cmake.inc @@ -0,0 +1,28 @@ +# Copyright (C) 2005, Koninklijke Philips Electronics NV. All Rights Reserved +# Released under the MIT license (see packages/COPYING) + +SUMMARY = "Cross-platform, open-source make system" +DESCRIPTION = "CMake is used to control the software compilation process \ +using simple platform and compiler independent configuration files. CMake \ +generates native makefiles and workspaces that can be used in the compiler \ +environment of your choice." +HOMEPAGE = "http://www.cmake.org/" +BUGTRACKER = "http://public.kitware.com/Bug/my_view_page.php" +SECTION = "console/utils" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://Copyright.txt;md5=45025187a129339459b6f1a24f7fac6e \ + file://Source/cmake.h;beginline=1;endline=2;md5=a5f70e1fef8614734eae0d62b4f5891b \ + " + +CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" + +SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ +" + +SRC_URI[sha256sum] = "0d9020f06f3ddf17fb537dc228e1a56c927ee506b486f55fe2dc19f69bf0c8db" + +UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" + +# This is specific to the npm package that installs cmake, so isn't +# relevant to OpenEmbedded +CVE_CHECK_IGNORE += "CVE-2016-10642" diff --git a/recipes-devtools/cmake/cmake/0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch b/recipes-devtools/cmake/cmake/0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch new file mode 100644 index 0000000..9a2287f --- /dev/null +++ b/recipes-devtools/cmake/cmake/0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch @@ -0,0 +1,44 @@ +From 89f6c846f02ad6d30b9ebb7eaaaa4fb6f9cec054 Mon Sep 17 00:00:00 2001 +From: Cody P Schafer <dev@codyps.com> +Date: Thu, 27 Apr 2017 11:35:05 -0400 +Subject: [PATCH] CMakeDetermineSystem: use oe environment vars to load default + toolchain file in sdk + +Passing the toolchain by: + + - shell aliases does not work if cmake is called by a script + - unconditionally by a wrapper script causes cmake to believe it is + configuring things when it is not (for example, `cmake --build` breaks). + +The OE_CMAKE_TOOLCHAIN_FILE variable is only used as a default if no +toolchain is explicitly specified. + +Setting the CMAKE_TOOLCHAIN_FILE cmake variable is marked as cached +because '-D' options are cache entries themselves. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Cody P Schafer <dev@codyps.com> +Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> + +--- + Modules/CMakeDetermineSystem.cmake | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/Modules/CMakeDetermineSystem.cmake b/Modules/CMakeDetermineSystem.cmake +index 8c7af067..ade2b189 100644 +--- a/Modules/CMakeDetermineSystem.cmake ++++ b/Modules/CMakeDetermineSystem.cmake +@@ -112,6 +112,13 @@ else() + endif() + endif() + ++if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) ++ if(DEFINED ENV{OE_CMAKE_TOOLCHAIN_FILE}) ++ set(CMAKE_TOOLCHAIN_FILE "$ENV{OE_CMAKE_TOOLCHAIN_FILE}" CACHE FILEPATH "toolchain file") ++ message(STATUS "Toolchain file defaulted to '${CMAKE_TOOLCHAIN_FILE}'") ++ endif() ++endif() ++ + # if a toolchain file is used, the user wants to cross compile. + # in this case read the toolchain file and keep the CMAKE_HOST_SYSTEM_* + # variables around so they can be used in CMakeLists.txt. diff --git a/recipes-devtools/cmake/cmake/0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch b/recipes-devtools/cmake/cmake/0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch new file mode 100644 index 0000000..d6f7308 --- /dev/null +++ b/recipes-devtools/cmake/cmake/0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch @@ -0,0 +1,39 @@ +From fd9a04c1434e12f21c043385e306e0b52d38d749 Mon Sep 17 00:00:00 2001 +From: Otavio Salvador <otavio@ossystems.com.br> +Date: Thu, 5 Jul 2018 10:28:04 -0300 +Subject: [PATCH] Disable use of ext2fs/ext2_fs.h by cmake's internal + + libarchive copy +Organization: O.S. Systems Software LTDA. + +We don't want to add a dependency on e2fsprogs-native for cmake-native, +and we don't use CPack so just disable this functionality. + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> +Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> + +--- + Utilities/cmlibarchive/CMakeLists.txt | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/Utilities/cmlibarchive/CMakeLists.txt b/Utilities/cmlibarchive/CMakeLists.txt +index bfcaf30..2960683 100644 +--- a/Utilities/cmlibarchive/CMakeLists.txt ++++ b/Utilities/cmlibarchive/CMakeLists.txt +@@ -682,12 +682,8 @@ LA_CHECK_INCLUDE_FILE("copyfile.h" HAVE_COPYFILE_H) + LA_CHECK_INCLUDE_FILE("direct.h" HAVE_DIRECT_H) + LA_CHECK_INCLUDE_FILE("dlfcn.h" HAVE_DLFCN_H) + LA_CHECK_INCLUDE_FILE("errno.h" HAVE_ERRNO_H) +-LA_CHECK_INCLUDE_FILE("ext2fs/ext2_fs.h" HAVE_EXT2FS_EXT2_FS_H) +- +-CHECK_C_SOURCE_COMPILES("#include <sys/ioctl.h> +-#include <ext2fs/ext2_fs.h> +-int main(void) { return EXT2_IOC_GETFLAGS; }" HAVE_WORKING_EXT2_IOC_GETFLAGS) +- ++SET(HAVE_EXT2FS_EXT2_FS_H 0) ++SET(HAVE_WORKING_EXT2_IOC_GETFLAGS 0) + LA_CHECK_INCLUDE_FILE("fcntl.h" HAVE_FCNTL_H) + LA_CHECK_INCLUDE_FILE("grp.h" HAVE_GRP_H) + LA_CHECK_INCLUDE_FILE("io.h" HAVE_IO_H) diff --git a/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake new file mode 100644 index 0000000..d6a1e04 --- /dev/null +++ b/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -0,0 +1,20 @@ +set( CMAKE_SYSTEM_NAME Linux ) +set( CMAKE_C_FLAGS $ENV{CFLAGS} CACHE STRING "" FORCE ) +set( CMAKE_CXX_FLAGS $ENV{CXXFLAGS} CACHE STRING "" FORCE ) +set( CMAKE_SYSROOT $ENV{OECORE_TARGET_SYSROOT} ) + +set( CMAKE_FIND_ROOT_PATH $ENV{OECORE_TARGET_SYSROOT} ) +set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER ) +set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) +set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) +set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY ) + +set(CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX "$ENV{OE_CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX}") + +set( CMAKE_SYSTEM_PROCESSOR $ENV{OECORE_TARGET_ARCH} ) + +# Include the toolchain configuration subscripts +file( GLOB toolchain_config_files "${CMAKE_CURRENT_LIST_FILE}.d/*.cmake" ) +foreach(config ${toolchain_config_files}) + include(${config}) +endforeach() diff --git a/recipes-devtools/cmake/cmake/SDKToolchainConfig.cmake.template b/recipes-devtools/cmake/cmake/SDKToolchainConfig.cmake.template new file mode 100644 index 0000000..c69569a --- /dev/null +++ b/recipes-devtools/cmake/cmake/SDKToolchainConfig.cmake.template @@ -0,0 +1,31 @@ +set(SDK_INSTALL_DIR "${CMAKE_CURRENT_LIST_DIR}/../../../../..") +set(HOST_SYSROOT "${SDK_INSTALL_DIR}/sysroots/@OECORE_SDK_SYS") +set(TARGET_SYSROOT "${SDK_INSTALL_DIR}/sysroots/@OECORE_TARGET_SYS") +set(HOST_BIN "${HOST_SYSROOT}/usr/bin") +set(TOOLCHAIN_NAME "@OECORE_TARGET_ALIAS") +set(GCC_DIR "${HOST_BIN}/${TOOLCHAIN_NAME}") + +set(CMAKE_SYSTEM_NAME Linux) +set(CMAKE_SYSTEM_PROCESSOR "@OECORE_TARGET_ARCH") + +set(CMAKE_C_COMPILER "${GCC_DIR}/${TOOLCHAIN_NAME}-gcc") +set(CMAKE_CXX_COMPILER "${GCC_DIR}/${TOOLCHAIN_NAME}-g++") + +set(ARCH_FLAGS "@OECORE_TUNE_CCARGS") +set(CMAKE_C_FLAGS "${ARCH_FLAGS}" CACHE STRING "" FORCE ) +set(CMAKE_CXX_FLAGS "${ARCH_FLAGS}" CACHE STRING "" FORCE ) +set(CMAKE_ASM_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) +set(CMAKE_LDFLAGS_FLAGS ${CMAKE_C_FLAGS} CACHE STRING "" FORCE ) + +set(CMAKE_SYSROOT "${TARGET_SYSROOT}") + +set(CMAKE_FIND_ROOT_PATH "${TARGET_SYSROOT}" ) + +set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER ) +set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) +set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) +set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY ) + +set(CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX "") + +set(CMAKE_PROGRAM_PATH "${HOST_SYSROOT}/usr/bin" CACHE STRING "" FORCE) diff --git a/recipes-devtools/cmake/cmake/cmake-setup.py b/recipes-devtools/cmake/cmake/cmake-setup.py new file mode 100755 index 0000000..af587a4 --- /dev/null +++ b/recipes-devtools/cmake/cmake/cmake-setup.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python3 + +import os +import string +import sys + +class Template(string.Template): + delimiter = "@" + +class Environ(): + def __getitem__(self, name): + if name == "OECORE_SDK_SYS": + return os.path.basename(os.environ["OECORE_NATIVE_SYSROOT"]) + elif name == "OECORE_TARGET_SYS": + return os.path.basename(os.environ["OECORE_TARGET_SYSROOT"]) + elif name == "OECORE_TARGET_ALIAS": + return os.path.basename(os.environ["TARGET_PREFIX"].strip("-")) + else: + return os.environ[name] + +try: + sysroot = os.environ['OECORE_NATIVE_SYSROOT'] +except KeyError: + print("Not in environment setup, bailing") + sys.exit(1) + +template_file = os.path.join(sysroot, 'usr/share/cmake/SDKToolchainConfig.cmake.template') +cross_file = os.path.join(sysroot, 'usr/share/cmake/%s-toolchain.cmake' % (os.path.basename(os.environ["OECORE_TARGET_SYSROOT"]))) +with open(template_file) as in_file: + template = in_file.read() + output = Template(template).substitute(Environ()) + with open(cross_file, "w") as out_file: + out_file.write(output) diff --git a/recipes-devtools/cmake/cmake/environment.d-cmake.sh b/recipes-devtools/cmake/cmake/environment.d-cmake.sh new file mode 100644 index 0000000..7bdb19f --- /dev/null +++ b/recipes-devtools/cmake/cmake/environment.d-cmake.sh @@ -0,0 +1,2 @@ +export OE_CMAKE_TOOLCHAIN_FILE="$OECORE_NATIVE_SYSROOT/usr/share/cmake/OEToolchainConfig.cmake" +export OE_CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX="`echo $OECORE_BASELIB | sed -e s/lib//`" diff --git a/recipes-devtools/cmake/cmake_3.24.2.bb b/recipes-devtools/cmake/cmake_3.24.2.bb new file mode 100644 index 0000000..bb7ed83 --- /dev/null +++ b/recipes-devtools/cmake/cmake_3.24.2.bb @@ -0,0 +1,67 @@ +require cmake.inc + +inherit cmake bash-completion + +DEPENDS += "curl expat zlib libarchive xz ncurses bzip2" + +SRC_URI:append:class-nativesdk = " \ + file://OEToolchainConfig.cmake \ + file://SDKToolchainConfig.cmake.template \ + file://cmake-setup.py \ + file://environment.d-cmake.sh \ + file://0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch \ +" + +LICENSE:append = " & BSD-1-Clause & MIT" +LIC_FILES_CHKSUM:append = " \ + file://Utilities/cmjsoncpp/LICENSE;md5=5d73c165a0f9e86a1342f32d19ec5926 \ + file://Utilities/cmlibrhash/COPYING;md5=a8c2a557a5c53b1c12cddbee98c099af \ + file://Utilities/cmlibuv/LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d \ +" + +# Strip ${prefix} from ${docdir}, set result into docdir_stripped +python () { + prefix=d.getVar("prefix") + docdir=d.getVar("docdir") + + if not docdir.startswith(prefix): + bb.fatal('docdir must contain prefix as its prefix') + + docdir_stripped = docdir[len(prefix):] + if len(docdir_stripped) > 0 and docdir_stripped[0] == '/': + docdir_stripped = docdir_stripped[1:] + + d.setVar("docdir_stripped", docdir_stripped) +} + +EXTRA_OECMAKE=" \ + -DCMAKE_DOC_DIR=${docdir_stripped}/cmake-${CMAKE_MAJOR_VERSION} \ + -DCMAKE_USE_SYSTEM_LIBRARIES=1 \ + -DCMAKE_USE_SYSTEM_LIBRARY_JSONCPP=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_LIBUV=0 \ + -DCMAKE_USE_SYSTEM_LIBRARY_LIBRHASH=0 \ + -DKWSYS_CHAR_IS_SIGNED=1 \ + -DBUILD_CursesDialog=0 \ + -DKWSYS_LFS_WORKS=1 \ +" + +do_install:append:class-nativesdk() { + mkdir -p ${D}${datadir}/cmake + install -m 644 ${WORKDIR}/OEToolchainConfig.cmake ${D}${datadir}/cmake/ + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-cmake.sh ${D}${SDKPATHNATIVE}/environment-setup.d/cmake.sh + + # install cmake-setup.py to create arch-specific toolchain cmake file from template + install -m 0644 ${WORKDIR}/SDKToolchainConfig.cmake.template ${D}${datadir}/cmake/ + install -d ${D}${SDKPATHNATIVE}/post-relocate-setup.d + install -m 0755 ${WORKDIR}/cmake-setup.py ${D}${SDKPATHNATIVE}/post-relocate-setup.d/ +} + +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}" + +FILES:${PN} += "${datadir}/cmake-${CMAKE_MAJOR_VERSION} ${datadir}/cmake ${datadir}/aclocal ${datadir}/emacs ${datadir}/vim" +FILES:${PN}-doc += "${docdir}/cmake-${CMAKE_MAJOR_VERSION}" +FILES:${PN}-dev = "" + +BBCLASSEXTEND = "nativesdk" diff --git a/recipes-devtools/python/python3/CVE-2022-37454.patch b/recipes-devtools/python/python3/CVE-2022-37454.patch new file mode 100644 index 0000000..f45c5bd --- /dev/null +++ b/recipes-devtools/python/python3/CVE-2022-37454.patch @@ -0,0 +1,106 @@ +From 948c6794711458fd148a3fa62296cadeeb2ed631 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 28 Oct 2022 03:07:50 -0700 +Subject: [PATCH] [3.8] gh-98517: Fix buffer overflows in _sha3 module + (GH-98519) (#98527) + +This is a port of the applicable part of XKCP's fix [1] for +CVE-2022-37454 and avoids the segmentation fault and the infinite +loop in the test cases published in [2]. + +[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a +[2]: https://mouha.be/sha-3-buffer-overflow/ + +Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org> +(cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3) + +Co-authored-by: Theo Buehler <botovq@users.noreply.github.com> + +CVE: CVE-2022-37454 +Upstream-Status: Backport [https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631] +Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> +--- + Lib/test/test_hashlib.py | 9 +++++++++ + .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 + + Modules/_sha3/kcp/KeccakSponge.inc | 15 ++++++++------- + 3 files changed, 18 insertions(+), 7 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst + +diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py +index 8b53d23ef525..e6cec4e306e5 100644 +--- a/Lib/test/test_hashlib.py ++++ b/Lib/test/test_hashlib.py +@@ -434,6 +434,15 @@ def test_case_md5_huge(self, size): + def test_case_md5_uintmax(self, size): + self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3') + ++ @unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit systems') ++ @bigmemtest(size=_4G - 1, memuse=1, dry_run=False) ++ def test_sha3_update_overflow(self, size): ++ """Regression test for gh-98517 CVE-2022-37454.""" ++ h = hashlib.sha3_224() ++ h.update(b'\x01') ++ h.update(b'\x01'*0xffff_ffff) ++ self.assertEqual(h.hexdigest(), '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed') ++ + # use the three examples from Federal Information Processing Standards + # Publication 180-1, Secure Hash Standard, 1995 April 17 + # http://www.itl.nist.gov/div897/pubs/fip180-1.htm +diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst +new file mode 100644 +index 000000000000..2d23a6ad93c7 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst +@@ -0,0 +1 @@ ++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454). +diff --git a/Modules/_sha3/kcp/KeccakSponge.inc b/Modules/_sha3/kcp/KeccakSponge.inc +index e10739deafa8..cf92e4db4d36 100644 +--- a/Modules/_sha3/kcp/KeccakSponge.inc ++++ b/Modules/_sha3/kcp/KeccakSponge.inc +@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + +@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -299,9 +299,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); + diff --git a/recipes-devtools/python/python3/CVE-2022-45061.patch b/recipes-devtools/python/python3/CVE-2022-45061.patch new file mode 100644 index 0000000..2d0a449 --- /dev/null +++ b/recipes-devtools/python/python3/CVE-2022-45061.patch @@ -0,0 +1,101 @@ +From 064ec20bf7a181ba5fa961aaa12973812aa6ca5d Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 7 Nov 2022 18:57:10 -0800 +Subject: [PATCH] [3.11] gh-98433: Fix quadratic time idna decoding. (GH-99092) + (GH-99222) + +There was an unnecessary quadratic loop in idna decoding. This restores +the behavior to linear. + +(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d) + +(cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15) + +Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> +Co-authored-by: Gregory P. Smith <greg@krypto.org> + +CVE: CVE-2022-45061 +Upstream-Status: Backport [https://github.com/python/cpython/pull/99231/commits/064ec20bf7a181ba5fa961aaa12973812aa6ca5d] +Signed-off-by: Omkar Patil <Omkar.Patil@kpit.com> + +--- + Lib/encodings/idna.py | 32 +++++++++---------- + Lib/test/test_codecs.py | 6 ++++ + ...2-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 ++++ + 3 files changed, 27 insertions(+), 17 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst + +diff --git a/Lib/encodings/idna.py b/Lib/encodings/idna.py +index ea4058512fe3..bf98f513366b 100644 +--- a/Lib/encodings/idna.py ++++ b/Lib/encodings/idna.py +@@ -39,23 +39,21 @@ def nameprep(label): + + # Check bidi + RandAL = [stringprep.in_table_d1(x) for x in label] +- for c in RandAL: +- if c: +- # There is a RandAL char in the string. Must perform further +- # tests: +- # 1) The characters in section 5.8 MUST be prohibited. +- # This is table C.8, which was already checked +- # 2) If a string contains any RandALCat character, the string +- # MUST NOT contain any LCat character. +- if any(stringprep.in_table_d2(x) for x in label): +- raise UnicodeError("Violation of BIDI requirement 2") +- +- # 3) If a string contains any RandALCat character, a +- # RandALCat character MUST be the first character of the +- # string, and a RandALCat character MUST be the last +- # character of the string. +- if not RandAL[0] or not RandAL[-1]: +- raise UnicodeError("Violation of BIDI requirement 3") ++ if any(RandAL): ++ # There is a RandAL char in the string. Must perform further ++ # tests: ++ # 1) The characters in section 5.8 MUST be prohibited. ++ # This is table C.8, which was already checked ++ # 2) If a string contains any RandALCat character, the string ++ # MUST NOT contain any LCat character. ++ if any(stringprep.in_table_d2(x) for x in label): ++ raise UnicodeError("Violation of BIDI requirement 2") ++ # 3) If a string contains any RandALCat character, a ++ # RandALCat character MUST be the first character of the ++ # string, and a RandALCat character MUST be the last ++ # character of the string. ++ if not RandAL[0] or not RandAL[-1]: ++ raise UnicodeError("Violation of BIDI requirement 3") + + return label + +diff --git a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py +index d1faf0126c1e..37ade7d80d02 100644 +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1532,6 +1532,12 @@ def test_builtin_encode(self): + self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") + self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") + ++ def test_builtin_decode_length_limit(self): ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*1100).decode("idna") ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*70).decode("idna") ++ + def test_stream(self): + r = codecs.getreader("idna")(io.BytesIO(b"abc")) + r.read(3) +diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +new file mode 100644 +index 000000000000..5185fac2e29d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +@@ -0,0 +1,6 @@ ++The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` ++related name resolution functions no longer involves a quadratic algorithm. ++This prevents a potential CPU denial of service if an out-of-spec excessive ++length hostname involving bidirectional characters were decoded. Some protocols ++such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker ++to supply such a name. + diff --git a/recipes-devtools/python/python3_%.bbappend b/recipes-devtools/python/python3_%.bbappend index 70b4561..6636814 100644 --- a/recipes-devtools/python/python3_%.bbappend +++ b/recipes-devtools/python/python3_%.bbappend @@ -1,6 +1,13 @@ # Make python3 the default # Remove this stuff if there is ever a python4. +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append = " \ + file://CVE-2022-45061.patch \ + file://CVE-2022-37454.patch \ +" + # Debian and Ubuntu have this (prior levels linked to python2) PACKAGES_append = " python-is-python3" ALLOW_EMPTY_python-is-python3 = "1" diff --git a/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch new file mode 100644 index 0000000..474d82d --- /dev/null +++ b/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -0,0 +1,173 @@ +From 785c0072c80c2f6e0839478453cf65fdeac15da0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 29 Aug 2022 19:53:28 -0700 +Subject: [PATCH] Add missing prototypes to function declarations + +With Clang 15+ compiler -Wstrict-prototypes is triggering warnings which +are turned into errors with -Werror, this fixes the problem by adding +missing prototypes + +Fixes errors like +| log.c:134:24: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes] +| static void syslog_init() +| ^ +| void + +Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + checksum.c | 2 +- + exclude.c | 2 +- + hlink.c | 3 +-- + lib/pool_alloc.c | 2 +- + log.c | 2 +- + main.c | 2 +- + syscall.c | 4 ++-- + zlib/crc32.c | 2 +- + zlib/trees.c | 2 +- + zlib/zutil.c | 4 ++-- + 10 files changed, 12 insertions(+), 13 deletions(-) + +diff --git a/checksum.c b/checksum.c +index fb8c0a0..174c28c 100644 +--- a/checksum.c ++++ b/checksum.c +@@ -629,7 +629,7 @@ int sum_end(char *sum) + return csum_len_for_type(cursum_type, 0); + } + +-void init_checksum_choices() ++void init_checksum_choices(void) + { + #ifdef SUPPORT_XXH3 + char buf[32816]; +diff --git a/exclude.c b/exclude.c +index adc82e2..79f5a82 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -358,7 +358,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end) + memcpy(partial_string_buf, s_start, partial_string_len); + } + +-void free_implied_include_partial_string() ++void free_implied_include_partial_string(void) + { + if (partial_string_buf) { + free(partial_string_buf); +diff --git a/hlink.c b/hlink.c +index 66810a3..6511dfb 100644 +--- a/hlink.c ++++ b/hlink.c +@@ -117,8 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count) + struct ht_int32_node *node = NULL; + int32 gnum, gnum_next; + +- qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)()) hlink_compare_gnum); +- ++ qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)(const void *, const void *)) hlink_compare_gnum); + for (from = 0; from < ndx_count; from++) { + file = hlink_flist->sorted[ndx_list[from]]; + gnum = F_HL_GNUM(file); +diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c +index a1a7245..4eae062 100644 +--- a/lib/pool_alloc.c ++++ b/lib/pool_alloc.c +@@ -9,7 +9,7 @@ struct alloc_pool + size_t size; /* extent size */ + size_t quantum; /* allocation quantum */ + struct pool_extent *extents; /* top extent is "live" */ +- void (*bomb)(); /* called if malloc fails */ ++ void (*bomb)(const char *, const char *, int); /* called if malloc fails */ + int flags; + + /* statistical data */ +diff --git a/log.c b/log.c +index 44344e2..991e359 100644 +--- a/log.c ++++ b/log.c +@@ -131,7 +131,7 @@ static void logit(int priority, const char *buf) + } + } + +-static void syslog_init() ++static void syslog_init(void) + { + int options = LOG_PID; + +diff --git a/main.c b/main.c +index 9ebfbea..affa244 100644 +--- a/main.c ++++ b/main.c +@@ -244,7 +244,7 @@ void read_del_stats(int f) + stats.deleted_files += stats.deleted_specials = read_varint(f); + } + +-static void become_copy_as_user() ++static void become_copy_as_user(void) + { + char *gname; + uid_t uid; +diff --git a/syscall.c b/syscall.c +index d92074a..92ca86d 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -389,9 +389,9 @@ OFF_T do_lseek(int fd, OFF_T offset, int whence) + { + #ifdef HAVE_LSEEK64 + #if !SIZEOF_OFF64_T +- OFF_T lseek64(); ++ OFF_T lseek64(int fd, OFF_T offset, int whence); + #else +- off64_t lseek64(); ++ off64_t lseek64(int fd, off64_t offset, int whence); + #endif + return lseek64(fd, offset, whence); + #else +diff --git a/zlib/crc32.c b/zlib/crc32.c +index 05733f4..50c6c02 100644 +--- a/zlib/crc32.c ++++ b/zlib/crc32.c +@@ -187,7 +187,7 @@ local void write_table(out, table) + /* ========================================================================= + * This function can be used by asm versions of crc32() + */ +-const z_crc_t FAR * ZEXPORT get_crc_table() ++const z_crc_t FAR * ZEXPORT get_crc_table(void) + { + #ifdef DYNAMIC_CRC_TABLE + if (crc_table_empty) +diff --git a/zlib/trees.c b/zlib/trees.c +index 9c66770..0d9047e 100644 +--- a/zlib/trees.c ++++ b/zlib/trees.c +@@ -231,7 +231,7 @@ local void send_bits(s, value, length) + /* =========================================================================== + * Initialize the various 'constant' tables. + */ +-local void tr_static_init() ++local void tr_static_init(void) + { + #if defined(GEN_TREES_H) || !defined(STDC) + static int static_init_done = 0; +diff --git a/zlib/zutil.c b/zlib/zutil.c +index bbba7b2..61f8dc9 100644 +--- a/zlib/zutil.c ++++ b/zlib/zutil.c +@@ -27,12 +27,12 @@ z_const char * const z_errmsg[10] = { + ""}; + + +-const char * ZEXPORT zlibVersion() ++const char * ZEXPORT zlibVersion(void) + { + return ZLIB_VERSION; + } + +-uLong ZEXPORT zlibCompileFlags() ++uLong ZEXPORT zlibCompileFlags(void) + { + uLong flags; + +-- +2.37.2 + diff --git a/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch new file mode 100644 index 0000000..1d9c4bf --- /dev/null +++ b/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch @@ -0,0 +1,68 @@ +From e64a58387db46239902b610871a0eb81626e99ff Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Thu, 18 Aug 2022 07:46:28 -0700 +Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure' + +Problem reported by Khem Raj in: +https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html +Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html] +--- + configure.ac | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d185b2d3..7e9514f7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then + with_included_popt=yes + fi + +-if test x"$GCC" = x"yes"; then +- if test x"$with_included_popt" != x"yes"; then +- # Turn pedantic warnings into errors to ensure an array-init overflow is an error. +- CFLAGS="$CFLAGS -pedantic-errors" +- else +- # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to +- # turn off pedantic warnings (which will not lose the error for array-init overflow). +- # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists +- # -Wpedantic and use that as a flag. +- case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in +- *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; +- esac +- fi +-fi +- + AC_MSG_CHECKING([whether to use included libpopt]) + if test x"$with_included_popt" = x"yes"; then + AC_MSG_RESULT($srcdir/popt) +@@ -1444,6 +1429,26 @@ case "$CC" in + ;; + esac + ++# Enable -pedantic-errors last, so that it doesn't mess up other ++# 'configure' tests. For example, Autoconf uses empty function ++# prototypes like 'int main () {}' which Clang 15's -pedantic-errors ++# would reject. Generally it's not a good idea to try to run ++# 'configure' itself with strict compiler checking. ++if test x"$GCC" = x"yes"; then ++ if test x"$with_included_popt" != x"yes"; then ++ # Turn pedantic warnings into errors to ensure an array-init overflow is an error. ++ CFLAGS="$CFLAGS -pedantic-errors" ++ else ++ # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to ++ # turn off pedantic warnings (which will not lose the error for array-init overflow). ++ # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists ++ # -Wpedantic and use that as a flag. ++ case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in ++ *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; ++ esac ++ fi ++fi ++ + AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) + AC_OUTPUT + +-- +2.37.1 + diff --git a/recipes-devtools/rsync/files/determism.patch b/recipes-devtools/rsync/files/determism.patch new file mode 100644 index 0000000..e3494fd --- /dev/null +++ b/recipes-devtools/rsync/files/determism.patch @@ -0,0 +1,34 @@ +The Makefile calls awk on a "*.c" glob. The results of this glob are sorted +but the order depends on the locale settings, particularly whether +"util.c" and "util2.c" sort before or after each other. In en_US.UTF-8 +they sort one way, in C, they sort the other. The sorting order changes +the output binaries. The behaviour also changes dependning on whether +SHELL (/bin/sh) is dash or bash. + +Specify a C locale setting to be deterministic. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Submitted: https://github.com/WayneD/rsync/pull/155 + +Upstream-Status: Backport [ish, see below] + +After discussion upstream renamed util.c to util1.c which avoids the problem +in a different way. This patch can be dropped when we upgrade to include: +https://github.com/WayneD/rsync/commit/d3085f7add38a5cf833a0b31cb0637ff46c80f8d + +Index: rsync-3.2.3/Makefile.in +=================================================================== +--- rsync-3.2.3.orig/Makefile.in ++++ rsync-3.2.3/Makefile.in +@@ -26,6 +26,11 @@ MKDIR_P=@MKDIR_P@ + VPATH=$(srcdir) + SHELL=/bin/sh + ++# We use globbing in commands, need to be deterministic ++unexport LC_ALL ++LC_COLLATE=C ++export LC_COLLATE ++ + .SUFFIXES: + .SUFFIXES: .c .o + diff --git a/recipes-devtools/rsync/files/makefile-no-rebuild.patch b/recipes-devtools/rsync/files/makefile-no-rebuild.patch new file mode 100644 index 0000000..92ed1f4 --- /dev/null +++ b/recipes-devtools/rsync/files/makefile-no-rebuild.patch @@ -0,0 +1,80 @@ +From 81700d1a0e51391028c761cc8ef1cd660084d114 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Tue, 12 Apr 2016 15:51:54 +0100 +Subject: [PATCH] rsync: remove upstream's rebuild logic + +Remove the Makefile rules to reinvoke autoconf, they're not out-of-tree safe and +generally overcomplicated, and we ensure that autoreconf is invoked if required. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@intel.com> + +--- + Makefile.in | 54 ----------------------------------------------------- + 1 file changed, 54 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 3cde955..d963a70 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -190,60 +190,6 @@ gensend: gen + fi + rsync -aic $(GENFILES) git-version.h $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/ || true + +-aclocal.m4: $(srcdir)/m4/*.m4 +- aclocal -I $(srcdir)/m4 +- +-configure.sh config.h.in: configure.ac aclocal.m4 +- @if test -f configure.sh; then cp -p configure.sh configure.sh.old; else touch configure.sh.old; fi +- @if test -f config.h.in; then cp -p config.h.in config.h.in.old; else touch config.h.in.old; fi +- autoconf -o configure.sh +- autoheader && touch config.h.in +- @if diff configure.sh configure.sh.old >/dev/null 2>&1; then \ +- echo "configure.sh is unchanged."; \ +- rm configure.sh.old; \ +- else \ +- echo "configure.sh has CHANGED."; \ +- fi +- @if diff config.h.in config.h.in.old >/dev/null 2>&1; then \ +- echo "config.h.in is unchanged."; \ +- rm config.h.in.old; \ +- else \ +- echo "config.h.in has CHANGED."; \ +- fi +- @if test -f configure.sh.old || test -f config.h.in.old; then \ +- if test "$(MAKECMDGOALS)" = reconfigure; then \ +- echo 'Continuing with "make reconfigure".'; \ +- else \ +- echo 'You may need to run:'; \ +- echo ' make reconfigure'; \ +- exit 1; \ +- fi \ +- fi +- +-.PHONY: reconfigure +-reconfigure: configure.sh +- ./config.status --recheck +- ./config.status +- +-.PHONY: restatus +-restatus: +- ./config.status +- +-Makefile: Makefile.in config.status configure.sh config.h.in +- @if test -f Makefile; then cp -p Makefile Makefile.old; else touch Makefile.old; fi +- @./config.status +- @if diff Makefile Makefile.old >/dev/null 2>&1; then \ +- echo "Makefile is unchanged."; \ +- rm Makefile.old; \ +- else \ +- if test "$(MAKECMDGOALS)" = reconfigure; then \ +- echo 'Continuing with "make reconfigure".'; \ +- else \ +- echo "Makefile updated -- rerun your make command."; \ +- exit 1; \ +- fi \ +- fi +- + stunnel-rsyncd.conf: $(srcdir)/stunnel-rsyncd.conf.in Makefile + sed 's;\@bindir\@;$(bindir);g' <$(srcdir)/stunnel-rsyncd.conf.in >stunnel-rsyncd.conf + diff --git a/recipes-devtools/rsync/files/rsyncd.conf b/recipes-devtools/rsync/files/rsyncd.conf new file mode 100644 index 0000000..845f5b3 --- /dev/null +++ b/recipes-devtools/rsync/files/rsyncd.conf @@ -0,0 +1,15 @@ +# /etc/rsyncd.conf + +# Minimal configuration file for rsync daemon +# See rsync(1) and rsyncd.conf(5) man pages for help + +# This file is required by rsync --daemon +pid file = /var/run/rsyncd.pid +use chroot = yes +read only = yes + +# Simple example for enabling your own local rsync server +#[everything] +# path = / +# comment = Everything except /etc exposed +# exclude = /etc diff --git a/recipes-devtools/rsync/rsync_3.2.5.bb b/recipes-devtools/rsync/rsync_3.2.5.bb new file mode 100644 index 0000000..0bbbac7 --- /dev/null +++ b/recipes-devtools/rsync/rsync_3.2.5.bb @@ -0,0 +1,71 @@ +SUMMARY = "File synchronization tool" +HOMEPAGE = "http://rsync.samba.org/" +DESCRIPTION = "rsync is an open source utility that provides fast incremental file transfer." +BUGTRACKER = "http://rsync.samba.org/bugzilla.html" +SECTION = "console/network" +# GPL-2.0-or-later (<< 3.0.0), GPL-3.0-or-later (>= 3.0.0) +# Includes opennsh and xxhash dynamic link exception +LICENSE = "GPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=24423708fe159c9d12be1ea29fcb18c7" + +DEPENDS = "popt" + +SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ + file://rsyncd.conf \ + file://makefile-no-rebuild.patch \ + file://determism.patch \ + file://0001-Add-missing-prototypes-to-function-declarations.patch \ + file://0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch \ + " +SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba" + +# -16548 required for v3.1.3pre1. Already in v3.1.3. +CVE_CHECK_IGNORE += " CVE-2017-16548 " + +inherit autotools-brokensep + +PACKAGECONFIG ??= "acl attr \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" + +PACKAGECONFIG[acl] = "--enable-acl-support,--disable-acl-support,acl," +PACKAGECONFIG[attr] = "--enable-xattr-support,--disable-xattr-support,attr," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[lz4] = "--enable-lz4,--disable-lz4,lz4" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" +PACKAGECONFIG[xxhash] = "--enable-xxhash,--disable-xxhash,xxhash" +PACKAGECONFIG[zstd] = "--enable-zstd,--disable-zstd,zstd" + +# By default, if crosscompiling, rsync disables a number of +# capabilities, hardlinking symlinks and special files (i.e. devices) +CACHED_CONFIGUREVARS += "rsync_cv_can_hardlink_special=yes rsync_cv_can_hardlink_symlink=yes" + +EXTRA_OEMAKE = 'STRIP=""' +EXTRA_OECONF = "--disable-md2man --with-nobody-group=nogroup" + +#| ./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)': +#| ./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target +#| 89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; } +#| | ^~~~~~~~~~~~~~~~~~~~~ +#| ./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default +#| 480 | } +#| | ^ +#| If you can't fix the issue, re-run ./configure with --disable-roll-simd. +EXTRA_OECONF:append:libc-musl = " --disable-roll-simd" + +# rsync 3.0 uses configure.sh instead of configure, and +# makefile checks the existence of configure.sh +do_configure:prepend () { + rm -f ${S}/configure ${S}/configure.sh +} + +do_configure:append () { + cp -f ${S}/configure ${S}/configure.sh +} + +do_install:append() { + install -d ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/rsyncd.conf ${D}${sysconfdir} +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/recipes-extended/libtirpc/libtirpc_1.3.3.bb new file mode 100644 index 0000000..8c6c207 --- /dev/null +++ b/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -0,0 +1,28 @@ +SUMMARY = "Transport-Independent RPC library" +DESCRIPTION = "Libtirpc is a port of Suns Transport-Independent RPC library to Linux" +SECTION = "libs/network" +HOMEPAGE = "http://sourceforge.net/projects/libtirpc/" +BUGTRACKER = "http://sourceforge.net/tracker/?group_id=183075&atid=903784" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ + file://src/netname.c;beginline=1;endline=27;md5=f8a8cd2cb25ac5aa16767364fb0e3c24" + +PROVIDES = "virtual/librpc" + +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2" +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" +UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" +SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3" + +# Was fixed in 1.3.3rc1 so not present in 1.3.3 +CVE_CHECK_IGNORE += "CVE-2021-46828" + +inherit autotools pkgconfig + +EXTRA_OECONF = "--disable-gssapi" + +do_install:append() { + chown root:root ${D}${sysconfdir}/netconfig +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-extended/libfastjson/libfastjson/CVE-2020-12762.patch b/recipes-extended/rsyslog/libfastjson/CVE-2020-12762.patch index 84e8206..84e8206 100644 --- a/recipes-extended/libfastjson/libfastjson/CVE-2020-12762.patch +++ b/recipes-extended/rsyslog/libfastjson/CVE-2020-12762.patch diff --git a/recipes-extended/libfastjson/libfastjson_%.bbappend b/recipes-extended/rsyslog/libfastjson_%.bbappend index 103c92e..103c92e 100644 --- a/recipes-extended/libfastjson/libfastjson_%.bbappend +++ b/recipes-extended/rsyslog/libfastjson_%.bbappend diff --git a/recipes-extended/rsyslog/libfastjson_0.99.9.bb b/recipes-extended/rsyslog/libfastjson_0.99.9.bb new file mode 100644 index 0000000..24ad172 --- /dev/null +++ b/recipes-extended/rsyslog/libfastjson_0.99.9.bb @@ -0,0 +1,15 @@ +SUMMARY = "A fork of json-c library" +HOMEPAGE = "https://github.com/rsyslog/libfastjson" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=a958bb07122368f3e1d9b2efe07d231f" + +DEPENDS = "" + +SRC_URI = "git://github.com/rsyslog/libfastjson.git;protocol=https;branch=master" + +SRCREV = "0293afb3913f760c449348551cca4d2df59c1a00" + +S = "${WORKDIR}/git" + +inherit autotools diff --git a/recipes-extended/rsyslog/librelp_1.10.0.bb b/recipes-extended/rsyslog/librelp_1.10.0.bb new file mode 100644 index 0000000..acdbbb7 --- /dev/null +++ b/recipes-extended/rsyslog/librelp_1.10.0.bb @@ -0,0 +1,18 @@ +SUMMARY = "A reliable logging library" +HOMEPAGE = "https://github.com/rsyslog/librelp" + +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9" + +DEPENDS = "gmp nettle libidn zlib gnutls openssl" + +SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https;branch=stable \ +" + +SRCREV = "9e749453d51d602d8159717f8a7c27971dcb4c6c" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +CPPFLAGS += "-Wno-error" diff --git a/recipes-extended/rsyslog/rsyslog/0001-Include-sys-time-h.patch b/recipes-extended/rsyslog/rsyslog/0001-Include-sys-time-h.patch new file mode 100644 index 0000000..6ce8b7a --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/0001-Include-sys-time-h.patch @@ -0,0 +1,32 @@ +From 7baf35b88d742032a2dc456c396843e17e866f8e Mon Sep 17 00:00:00 2001 +From: Ming Liu <peter.x.liu@external.atlascopco.com> +Date: Wed, 27 Jun 2018 14:04:57 +0800 +Subject: [PATCH] Include sys/time.h + +struct timeval is defined in sys/time.h with a musl libc. + +Upstream-Status: Inappropriate [musl libc specific] + +Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + tests/msleep.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/tests/msleep.c b/tests/msleep.c +index 98dbece..96f6950 100644 +--- a/tests/msleep.c ++++ b/tests/msleep.c +@@ -26,11 +26,7 @@ + #include "config.h" + #include <stdio.h> + #include <stdlib.h> +-#if defined(__FreeBSD__) + #include <sys/time.h> +-#else +-#include <time.h> +-#endif + #if defined(HAVE_SYS_SELECT_H) + #include <sys/select.h> + #endif +2.7.4 diff --git a/recipes-extended/rsyslog/rsyslog/0001-tests-disable-the-check-for-inotify.patch b/recipes-extended/rsyslog/rsyslog/0001-tests-disable-the-check-for-inotify.patch new file mode 100644 index 0000000..552172d --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/0001-tests-disable-the-check-for-inotify.patch @@ -0,0 +1,46 @@ +From 194e199ce08acc2192f6a63420ff24d9064666e5 Mon Sep 17 00:00:00 2001 +From: Yi Fan Yu <yifan.yu@windriver.com> +Date: Sat, 27 Mar 2021 19:18:25 -0400 +Subject: [PATCH] tests: disable the check for inotify + +We don't need to check inotify.h. +Assume it is present since it is part of the linux kernel +since 2.6.13 [1]. + +[1](https://kernelnewbies.org/Linux_2_6_13) + +(it would require installing the libc headers otherwise, + for the test to detect /usr/include/sys/inotify.h.) + +Upstream-Status: Inappropriate[OE-specific] + +Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> +--- + tests/diag.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/diag.sh b/tests/diag.sh +index 6cd60ea88..7424f48c5 100755 +--- a/tests/diag.sh ++++ b/tests/diag.sh +@@ -2672,7 +2672,7 @@ case $1 in + fi + ;; + 'check-inotify') # Check for inotify/fen support +- if [ -n "$(find /usr/include -name 'inotify.h' -print -quit)" ]; then ++ if true; then + echo [inotify mode] + elif [ -n "$(find /usr/include/sys/ -name 'port.h' -print -quit)" ]; then + grep -qF "PORT_SOURCE_FILE" < /usr/include/sys/port.h +@@ -2687,7 +2687,7 @@ case $1 in + fi + ;; + 'check-inotify-only') # Check for ONLY inotify support +- if [ -n "$(find /usr/include -name 'inotify.h' -print -quit)" ]; then ++ if true; then + echo [inotify mode] + else + echo [inotify not supported, skipping...] +-- +2.29.2 + diff --git a/recipes-extended/rsyslog/rsyslog/initscript b/recipes-extended/rsyslog/rsyslog/initscript new file mode 100644 index 0000000..7a8f8f9 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/initscript @@ -0,0 +1,118 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/rsyslog and type +# > update-rc.d rsyslog defaults 5 +# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +NAME=rsyslog +RSYSLOGD=rsyslogd +RSYSLOGD_BIN=/usr/sbin/rsyslogd +RSYSLOGD_OPTIONS="" +RSYSLOGD_PIDFILE=/var/run/rsyslogd.pid +SCRIPTNAME=/etc/init.d/$NAME +# Exit if the package is not installed +[ -x "$RSYSLOGD_BIN" ] || exit 0 +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME +# +# Function that starts the daemon/service +# +do_start() +{ + DAEMON=$1 + DAEMON_ARGS=$2 + PIDFILE=$3 + # Return + # 0 if daemon has been started + # 1 if daemon could not be started + # if daemon had already been started, start-stop-daemon will return 1 + # so add -o/--oknodo(if nothing is done, exit 0) + start-stop-daemon -S --quiet --pidfile $PIDFILE --exec $DAEMON \ + --oknodo -- $DAEMON_ARGS || return 1 +} +# +# Function that stops the daemon/service +# +do_stop() +{ + NAME=$1 + PIDFILE=$2 + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # QUIT/TERM/INT should work here, but they don't ????? + start-stop-daemon -K --quiet --signal KILL --pidfile $PIDFILE --name $NAME + RETVAL="$?" + rm -f $PIDFILE + return "$RETVAL" +} +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + NAME=$1 + PIDFILE=$2 + start-stop-daemon -K --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +do_status() { + NAME=$1 + PIDFILE=$2 + # -t: test only but not stop + start-stop-daemon -K -t --quiet --pidfile $PIDFILE --name $NAME + # exit with status 0 if process is found + if [ "$?" = "0" ]; then + return 0 + else + return 1 + fi +} + +case "$1" in + start) + echo -n "starting $RSYSLOGD ... " + do_start "$RSYSLOGD_BIN" "$RSYSLOGD_OPTIONS" "$RSYSLOGD_PIDFILE" + case "$?" in + 0) echo "done" ;; + 1) echo "failed" ;; + esac + ;; + stop) + echo -n "stopping $RSYSLOGD ... " + do_stop "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + case "$?" in + 0|1) echo "done" ;; + 2) echo "failed" ;; + esac + ;; + reload|force-reload) + echo -n "reloading $RSYSLOGD ... " + do_reload "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + echo "done" + ;; + restart) + $0 stop + $0 start + ;; + status) + echo -n "status $RSYSLOGD ... " + do_status "$RSYSLOGD" "$RSYSLOGD_PIDFILE" + if [ "$?" = "0" ]; then + echo "running" + exit 0 + else + echo "stopped" + exit 1 + fi + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac +exit 0 diff --git a/recipes-extended/rsyslog/rsyslog/rsyslog.conf b/recipes-extended/rsyslog/rsyslog/rsyslog.conf new file mode 100644 index 0000000..dbfefb7 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/rsyslog.conf @@ -0,0 +1,91 @@ +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance + +# rsyslog v3: load input modules +# If you do not load inputs, nothing happens! +# You may need to set the module load path if modules are not found. +# +# Ported from debian's sysklogd.conf + +$ModLoad immark # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # kernel logging (formerly provided by rklogd) + +# +# Set the default permissions +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# Logging for INN news system +# +news.crit /var/log/news.crit +news.err /var/log/news.err +news.notice -/var/log/news.notice + +# +# Some `catch-all' logfiles. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# Remote Logging (we use TCP for reliable delivery) +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#$WorkDirectory /var/spool/rsyslog # where to place spool files +#$ActionQueueFileName uniqName # unique name prefix for spool files +$ActionQueueMaxDiskSpace 10m # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 + + +# ######### Receiving Messages from Remote Hosts ########## +# TCP Syslog Server: +# provides TCP syslog reception and GSS-API (if compiled to support it) +#$ModLoad imtcp.so # load module +#$InputTCPServerRun 514 # start up TCP listener at port 514 + +# UDP Syslog Server: +#$ModLoad imudp.so # provides UDP syslog reception +#$UDPServerRun 514 # start a UDP syslog server at standard port 514 + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate new file mode 100644 index 0000000..5f8568f --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate @@ -0,0 +1,39 @@ +# /etc/logrotate.d/rsyslog - Ported from Debian + +/var/log/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + @BINDIR@/pkill -HUP rsyslogd 2> /dev/null || true + endscript +} + +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +/var/log/mail.log +/var/log/daemon.log +/var/log/kern.log +/var/log/auth.log +/var/log/user.log +/var/log/lpr.log +/var/log/cron.log +/var/log/debug +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + @BINDIR@/pkill -HUP rsyslogd 2> /dev/null || true + endscript +} diff --git a/recipes-extended/rsyslog/rsyslog/rsyslog.service b/recipes-extended/rsyslog/rsyslog/rsyslog.service new file mode 100644 index 0000000..0aacff3 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/rsyslog.service @@ -0,0 +1,21 @@ +[Unit] +Description=System Logging Service +Requires=syslog.socket +Wants=network.target network-online.target +After=network.target network-online.target +Documentation=man:rsyslogd(8) +Documentation=http://www.rsyslog.com/doc/ + +[Service] +Type=notify +ExecStart=@sbindir@/rsyslogd -n -iNONE +StandardOutput=null +Restart=on-failure + +# Increase the default a bit in order to allow many simultaneous +# files to be monitored, we might need a lot of fds. +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target +Alias=syslog.service diff --git a/recipes-extended/rsyslog/rsyslog/run-ptest b/recipes-extended/rsyslog/rsyslog/run-ptest new file mode 100644 index 0000000..efa9ba3 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/run-ptest @@ -0,0 +1,12 @@ +#!/bin/sh +# +set -e +set -o pipefail + +SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" +cd ${SCRIPTPATH} +useradd tester || echo "user already exists" +ln -sf /usr/sbin/logrotate /usr/bin/logrotate +su tester -c "make -C tests -k check-TESTS" +userdel tester +rm -f /usr/bin/logrotate diff --git a/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch b/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch new file mode 100644 index 0000000..0352587 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog/use-pkgconfig-to-check-libgcrypt.patch @@ -0,0 +1,43 @@ +From d0852006bf3d305e8984b85b41997d43d4476937 Mon Sep 17 00:00:00 2001 +From: Roy Li <rongqing.li@windriver.com> +Date: Wed, 18 Jun 2014 13:46:52 +0800 +Subject: [PATCH] use pkgconfig to check libgcrypt + +Upstream-Status: Inappropriate [configuration] + +libgcrypt does no longer provide libgcrypt-config, and provide +*.pc, so we should use pkgconfig to check + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> + +--- + configure.ac | 15 +-------------- + 1 file changed, 1 insertion(+), 14 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 62178c3..b56c9c7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -889,20 +889,7 @@ AC_ARG_ENABLE(libgcrypt, + [enable_libgcrypt=yes] + ) + if test "x$enable_libgcrypt" = "xyes"; then +- AC_PATH_PROG([LIBGCRYPT_CONFIG],[libgcrypt-config],[no]) +- if test "x${LIBGCRYPT_CONFIG}" = "xno"; then +- AC_MSG_FAILURE([libgcrypt-config not found in PATH]) +- fi +- AC_CHECK_LIB( +- [gcrypt], +- [gcry_cipher_open], +- [LIBGCRYPT_CFLAGS="`${LIBGCRYPT_CONFIG} --cflags`" +- LIBGCRYPT_LIBS="`${LIBGCRYPT_CONFIG} --libs`" +- ], +- [AC_MSG_FAILURE([libgcrypt is missing])], +- [`${LIBGCRYPT_CONFIG} --libs --cflags`] +- ) +- AC_DEFINE([ENABLE_LIBGCRYPT], [1], [Indicator that LIBGCRYPT is present]) ++ PKG_CHECK_MODULES(LIBGCRYPT, libgcrypt) + fi + AM_CONDITIONAL(ENABLE_LIBGCRYPT, test x$enable_libgcrypt = xyes) + AC_SUBST(LIBGCRYPT_CFLAGS) diff --git a/recipes-extended/rsyslog/rsyslog_8.2206.0.bb b/recipes-extended/rsyslog/rsyslog_8.2206.0.bb new file mode 100644 index 0000000..f7604f8 --- /dev/null +++ b/recipes-extended/rsyslog/rsyslog_8.2206.0.bb @@ -0,0 +1,204 @@ +SUMMARY = "Rsyslog is an enhanced multi-threaded syslogd" +DESCRIPTION = "\ +Rsyslog is an enhanced syslogd supporting, among others, MySQL,\ + PostgreSQL, failover log destinations, syslog/tcp, fine grain\ + output format control, high precision timestamps, queued operations\ + and the ability to filter on any message part. It is quite\ + compatible to stock sysklogd and can be used as a drop-in replacement.\ + Its advanced features make it suitable for enterprise-class,\ + encryption protected syslog relay chains while at the same time being\ + very easy to setup for the novice user." + +DEPENDS = "zlib libestr libfastjson bison-native flex-native liblogging" +HOMEPAGE = "http://www.rsyslog.com/" +LICENSE = "GPL-3.0+ & LGPL-3.0+ & Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=51d9635e646fb75e1b74c074f788e973 \ + file://COPYING.LESSER;md5=cb7903f1e5c39ae838209e130dca270a \ + file://COPYING.ASL20;md5=052f8a09206615ab07326ff8ce2d9d32\ +" + +SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.tar.gz \ + file://initscript \ + file://rsyslog.conf \ + file://rsyslog.logrotate \ + file://rsyslog.service \ + file://use-pkgconfig-to-check-libgcrypt.patch \ + file://run-ptest \ + file://0001-tests-disable-the-check-for-inotify.patch \ +" + +SRC_URI_append_libc-musl = " \ + file://0001-Include-sys-time-h.patch \ +" + +SRC_URI[sha256sum] = "a1377218b26c0767a7a3f67d166d5338af7c24b455d35ec99974e18e6845ba27" + +UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases" +UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)" + +inherit autotools pkgconfig systemd update-rc.d ptest + +EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes" +EXTRA_OECONF += "--enable-imfile-tests" +EXTRA_OECONF_remove_mipsarch = "ap_cv_atomic_builtins=yes" +EXTRA_OECONF_remove_powerpc = "ap_cv_atomic_builtins=yes" +EXTRA_OECONF_remove_riscv32 = "ap_cv_atomic_builtins=yes" + +# first line is default yes in configure +PACKAGECONFIG ??= " \ + rsyslogd rsyslogrt klog inet regexp uuid libgcrypt \ + fmhttp imdiag gnutls imfile \ + ${@bb.utils.filter('DISTRO_FEATURES', 'snmp systemd', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'testbench relp ${VALGRIND}', '', d)} \ +" + +# default yes in configure +PACKAGECONFIG[relp] = "--enable-relp,--disable-relp,librelp," +PACKAGECONFIG[rsyslogd] = "--enable-rsyslogd,--disable-rsyslogd,," +PACKAGECONFIG[rsyslogrt] = "--enable-rsyslogrt,--disable-rsyslogrt,," +PACKAGECONFIG[fmhttp] = "--enable-fmhttp,--disable-fmhttp,curl," +PACKAGECONFIG[inet] = "--enable-inet,--disable-inet,," +PACKAGECONFIG[klog] = "--enable-klog,--disable-klog,," +PACKAGECONFIG[regexp] = "--enable-regexp,--disable-regexp,," +PACKAGECONFIG[uuid] = "--enable-uuid,--disable-uuid,util-linux," +PACKAGECONFIG[libgcrypt] = "--enable-libgcrypt,--disable-libgcrypt,libgcrypt," +PACKAGECONFIG[testbench] = "--enable-testbench --enable-omstdout,--disable-testbench --disable-omstdout,," + +# default no in configure +PACKAGECONFIG[debug] = "--enable-debug,--disable-debug,," +PACKAGECONFIG[imdiag] = "--enable-imdiag,--disable-imdiag,," +PACKAGECONFIG[imfile] = "--enable-imfile,--disable-imfile,," +PACKAGECONFIG[snmp] = "--enable-snmp,--disable-snmp,net-snmp," +PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls," +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd," +PACKAGECONFIG[imjournal] = "--enable-imjournal,--disable-imjournal," +PACKAGECONFIG[mmjsonparse] = "--enable-mmjsonparse,--disable-mmjsonparse," +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5," +PACKAGECONFIG[postgresql] = "--enable-pgsql,--disable-pgsql,postgresql," +PACKAGECONFIG[libdbi] = "--enable-libdbi,--disable-libdbi,libdbi," +PACKAGECONFIG[mail] = "--enable-mail,--disable-mail,," +PACKAGECONFIG[valgrind] = ",--without-valgrind-testbench,valgrind," +PACKAGECONFIG[imhttp] = "--enable-imhttp,--disable-imhttp,civetweb," + + +TESTDIR = "tests" +do_compile_ptest() { + echo 'buildtest-TESTS: $(check_PROGRAMS)' >> ${TESTDIR}/Makefile + oe_runmake -C ${TESTDIR} buildtest-TESTS +} + +do_install_ptest() { + # install the tests + cp -rf ${S}/${TESTDIR} ${D}${PTEST_PATH} + cp -rf ${B}/${TESTDIR} ${D}${PTEST_PATH} + + # give permissions to all users + # some tests need to write to this directory as user 'daemon' + chmod 777 -R ${D}${PTEST_PATH}/tests + + # do NOT need to rebuild Makefile itself + sed -i 's/^Makefile:.*$/Makefile:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + # do NOT need to rebuild $(check_PROGRAMS) + sed -i 's/^check-TESTS:.*$/check-TESTS:/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # fix the srcdir, top_srcdir + sed -i 's,^\(srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + sed -i 's,^\(top_srcdir = \).*,\1${PTEST_PATH}/tests,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + # fix the abs_top_builddir + sed -i 's,^\(abs_top_builddir = \).*,\1${PTEST_PATH}/,' ${D}${PTEST_PATH}/${TESTDIR}/Makefile + + # install test-driver + install -m 644 ${S}/test-driver ${D}${PTEST_PATH} + + # install necessary links + install -d ${D}${PTEST_PATH}/tools + ln -sf ${sbindir}/rsyslogd ${D}${PTEST_PATH}/tools/rsyslogd + + install -d ${D}${PTEST_PATH}/runtime + install -d ${D}${PTEST_PATH}/runtime/.libs + ( + cd ${D}/${libdir}/rsyslog + allso="*.so" + for i in $allso; do + ln -sf ${libdir}/rsyslog/$i ${D}${PTEST_PATH}/runtime/.libs/$i + done + ) + + # fix the module load path with runtime/.libs + find ${D}${PTEST_PATH}/${TESTDIR} -name "*.conf" -o -name "*.sh" -o -name "*.c" | xargs \ + sed -i -e 's:../plugins/.*/.libs/:../runtime/.libs/:g' + # fix the python3 path for tests/set-envar + sed -i -e s:${HOSTTOOLS_DIR}:${bindir}:g ${D}${PTEST_PATH}/tests/set-envvars +} + +do_install_append() { + install -d "${D}${sysconfdir}/init.d" + install -d "${D}${sysconfdir}/logrotate.d" + install -m 755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/syslog + install -m 644 ${WORKDIR}/rsyslog.conf ${D}${sysconfdir}/rsyslog.conf + install -m 644 ${WORKDIR}/rsyslog.logrotate ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog + sed -i -e "s#@BINDIR@#${bindir}#g" ${D}${sysconfdir}/logrotate.d/logrotate.rsyslog + + if ${@bb.utils.contains('PACKAGECONFIG', 'imjournal', 'true', 'false', d)}; then + install -d 0755 ${D}${sysconfdir}/rsyslog.d + echo '$ModLoad imjournal' >> ${D}${sysconfdir}/rsyslog.d/imjournal.conf + fi + if ${@bb.utils.contains('PACKAGECONFIG', 'mmjsonparse', 'true', 'false', d)}; then + install -d 0755 ${D}${sysconfdir}/rsyslog.d + echo '$ModLoad mmjsonparse' >> ${D}${sysconfdir}/rsyslog.d/mmjsonparse.conf + fi + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_system_unitdir} + install -m 644 ${WORKDIR}/rsyslog.service ${D}${systemd_system_unitdir} + sed -i -e "s,@sbindir@,${sbindir},g" ${D}${systemd_system_unitdir}/rsyslog.service + fi +} + +FILES_${PN} += "${bindir}" + +INITSCRIPT_NAME = "syslog" +INITSCRIPT_PARAMS = "defaults" + +CONFFILES_${PN} = "${sysconfdir}/rsyslog.conf" + +RCONFLICTS_${PN} = "busybox-syslog sysklogd syslog-ng" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${BPN}.service" + +RDEPENDS_${PN} += "logrotate" + +# for rsyslog-ptest +VALGRIND = "valgrind" + +# valgrind supports armv7 and above +VALGRIND_armv4 = '' +VALGRIND_armv5 = '' +VALGRIND_armv6 = '' + +# X32 isn't supported by valgrind at this time +VALGRIND_linux-gnux32 = '' +VALGRIND_linux-muslx32 = '' + +# Disable for some MIPS variants +VALGRIND_mipsarchr6 = '' +VALGRIND_linux-gnun32 = '' + +# Disable for powerpc64 with musl +VALGRIND_libc-musl_powerpc64 = '' +VALGRIND_libc-musl_powerpc64le = '' + +# RISC-V support for valgrind is not there yet +VALGRIND_riscv64 = "" +VALGRIND_riscv32 = "" + +# util-linux: logger needs the -d option +RDEPENDS_${PN}-ptest += "\ + make diffutils gzip bash gawk coreutils procps \ + libgcc python3-core python3-io python3-json \ + curl util-linux shadow \ + " + +RRECOMMENDS_${PN}-ptest += "${TCLIBC}-dbg ${VALGRIND}" diff --git a/recipes-extended/sudo/files/CVE-2022-43995.patch b/recipes-extended/sudo/files/CVE-2022-43995.patch new file mode 100644 index 0000000..1336c77 --- /dev/null +++ b/recipes-extended/sudo/files/CVE-2022-43995.patch @@ -0,0 +1,59 @@ +From e1554d7996a59bf69544f3d8dd4ae683027948f9 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Tue, 15 Nov 2022 09:17:18 +0530 +Subject: [PATCH] CVE-2022-43995 + +Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050] +CVE: CVE-2022-43995 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +Potential heap overflow for passwords < 8 +characters. Starting with sudo 1.8.0 the plaintext password buffer is +dynamically sized so it is not safe to assume that it is at least 9 bytes in +size. +Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz. +--- + plugins/sudoers/auth/passwd.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c +index 03c7a16..76a7824 100644 +--- a/plugins/sudoers/auth/passwd.c ++++ b/plugins/sudoers/auth/passwd.c +@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) + int + sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) + { +- char sav, *epass; ++ char des_pass[9], *epass; + char *pw_epasswd = auth->data; + size_t pw_len; + int matched = 0; +@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + + /* + * Truncate to 8 chars if standard DES since not all crypt()'s do this. +- * If this turns out not to be safe we will have to use OS #ifdef's (sigh). + */ +- sav = pass[8]; + pw_len = strlen(pw_epasswd); +- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) +- pass[8] = '\0'; ++ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { ++ strlcpy(des_pass, pass, sizeof(des_pass)); ++ pass = des_pass; ++ } + + /* + * Normal UN*X password check. +@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + * only compare the first DESLEN characters in that case. + */ + epass = (char *) crypt(pass, pw_epasswd); +- pass[8] = sav; + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); +-- +2.25.1 + diff --git a/recipes-extended/sudo/sudo_1.9.5p2.bb b/recipes-extended/sudo/sudo_1.9.5p2.bb index a1164e9..e40c058 100644 --- a/recipes-extended/sudo/sudo_1.9.5p2.bb +++ b/recipes-extended/sudo/sudo_1.9.5p2.bb @@ -3,6 +3,7 @@ require sudo.inc SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + file://CVE-2022-43995.patch \ " PAM_SRC_URI = "file://sudo.pam" diff --git a/recipes-support/cifs/cifs-utils_7.0.bb b/recipes-support/cifs/cifs-utils_7.0.bb new file mode 100644 index 0000000..e310c8e --- /dev/null +++ b/recipes-support/cifs/cifs-utils_7.0.bb @@ -0,0 +1,44 @@ +DESCRIPTION = "A a package of utilities for doing and managing mounts of the Linux CIFS filesystem." +HOMEPAGE = "http://wiki.samba.org/index.php/LinuxCIFS_utils" +SECTION = "otherosfs" +LICENSE = "GPL-3.0 & LGPL-3.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRCREV = "316522036133d44ed02cd39ed2748e2b59c85b30" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" + +S = "${WORKDIR}/git" +DEPENDS += "libtalloc" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[cap] = "--with-libcap,--without-libcap,libcap" +# when enabled, it creates ${bindir}/cifscreds and --ignore-fail-on-non-empty in do_install_append is needed +PACKAGECONFIG[cifscreds] = "--enable-cifscreds,--disable-cifscreds,keyutils" +# when enabled, it creates ${sbindir}/cifs.upcall and --ignore-fail-on-non-empty in do_install_append is needed +PACKAGECONFIG[cifsupcall] = "--enable-cifsupcall,--disable-cifsupcall,krb5 libtalloc keyutils" +PACKAGECONFIG[cifsidmap] = "--enable-cifsidmap,--disable-cifsidmap,keyutils samba" +PACKAGECONFIG[cifsacl] = "--enable-cifsacl,--disable-cifsacl,samba" +PACKAGECONFIG[pam] = "--enable-pam --with-pamdir=${base_libdir}/security,--disable-pam,libpam keyutils" + +inherit autotools pkgconfig + +do_configure_prepend() { + # want installed to /usr/sbin rather than /sbin to be DISTRO_FEATURES usrmerge compliant + # must override ROOTSBINDIR (default '/sbin'), + # setting --exec-prefix or --prefix in EXTRA_OECONF does not work + if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then + export ROOTSBINDIR=${sbindir} + fi +} + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then + # Remove empty /usr/bin and /usr/sbin directories since the mount helper + # is installed to /sbin + rmdir --ignore-fail-on-non-empty ${D}${bindir} ${D}${sbindir} + fi +} + +FILES_${PN} += "${base_libdir}/security" +FILES_${PN}-dbg += "${base_libdir}/security/.debug" +RRECOMMENDS_${PN} = "kernel-module-cifs" diff --git a/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch new file mode 100644 index 0000000..bb07c65 --- /dev/null +++ b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch @@ -0,0 +1,30 @@ +diff -uprN orig/configure.ac new/configure.ac +--- orig/configure.ac 2021-02-02 10:26:24.000000000 +0200 ++++ new/configure.ac 2021-02-10 16:20:17.078630690 +0200 +@@ -1442,7 +1442,7 @@ AC_ARG_WITH(gssapi, + fi + ]) + +-: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} ++KRB5CONFIG=`which pkg-config` + + save_CPPFLAGS="$CPPFLAGS" + AC_MSG_CHECKING([if GSS-API support is requested]) +@@ -1453,7 +1453,7 @@ if test x"$want_gss" = xyes; then + if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then +- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` ++ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` + elif test "$GSSAPI_ROOT" != "yes"; then + GSSAPI_INCS="-I$GSSAPI_ROOT/include" + fi +@@ -1546,7 +1546,7 @@ if test x"$want_gss" = xyes; then + elif test -f "$KRB5CONFIG"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS +- gss_libs=`$KRB5CONFIG --libs gssapi` ++ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` + LIBS="$gss_libs $LIBS" + else + case $host in diff --git a/recipes-support/curl/curl_7.86.0.bb b/recipes-support/curl/curl_7.86.0.bb new file mode 100644 index 0000000..01a95fc --- /dev/null +++ b/recipes-support/curl/curl_7.86.0.bb @@ -0,0 +1,92 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ + file://0001-replace-krb5-config-with-pkg-config.patch \ +" + +SRC_URI[sha256sum] = "f5ca69db03eea17fa8705bdfb1a9f58d76a46c9010518109bb38f313137e0a28" + +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" + +inherit autotools pkgconfig binconfig multilib_header ptest + +# Entropy source for random PACKAGECONFIG option +RANDOM ?= "/dev/urandom" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG_class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libpsl \ + --enable-debug \ + --enable-optimize \ + --disable-curldebug \ + ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ +" + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ + ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk"
\ No newline at end of file diff --git a/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000..e40b2be --- /dev/null +++ b/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -0,0 +1,28 @@ +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Mon, 23 May 2022 10:44:43 +0900 +Subject: [PATCH] Creating .hmac file should be excuted in target environment, + so deleted it from build process. + +Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + lib/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index 0b43ef9..cf263f0 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac + + all-local: $(hmac_files) + +-.libs/.gnutls.hmac: libgnutls.la fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ ++.libs/.gnutls.hmac: + + CLEANFILES = $(hmac_files) + endif +-- +2.25.1 diff --git a/recipes-support/gnutls/gnutls/arm_eabi.patch b/recipes-support/gnutls/gnutls/arm_eabi.patch new file mode 100644 index 0000000..6eb1edb --- /dev/null +++ b/recipes-support/gnutls/gnutls/arm_eabi.patch @@ -0,0 +1,30 @@ +From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001 +From: Joe Slater <jslater@windriver.com> +Date: Wed, 25 Jan 2017 13:52:59 -0800 +Subject: [PATCH] gnutls: account for ARM_EABI + +Certain syscall's are not availabe for arm-eabi, so we eliminate +reference to them. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater <jslater@windriver.com> + +--- + tests/seccomp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/seccomp.c b/tests/seccomp.c +index ed14d00..3c5b726 100644 +--- a/tests/seccomp.c ++++ b/tests/seccomp.c +@@ -53,7 +53,9 @@ int disable_system_calls(void) + + ADD_SYSCALL(nanosleep, 0); + ADD_SYSCALL(clock_nanosleep, 0); ++#if ! defined(__ARM_EABI__) + ADD_SYSCALL(time, 0); ++#endif + ADD_SYSCALL(getpid, 0); + ADD_SYSCALL(gettimeofday, 0); + #if defined(HAVE_CLOCK_GETTIME) diff --git a/recipes-support/gnutls/gnutls_3.7.8.bb b/recipes-support/gnutls/gnutls_3.7.8.bb new file mode 100644 index 0000000..8f979a5 --- /dev/null +++ b/recipes-support/gnutls/gnutls_3.7.8.bb @@ -0,0 +1,90 @@ +SUMMARY = "GNU Transport Layer Security Library" +DESCRIPTION = "a secure communications library implementing the SSL, \ +TLS and DTLS protocols and technologies around them." +HOMEPAGE = "https://gnutls.org/" +BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LICENSE:${PN}-xx = "LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN}-openssl = "GPL-3.0-or-later" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ + file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ + file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" + +DEPENDS = "nettle gmp virtual/libiconv libunistring" +DEPENDS:append:libc-musl = " argp-standalone" + +SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" + +SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ + file://arm_eabi.patch \ + file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ + " + +SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114" + +inherit autotools texinfo pkgconfig gettext lib_package gtk-doc + +PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" + +# You must also have CONFIG_SECCOMP enabled in the kernel for +# seccomp to work. +PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp" +PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" +PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" +PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" +PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" + +EXTRA_OECONF = " \ + --enable-doc \ + --disable-libdane \ + --disable-guile \ + --disable-rpath \ + --enable-openssl-compatibility \ + --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ +" + +# Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. +export POSIX_SHELL="${base_bindir}/sh" + +LDFLAGS:append:libc-musl = " -largp" + +do_configure:prepend() { + for dir in . lib; do + rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 + done +} + +do_install:append:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then + install -d ${D}${bindir}/bin + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ + fi +} + +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" + +FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" +FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" +FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" +FILES:${PN}-fips = "${bindir}/fipshmac" + +BBCLASSEXTEND = "native nativesdk" + +pkg_postinst_ontarget:${PN}-fips () { + if test -x ${bindir}/fipshmac + then + mkdir ${sysconfdir}/gnutls + touch ${sysconfdir}/gnutls/config + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac + fi +} diff --git a/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch b/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch new file mode 100644 index 0000000..216d636 --- /dev/null +++ b/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch @@ -0,0 +1,26 @@ +From 629fc6427710e48b78f8b1f300dd698fe898cfd4 Mon Sep 17 00:00:00 2001 +From: Marko Lindqvist <cazfi74@gmail.com> +Date: Mon, 7 Jan 2013 01:49:40 +0200 +Subject: [PATCH] libtasn1: remove help2man dependency + +Upstream-Status: Inappropriate + +Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> + +--- + doc/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index a0171a5..8aa4d3d 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -28,7 +28,7 @@ libtasn1_TEXINFOS += asn1Coding-help.texi asn1Decoding-help.texi asn1Parser-help + + AM_MAKEINFOHTMLFLAGS = --no-split $(AM_MAKEINFOFLAGS) + +-dist_man_MANS = $(gdoc_MANS) asn1Parser.1 asn1Coding.1 asn1Decoding.1 ++dist_man_MANS = $(gdoc_MANS) + + HELP2MAN_OPTS = --info-page libtasn1 + diff --git a/recipes-support/gnutls/libtasn1_4.19.0.bb b/recipes-support/gnutls/libtasn1_4.19.0.bb new file mode 100644 index 0000000..5fb8b54 --- /dev/null +++ b/recipes-support/gnutls/libtasn1_4.19.0.bb @@ -0,0 +1,23 @@ +SUMMARY = "Library for ASN.1 and DER manipulation" +DESCRIPTION = "A highly portable C library that encodes and decodes \ +DER/BER data following an ASN.1 schema. " +HOMEPAGE = "http://www.gnu.org/software/libtasn1/" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ + file://COPYING;md5=75ac100ec923f959898182307970c360" + +SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ + file://dont-depend-on-help2man.patch \ + " + +DEPENDS = "bison-native" + +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" + +inherit autotools texinfo lib_package gtk-doc + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-support/libesmtp/libesmtp_1.1.0.bb b/recipes-support/libesmtp/libesmtp_1.1.0.bb new file mode 100644 index 0000000..eeb1ac6 --- /dev/null +++ b/recipes-support/libesmtp/libesmtp_1.1.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "SMTP client library" +DESCRIPTION = "LibESMTP is a library to manage posting \ +(or submission of) electronic mail using SMTP to a \ +preconfigured Mail Transport Agent (MTA) such as Exim or PostFix." +HOMEPAGE = "https://libesmtp.github.io/" +LICENSE = "LGPL-2.0+" +SECTION = "libs" + +DEPENDS = "openssl" + +SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https" +SRCREV = "1d0af244310a66943ab400be56b15a9087f181eb" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=1803fa9c2c3ce8cb06b4861d75310742 \ + file://COPYING.GPL;md5=393a5ca445f6965873eca0259a17f833" + +inherit meson pkgconfig + +EXTRA_OEMESON = " \ + -Dpthreads=enabled \ + -Dtls=enabled \ + -Dxdg=false \ + -Dlwres=disabled \ + -Dbdat=true \ + -Detrn=true \ + -Dxusr=true \ +" + +FILES_${PN} = "${libdir}/lib*${SOLIBS} \ + ${libdir}/esmtp-plugins-6.2.0/*${SOLIBSDEV}" diff --git a/recipes-support/libmodbus/libmodbus.inc b/recipes-support/libmodbus/libmodbus.inc new file mode 100644 index 0000000..27880df --- /dev/null +++ b/recipes-support/libmodbus/libmodbus.inc @@ -0,0 +1,16 @@ +SUMMARY = "A Modbus library" +DESCRIPTION = "libmodbus is a C library designed to provide a fast and robust \ +implementation of the Modbus protocol. It runs on Linux, Mac OS X, FreeBSD, \ +QNX and Windows." +HOMEPAGE = "http://www.libmodbus.org/" +SECTION = "libs" + +LICENSE = "LGPL-2.1+" +LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = "http://libmodbus.org/releases/${BP}.tar.gz" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[documentation] = "--with-documentation,--without-documentation,asciidoc-native xmlto-native" + +inherit autotools pkgconfig diff --git a/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch b/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch new file mode 100644 index 0000000..5372a23 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch @@ -0,0 +1,314 @@ +From: =?utf-8?b?IlNaIExpbiAo5p6X5LiK5pm6KSI=?= <szlin@debian.org> +Date: Wed, 19 Dec 2018 10:24:47 +0800 +Subject: Fix float endianness issue on big endian arch + +It converts float values depending on what order they come in. + +This patch was modified from rm5248 [1] + +[1] https://github.com/synexxus/libmodbus/commit/a511768e7fe7ec52d7bae1d9ae04e33f87a59627 + +--- + src/modbus-data.c | 110 ++++++++++++++++++++++++++++++++++++++--------- + tests/unit-test-client.c | 22 ++++++---- + tests/unit-test.h.in | 41 ++++++++++++++++-- + 3 files changed, 141 insertions(+), 32 deletions(-) + +diff --git a/src/modbus-data.c b/src/modbus-data.c +index 902b8c6..7a744fa 100644 +--- a/src/modbus-data.c ++++ b/src/modbus-data.c +@@ -119,9 +119,18 @@ float modbus_get_float_abcd(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl(((uint32_t)src[0] << 16) + src[1]); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (a << 24) | ++ (b << 16) | ++ (c << 8) | ++ (d << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -131,9 +140,18 @@ float modbus_get_float_dcba(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl(bswap_32((((uint32_t)src[0]) << 16) + src[1])); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (d << 24) | ++ (c << 16) | ++ (b << 8) | ++ (a << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -143,9 +161,18 @@ float modbus_get_float_badc(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl((uint32_t)(bswap_16(src[0]) << 16) + bswap_16(src[1])); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (b << 24) | ++ (a << 16) | ++ (d << 8) | ++ (c << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -155,9 +182,18 @@ float modbus_get_float_cdab(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl((((uint32_t)src[1]) << 16) + src[0]); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (c << 24) | ++ (d << 16) | ++ (a << 8) | ++ (b << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -172,50 +208,84 @@ float modbus_get_float(const uint16_t *src) + memcpy(&f, &i, sizeof(float)); + + return f; ++ + } + + /* Set a float to 4 bytes for Modbus w/o any conversion (ABCD) */ + void modbus_set_float_abcd(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)(i >> 16); +- dest[1] = (uint16_t)i; ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = a; ++ out[1] = b; ++ out[2] = c; ++ out[3] = d; + } + + /* Set a float to 4 bytes for Modbus with byte and word swap conversion (DCBA) */ + void modbus_set_float_dcba(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = bswap_32(htonl(i)); +- dest[0] = (uint16_t)(i >> 16); +- dest[1] = (uint16_t)i; ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = d; ++ out[1] = c; ++ out[2] = b; ++ out[3] = a; ++ + } + + /* Set a float to 4 bytes for Modbus with byte swap conversion (BADC) */ + void modbus_set_float_badc(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)bswap_16(i >> 16); +- dest[1] = (uint16_t)bswap_16(i & 0xFFFF); ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = b; ++ out[1] = a; ++ out[2] = d; ++ out[3] = c; + } + + /* Set a float to 4 bytes for Modbus with word swap conversion (CDAB) */ + void modbus_set_float_cdab(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)i; +- dest[1] = (uint16_t)(i >> 16); ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = c; ++ out[1] = d; ++ out[2] = a; ++ out[3] = b; + } + + /* DEPRECATED - Set a float to 4 bytes in a sort of Modbus format! */ +diff --git a/tests/unit-test-client.c b/tests/unit-test-client.c +index 3e315f4..3fccf3e 100644 +--- a/tests/unit-test-client.c ++++ b/tests/unit-test-client.c +@@ -27,6 +27,7 @@ int send_crafted_request(modbus_t *ctx, int function, + uint16_t max_value, uint16_t bytes, + int backend_length, int backend_offset); + int equal_dword(uint16_t *tab_reg, const uint32_t value); ++int is_memory_equal(const void *s1, const void *s2, size_t size); + + #define BUG_REPORT(_cond, _format, _args ...) \ + printf("\nLine %d: assertion error for '%s': " _format "\n", __LINE__, # _cond, ## _args) +@@ -40,6 +41,11 @@ int equal_dword(uint16_t *tab_reg, const uint32_t value); + } \ + }; + ++int is_memory_equal(const void *s1, const void *s2, size_t size) ++{ ++ return (memcmp(s1, s2, size) == 0); ++} ++ + int equal_dword(uint16_t *tab_reg, const uint32_t value) { + return ((tab_reg[0] == (value >> 16)) && (tab_reg[1] == (value & 0xFFFF))); + } +@@ -286,26 +292,26 @@ int main(int argc, char *argv[]) + /** FLOAT **/ + printf("1/4 Set/get float ABCD: "); + modbus_set_float_abcd(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_ABCD), "FAILED Set float ABCD"); +- real = modbus_get_float_abcd(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_ABCD_SET, 4), "FAILED Set float ABCD"); ++ real = modbus_get_float_abcd(UT_IREAL_ABCD_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("2/4 Set/get float DCBA: "); + modbus_set_float_dcba(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_DCBA), "FAILED Set float DCBA"); +- real = modbus_get_float_dcba(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_DCBA_SET, 4), "FAILED Set float DCBA"); ++ real = modbus_get_float_dcba(UT_IREAL_DCBA_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("3/4 Set/get float BADC: "); + modbus_set_float_badc(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_BADC), "FAILED Set float BADC"); +- real = modbus_get_float_badc(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_BADC_SET, 4), "FAILED Set float BADC"); ++ real = modbus_get_float_badc(UT_IREAL_BADC_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("4/4 Set/get float CDAB: "); + modbus_set_float_cdab(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_CDAB), "FAILED Set float CDAB"); +- real = modbus_get_float_cdab(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_CDAB_SET, 4), "FAILED Set float CDAB"); ++ real = modbus_get_float_cdab(UT_IREAL_CDAB_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("\nAt this point, error messages doesn't mean the test has failed\n"); +diff --git a/tests/unit-test.h.in b/tests/unit-test.h.in +index dca826f..4ffa254 100644 +--- a/tests/unit-test.h.in ++++ b/tests/unit-test.h.in +@@ -56,12 +56,45 @@ const uint16_t UT_INPUT_REGISTERS_ADDRESS = 0x108; + const uint16_t UT_INPUT_REGISTERS_NB = 0x1; + const uint16_t UT_INPUT_REGISTERS_TAB[] = { 0x000A }; + ++/* ++ * This float value is 0x47F12000 (in big-endian format). ++ * In Little-endian(intel) format, it will be stored in memory as follows: ++ * 0x00 0x20 0xF1 0x47 ++ * ++ * You can check this with the following code: ++ ++ float fl = UT_REAL; ++ uint8_t *inmem = (uint8_t*)&fl; ++ int x; ++ for(x = 0; x < 4; x++){ ++ printf("0x%02X ", inmem[ x ]); ++ } ++ printf("\n"); ++ */ + const float UT_REAL = 123456.00; + +-const uint32_t UT_IREAL_ABCD = 0x0020F147; +-const uint32_t UT_IREAL_DCBA = 0x47F12000; +-const uint32_t UT_IREAL_BADC = 0x200047F1; +-const uint32_t UT_IREAL_CDAB = 0xF1470020; ++/* ++ * The following arrays assume that 'A' is the MSB, ++ * and 'D' is the LSB. ++ * Thus, the following is the case: ++ * A = 0x47 ++ * B = 0xF1 ++ * C = 0x20 ++ * D = 0x00 ++ * ++ * There are two sets of arrays: one to test that the setting is correct, ++ * the other to test that the getting is correct. ++ * Note that the 'get' values must be constants in processor-endianness, ++ * as libmodbus will convert all words to processor-endianness as they come in. ++ */ ++const uint8_t UT_IREAL_ABCD_SET[] = {0x47, 0xF1, 0x20, 0x00}; ++const uint16_t UT_IREAL_ABCD_GET[] = {0x47F1, 0x2000}; ++const uint8_t UT_IREAL_DCBA_SET[] = {0x00, 0x20, 0xF1, 0x47}; ++const uint16_t UT_IREAL_DCBA_GET[] = {0x0020, 0xF147}; ++const uint8_t UT_IREAL_BADC_SET[] = {0xF1, 0x47, 0x00, 0x20}; ++const uint16_t UT_IREAL_BADC_GET[] = {0xF147, 0x0020}; ++const uint8_t UT_IREAL_CDAB_SET[] = {0x20, 0x00, 0x47, 0xF1}; ++const uint16_t UT_IREAL_CDAB_GET[] = {0x2000, 0x47F1}; + + /* const uint32_t UT_IREAL_ABCD = 0x47F12000); + const uint32_t UT_IREAL_DCBA = 0x0020F147; diff --git a/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch b/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch new file mode 100644 index 0000000..069f4f2 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch @@ -0,0 +1,37 @@ +diff --git a/src/modbus.c b/src/modbus.c +index 68a28a3..4810cfe 100644 +--- a/src/modbus.c ++++ b/src/modbus.c +@@ -208,6 +208,11 @@ static int send_msg(modbus_t *ctx, uint8_t *msg, int msg_length) + } + + int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length) ++{ ++ return modbus_send_raw_request_tid(ctx, raw_req, raw_req_length, 0); ++} ++ ++int modbus_send_raw_request_tid(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length, int tid) + { + sft_t sft; + uint8_t req[MAX_MESSAGE_LENGTH]; +@@ -229,7 +234,7 @@ int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_l + sft.slave = raw_req[0]; + sft.function = raw_req[1]; + /* The t_id is left to zero */ +- sft.t_id = 0; ++ sft.t_id = tid; + /* This response function only set the header so it's convenient here */ + req_length = ctx->backend->build_response_basis(&sft, req); + +diff --git a/src/modbus.h b/src/modbus.h +index fbe20bc..8b3c675 100644 +--- a/src/modbus.h ++++ b/src/modbus.h +@@ -228,6 +228,7 @@ MODBUS_API modbus_mapping_t* modbus_mapping_new(int nb_bits, int nb_input_bits, + MODBUS_API void modbus_mapping_free(modbus_mapping_t *mb_mapping); + + MODBUS_API int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length); ++MODBUS_API int modbus_send_raw_request_tid(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length, int tid); + + MODBUS_API int modbus_receive(modbus_t *ctx, uint8_t *req); + diff --git a/recipes-support/libmodbus/libmodbus_3.1.7.bb b/recipes-support/libmodbus/libmodbus_3.1.7.bb new file mode 100644 index 0000000..907e8de --- /dev/null +++ b/recipes-support/libmodbus/libmodbus_3.1.7.bb @@ -0,0 +1,9 @@ +require libmodbus.inc + +SRC_URI += "file://Fix-float-endianness-issue-on-big-endian-arch.patch" +SRC_URI[sha256sum] = "7dfe958431d0570b271e1a5b329b76a658e89c614cf119eb5aadb725c87f8fbd" + +# this file has been created one minute after the configure file, so it doesn't get recreated during configure step +do_configure_prepend() { + rm -rf ${S}/tests/unit-test.h +} diff --git a/recipes-support/libmodbus/libmodbus_3.1.7.bbappend b/recipes-support/libmodbus/libmodbus_3.1.7.bbappend new file mode 100644 index 0000000..d1a98b8 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus_3.1.7.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +PR .= ".mts1" + +SRC_URI += "file://libmodbus_send_raw_message_tid.patch" diff --git a/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch b/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch new file mode 100644 index 0000000..e3f5c6d --- /dev/null +++ b/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch @@ -0,0 +1,45 @@ +Add target to only build tests (not run them) + +Not sending upstream as this is only a start of a solution to +installable tests: It's useful for us already as is. + +Upstream-Status: Inappropriate [not a complete solution] + +Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> +Refactored for 3.4 +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + Makefile.in | 3 +++ + testsuite/Makefile.in | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/Makefile.in b/Makefile.in +index e5ccfc7..15c9275 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -52,6 +52,9 @@ clean distclean mostlyclean maintainer-clean tags: + echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done + $(MAKE) $@-here + ++buildtest: ++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@) ++ + check-here: + true + +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 3f5e5f6..8fd68a3 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -122,6 +122,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \ + # data. + VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes + ++buildtest: $(TS_ALL) ++ + check: $(TS_ALL) + TEST_SHLIB_DIR="$(TEST_SHLIB_DIR)" \ + srcdir="$(srcdir)" \ +-- +2.17.1 + diff --git a/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch b/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch new file mode 100644 index 0000000..d5f2666 --- /dev/null +++ b/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch @@ -0,0 +1,36 @@ +From ffee6b5f6204a0210f717968ec6ce514d70acca1 Mon Sep 17 00:00:00 2001 +From: Haiqing Bai <Haiqing.Bai@windriver.com> +Date: Fri, 9 Dec 2016 15:23:17 +0800 +Subject: [PATCH] nettle: check header files of openssl only if + 'enable_openssl=yes'. + +The original configure script checks openssl header files to generate +config.h even if 'enable_openssl' is not set to yes, this made inconsistent +building for nettle. + +Upstream-Status: Pending +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> + +refactored for 3.4. pending not in as of 3.4 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nettle-3.4/configure.ac +=================================================================== +--- nettle-3.4.orig/configure.ac ++++ nettle-3.4/configure.ac +@@ -185,9 +185,11 @@ AC_HEADER_TIME + AC_CHECK_SIZEOF(long) + AC_CHECK_SIZEOF(size_t) + +-AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, +-[enable_openssl=no +- break]) ++if test "x$enable_openssl" = "xyes"; then ++ AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, ++ [enable_openssl=no ++ break]) ++fi + + # For use by the testsuite + AC_CHECK_HEADERS([valgrind/memcheck.h]) diff --git a/recipes-support/nettle/nettle/dlopen-test.patch b/recipes-support/nettle/nettle/dlopen-test.patch new file mode 100644 index 0000000..ab9b91f --- /dev/null +++ b/recipes-support/nettle/nettle/dlopen-test.patch @@ -0,0 +1,29 @@ +Remove the relative path for libnettle.so so the test +program can find it. +Relative paths are not suitable, as the folder strucure for ptest +is different from the one expected by the nettle testsuite. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + testsuite/dlopen-test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testsuite/dlopen-test.c b/testsuite/dlopen-test.c +index 4265bf7..1a25d17 100644 +--- a/testsuite/dlopen-test.c ++++ b/testsuite/dlopen-test.c +@@ -15,7 +15,7 @@ int + main (int argc UNUSED, char **argv UNUSED) + { + #if HAVE_LIBDL +- void *handle = dlopen ("../libnettle." SO_EXT, RTLD_NOW); ++ void *handle = dlopen ("libnettle.so", RTLD_NOW); + int (*get_version)(void); + if (!handle) + { +-- +2.17.1 + diff --git a/recipes-support/nettle/nettle/run-ptest b/recipes-support/nettle/nettle/run-ptest new file mode 100644 index 0000000..b90bed6 --- /dev/null +++ b/recipes-support/nettle/nettle/run-ptest @@ -0,0 +1,36 @@ +#! /bin/sh + +cd testsuite + +failed=0 +all=0 + +for f in *-test; do + if [ "$f" = "sha1-huge-test" ] ; then + echo "SKIP: $f (skipped for ludicrous run time)" + continue + fi + + "./$f" + case "$?" in + 0) + echo "PASS: $f" + all=$((all + 1)) + ;; + 77) + echo "SKIP: $f" + ;; + *) + echo "FAIL: $f" + failed=$((failed + 1)) + all=$((all + 1)) + ;; + esac +done + +if [ "$failed" -eq 0 ] ; then + echo "All $all tests passed" +else + echo "$failed of $all tests failed" +fi + diff --git a/recipes-support/nettle/nettle_3.8.1.bb b/recipes-support/nettle/nettle_3.8.1.bb new file mode 100644 index 0000000..bf49132 --- /dev/null +++ b/recipes-support/nettle/nettle_3.8.1.bb @@ -0,0 +1,57 @@ +SUMMARY = "A low level cryptographic library" +DESCRIPTION = "Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space." +HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" +DESCRIPTION = "It tries to solve a problem of providing a common set of \ +cryptographic algorithms for higher-level applications by implementing a \ +context-independent set of cryptographic algorithms" +SECTION = "libs" +LICENSE = "LGPL-3.0-or-later | GPL-2.0-or-later" + +LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \ + file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \ + file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e" + +DEPENDS += "gmp" + +SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ + file://Add-target-to-only-build-tests-not-run-them.patch \ + file://run-ptest \ + file://check-header-files-of-openssl-only-if-enable_.patch \ + " + +SRC_URI:append:class-target = "\ + file://dlopen-test.patch \ + " + +SRC_URI[sha256sum] = "364f3e2b77cd7dcde83fd7c45219c834e54b0c75e428b6f894a23d12dd41cbfe" + +UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" + +inherit autotools ptest multilib_header + +EXTRA_AUTORECONF += "--exclude=aclocal" + +EXTRA_OECONF = "--disable-openssl" + +do_compile_ptest() { + oe_runmake buildtest +} + +do_install:append() { + oe_multilib_header nettle/version.h +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ + # tools can be found in PATH, not in ../tools/ + sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test + install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ +} + +RDEPENDS:${PN}-ptest += "${PN}-dev" +INSANE_SKIP:${PN}-ptest += "dev-deps" + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch b/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch new file mode 100644 index 0000000..372938c --- /dev/null +++ b/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch @@ -0,0 +1,32 @@ +From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 31 Jul 2021 10:51:41 -0700 +Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc + +In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which +could mean different stack sizes at runtime on different architectures +and it also causes compile failure. Default glibc thread stack size +or 64Kb set by ntp should be good in glibc these days. + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + libntp/work_thread.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libntp/work_thread.c b/libntp/work_thread.c +index 03a5647..3ddd751 100644 +--- a/libntp/work_thread.c ++++ b/libntp/work_thread.c +@@ -41,7 +41,7 @@ + #ifndef THREAD_MINSTACKSIZE + # define THREAD_MINSTACKSIZE (64U * 1024) + #endif +-#ifndef __sun ++#if !defined(__sun) && !defined(__GLIBC__) + #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN + # undef THREAD_MINSTACKSIZE + # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN +-- +2.32.0 + diff --git a/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch b/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch new file mode 100644 index 0000000..42e1efd --- /dev/null +++ b/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch @@ -0,0 +1,66 @@ +From 778f3cddc20930185a917fa3f8ffe1ef2b0b0ea0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 31 Jul 2021 13:27:16 -0700 +Subject: [PATCH] test: Fix build with new compiler defaults to -fno-common + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sntp/tests/run-packetHandling.c | 2 +- + sntp/tests/run-t-log.c | 2 +- + sntp/tests/run-utilities.c | 2 +- + tests/libntp/test-libntp.h | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sntp/tests/run-packetHandling.c b/sntp/tests/run-packetHandling.c +index 7790b20..c58380c 100644 +--- a/sntp/tests/run-packetHandling.c ++++ b/sntp/tests/run-packetHandling.c +@@ -64,7 +64,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/sntp/tests/run-t-log.c b/sntp/tests/run-t-log.c +index 268bf41..cd835bc 100644 +--- a/sntp/tests/run-t-log.c ++++ b/sntp/tests/run-t-log.c +@@ -50,7 +50,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/sntp/tests/run-utilities.c b/sntp/tests/run-utilities.c +index f717882..98d9bf1 100644 +--- a/sntp/tests/run-utilities.c ++++ b/sntp/tests/run-utilities.c +@@ -58,7 +58,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/tests/libntp/test-libntp.h b/tests/libntp/test-libntp.h +index 93050b3..60461d8 100644 +--- a/tests/libntp/test-libntp.h ++++ b/tests/libntp/test-libntp.h +@@ -5,4 +5,4 @@ + + time_t timefunc(time_t *ptr); + void settime(int y, int m, int d, int H, int M, int S); +-time_t nowtime; ++extern time_t nowtime; +-- +2.32.0 + diff --git a/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch b/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch new file mode 100644 index 0000000..d45b7e3 --- /dev/null +++ b/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch @@ -0,0 +1,27 @@ +From 2310898533f059d875dcffd26ab6cf1b280292fd Mon Sep 17 00:00:00 2001 +From: Koen Kooi <koen@dominion.thruhere.net> +Date: Wed, 12 Jan 2011 21:38:46 +0100 + +--- + include/ntp_syscall.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/include/ntp_syscall.h b/include/ntp_syscall.h +index d1ce03e..9e18432 100644 +--- a/include/ntp_syscall.h ++++ b/include/ntp_syscall.h +@@ -10,6 +10,14 @@ + # include <sys/timex.h> + #endif + ++#if defined(ADJ_NANO) && !defined(MOD_NANO) ++#define MOD_NANO ADJ_NANO ++#endif ++ ++#if defined(ADJ_TAI) && !defined(MOD_TAI) ++#define MOD_TAI ADJ_TAI ++#endif ++ + #ifndef NTP_SYSCALLS_LIBC + # ifdef NTP_SYSCALLS_STD + # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) diff --git a/recipes-support/ntp/files/ntp.conf b/recipes-support/ntp/files/ntp.conf new file mode 100644 index 0000000..b590030 --- /dev/null +++ b/recipes-support/ntp/files/ntp.conf @@ -0,0 +1,21 @@ +# This is the most basic ntp configuration file +# The driftfile must remain in a place specific to this +# machine - it records the machine specific clock error +driftfile /var/lib/ntp/drift +# This should be a server that is close (in IP terms) +# to the machine. Add other servers as required. +# Unless you un-comment the line below ntpd will sync +# only against the local system clock. +# +# server time.server.example.com +# +# Using local hardware clock as fallback +# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself +server 127.127.1.0 +fudge 127.127.1.0 stratum 14 +# Defining a default security setting +restrict -4 default notrap nomodify nopeer noquery +restrict -6 default notrap nomodify nopeer noquery + +restrict 127.0.0.1 # allow local host +restrict ::1 # allow local host diff --git a/recipes-support/ntp/files/ntpd b/recipes-support/ntp/files/ntpd new file mode 100755 index 0000000..d1b9c49 --- /dev/null +++ b/recipes-support/ntp/files/ntpd @@ -0,0 +1,84 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: ntp +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start NTP daemon +### END INIT INFO + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +DAEMON=/usr/sbin/ntpd +PIDFILE=/var/run/ntpd.pid + +# ntpd init.d script for ntpdc from ntp.isc.org +test -x $DAEMON -a -r /etc/ntp.conf || exit 0 + +# rcS contains TICKADJ +test -r /etc/default/rcS && . /etc/default/rcS + +# Source function library. +. /etc/init.d/functions + +# Functions to do individual actions +settick(){ + # If TICKADJ is set we *must* adjust it before we start, because the + # driftfile relies on the correct setting + test -n "$TICKADJ" -a -x /usr/sbin/tickadj && { + echo -n "Setting tick to $TICKADJ: " + /usr/sbin/tickadj "$TICKADJ" + echo "done" + } +} +startdaemon(){ + # The -g option allows ntpd to step the time to correct it just + # once. The daemon will exit if the clock drifts too much after + # this. If ntpd seems to disappear after a while assume TICKADJ + # above is set to a totally incorrect value. + echo -n "Starting ntpd: " + start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@" + echo "done" +} +stopdaemon(){ + echo -n "Stopping ntpd: " + start-stop-daemon --stop --quiet --oknodo -p $PIDFILE + echo "done" +} + +case "$1" in + start) + settick + startdaemon -g + ;; + stop) + stopdaemon + ;; + force-reload) + stopdaemon + settick + startdaemon -g + ;; + restart) + # Don't reset the tick here + stopdaemon + startdaemon -g + ;; + reload) + # Must do this by hand, but don't do -g + stopdaemon + startdaemon + ;; + status) + status /usr/sbin/ntpd; + exit $? + ;; + *) + echo "Usage: ntpd { start | stop | status | restart | reload }" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-support/ntp/files/ntpd.list b/recipes-support/ntp/files/ntpd.list new file mode 100644 index 0000000..d1fe6b7 --- /dev/null +++ b/recipes-support/ntp/files/ntpd.list @@ -0,0 +1 @@ +ntpd.service diff --git a/recipes-support/ntp/files/ntpd.service b/recipes-support/ntp/files/ntpd.service new file mode 100644 index 0000000..0e3d7cd --- /dev/null +++ b/recipes-support/ntp/files/ntpd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Time Service +After=network.target + +[Service] +Type=forking +PIDFile=/run/ntpd.pid +ExecStart=/usr/sbin/ntpd -u ntp:ntp -p /run/ntpd.pid -g + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/files/ntpdate b/recipes-support/ntp/files/ntpdate new file mode 100755 index 0000000..be3bacf --- /dev/null +++ b/recipes-support/ntp/files/ntpdate @@ -0,0 +1,59 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +test -x /usr/sbin/ntpdate || exit 0 + +if test -f /etc/default/ntpdate ; then +. /etc/default/ntpdate +fi + +if [ "$NTPSERVERS" = "" ] ; then + if [ "$METHOD" = "" -a "$1" != "silent" ] ; then + echo "Please set NTPSERVERS in /etc/default/ntpdate" + exit 1 + else + exit 0 + fi +fi + +# This is a heuristic: The idea is that if a static interface is brought +# up, that is a major event, and we can put in some extra effort to fix +# the system time. Feel free to change this, especially if you regularly +# bring up new network interfaces. +if [ "$METHOD" = static ]; then + OPTS="-b" +fi + +if [ "$METHOD" = loopback ]; then + exit 0 +fi + +( + +LOCKFILE=/var/lock/ntpdate + +# Avoid running more than one at a time +if [ -x /usr/bin/lockfile-create ]; then + lockfile-create $LOCKFILE + lockfile-touch $LOCKFILE & + LOCKTOUCHPID="$!" +fi + +if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then + if [ "$UPDATE_HWCLOCK" = "yes" ]; then + hwclock --systohc || : + fi +fi + +if [ -x /usr/bin/lockfile-create ] ; then + kill $LOCKTOUCHPID + lockfile-remove $LOCKFILE +fi + +) & + +# wait for all subprocesses to finish +# this is required when using systemd service as ntpd will start before ntpdate finishes +# and results in a bind error (port 123) +wait diff --git a/recipes-support/ntp/files/ntpdate.default b/recipes-support/ntp/files/ntpdate.default new file mode 100644 index 0000000..486b6e0 --- /dev/null +++ b/recipes-support/ntp/files/ntpdate.default @@ -0,0 +1,7 @@ +# Configuration script used by ntpdate-sync script + +NTPSERVERS="" + +# Set to "yes" to write time to hardware clock on success +UPDATE_HWCLOCK="no" + diff --git a/recipes-support/ntp/files/ntpdate.service b/recipes-support/ntp/files/ntpdate.service new file mode 100644 index 0000000..10cbd70 --- /dev/null +++ b/recipes-support/ntp/files/ntpdate.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Time Service (one-shot ntpdate mode) +Before=ntpd.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/ntpdate-sync silent +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch b/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch new file mode 100644 index 0000000..571db75 --- /dev/null +++ b/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch @@ -0,0 +1,15 @@ +--- ntp-4.2.8p12.original/sntp/libopts/m4/libopts.m4 2018-11-12 17:54:57.747220846 +1300 ++++ ntp-4.2.8p12/sntp/libopts/m4/libopts.m4 2018-11-12 18:00:50.626211641 +1300 +@@ -114,12 +114,6 @@ + AC_PROG_SED + [while : + do +- POSIX_SHELL=`which bash` +- test -x "$POSIX_SHELL" && break +- POSIX_SHELL=`which dash` +- test -x "$POSIX_SHELL" && break +- POSIX_SHELL=/usr/xpg4/bin/sh +- test -x "$POSIX_SHELL" && break + POSIX_SHELL=`/bin/sh -c ' + exec 2>/dev/null + if ! true ; then exit 1 ; fi diff --git a/recipes-support/ntp/files/sntp b/recipes-support/ntp/files/sntp new file mode 100644 index 0000000..f8c5895 --- /dev/null +++ b/recipes-support/ntp/files/sntp @@ -0,0 +1 @@ +NTPSERVER="ntpserver.example.org" diff --git a/recipes-support/ntp/files/sntp.service b/recipes-support/ntp/files/sntp.service new file mode 100644 index 0000000..4898b8a --- /dev/null +++ b/recipes-support/ntp/files/sntp.service @@ -0,0 +1,11 @@ +[Unit] +Description=Simple Network Time Service Client +After=network.target + +[Service] +Type=oneshot +EnvironmentFile=-/etc/default/sntp +ExecStart=/usr/sbin/sntp -s $NTPSERVER + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/ntp_4.2.8p15.bb b/recipes-support/ntp/ntp_4.2.8p15.bb new file mode 100644 index 0000000..9002b4b --- /dev/null +++ b/recipes-support/ntp/ntp_4.2.8p15.bb @@ -0,0 +1,206 @@ +SUMMARY = "Network Time Protocol daemon and utilities" +DESCRIPTION = "The Network Time Protocol (NTP) is used to \ +synchronize the time of a computer client or server to \ +another server or reference time source, such as a radio \ +or satellite receiver or modem." +HOMEPAGE = "http://support.ntp.org" +SECTION = "net" +LICENSE = "NTP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4190b39435611e92a4da74e682623f19" + +DEPENDS = "libevent" + +SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ + file://ntp-4.2.4_p6-nano.patch \ + file://reproducibility-fixed-path-to-posix-shell.patch \ + file://0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch \ + file://0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch \ + file://ntpd \ + file://ntp.conf \ + file://ntpdate \ + file://ntpdate.default \ + file://ntpdate.service \ + file://ntpd.service \ + file://sntp.service \ + file://sntp \ + file://ntpd.list \ +" + +SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" + +# CVE-2016-9312 is only for windows. +# The other CVEs are not correctly identified because cve-check +# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) +CVE_CHECK_WHITELIST += "\ + CVE-2016-9312 \ + CVE-2015-5146 \ + CVE-2015-5300 \ + CVE-2015-7975 \ + CVE-2015-7976 \ + CVE-2015-7977 \ + CVE-2015-7978 \ + CVE-2015-7979 \ + CVE-2015-8138 \ + CVE-2015-8139 \ + CVE-2015-8140 \ + CVE-2015-8158 \ + CVE-2016-1547 \ + CVE-2016-2516 \ + CVE-2016-2517 \ + CVE-2016-2519 \ + CVE-2016-7429 \ + CVE-2016-7433 \ + CVE-2016-9310 \ + CVE-2016-9311 \ +" + + +inherit autotools update-rc.d useradd systemd pkgconfig + +# The ac_cv_header_readline_history is to stop ntpdc depending on either +# readline or curses +EXTRA_OECONF += "--with-net-snmp-config=no \ + --without-ntpsnmpd \ + ac_cv_header_readline_history_h=no \ + --with-yielding_select=yes \ + --with-locfile=redhat \ + --without-rpath \ + " +CFLAGS:append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" + +USERADD_PACKAGES = "${PN}" +NTP_USER_HOME ?= "/var/lib/ntp" +USERADD_PARAM:${PN} = "--system --home-dir ${NTP_USER_HOME} \ + --no-create-home \ + --shell /bin/false --user-group ntp" + +# NB: debug is default-enabled by NTP; keep it default-enabled here. +PACKAGECONFIG ??= "cap debug refclocks openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ + --with-openssl-incdir=${STAGING_INCDIR} \ + --with-crypto, \ + --without-openssl --without-crypto, \ + openssl" +PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" +PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" +PACKAGECONFIG[refclocks] = "--enable-all-clocks,--disable-all-clocks,pps-tools" +PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" +PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} + install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d + install -d ${D}${bindir} + install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync + + install -m 755 -d ${D}${NTP_USER_HOME} + chown ntp:ntp ${D}${NTP_USER_HOME} + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace + sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace + sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait + sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj + sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj + + install -d ${D}/${sysconfdir}/default + install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate + install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ + + install -d ${D}/${sysconfdir}/network/if-up.d + ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ + + install -d ${D}${systemd_unitdir}/ntp-units.d + install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list + + # Remove an empty libexecdir. + rmdir --ignore-fail-on-non-empty ${D}${libexecdir} +} + +PACKAGES += "ntpdate sntp ntpdc ntpq ${PN}-tickadj ${PN}-utils" +# NOTE: you don't need ntpdate, use "ntpd -q -g -x" + +# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms +# with wonky clocks (e.g. OpenSlug) +RDEPENDS:${PN} = "${PN}-tickadj" +# ntpd require libgcc for execution +RDEPENDS:${PN} += "libgcc" +# Handle move from bin to utils package +RPROVIDES:${PN}-utils = "${PN}-bin" +RREPLACES:${PN}-utils = "${PN}-bin" +RCONFLICTS:${PN}-utils = "${PN}-bin" +# ntpdc and ntpq were split out of ntp-utils +RDEPENDS:${PN}-utils = "ntpdc ntpq" + +SYSTEMD_PACKAGES = "${PN} ntpdate sntp" +SYSTEMD_SERVICE:${PN} = "ntpd.service" +SYSTEMD_SERVICE:ntpdate = "ntpdate.service" +SYSTEMD_SERVICE:sntp = "sntp.service" +SYSTEMD_AUTO_ENABLE:sntp = "disable" + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" + +RPROVIDES:ntpdate += "ntpdate-systemd" +RREPLACES:ntpdate += "ntpdate-systemd" +RCONFLICTS:ntpdate += "ntpdate-systemd" + +RSUGGESTS:${PN} = "iana-etc" + +FILES:${PN} = "${sbindir}/ntpd.ntp ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd \ + ${NTP_USER_HOME} \ + ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +" +FILES:${PN}-tickadj = "${sbindir}/tickadj" +FILES:${PN}-utils = "${sbindir} ${datadir}/ntp/lib" +RDEPENDS:${PN}-utils += "perl" +FILES:ntpdate = "${sbindir}/ntpdate \ + ${sysconfdir}/network/if-up.d/ntpdate-sync \ + ${bindir}/ntpdate-sync \ + ${sysconfdir}/default/ntpdate \ + ${systemd_unitdir}/system/ntpdate.service \ +" +FILES:sntp = "${sbindir}/sntp \ + ${sysconfdir}/default/sntp \ + ${systemd_unitdir}/system/sntp.service \ + " +FILES:ntpdc = "${sbindir}/ntpdc" +FILES:ntpq = "${sbindir}/ntpq" + +CONFFILES:${PN} = "${sysconfdir}/ntp.conf" +CONFFILES:ntpdate = "${sysconfdir}/default/ntpdate" + +INITSCRIPT_NAME = "ntpd" +# No dependencies, so just go in at the standard level (20) +INITSCRIPT_PARAMS = "defaults" + +pkg_postinst:ntpdate() { + if ! grep -q -s ntpdate $D/var/spool/cron/root; then + echo "adding crontab" + test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron + echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root + fi +} + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE:${PN} = "ntpd" +ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd" |