From 2eaa3fd064097eb221b56d5df0e7136ba705a0cd Mon Sep 17 00:00:00 2001 From: Andrii Davydenko Date: Wed, 14 Dec 2022 12:08:42 +0200 Subject: CVE Packages Update Move libfastjson to the rsyslog directory rsyslog 8.2002.0 -> 8.2206.0 add ntp4.2.8 recipe with fixed CVEs update cryptsetup to 2.4.3 fix libxml2 CVE-2016-3709 curl 7.75.0 -> 7.86.0 strongswan 5.8.4 -> 5.9.8 libmodbus 3.1.6 -> 3.1.7 libesmtp 1.0.6 -> 1.1.0 cifs-utils 6.1 -> 7.0 update libtirpc to version 1.3.3 update rsync to version 3.2.5 Add zlib 1.2.13 upgrade gnutls to 3.7.8 upgrade openssh to 8.9p1 Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680 openvpn 2.4.9 -> 2.4.12 hostapd 2.9 -> 2.10 [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report. [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21. [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Backported CVE patch for sudo component. Added 2 CVE's to whitelist for OpenVPN component. --- recipes-support/cifs/cifs-utils_7.0.bb | 44 +++ .../0001-replace-krb5-config-with-pkg-config.patch | 30 ++ recipes-support/curl/curl_7.86.0.bb | 92 ++++++ ...mac-file-should-be-excuted-in-target-envi.patch | 28 ++ recipes-support/gnutls/gnutls/arm_eabi.patch | 30 ++ recipes-support/gnutls/gnutls_3.7.8.bb | 90 ++++++ .../gnutls/libtasn1/dont-depend-on-help2man.patch | 26 ++ recipes-support/gnutls/libtasn1_4.19.0.bb | 23 ++ recipes-support/libesmtp/libesmtp_1.1.0.bb | 32 +++ recipes-support/libmodbus/libmodbus.inc | 16 ++ ...float-endianness-issue-on-big-endian-arch.patch | 314 +++++++++++++++++++++ .../libmodbus/libmodbus_send_raw_message_tid.patch | 37 +++ recipes-support/libmodbus/libmodbus_3.1.7.bb | 9 + recipes-support/libmodbus/libmodbus_3.1.7.bbappend | 5 + ...d-target-to-only-build-tests-not-run-them.patch | 45 +++ ...k-header-files-of-openssl-only-if-enable_.patch | 36 +++ recipes-support/nettle/nettle/dlopen-test.patch | 29 ++ recipes-support/nettle/nettle/run-ptest | 36 +++ recipes-support/nettle/nettle_3.8.1.bb | 57 ++++ ...ntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch | 32 +++ ...ild-with-new-compiler-defaults-to-fno-com.patch | 66 +++++ recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch | 27 ++ recipes-support/ntp/files/ntp.conf | 21 ++ recipes-support/ntp/files/ntpd | 84 ++++++ recipes-support/ntp/files/ntpd.list | 1 + recipes-support/ntp/files/ntpd.service | 11 + recipes-support/ntp/files/ntpdate | 59 ++++ recipes-support/ntp/files/ntpdate.default | 7 + recipes-support/ntp/files/ntpdate.service | 11 + ...reproducibility-fixed-path-to-posix-shell.patch | 15 + recipes-support/ntp/files/sntp | 1 + recipes-support/ntp/files/sntp.service | 11 + recipes-support/ntp/ntp_4.2.8p15.bb | 206 ++++++++++++++ 33 files changed, 1531 insertions(+) create mode 100644 recipes-support/cifs/cifs-utils_7.0.bb create mode 100644 recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch create mode 100644 recipes-support/curl/curl_7.86.0.bb create mode 100644 recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch create mode 100644 recipes-support/gnutls/gnutls/arm_eabi.patch create mode 100644 recipes-support/gnutls/gnutls_3.7.8.bb create mode 100644 recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch create mode 100644 recipes-support/gnutls/libtasn1_4.19.0.bb create mode 100644 recipes-support/libesmtp/libesmtp_1.1.0.bb create mode 100644 recipes-support/libmodbus/libmodbus.inc create mode 100644 recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch create mode 100644 recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch create mode 100644 recipes-support/libmodbus/libmodbus_3.1.7.bb create mode 100644 recipes-support/libmodbus/libmodbus_3.1.7.bbappend create mode 100644 recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch create mode 100644 recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch create mode 100644 recipes-support/nettle/nettle/dlopen-test.patch create mode 100644 recipes-support/nettle/nettle/run-ptest create mode 100644 recipes-support/nettle/nettle_3.8.1.bb create mode 100644 recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch create mode 100644 recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch create mode 100644 recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch create mode 100644 recipes-support/ntp/files/ntp.conf create mode 100755 recipes-support/ntp/files/ntpd create mode 100644 recipes-support/ntp/files/ntpd.list create mode 100644 recipes-support/ntp/files/ntpd.service create mode 100755 recipes-support/ntp/files/ntpdate create mode 100644 recipes-support/ntp/files/ntpdate.default create mode 100644 recipes-support/ntp/files/ntpdate.service create mode 100644 recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch create mode 100644 recipes-support/ntp/files/sntp create mode 100644 recipes-support/ntp/files/sntp.service create mode 100644 recipes-support/ntp/ntp_4.2.8p15.bb (limited to 'recipes-support') diff --git a/recipes-support/cifs/cifs-utils_7.0.bb b/recipes-support/cifs/cifs-utils_7.0.bb new file mode 100644 index 0000000..e310c8e --- /dev/null +++ b/recipes-support/cifs/cifs-utils_7.0.bb @@ -0,0 +1,44 @@ +DESCRIPTION = "A a package of utilities for doing and managing mounts of the Linux CIFS filesystem." +HOMEPAGE = "http://wiki.samba.org/index.php/LinuxCIFS_utils" +SECTION = "otherosfs" +LICENSE = "GPL-3.0 & LGPL-3.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRCREV = "316522036133d44ed02cd39ed2748e2b59c85b30" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" + +S = "${WORKDIR}/git" +DEPENDS += "libtalloc" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[cap] = "--with-libcap,--without-libcap,libcap" +# when enabled, it creates ${bindir}/cifscreds and --ignore-fail-on-non-empty in do_install_append is needed +PACKAGECONFIG[cifscreds] = "--enable-cifscreds,--disable-cifscreds,keyutils" +# when enabled, it creates ${sbindir}/cifs.upcall and --ignore-fail-on-non-empty in do_install_append is needed +PACKAGECONFIG[cifsupcall] = "--enable-cifsupcall,--disable-cifsupcall,krb5 libtalloc keyutils" +PACKAGECONFIG[cifsidmap] = "--enable-cifsidmap,--disable-cifsidmap,keyutils samba" +PACKAGECONFIG[cifsacl] = "--enable-cifsacl,--disable-cifsacl,samba" +PACKAGECONFIG[pam] = "--enable-pam --with-pamdir=${base_libdir}/security,--disable-pam,libpam keyutils" + +inherit autotools pkgconfig + +do_configure_prepend() { + # want installed to /usr/sbin rather than /sbin to be DISTRO_FEATURES usrmerge compliant + # must override ROOTSBINDIR (default '/sbin'), + # setting --exec-prefix or --prefix in EXTRA_OECONF does not work + if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then + export ROOTSBINDIR=${sbindir} + fi +} + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then + # Remove empty /usr/bin and /usr/sbin directories since the mount helper + # is installed to /sbin + rmdir --ignore-fail-on-non-empty ${D}${bindir} ${D}${sbindir} + fi +} + +FILES_${PN} += "${base_libdir}/security" +FILES_${PN}-dbg += "${base_libdir}/security/.debug" +RRECOMMENDS_${PN} = "kernel-module-cifs" diff --git a/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch new file mode 100644 index 0000000..bb07c65 --- /dev/null +++ b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch @@ -0,0 +1,30 @@ +diff -uprN orig/configure.ac new/configure.ac +--- orig/configure.ac 2021-02-02 10:26:24.000000000 +0200 ++++ new/configure.ac 2021-02-10 16:20:17.078630690 +0200 +@@ -1442,7 +1442,7 @@ AC_ARG_WITH(gssapi, + fi + ]) + +-: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} ++KRB5CONFIG=`which pkg-config` + + save_CPPFLAGS="$CPPFLAGS" + AC_MSG_CHECKING([if GSS-API support is requested]) +@@ -1453,7 +1453,7 @@ if test x"$want_gss" = xyes; then + if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then +- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` ++ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` + elif test "$GSSAPI_ROOT" != "yes"; then + GSSAPI_INCS="-I$GSSAPI_ROOT/include" + fi +@@ -1546,7 +1546,7 @@ if test x"$want_gss" = xyes; then + elif test -f "$KRB5CONFIG"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS +- gss_libs=`$KRB5CONFIG --libs gssapi` ++ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` + LIBS="$gss_libs $LIBS" + else + case $host in diff --git a/recipes-support/curl/curl_7.86.0.bb b/recipes-support/curl/curl_7.86.0.bb new file mode 100644 index 0000000..01a95fc --- /dev/null +++ b/recipes-support/curl/curl_7.86.0.bb @@ -0,0 +1,92 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ + file://0001-replace-krb5-config-with-pkg-config.patch \ +" + +SRC_URI[sha256sum] = "f5ca69db03eea17fa8705bdfb1a9f58d76a46c9010518109bb38f313137e0a28" + +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" + +inherit autotools pkgconfig binconfig multilib_header ptest + +# Entropy source for random PACKAGECONFIG option +RANDOM ?= "/dev/urandom" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG_class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libpsl \ + --enable-debug \ + --enable-optimize \ + --disable-curldebug \ + ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ +" + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ + ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" \ No newline at end of file diff --git a/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000..e40b2be --- /dev/null +++ b/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -0,0 +1,28 @@ +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 +From: Lei Maohui +Date: Mon, 23 May 2022 10:44:43 +0900 +Subject: [PATCH] Creating .hmac file should be excuted in target environment, + so deleted it from build process. + +Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] +Signed-off-by: Lei Maohui +--- + lib/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index 0b43ef9..cf263f0 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac + + all-local: $(hmac_files) + +-.libs/.gnutls.hmac: libgnutls.la fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ ++.libs/.gnutls.hmac: + + CLEANFILES = $(hmac_files) + endif +-- +2.25.1 diff --git a/recipes-support/gnutls/gnutls/arm_eabi.patch b/recipes-support/gnutls/gnutls/arm_eabi.patch new file mode 100644 index 0000000..6eb1edb --- /dev/null +++ b/recipes-support/gnutls/gnutls/arm_eabi.patch @@ -0,0 +1,30 @@ +From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001 +From: Joe Slater +Date: Wed, 25 Jan 2017 13:52:59 -0800 +Subject: [PATCH] gnutls: account for ARM_EABI + +Certain syscall's are not availabe for arm-eabi, so we eliminate +reference to them. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater + +--- + tests/seccomp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/seccomp.c b/tests/seccomp.c +index ed14d00..3c5b726 100644 +--- a/tests/seccomp.c ++++ b/tests/seccomp.c +@@ -53,7 +53,9 @@ int disable_system_calls(void) + + ADD_SYSCALL(nanosleep, 0); + ADD_SYSCALL(clock_nanosleep, 0); ++#if ! defined(__ARM_EABI__) + ADD_SYSCALL(time, 0); ++#endif + ADD_SYSCALL(getpid, 0); + ADD_SYSCALL(gettimeofday, 0); + #if defined(HAVE_CLOCK_GETTIME) diff --git a/recipes-support/gnutls/gnutls_3.7.8.bb b/recipes-support/gnutls/gnutls_3.7.8.bb new file mode 100644 index 0000000..8f979a5 --- /dev/null +++ b/recipes-support/gnutls/gnutls_3.7.8.bb @@ -0,0 +1,90 @@ +SUMMARY = "GNU Transport Layer Security Library" +DESCRIPTION = "a secure communications library implementing the SSL, \ +TLS and DTLS protocols and technologies around them." +HOMEPAGE = "https://gnutls.org/" +BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LICENSE:${PN}-xx = "LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN}-openssl = "GPL-3.0-or-later" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ + file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ + file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" + +DEPENDS = "nettle gmp virtual/libiconv libunistring" +DEPENDS:append:libc-musl = " argp-standalone" + +SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" + +SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ + file://arm_eabi.patch \ + file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ + " + +SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114" + +inherit autotools texinfo pkgconfig gettext lib_package gtk-doc + +PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" + +# You must also have CONFIG_SECCOMP enabled in the kernel for +# seccomp to work. +PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp" +PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" +PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" +PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" +PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" + +EXTRA_OECONF = " \ + --enable-doc \ + --disable-libdane \ + --disable-guile \ + --disable-rpath \ + --enable-openssl-compatibility \ + --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ +" + +# Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. +export POSIX_SHELL="${base_bindir}/sh" + +LDFLAGS:append:libc-musl = " -largp" + +do_configure:prepend() { + for dir in . lib; do + rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 + done +} + +do_install:append:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then + install -d ${D}${bindir}/bin + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ + fi +} + +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" + +FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" +FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" +FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" +FILES:${PN}-fips = "${bindir}/fipshmac" + +BBCLASSEXTEND = "native nativesdk" + +pkg_postinst_ontarget:${PN}-fips () { + if test -x ${bindir}/fipshmac + then + mkdir ${sysconfdir}/gnutls + touch ${sysconfdir}/gnutls/config + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac + fi +} diff --git a/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch b/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch new file mode 100644 index 0000000..216d636 --- /dev/null +++ b/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch @@ -0,0 +1,26 @@ +From 629fc6427710e48b78f8b1f300dd698fe898cfd4 Mon Sep 17 00:00:00 2001 +From: Marko Lindqvist +Date: Mon, 7 Jan 2013 01:49:40 +0200 +Subject: [PATCH] libtasn1: remove help2man dependency + +Upstream-Status: Inappropriate + +Signed-off-by: Marko Lindqvist + +--- + doc/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index a0171a5..8aa4d3d 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -28,7 +28,7 @@ libtasn1_TEXINFOS += asn1Coding-help.texi asn1Decoding-help.texi asn1Parser-help + + AM_MAKEINFOHTMLFLAGS = --no-split $(AM_MAKEINFOFLAGS) + +-dist_man_MANS = $(gdoc_MANS) asn1Parser.1 asn1Coding.1 asn1Decoding.1 ++dist_man_MANS = $(gdoc_MANS) + + HELP2MAN_OPTS = --info-page libtasn1 + diff --git a/recipes-support/gnutls/libtasn1_4.19.0.bb b/recipes-support/gnutls/libtasn1_4.19.0.bb new file mode 100644 index 0000000..5fb8b54 --- /dev/null +++ b/recipes-support/gnutls/libtasn1_4.19.0.bb @@ -0,0 +1,23 @@ +SUMMARY = "Library for ASN.1 and DER manipulation" +DESCRIPTION = "A highly portable C library that encodes and decodes \ +DER/BER data following an ASN.1 schema. " +HOMEPAGE = "http://www.gnu.org/software/libtasn1/" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ + file://COPYING;md5=75ac100ec923f959898182307970c360" + +SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ + file://dont-depend-on-help2man.patch \ + " + +DEPENDS = "bison-native" + +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" + +inherit autotools texinfo lib_package gtk-doc + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-support/libesmtp/libesmtp_1.1.0.bb b/recipes-support/libesmtp/libesmtp_1.1.0.bb new file mode 100644 index 0000000..eeb1ac6 --- /dev/null +++ b/recipes-support/libesmtp/libesmtp_1.1.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "SMTP client library" +DESCRIPTION = "LibESMTP is a library to manage posting \ +(or submission of) electronic mail using SMTP to a \ +preconfigured Mail Transport Agent (MTA) such as Exim or PostFix." +HOMEPAGE = "https://libesmtp.github.io/" +LICENSE = "LGPL-2.0+" +SECTION = "libs" + +DEPENDS = "openssl" + +SRC_URI = "git://github.com/libesmtp/libESMTP.git;branch=master;protocol=https" +SRCREV = "1d0af244310a66943ab400be56b15a9087f181eb" + +S = "${WORKDIR}/git" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=1803fa9c2c3ce8cb06b4861d75310742 \ + file://COPYING.GPL;md5=393a5ca445f6965873eca0259a17f833" + +inherit meson pkgconfig + +EXTRA_OEMESON = " \ + -Dpthreads=enabled \ + -Dtls=enabled \ + -Dxdg=false \ + -Dlwres=disabled \ + -Dbdat=true \ + -Detrn=true \ + -Dxusr=true \ +" + +FILES_${PN} = "${libdir}/lib*${SOLIBS} \ + ${libdir}/esmtp-plugins-6.2.0/*${SOLIBSDEV}" diff --git a/recipes-support/libmodbus/libmodbus.inc b/recipes-support/libmodbus/libmodbus.inc new file mode 100644 index 0000000..27880df --- /dev/null +++ b/recipes-support/libmodbus/libmodbus.inc @@ -0,0 +1,16 @@ +SUMMARY = "A Modbus library" +DESCRIPTION = "libmodbus is a C library designed to provide a fast and robust \ +implementation of the Modbus protocol. It runs on Linux, Mac OS X, FreeBSD, \ +QNX and Windows." +HOMEPAGE = "http://www.libmodbus.org/" +SECTION = "libs" + +LICENSE = "LGPL-2.1+" +LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = "http://libmodbus.org/releases/${BP}.tar.gz" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[documentation] = "--with-documentation,--without-documentation,asciidoc-native xmlto-native" + +inherit autotools pkgconfig diff --git a/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch b/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch new file mode 100644 index 0000000..5372a23 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus/Fix-float-endianness-issue-on-big-endian-arch.patch @@ -0,0 +1,314 @@ +From: =?utf-8?b?IlNaIExpbiAo5p6X5LiK5pm6KSI=?= +Date: Wed, 19 Dec 2018 10:24:47 +0800 +Subject: Fix float endianness issue on big endian arch + +It converts float values depending on what order they come in. + +This patch was modified from rm5248 [1] + +[1] https://github.com/synexxus/libmodbus/commit/a511768e7fe7ec52d7bae1d9ae04e33f87a59627 + +--- + src/modbus-data.c | 110 ++++++++++++++++++++++++++++++++++++++--------- + tests/unit-test-client.c | 22 ++++++---- + tests/unit-test.h.in | 41 ++++++++++++++++-- + 3 files changed, 141 insertions(+), 32 deletions(-) + +diff --git a/src/modbus-data.c b/src/modbus-data.c +index 902b8c6..7a744fa 100644 +--- a/src/modbus-data.c ++++ b/src/modbus-data.c +@@ -119,9 +119,18 @@ float modbus_get_float_abcd(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl(((uint32_t)src[0] << 16) + src[1]); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (a << 24) | ++ (b << 16) | ++ (c << 8) | ++ (d << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -131,9 +140,18 @@ float modbus_get_float_dcba(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl(bswap_32((((uint32_t)src[0]) << 16) + src[1])); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (d << 24) | ++ (c << 16) | ++ (b << 8) | ++ (a << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -143,9 +161,18 @@ float modbus_get_float_badc(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl((uint32_t)(bswap_16(src[0]) << 16) + bswap_16(src[1])); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (b << 24) | ++ (a << 16) | ++ (d << 8) | ++ (c << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -155,9 +182,18 @@ float modbus_get_float_cdab(const uint16_t *src) + { + float f; + uint32_t i; ++ uint8_t a, b, c, d; + +- i = ntohl((((uint32_t)src[1]) << 16) + src[0]); +- memcpy(&f, &i, sizeof(float)); ++ a = (src[0] >> 8) & 0xFF; ++ b = (src[0] >> 0) & 0xFF; ++ c = (src[1] >> 8) & 0xFF; ++ d = (src[1] >> 0) & 0xFF; ++ ++ i = (c << 24) | ++ (d << 16) | ++ (a << 8) | ++ (b << 0); ++ memcpy(&f, &i, 4); + + return f; + } +@@ -172,50 +208,84 @@ float modbus_get_float(const uint16_t *src) + memcpy(&f, &i, sizeof(float)); + + return f; ++ + } + + /* Set a float to 4 bytes for Modbus w/o any conversion (ABCD) */ + void modbus_set_float_abcd(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)(i >> 16); +- dest[1] = (uint16_t)i; ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = a; ++ out[1] = b; ++ out[2] = c; ++ out[3] = d; + } + + /* Set a float to 4 bytes for Modbus with byte and word swap conversion (DCBA) */ + void modbus_set_float_dcba(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = bswap_32(htonl(i)); +- dest[0] = (uint16_t)(i >> 16); +- dest[1] = (uint16_t)i; ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = d; ++ out[1] = c; ++ out[2] = b; ++ out[3] = a; ++ + } + + /* Set a float to 4 bytes for Modbus with byte swap conversion (BADC) */ + void modbus_set_float_badc(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)bswap_16(i >> 16); +- dest[1] = (uint16_t)bswap_16(i & 0xFFFF); ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = b; ++ out[1] = a; ++ out[2] = d; ++ out[3] = c; + } + + /* Set a float to 4 bytes for Modbus with word swap conversion (CDAB) */ + void modbus_set_float_cdab(float f, uint16_t *dest) + { + uint32_t i; ++ uint8_t *out = (uint8_t*) dest; ++ uint8_t a, b, c, d; + + memcpy(&i, &f, sizeof(uint32_t)); +- i = htonl(i); +- dest[0] = (uint16_t)i; +- dest[1] = (uint16_t)(i >> 16); ++ a = (i >> 24) & 0xFF; ++ b = (i >> 16) & 0xFF; ++ c = (i >> 8) & 0xFF; ++ d = (i >> 0) & 0xFF; ++ ++ out[0] = c; ++ out[1] = d; ++ out[2] = a; ++ out[3] = b; + } + + /* DEPRECATED - Set a float to 4 bytes in a sort of Modbus format! */ +diff --git a/tests/unit-test-client.c b/tests/unit-test-client.c +index 3e315f4..3fccf3e 100644 +--- a/tests/unit-test-client.c ++++ b/tests/unit-test-client.c +@@ -27,6 +27,7 @@ int send_crafted_request(modbus_t *ctx, int function, + uint16_t max_value, uint16_t bytes, + int backend_length, int backend_offset); + int equal_dword(uint16_t *tab_reg, const uint32_t value); ++int is_memory_equal(const void *s1, const void *s2, size_t size); + + #define BUG_REPORT(_cond, _format, _args ...) \ + printf("\nLine %d: assertion error for '%s': " _format "\n", __LINE__, # _cond, ## _args) +@@ -40,6 +41,11 @@ int equal_dword(uint16_t *tab_reg, const uint32_t value); + } \ + }; + ++int is_memory_equal(const void *s1, const void *s2, size_t size) ++{ ++ return (memcmp(s1, s2, size) == 0); ++} ++ + int equal_dword(uint16_t *tab_reg, const uint32_t value) { + return ((tab_reg[0] == (value >> 16)) && (tab_reg[1] == (value & 0xFFFF))); + } +@@ -286,26 +292,26 @@ int main(int argc, char *argv[]) + /** FLOAT **/ + printf("1/4 Set/get float ABCD: "); + modbus_set_float_abcd(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_ABCD), "FAILED Set float ABCD"); +- real = modbus_get_float_abcd(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_ABCD_SET, 4), "FAILED Set float ABCD"); ++ real = modbus_get_float_abcd(UT_IREAL_ABCD_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("2/4 Set/get float DCBA: "); + modbus_set_float_dcba(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_DCBA), "FAILED Set float DCBA"); +- real = modbus_get_float_dcba(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_DCBA_SET, 4), "FAILED Set float DCBA"); ++ real = modbus_get_float_dcba(UT_IREAL_DCBA_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("3/4 Set/get float BADC: "); + modbus_set_float_badc(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_BADC), "FAILED Set float BADC"); +- real = modbus_get_float_badc(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_BADC_SET, 4), "FAILED Set float BADC"); ++ real = modbus_get_float_badc(UT_IREAL_BADC_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("4/4 Set/get float CDAB: "); + modbus_set_float_cdab(UT_REAL, tab_rp_registers); +- ASSERT_TRUE(equal_dword(tab_rp_registers, UT_IREAL_CDAB), "FAILED Set float CDAB"); +- real = modbus_get_float_cdab(tab_rp_registers); ++ ASSERT_TRUE(is_memory_equal(tab_rp_registers, UT_IREAL_CDAB_SET, 4), "FAILED Set float CDAB"); ++ real = modbus_get_float_cdab(UT_IREAL_CDAB_GET); + ASSERT_TRUE(real == UT_REAL, "FAILED (%f != %f)\n", real, UT_REAL); + + printf("\nAt this point, error messages doesn't mean the test has failed\n"); +diff --git a/tests/unit-test.h.in b/tests/unit-test.h.in +index dca826f..4ffa254 100644 +--- a/tests/unit-test.h.in ++++ b/tests/unit-test.h.in +@@ -56,12 +56,45 @@ const uint16_t UT_INPUT_REGISTERS_ADDRESS = 0x108; + const uint16_t UT_INPUT_REGISTERS_NB = 0x1; + const uint16_t UT_INPUT_REGISTERS_TAB[] = { 0x000A }; + ++/* ++ * This float value is 0x47F12000 (in big-endian format). ++ * In Little-endian(intel) format, it will be stored in memory as follows: ++ * 0x00 0x20 0xF1 0x47 ++ * ++ * You can check this with the following code: ++ ++ float fl = UT_REAL; ++ uint8_t *inmem = (uint8_t*)&fl; ++ int x; ++ for(x = 0; x < 4; x++){ ++ printf("0x%02X ", inmem[ x ]); ++ } ++ printf("\n"); ++ */ + const float UT_REAL = 123456.00; + +-const uint32_t UT_IREAL_ABCD = 0x0020F147; +-const uint32_t UT_IREAL_DCBA = 0x47F12000; +-const uint32_t UT_IREAL_BADC = 0x200047F1; +-const uint32_t UT_IREAL_CDAB = 0xF1470020; ++/* ++ * The following arrays assume that 'A' is the MSB, ++ * and 'D' is the LSB. ++ * Thus, the following is the case: ++ * A = 0x47 ++ * B = 0xF1 ++ * C = 0x20 ++ * D = 0x00 ++ * ++ * There are two sets of arrays: one to test that the setting is correct, ++ * the other to test that the getting is correct. ++ * Note that the 'get' values must be constants in processor-endianness, ++ * as libmodbus will convert all words to processor-endianness as they come in. ++ */ ++const uint8_t UT_IREAL_ABCD_SET[] = {0x47, 0xF1, 0x20, 0x00}; ++const uint16_t UT_IREAL_ABCD_GET[] = {0x47F1, 0x2000}; ++const uint8_t UT_IREAL_DCBA_SET[] = {0x00, 0x20, 0xF1, 0x47}; ++const uint16_t UT_IREAL_DCBA_GET[] = {0x0020, 0xF147}; ++const uint8_t UT_IREAL_BADC_SET[] = {0xF1, 0x47, 0x00, 0x20}; ++const uint16_t UT_IREAL_BADC_GET[] = {0xF147, 0x0020}; ++const uint8_t UT_IREAL_CDAB_SET[] = {0x20, 0x00, 0x47, 0xF1}; ++const uint16_t UT_IREAL_CDAB_GET[] = {0x2000, 0x47F1}; + + /* const uint32_t UT_IREAL_ABCD = 0x47F12000); + const uint32_t UT_IREAL_DCBA = 0x0020F147; diff --git a/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch b/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch new file mode 100644 index 0000000..069f4f2 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus/libmodbus_send_raw_message_tid.patch @@ -0,0 +1,37 @@ +diff --git a/src/modbus.c b/src/modbus.c +index 68a28a3..4810cfe 100644 +--- a/src/modbus.c ++++ b/src/modbus.c +@@ -208,6 +208,11 @@ static int send_msg(modbus_t *ctx, uint8_t *msg, int msg_length) + } + + int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length) ++{ ++ return modbus_send_raw_request_tid(ctx, raw_req, raw_req_length, 0); ++} ++ ++int modbus_send_raw_request_tid(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length, int tid) + { + sft_t sft; + uint8_t req[MAX_MESSAGE_LENGTH]; +@@ -229,7 +234,7 @@ int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_l + sft.slave = raw_req[0]; + sft.function = raw_req[1]; + /* The t_id is left to zero */ +- sft.t_id = 0; ++ sft.t_id = tid; + /* This response function only set the header so it's convenient here */ + req_length = ctx->backend->build_response_basis(&sft, req); + +diff --git a/src/modbus.h b/src/modbus.h +index fbe20bc..8b3c675 100644 +--- a/src/modbus.h ++++ b/src/modbus.h +@@ -228,6 +228,7 @@ MODBUS_API modbus_mapping_t* modbus_mapping_new(int nb_bits, int nb_input_bits, + MODBUS_API void modbus_mapping_free(modbus_mapping_t *mb_mapping); + + MODBUS_API int modbus_send_raw_request(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length); ++MODBUS_API int modbus_send_raw_request_tid(modbus_t *ctx, const uint8_t *raw_req, int raw_req_length, int tid); + + MODBUS_API int modbus_receive(modbus_t *ctx, uint8_t *req); + diff --git a/recipes-support/libmodbus/libmodbus_3.1.7.bb b/recipes-support/libmodbus/libmodbus_3.1.7.bb new file mode 100644 index 0000000..907e8de --- /dev/null +++ b/recipes-support/libmodbus/libmodbus_3.1.7.bb @@ -0,0 +1,9 @@ +require libmodbus.inc + +SRC_URI += "file://Fix-float-endianness-issue-on-big-endian-arch.patch" +SRC_URI[sha256sum] = "7dfe958431d0570b271e1a5b329b76a658e89c614cf119eb5aadb725c87f8fbd" + +# this file has been created one minute after the configure file, so it doesn't get recreated during configure step +do_configure_prepend() { + rm -rf ${S}/tests/unit-test.h +} diff --git a/recipes-support/libmodbus/libmodbus_3.1.7.bbappend b/recipes-support/libmodbus/libmodbus_3.1.7.bbappend new file mode 100644 index 0000000..d1a98b8 --- /dev/null +++ b/recipes-support/libmodbus/libmodbus_3.1.7.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +PR .= ".mts1" + +SRC_URI += "file://libmodbus_send_raw_message_tid.patch" diff --git a/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch b/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch new file mode 100644 index 0000000..e3f5c6d --- /dev/null +++ b/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch @@ -0,0 +1,45 @@ +Add target to only build tests (not run them) + +Not sending upstream as this is only a start of a solution to +installable tests: It's useful for us already as is. + +Upstream-Status: Inappropriate [not a complete solution] + +Signed-off-by: Jussi Kukkonen +Refactored for 3.4 +Signed-off-by: Armin Kuster +--- + Makefile.in | 3 +++ + testsuite/Makefile.in | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/Makefile.in b/Makefile.in +index e5ccfc7..15c9275 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -52,6 +52,9 @@ clean distclean mostlyclean maintainer-clean tags: + echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done + $(MAKE) $@-here + ++buildtest: ++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@) ++ + check-here: + true + +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 3f5e5f6..8fd68a3 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -122,6 +122,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \ + # data. + VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes + ++buildtest: $(TS_ALL) ++ + check: $(TS_ALL) + TEST_SHLIB_DIR="$(TEST_SHLIB_DIR)" \ + srcdir="$(srcdir)" \ +-- +2.17.1 + diff --git a/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch b/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch new file mode 100644 index 0000000..d5f2666 --- /dev/null +++ b/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch @@ -0,0 +1,36 @@ +From ffee6b5f6204a0210f717968ec6ce514d70acca1 Mon Sep 17 00:00:00 2001 +From: Haiqing Bai +Date: Fri, 9 Dec 2016 15:23:17 +0800 +Subject: [PATCH] nettle: check header files of openssl only if + 'enable_openssl=yes'. + +The original configure script checks openssl header files to generate +config.h even if 'enable_openssl' is not set to yes, this made inconsistent +building for nettle. + +Upstream-Status: Pending +Signed-off-by: Haiqing Bai + +refactored for 3.4. pending not in as of 3.4 + +Signed-off-by: Armin Kuster + +Index: nettle-3.4/configure.ac +=================================================================== +--- nettle-3.4.orig/configure.ac ++++ nettle-3.4/configure.ac +@@ -185,9 +185,11 @@ AC_HEADER_TIME + AC_CHECK_SIZEOF(long) + AC_CHECK_SIZEOF(size_t) + +-AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, +-[enable_openssl=no +- break]) ++if test "x$enable_openssl" = "xyes"; then ++ AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, ++ [enable_openssl=no ++ break]) ++fi + + # For use by the testsuite + AC_CHECK_HEADERS([valgrind/memcheck.h]) diff --git a/recipes-support/nettle/nettle/dlopen-test.patch b/recipes-support/nettle/nettle/dlopen-test.patch new file mode 100644 index 0000000..ab9b91f --- /dev/null +++ b/recipes-support/nettle/nettle/dlopen-test.patch @@ -0,0 +1,29 @@ +Remove the relative path for libnettle.so so the test +program can find it. +Relative paths are not suitable, as the folder strucure for ptest +is different from the one expected by the nettle testsuite. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Juro Bystricky +Signed-off-by: Mingli Yu +--- + testsuite/dlopen-test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testsuite/dlopen-test.c b/testsuite/dlopen-test.c +index 4265bf7..1a25d17 100644 +--- a/testsuite/dlopen-test.c ++++ b/testsuite/dlopen-test.c +@@ -15,7 +15,7 @@ int + main (int argc UNUSED, char **argv UNUSED) + { + #if HAVE_LIBDL +- void *handle = dlopen ("../libnettle." SO_EXT, RTLD_NOW); ++ void *handle = dlopen ("libnettle.so", RTLD_NOW); + int (*get_version)(void); + if (!handle) + { +-- +2.17.1 + diff --git a/recipes-support/nettle/nettle/run-ptest b/recipes-support/nettle/nettle/run-ptest new file mode 100644 index 0000000..b90bed6 --- /dev/null +++ b/recipes-support/nettle/nettle/run-ptest @@ -0,0 +1,36 @@ +#! /bin/sh + +cd testsuite + +failed=0 +all=0 + +for f in *-test; do + if [ "$f" = "sha1-huge-test" ] ; then + echo "SKIP: $f (skipped for ludicrous run time)" + continue + fi + + "./$f" + case "$?" in + 0) + echo "PASS: $f" + all=$((all + 1)) + ;; + 77) + echo "SKIP: $f" + ;; + *) + echo "FAIL: $f" + failed=$((failed + 1)) + all=$((all + 1)) + ;; + esac +done + +if [ "$failed" -eq 0 ] ; then + echo "All $all tests passed" +else + echo "$failed of $all tests failed" +fi + diff --git a/recipes-support/nettle/nettle_3.8.1.bb b/recipes-support/nettle/nettle_3.8.1.bb new file mode 100644 index 0000000..bf49132 --- /dev/null +++ b/recipes-support/nettle/nettle_3.8.1.bb @@ -0,0 +1,57 @@ +SUMMARY = "A low level cryptographic library" +DESCRIPTION = "Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space." +HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" +DESCRIPTION = "It tries to solve a problem of providing a common set of \ +cryptographic algorithms for higher-level applications by implementing a \ +context-independent set of cryptographic algorithms" +SECTION = "libs" +LICENSE = "LGPL-3.0-or-later | GPL-2.0-or-later" + +LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \ + file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \ + file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e" + +DEPENDS += "gmp" + +SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ + file://Add-target-to-only-build-tests-not-run-them.patch \ + file://run-ptest \ + file://check-header-files-of-openssl-only-if-enable_.patch \ + " + +SRC_URI:append:class-target = "\ + file://dlopen-test.patch \ + " + +SRC_URI[sha256sum] = "364f3e2b77cd7dcde83fd7c45219c834e54b0c75e428b6f894a23d12dd41cbfe" + +UPSTREAM_CHECK_REGEX = "nettle-(?P\d+(\.\d+)+)\.tar" + +inherit autotools ptest multilib_header + +EXTRA_AUTORECONF += "--exclude=aclocal" + +EXTRA_OECONF = "--disable-openssl" + +do_compile_ptest() { + oe_runmake buildtest +} + +do_install:append() { + oe_multilib_header nettle/version.h +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ + # tools can be found in PATH, not in ../tools/ + sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test + install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ +} + +RDEPENDS:${PN}-ptest += "${PN}-dev" +INSANE_SKIP:${PN}-ptest += "dev-deps" + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch b/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch new file mode 100644 index 0000000..372938c --- /dev/null +++ b/recipes-support/ntp/files/0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch @@ -0,0 +1,32 @@ +From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 31 Jul 2021 10:51:41 -0700 +Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc + +In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which +could mean different stack sizes at runtime on different architectures +and it also causes compile failure. Default glibc thread stack size +or 64Kb set by ntp should be good in glibc these days. + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + libntp/work_thread.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libntp/work_thread.c b/libntp/work_thread.c +index 03a5647..3ddd751 100644 +--- a/libntp/work_thread.c ++++ b/libntp/work_thread.c +@@ -41,7 +41,7 @@ + #ifndef THREAD_MINSTACKSIZE + # define THREAD_MINSTACKSIZE (64U * 1024) + #endif +-#ifndef __sun ++#if !defined(__sun) && !defined(__GLIBC__) + #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN + # undef THREAD_MINSTACKSIZE + # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN +-- +2.32.0 + diff --git a/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch b/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch new file mode 100644 index 0000000..42e1efd --- /dev/null +++ b/recipes-support/ntp/files/0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch @@ -0,0 +1,66 @@ +From 778f3cddc20930185a917fa3f8ffe1ef2b0b0ea0 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 31 Jul 2021 13:27:16 -0700 +Subject: [PATCH] test: Fix build with new compiler defaults to -fno-common + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + sntp/tests/run-packetHandling.c | 2 +- + sntp/tests/run-t-log.c | 2 +- + sntp/tests/run-utilities.c | 2 +- + tests/libntp/test-libntp.h | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sntp/tests/run-packetHandling.c b/sntp/tests/run-packetHandling.c +index 7790b20..c58380c 100644 +--- a/sntp/tests/run-packetHandling.c ++++ b/sntp/tests/run-packetHandling.c +@@ -64,7 +64,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/sntp/tests/run-t-log.c b/sntp/tests/run-t-log.c +index 268bf41..cd835bc 100644 +--- a/sntp/tests/run-t-log.c ++++ b/sntp/tests/run-t-log.c +@@ -50,7 +50,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/sntp/tests/run-utilities.c b/sntp/tests/run-utilities.c +index f717882..98d9bf1 100644 +--- a/sntp/tests/run-utilities.c ++++ b/sntp/tests/run-utilities.c +@@ -58,7 +58,7 @@ void resetTest(void) + setUp(); + } + +-char const *progname; ++extern char const *progname; + + + //=======MAIN===== +diff --git a/tests/libntp/test-libntp.h b/tests/libntp/test-libntp.h +index 93050b3..60461d8 100644 +--- a/tests/libntp/test-libntp.h ++++ b/tests/libntp/test-libntp.h +@@ -5,4 +5,4 @@ + + time_t timefunc(time_t *ptr); + void settime(int y, int m, int d, int H, int M, int S); +-time_t nowtime; ++extern time_t nowtime; +-- +2.32.0 + diff --git a/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch b/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch new file mode 100644 index 0000000..d45b7e3 --- /dev/null +++ b/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch @@ -0,0 +1,27 @@ +From 2310898533f059d875dcffd26ab6cf1b280292fd Mon Sep 17 00:00:00 2001 +From: Koen Kooi +Date: Wed, 12 Jan 2011 21:38:46 +0100 + +--- + include/ntp_syscall.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/include/ntp_syscall.h b/include/ntp_syscall.h +index d1ce03e..9e18432 100644 +--- a/include/ntp_syscall.h ++++ b/include/ntp_syscall.h +@@ -10,6 +10,14 @@ + # include + #endif + ++#if defined(ADJ_NANO) && !defined(MOD_NANO) ++#define MOD_NANO ADJ_NANO ++#endif ++ ++#if defined(ADJ_TAI) && !defined(MOD_TAI) ++#define MOD_TAI ADJ_TAI ++#endif ++ + #ifndef NTP_SYSCALLS_LIBC + # ifdef NTP_SYSCALLS_STD + # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) diff --git a/recipes-support/ntp/files/ntp.conf b/recipes-support/ntp/files/ntp.conf new file mode 100644 index 0000000..b590030 --- /dev/null +++ b/recipes-support/ntp/files/ntp.conf @@ -0,0 +1,21 @@ +# This is the most basic ntp configuration file +# The driftfile must remain in a place specific to this +# machine - it records the machine specific clock error +driftfile /var/lib/ntp/drift +# This should be a server that is close (in IP terms) +# to the machine. Add other servers as required. +# Unless you un-comment the line below ntpd will sync +# only against the local system clock. +# +# server time.server.example.com +# +# Using local hardware clock as fallback +# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself +server 127.127.1.0 +fudge 127.127.1.0 stratum 14 +# Defining a default security setting +restrict -4 default notrap nomodify nopeer noquery +restrict -6 default notrap nomodify nopeer noquery + +restrict 127.0.0.1 # allow local host +restrict ::1 # allow local host diff --git a/recipes-support/ntp/files/ntpd b/recipes-support/ntp/files/ntpd new file mode 100755 index 0000000..d1b9c49 --- /dev/null +++ b/recipes-support/ntp/files/ntpd @@ -0,0 +1,84 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: ntp +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start NTP daemon +### END INIT INFO + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +DAEMON=/usr/sbin/ntpd +PIDFILE=/var/run/ntpd.pid + +# ntpd init.d script for ntpdc from ntp.isc.org +test -x $DAEMON -a -r /etc/ntp.conf || exit 0 + +# rcS contains TICKADJ +test -r /etc/default/rcS && . /etc/default/rcS + +# Source function library. +. /etc/init.d/functions + +# Functions to do individual actions +settick(){ + # If TICKADJ is set we *must* adjust it before we start, because the + # driftfile relies on the correct setting + test -n "$TICKADJ" -a -x /usr/sbin/tickadj && { + echo -n "Setting tick to $TICKADJ: " + /usr/sbin/tickadj "$TICKADJ" + echo "done" + } +} +startdaemon(){ + # The -g option allows ntpd to step the time to correct it just + # once. The daemon will exit if the clock drifts too much after + # this. If ntpd seems to disappear after a while assume TICKADJ + # above is set to a totally incorrect value. + echo -n "Starting ntpd: " + start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@" + echo "done" +} +stopdaemon(){ + echo -n "Stopping ntpd: " + start-stop-daemon --stop --quiet --oknodo -p $PIDFILE + echo "done" +} + +case "$1" in + start) + settick + startdaemon -g + ;; + stop) + stopdaemon + ;; + force-reload) + stopdaemon + settick + startdaemon -g + ;; + restart) + # Don't reset the tick here + stopdaemon + startdaemon -g + ;; + reload) + # Must do this by hand, but don't do -g + stopdaemon + startdaemon + ;; + status) + status /usr/sbin/ntpd; + exit $? + ;; + *) + echo "Usage: ntpd { start | stop | status | restart | reload }" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-support/ntp/files/ntpd.list b/recipes-support/ntp/files/ntpd.list new file mode 100644 index 0000000..d1fe6b7 --- /dev/null +++ b/recipes-support/ntp/files/ntpd.list @@ -0,0 +1 @@ +ntpd.service diff --git a/recipes-support/ntp/files/ntpd.service b/recipes-support/ntp/files/ntpd.service new file mode 100644 index 0000000..0e3d7cd --- /dev/null +++ b/recipes-support/ntp/files/ntpd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Time Service +After=network.target + +[Service] +Type=forking +PIDFile=/run/ntpd.pid +ExecStart=/usr/sbin/ntpd -u ntp:ntp -p /run/ntpd.pid -g + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/files/ntpdate b/recipes-support/ntp/files/ntpdate new file mode 100755 index 0000000..be3bacf --- /dev/null +++ b/recipes-support/ntp/files/ntpdate @@ -0,0 +1,59 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +test -x /usr/sbin/ntpdate || exit 0 + +if test -f /etc/default/ntpdate ; then +. /etc/default/ntpdate +fi + +if [ "$NTPSERVERS" = "" ] ; then + if [ "$METHOD" = "" -a "$1" != "silent" ] ; then + echo "Please set NTPSERVERS in /etc/default/ntpdate" + exit 1 + else + exit 0 + fi +fi + +# This is a heuristic: The idea is that if a static interface is brought +# up, that is a major event, and we can put in some extra effort to fix +# the system time. Feel free to change this, especially if you regularly +# bring up new network interfaces. +if [ "$METHOD" = static ]; then + OPTS="-b" +fi + +if [ "$METHOD" = loopback ]; then + exit 0 +fi + +( + +LOCKFILE=/var/lock/ntpdate + +# Avoid running more than one at a time +if [ -x /usr/bin/lockfile-create ]; then + lockfile-create $LOCKFILE + lockfile-touch $LOCKFILE & + LOCKTOUCHPID="$!" +fi + +if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then + if [ "$UPDATE_HWCLOCK" = "yes" ]; then + hwclock --systohc || : + fi +fi + +if [ -x /usr/bin/lockfile-create ] ; then + kill $LOCKTOUCHPID + lockfile-remove $LOCKFILE +fi + +) & + +# wait for all subprocesses to finish +# this is required when using systemd service as ntpd will start before ntpdate finishes +# and results in a bind error (port 123) +wait diff --git a/recipes-support/ntp/files/ntpdate.default b/recipes-support/ntp/files/ntpdate.default new file mode 100644 index 0000000..486b6e0 --- /dev/null +++ b/recipes-support/ntp/files/ntpdate.default @@ -0,0 +1,7 @@ +# Configuration script used by ntpdate-sync script + +NTPSERVERS="" + +# Set to "yes" to write time to hardware clock on success +UPDATE_HWCLOCK="no" + diff --git a/recipes-support/ntp/files/ntpdate.service b/recipes-support/ntp/files/ntpdate.service new file mode 100644 index 0000000..10cbd70 --- /dev/null +++ b/recipes-support/ntp/files/ntpdate.service @@ -0,0 +1,11 @@ +[Unit] +Description=Network Time Service (one-shot ntpdate mode) +Before=ntpd.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/ntpdate-sync silent +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch b/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch new file mode 100644 index 0000000..571db75 --- /dev/null +++ b/recipes-support/ntp/files/reproducibility-fixed-path-to-posix-shell.patch @@ -0,0 +1,15 @@ +--- ntp-4.2.8p12.original/sntp/libopts/m4/libopts.m4 2018-11-12 17:54:57.747220846 +1300 ++++ ntp-4.2.8p12/sntp/libopts/m4/libopts.m4 2018-11-12 18:00:50.626211641 +1300 +@@ -114,12 +114,6 @@ + AC_PROG_SED + [while : + do +- POSIX_SHELL=`which bash` +- test -x "$POSIX_SHELL" && break +- POSIX_SHELL=`which dash` +- test -x "$POSIX_SHELL" && break +- POSIX_SHELL=/usr/xpg4/bin/sh +- test -x "$POSIX_SHELL" && break + POSIX_SHELL=`/bin/sh -c ' + exec 2>/dev/null + if ! true ; then exit 1 ; fi diff --git a/recipes-support/ntp/files/sntp b/recipes-support/ntp/files/sntp new file mode 100644 index 0000000..f8c5895 --- /dev/null +++ b/recipes-support/ntp/files/sntp @@ -0,0 +1 @@ +NTPSERVER="ntpserver.example.org" diff --git a/recipes-support/ntp/files/sntp.service b/recipes-support/ntp/files/sntp.service new file mode 100644 index 0000000..4898b8a --- /dev/null +++ b/recipes-support/ntp/files/sntp.service @@ -0,0 +1,11 @@ +[Unit] +Description=Simple Network Time Service Client +After=network.target + +[Service] +Type=oneshot +EnvironmentFile=-/etc/default/sntp +ExecStart=/usr/sbin/sntp -s $NTPSERVER + +[Install] +WantedBy=multi-user.target diff --git a/recipes-support/ntp/ntp_4.2.8p15.bb b/recipes-support/ntp/ntp_4.2.8p15.bb new file mode 100644 index 0000000..9002b4b --- /dev/null +++ b/recipes-support/ntp/ntp_4.2.8p15.bb @@ -0,0 +1,206 @@ +SUMMARY = "Network Time Protocol daemon and utilities" +DESCRIPTION = "The Network Time Protocol (NTP) is used to \ +synchronize the time of a computer client or server to \ +another server or reference time source, such as a radio \ +or satellite receiver or modem." +HOMEPAGE = "http://support.ntp.org" +SECTION = "net" +LICENSE = "NTP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4190b39435611e92a4da74e682623f19" + +DEPENDS = "libevent" + +SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ + file://ntp-4.2.4_p6-nano.patch \ + file://reproducibility-fixed-path-to-posix-shell.patch \ + file://0001-libntp-Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch \ + file://0001-test-Fix-build-with-new-compiler-defaults-to-fno-com.patch \ + file://ntpd \ + file://ntp.conf \ + file://ntpdate \ + file://ntpdate.default \ + file://ntpdate.service \ + file://ntpd.service \ + file://sntp.service \ + file://sntp \ + file://ntpd.list \ +" + +SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" + +# CVE-2016-9312 is only for windows. +# The other CVEs are not correctly identified because cve-check +# is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) +CVE_CHECK_WHITELIST += "\ + CVE-2016-9312 \ + CVE-2015-5146 \ + CVE-2015-5300 \ + CVE-2015-7975 \ + CVE-2015-7976 \ + CVE-2015-7977 \ + CVE-2015-7978 \ + CVE-2015-7979 \ + CVE-2015-8138 \ + CVE-2015-8139 \ + CVE-2015-8140 \ + CVE-2015-8158 \ + CVE-2016-1547 \ + CVE-2016-2516 \ + CVE-2016-2517 \ + CVE-2016-2519 \ + CVE-2016-7429 \ + CVE-2016-7433 \ + CVE-2016-9310 \ + CVE-2016-9311 \ +" + + +inherit autotools update-rc.d useradd systemd pkgconfig + +# The ac_cv_header_readline_history is to stop ntpdc depending on either +# readline or curses +EXTRA_OECONF += "--with-net-snmp-config=no \ + --without-ntpsnmpd \ + ac_cv_header_readline_history_h=no \ + --with-yielding_select=yes \ + --with-locfile=redhat \ + --without-rpath \ + " +CFLAGS:append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" + +USERADD_PACKAGES = "${PN}" +NTP_USER_HOME ?= "/var/lib/ntp" +USERADD_PARAM:${PN} = "--system --home-dir ${NTP_USER_HOME} \ + --no-create-home \ + --shell /bin/false --user-group ntp" + +# NB: debug is default-enabled by NTP; keep it default-enabled here. +PACKAGECONFIG ??= "cap debug refclocks openssl \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ + --with-openssl-incdir=${STAGING_INCDIR} \ + --with-crypto, \ + --without-openssl --without-crypto, \ + openssl" +PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" +PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" +PACKAGECONFIG[refclocks] = "--enable-all-clocks,--disable-all-clocks,pps-tools" +PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" +PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} + install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d + install -d ${D}${bindir} + install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync + + install -m 755 -d ${D}${NTP_USER_HOME} + chown ntp:ntp ${D}${NTP_USER_HOME} + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace + sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace + sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait + sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj + sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj + + install -d ${D}/${sysconfdir}/default + install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate + install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ + + install -d ${D}/${sysconfdir}/network/if-up.d + ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ + + install -d ${D}${systemd_unitdir}/ntp-units.d + install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list + + # Remove an empty libexecdir. + rmdir --ignore-fail-on-non-empty ${D}${libexecdir} +} + +PACKAGES += "ntpdate sntp ntpdc ntpq ${PN}-tickadj ${PN}-utils" +# NOTE: you don't need ntpdate, use "ntpd -q -g -x" + +# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms +# with wonky clocks (e.g. OpenSlug) +RDEPENDS:${PN} = "${PN}-tickadj" +# ntpd require libgcc for execution +RDEPENDS:${PN} += "libgcc" +# Handle move from bin to utils package +RPROVIDES:${PN}-utils = "${PN}-bin" +RREPLACES:${PN}-utils = "${PN}-bin" +RCONFLICTS:${PN}-utils = "${PN}-bin" +# ntpdc and ntpq were split out of ntp-utils +RDEPENDS:${PN}-utils = "ntpdc ntpq" + +SYSTEMD_PACKAGES = "${PN} ntpdate sntp" +SYSTEMD_SERVICE:${PN} = "ntpd.service" +SYSTEMD_SERVICE:ntpdate = "ntpdate.service" +SYSTEMD_SERVICE:sntp = "sntp.service" +SYSTEMD_AUTO_ENABLE:sntp = "disable" + +RPROVIDES:${PN} += "${PN}-systemd" +RREPLACES:${PN} += "${PN}-systemd" +RCONFLICTS:${PN} += "${PN}-systemd" + +RPROVIDES:ntpdate += "ntpdate-systemd" +RREPLACES:ntpdate += "ntpdate-systemd" +RCONFLICTS:ntpdate += "ntpdate-systemd" + +RSUGGESTS:${PN} = "iana-etc" + +FILES:${PN} = "${sbindir}/ntpd.ntp ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd \ + ${NTP_USER_HOME} \ + ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +" +FILES:${PN}-tickadj = "${sbindir}/tickadj" +FILES:${PN}-utils = "${sbindir} ${datadir}/ntp/lib" +RDEPENDS:${PN}-utils += "perl" +FILES:ntpdate = "${sbindir}/ntpdate \ + ${sysconfdir}/network/if-up.d/ntpdate-sync \ + ${bindir}/ntpdate-sync \ + ${sysconfdir}/default/ntpdate \ + ${systemd_unitdir}/system/ntpdate.service \ +" +FILES:sntp = "${sbindir}/sntp \ + ${sysconfdir}/default/sntp \ + ${systemd_unitdir}/system/sntp.service \ + " +FILES:ntpdc = "${sbindir}/ntpdc" +FILES:ntpq = "${sbindir}/ntpq" + +CONFFILES:${PN} = "${sysconfdir}/ntp.conf" +CONFFILES:ntpdate = "${sysconfdir}/default/ntpdate" + +INITSCRIPT_NAME = "ntpd" +# No dependencies, so just go in at the standard level (20) +INITSCRIPT_PARAMS = "defaults" + +pkg_postinst:ntpdate() { + if ! grep -q -s ntpdate $D/var/spool/cron/root; then + echo "adding crontab" + test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron + echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root + fi +} + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE:${PN} = "ntpd" +ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd" -- cgit v1.2.3