diff options
Diffstat (limited to 'meta-openembedded/meta-networking')
31 files changed, 321 insertions, 145 deletions
diff --git a/meta-openembedded/meta-networking/MAINTAINERS b/meta-openembedded/meta-networking/MAINTAINERS index dc549d7582..a424ab9cdd 100644 --- a/meta-openembedded/meta-networking/MAINTAINERS +++ b/meta-openembedded/meta-networking/MAINTAINERS @@ -2,13 +2,13 @@ This file contains a list of maintainers for the meta-networking layer. Please submit any patches against meta-networking to the OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org) with -'[meta-networking]' in the subject. +'[meta-networking][scarthgap]' in the subject. When sending single patches, please use something like: git send-email -1 -M \ --to openembedded-devel@lists.openembedded.org \ - --subject-prefix='meta-networking][PATCH' + --subject-prefix='meta-networking][scarthgap][PATCH' You may also contact the maintainers directly. @@ -26,14 +26,9 @@ Please keep this list in alphabetical order. Maintainers List (try to look for most precise areas first) COMMON -M: Khem Raj <raj.khem@gmail.com> -M: "Joe MacDonald (backup)" <joe@deserted.net> +M: Armin Kuster <akuster808@gmail.com> L: openembedded-devel@lists.openembedded.org Q: https://patchwork.openembedded.org/project/oe/ S: Maintained F: conf F: recipes-* - -OPENTHREAD -M: Stefan Schmidt <stefan@datenfreihafen.org> -F: recipes-connectivity/openthread/ diff --git a/meta-openembedded/meta-networking/README.md b/meta-openembedded/meta-networking/README.md index ab2640618f..ef7933e319 100644 --- a/meta-openembedded/meta-networking/README.md +++ b/meta-openembedded/meta-networking/README.md @@ -18,21 +18,21 @@ Dependencies This layer depends on: URI: git://git.openembedded.org/openembedded-core -branch: master +branch: Scarthgap For some recipes, the meta-oe layer is required: URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-oe -branch: master +branch: Scarthgap URI: git://git.openembedded.org/meta-openembedded subdirectory: meta-python -branch: master +branch: Scarthgap Maintenance ----------- -Layer maintainers: Khem Raj <raj.khem@gmail.com> +Stable Layer maintainer: Armin Kuster <akuster808@gmail.com> Please see the MAINTAINERS file for information on contacting the diff --git a/meta-openembedded/meta-networking/classes/waf-samba.bbclass b/meta-openembedded/meta-networking/classes/waf-samba.bbclass index c8bf7bacf8..79acacc989 100644 --- a/meta-openembedded/meta-networking/classes/waf-samba.bbclass +++ b/meta-openembedded/meta-networking/classes/waf-samba.bbclass @@ -15,7 +15,7 @@ CONFIGUREOPTS = " --prefix=${prefix} \ --localstatedir=${localstatedir} \ --libdir=${libdir} \ --includedir=${includedir} \ - --oldincludedir=${oldincludedir} \ + --oldincludedir=${includedir} \ --infodir=${infodir} \ --mandir=${mandir} \ ${PACKAGECONFIG_CONFARGS} \ diff --git a/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc b/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc new file mode 100755 index 0000000000..e0f448fe31 --- /dev/null +++ b/meta-openembedded/meta-networking/conf/include/non-repro-meta-networking.inc @@ -0,0 +1,59 @@ +# List of known non-reproducible package of the meta-networking layer +# Please keep this list sorted +KNOWN_NON_REPRO_META_NETWORKING = " \ + blueman \ + blueman-dbg \ + blueman-src \ + civetweb-dev \ + dhcp-relay-staticdev \ + ettercap-src \ + fetchmail \ + fetchmail-dbg \ + freediameter \ + freediameter-src \ + freeradius \ + htpdate-doc \ + keepalived \ + keepalived-dbg \ + kernel-module-mdio-netlink-6.6.17-yocto-standard \ + libbearssl-staticdev \ + libfko3 \ + libfko-client \ + libfko-daemon \ + libfko-dbg \ + libmosquitto1 \ + libowfat-staticdev \ + libruli-staticdev \ + libsamba-util0 \ + mdio-netlink-dbg \ + mosquitto \ + mosquitto-dbg \ + ncftp \ + ncftp-dbg \ + ncftp-src \ + ndisc6-dbg \ + ndisc6-misc \ + ndisc6-ndisc6 \ + ndisc6-rdisc6 \ + ndisc6-rdnssd \ + ndisc6-rltraceroute6 \ + netsniff-ng-doc \ + ntpsec-src \ + openl2tp \ + openl2tp-dbg \ + ot-br-posix \ + ot-br-posix-dbg \ + postfix-cfg \ + proftpd \ + proftpd-dbg \ + proftpd-dev \ + rdist \ + rdist-dbg \ + samba-dbg \ + tayga \ + tayga-dbg \ + wolfssl \ + wolfssl-dbg \ + znc \ + znc-doc \ +" diff --git a/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc b/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc index 574e3a0aa1..7ec6f9063d 100644 --- a/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc +++ b/meta-openembedded/meta-networking/conf/include/ptest-packagelists-meta-networking.inc @@ -7,6 +7,7 @@ # ptests which take less than ~30s each PTESTS_FAST_META_NETWORKING = "\ + freediameter \ geoip \ libcoap \ libldb \ @@ -27,7 +28,6 @@ PTESTS_SLOW_META_NETWORKING = "\ " PTESTS_PROBLEMS_META_NETWORKING = "\ - freediameter \ geoip-perl \ libtevent \ lksctp-tools \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb index 66ad83f711..8cb4c04fa3 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb @@ -11,6 +11,7 @@ DEPENDS = "libpcap libpcre libdnet bison-native libnetfilter-queue" SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ file://disable-run-test-program-while-cross-compiling.patch \ file://0001-correct-the-location-of-unistd.h.patch \ + file://daq-fix-incompatible-pointer-type-error.patch \ " SRC_URI[sha256sum] = "bdc4e5a24d1ea492c39ee213a63c55466a2e8114b6a9abed609927ae13a7705e" # these 2 create undeclared dependency on libdnet and libnetfilter-queue from meta-networking diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch new file mode 100644 index 0000000000..ade3ec686b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/files/daq-fix-incompatible-pointer-type-error.patch @@ -0,0 +1,31 @@ +Fix daq incompatible pointer type error when gcc option +'-Wincompatible-pointer-types is set: + +| ../../daq-2.0.7/os-daq-modules/daq_nfq.c: In function 'SetPktHdr': +| ../../daq-2.0.7/os-daq-modules/daq_nfq.c:394:37: error: passing argument 2 + of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types] +| 394 | int len = nfq_get_payload(nfad, (char**)pkt); +| | ^~~~~~~~~~~ +| | | +| | char ** + +Upstream-Status: Inactive-Upstream [lastrelease: 2019-03-09] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + os-daq-modules/daq_nfq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/os-daq-modules/daq_nfq.c b/os-daq-modules/daq_nfq.c +index 4de94b6..a6de2f3 100644 +--- a/os-daq-modules/daq_nfq.c ++++ b/os-daq-modules/daq_nfq.c +@@ -391,7 +391,7 @@ static inline int SetPktHdr ( + DAQ_PktHdr_t* hdr, + uint8_t** pkt + ) { +- int len = nfq_get_payload(nfad, (char**)pkt); ++ int len = nfq_get_payload(nfad, (unsigned char**)pkt); + + if ( len <= 0 ) + return -1; diff --git a/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_3.0.14.bb index 19346124bf..74964e0741 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/daq/libdaq_3.0.14.bb @@ -11,7 +11,7 @@ inherit autotools pkgconfig SRC_URI = "git://github.com/snort3/libdaq.git;protocol=https;branch=master \ file://0001-example-Use-lm-for-the-fst-module.patch" -SRCREV = "c757aaae5a70d5bbb3239c5a16bca217a5aca651" +SRCREV = "4e68d7ba6940df9a1503599d7b177029112d6b6a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb index 3e5fc91dad..63476d3495 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb @@ -33,6 +33,6 @@ RDEPENDS:${PN}-python = " python3-core " RDEPENDS:${PN} = " python3-core " FILES:${PN} += " \ - ${libdir}/${PYTHON_DIR}/site-packages/iec61850.py \ - ${libdir}/${PYTHON_DIR}/site-packages/_iec61850.so \ + ${PYTHON_SITEPACKAGES_DIR}/iec61850.py \ + ${PYTHON_SITEPACKAGES_DIR}/_iec61850.so \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_12.bb b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_1.7.3.bb index ab2907110d..a6556249b7 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_12.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/nanomsg/nng_1.7.3.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a41e579bb4326c21c774f8e51e41d8a3" SRC_URI = "git://github.com/nanomsg/nng.git;branch=master;protocol=https" -SRCREV = "169221da8d53b2ca4fda76f894bee8505887a7c6" +SRCREV = "85fbe7f9e4642b554d0d97f2e3ff2aa12978691a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb index be30154a36..8184fcf1a1 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.46.0.bb @@ -76,9 +76,10 @@ EXTRA_OEMESON = "\ CFLAGS:append:libc-musl = " \ -DRTLD_DEEPBIND=0 \ " - -do_compile:prepend() { - export GI_TYPELIB_PATH="${B}}/src/libnm-client-impl${GI_TYPELIB_PATH:+:$GI_TYPELIB_PATH}" +do_configure:prepend() { + cp -f ${STAGING_LIBDIR}/girepository-1.0/GObject*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ + cp -f ${STAGING_LIBDIR}/girepository-1.0/Gio*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ + cp -f ${STAGING_LIBDIR}/girepository-1.0/GModule*typelib ${STAGING_LIBDIR_NATIVE}/girepository-1.0/ } PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli vala \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.21.0.bb b/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.22.0.bb index e6c9a69ee5..568593b2d4 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.21.0.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/openfortivpn/openfortivpn_1.22.0.bb @@ -3,7 +3,7 @@ LICENSE = "GPL-3.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=3d575262a651a6f1a17210ce41bf907d" SRC_URI = "git://github.com/adrienverge/openfortivpn.git;protocol=https;branch=master" -SRCREV = "26a1fe68cc7a61c58f4f2a98862f6fcf30f9f2dc" +SRCREV = "82e4401162fc65efad8267f4cb3287c6ab6fc088" DEPENDS = "openssl" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.5.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.6.bb index f5ef86dd4b..bd0309934b 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.5.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.19.6.bb @@ -31,7 +31,7 @@ SRC_URI:append:libc-musl = " \ file://samba-4.3.9-remove-getpwent_r.patch \ " -SRC_URI[sha256sum] = "0e2405b4cec29d0459621f4340a1a74af771ec7cffedff43250cad7f1f87605e" +SRC_URI[sha256sum] = "653b52095554dbc223c63b96af5cdf9e98c3e048549c5f56143d3b33dce1cef1" UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.19(\.\d+)+).tar.gz" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_git.bb b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb index b8826b0682..ee84aa17e7 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_git.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb @@ -5,14 +5,12 @@ SECTION = "net" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" -PV = "3+git" - DEPENDS = "flex-native hwloc libdaq libdnet libpcap libpcre libtirpc libunwind luajit zlib" SRC_URI = "git://github.com/snort3/snort3.git;protocol=https;branch=master \ file://0001-cmake-Check-for-HP-libunwind.patch \ file://0001-cmake-Pass-noline-flag-to-flex.patch" -SRCREV = "e1760a8dbb829bb3fcf1a340ab6cc4bb80a47ecd" +SRCREV = "e7312efd840d66a52a2019abe1db7cc89ca0f39a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb index f0f7eb5df6..7f06e0ebf3 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.2.4.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d" inherit features_check systemd -RDEPENDS:${PN} = "python3-pygobject python3-dbus" +RDEPENDS:${PN} = "python3-pygobject python3-dbus python3-json" REQUIRED_DISTRO_FEATURES = "systemd gobject-introspection-data" SRCREV = "dfd26d72793914eb3da910ef8c71de6d7c8942a2" diff --git a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.8.bb b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.9.bb index c8370eaba7..33d286e122 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.8.bb +++ b/meta-openembedded/meta-networking/recipes-daemons/squid/squid_6.9.bb @@ -22,7 +22,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://squid.nm \ " -SRC_URI[sha256sum] = "11cc5650b51809d99483ccfae24744a2e51cd16199f5ff0c917e84fce695870f" +SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://errors/COPYRIGHT;md5=d324bc1f9447d1d1588d75b22a678dc4 \ @@ -68,6 +68,11 @@ EXTRA_OECONF += "--with-default-user=squid \ --with-logdir=${localstatedir}/log/${BPN} \ 'PERL=${USRBINPATH}/env perl'" +# Workaround a build failure when using a native compiler that need -std=c++17 +# with a cross-compiler that doesn't. +# Upstream issue closed as invalid : https://bugs.squid-cache.org/show_bug.cgi?id=5376 +BUILD_CXXFLAGS += "-std=c++17" + export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" TESTDIR = "test-suite" diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch new file mode 100644 index 0000000000..add52483b7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch @@ -0,0 +1,45 @@ +From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001 +From: Jon Shallow <supjps-libcoap@jpshallow.com> +Date: Thu, 25 Jan 2024 18:03:17 +0000 +Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information + +A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. +Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. +The manipulation leads to stack-based buffer overflow. + +CVE: CVE-2024-0962 + +Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311] + +Signed-off-by: alperak <alperyasinak1@gmail.com> +--- + src/coap_oscore.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/coap_oscore.c b/src/coap_oscore.c +index 83f785c92..e0fb22947 100644 +--- a/src/coap_oscore.c ++++ b/src/coap_oscore.c +@@ -1678,11 +1678,12 @@ get_split_entry(const char **start, + oscore_value_t *value) { + const char *begin = *start; + const char *end; ++ const char *kend; + const char *split; + size_t i; + + retry: +- end = memchr(begin, '\n', size); ++ kend = end = memchr(begin, '\n', size); + if (end == NULL) + return 0; + +@@ -1693,7 +1694,7 @@ get_split_entry(const char **start, + + if (begin[0] == '#' || (end - begin) == 0) { + /* Skip comment / blank line */ +- size -= end - begin + 1; ++ size -= kend - begin + 1; + begin = *start; + goto retry; + } diff --git a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb index 20bdbee252..98f0f02fb8 100644 --- a/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-openembedded/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc" SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \ file://run-ptest \ + file://CVE-2024-0962.patch \ " SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615" diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch deleted file mode 100644 index d5e242ac21..0000000000 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch +++ /dev/null @@ -1,97 +0,0 @@ -From d527a0b7b63e43263384540b5525714484bb089f Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Mon, 3 Sep 2018 14:40:56 +0800 -Subject: [PATCH] libfdcore/sctp.c: update the old sctp api check - -The initial sctp api check for freediameter as below: - === - commit d3c5e991cb532ea09684d69fb4d0d58e9bc39a0c - Author: Sebastien Decugis <sdecugis@freediameter.net> - Date: Mon Jun 3 12:05:37 2013 +0800 - - Add some compliancy to RFC6458. Not tested however as Ubuntu does not support this yet - - [snip] - +/* Use old draft-ietf-tsvwg-sctpsocket-17 API ? If not defined, RFC6458 API will be used */ - +/* #define OLD_SCTP_SOCKET_API */ - + - +/* Automatically fallback to old API if some of the new symbols are not defined */ - +#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_RECVRCVINFO)) || (!defined(SCTP_SNDINFO))) - +# define OLD_SCTP_SOCKET_API - +#endif - === - -SCTP_RECVRCVINFO is defined in <linux/sctp.h>, -but <linux/sctp.h> is't included in the source code -previouly. So defined(SCTP_RECVRCVINFO) can be 0 -and it make old sctp socket api definiton in effect -as below: - # define OLD_SCTP_SOCKET_API - -After lksctp-tools upgrade to 1.0.18, there is below -commit introduced: -=== -commit 3c8bd0d26b64611c690f33f5802c734b0642c1d8 -Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> -Date: Tue Apr 17 20:17:14 2018 -0300 - - sctp.h: make use kernel UAPI header - - and with that, remove tons of duplicated declarations. These were - lagging behind the kernel header, which is always the most updated one, - and as the library is intended to be run only on Linux, there is no - reason that we cannot re-use what is in there. - - That said, this patch drops all duplicated declarations and includes - linux/sctp.h to bring them into lksctp-tools. - - Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> - - [snip] - #include <stdint.h> - #include <linux/types.h> - #include <sys/socket.h> -+#include <linux/sctp.h> - [snip] -=== - -And above logic make defined(SCTP_RECVRCVINFO) to -be 1 and the old sctp socket api macro as below -won't be defined. - # define OLD_SCTP_SOCKET_API - -And it encouters below build error: -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1262:9: error: 'SCTP_SEND_FAILED_EVENT' undeclared (first use in this function); did you mean 'SCTP_SEND_FAILED'? - case SCTP_SEND_FAILED_EVENT: - ^~~~~~~~~~~~~~~~~~~~~~ - SCTP_SEND_FAILED -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1262:9: note: each undeclared identifier is reported only once for each function it appears in -| /build/freediameter/1.2.1-r0/freeDiameter-1.2.1/libfdcore/sctp.c:1274:9: error: 'SCTP_NOTIFICATIONS_STOPPED_EVENT' undeclared (first use in this function); did you mean 'SCTP_AUTHENTICATION_EVENT'? - case SCTP_NOTIFICATIONS_STOPPED_EVENT: - -Update the old sctp socket api check to fix -the above build error. - -Upstream-Status: Pending - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> ---- - libfdcore/sctp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libfdcore/sctp.c b/libfdcore/sctp.c -index c80a497..83440c7 100644 ---- a/libfdcore/sctp.c -+++ b/libfdcore/sctp.c -@@ -48,7 +48,7 @@ - /* #define OLD_SCTP_SOCKET_API */ - - /* Automatically fallback to old API if some of the new symbols are not defined */ --#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_RECVRCVINFO)) || (!defined(SCTP_SNDINFO))) -+#if (!defined(SCTP_CONNECTX_4_ARGS) || (!defined(SCTP_NOTIFICATIONS_STOPPED_EVENT)) || (!defined(SCTP_SNDINFO))) - # define OLD_SCTP_SOCKET_API - #endif - --- -2.7.4 - diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest index 3c841644b7..7d0648935c 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest +++ b/meta-openembedded/meta-networking/recipes-protocols/freediameter/files/run-ptest @@ -7,4 +7,8 @@ if ! lsmod | grep -q sctp && ! modprobe sctp 2>/dev/null; then fi cmake -E cmake_echo_color --cyan "Running tests..." -ctest --force-new-ctest-process +if ctest --force-new-ctest-process ; then + echo "PASS: freediameter" +else + echo "FAIL: freediameter" +fi diff --git a/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.4.0.bb b/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.5.0.bb index 44fc46e3a8..b3282d273b 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.4.0.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/freediameter/freediameter_1.5.0.bb @@ -7,28 +7,28 @@ Accounting needs." HOMEPAGE = "http://www.freediameter.net" -DEPENDS = "flex bison cmake-native libgcrypt gnutls libidn lksctp-tools virtual/kernel bison-native" +DEPENDS = "flex bison cmake-native libgcrypt gnutls libidn2 lksctp-tools virtual/kernel bison-native" PACKAGE_ARCH = "${MACHINE_ARCH}" fd_pkgname = "freeDiameter" -SRC_URI = "\ - http://www.freediameter.net/hg/${fd_pkgname}/archive/${PV}.tar.gz;downloadfilename=${fd_pkgname}-${PV}.tar.gz \ +PV .= "+git" +SRCREV = "f9f1e464e6c675d222b3be4cab9c13408d544c83" +SRC_URI = "git://github.com/freeDiameter/freeDiameter;protocol=https;branch=master \ file://Replace-murmurhash-algorithm-with-Robert-Jenkin-s-ha.patch \ + file://run-ptest \ file://freediameter.service \ file://freediameter.init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://install_test.patch file://run-ptest file://0001-tests-use-EXTENSIONS_DIR.patch', '', d)} \ file://freeDiameter.conf \ - file://0001-libfdcore-sctp.c-update-the-old-sctp-api-check.patch \ + file://install_test.patch \ + file://0001-tests-use-EXTENSIONS_DIR.patch \ " -SRC_URI[sha256sum] = "7a537401bd110c606594b7c6be71b993f0ccc73ae151ad68040979286ba4e50e" - -S = "${WORKDIR}/${fd_pkgname}-${PV}" +S = "${WORKDIR}/git" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=69bdc1d97648a2d35914563fcbbb361a" +LIC_FILES_CHKSUM = "file://LICENSE;md5=868c059b6147748b1d621e500feeac4f" PTEST_PATH = "${libdir}/${fd_pkgname}/ptest" diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb index 58d683eab4..bdd87993d7 100644 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb @@ -63,10 +63,10 @@ FILES:${PN}-dbg += "${bindir}/.debug/* \ ${libdir}/ldb/.debug/* \ ${libdir}/ldb/modules/ldb/.debug/*" -FILES:pyldb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pyldb = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpyldb-util.*.so.* \ " -FILES:pyldb-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug \ +FILES:pyldb-dbg = "${PYTHON_SITEPACKAGES_DIR}/.debug \ ${libdir}/.debug/libpyldb-util.*.so.*" FILES:pyldb-dev = "${libdir}/libpyldb-util.*.so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb index 394c176287..b617f097cf 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb @@ -53,7 +53,7 @@ PACKAGES += "pytalloc pytalloc-dev" RPROVIDES:${PN}-dbg += "pytalloc-dbg" -FILES:pytalloc = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pytalloc = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpytalloc-util.so.2 \ ${libdir}/libpytalloc-util.so.2.1.1 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb index f23b157e8c..bd3f9f63a9 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb @@ -58,6 +58,6 @@ RPROVIDES:${PN}-dbg += "python3-tdb-dbg" FILES:${PN} = "${libdir}/*.so.*" FILES:tdb-tools = "${bindir}/*" -FILES:python3-tdb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tdb = "${PYTHON_SITEPACKAGES_DIR}/*" RDEPENDS:python3-tdb = "python3" INSANE_SKIP:${MLPREFIX}python3-tdb = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb index 67f36083bf..0a37d7977d 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb @@ -17,7 +17,7 @@ SRC_URI = "https://samba.org/ftp/tevent/tevent-${PV}.tar.gz \ LIC_FILES_CHKSUM = "file://tevent.h;endline=26;md5=47386b7c539bf2706b7ce52dc9341681" -SRC_URI[sha256sum] = "1aa58f21017ed8c2f606ae84aa7e795b5439edd4dd5f68f1a388a7d6fb40f682" +SRC_URI[sha256sum] = "362971e0f32dc1905f6fe4736319c4b8348c22dc85aa6c3f690a28efe548029e" inherit pkgconfig ptest waf-samba @@ -57,6 +57,6 @@ PACKAGES += "python3-tevent" RPROVIDES:${PN}-dbg += "python3-tevent-dbg" -FILES:python3-tevent = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tevent = "${PYTHON_SITEPACKAGES_DIR}/*" INSANE_SKIP:${MLPREFIX}python3-tevent = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb index 6696e552c7..82aab051f1 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb @@ -120,3 +120,5 @@ python() { } CVE_PRODUCT = "open-vm-tools vmware:tools" +CVE_STATUS[CVE-2014-4199] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" +CVE_STATUS[CVE-2014-4200] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb index ab4de22a51..7c26a8c436 100644 --- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=http file://0001-cmake-Allow-SYSTEMCTL_BIN-to-be-overridden-from-envi.patch \ file://0001-include-libgen.h-for-basename.patch \ " -SRCREV = "bc6b4bc134532e952fe7f8efc251e1f89b912098" +SRCREV = "6cd09097ad2eebde9a7fa3d3bb09a2cea6e3c2d6" S = "${WORKDIR}/git" #Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md diff --git a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb index 2824dde883..50248078a2 100644 --- a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb @@ -16,7 +16,7 @@ DEPENDS = "\ " SRC_URI = "git://github.com/irontec/sngrep.git;protocol=https;branch=master" -SRCREV = "f7b36df3b79617892958b67cb4ad9313c6ce72d2" +SRCREV = "373abb90804ba71f980c7120e62f90d3a5c81213" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb index 82ce7067d9..c8a3f7f532 100644 --- a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb +++ b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb @@ -40,7 +40,7 @@ DEPENDS = " \ " DEPENDS:append:libc-musl = " libucontext" -RDEPENDS:${PN} = "python3-pyparsing python3-six usbids" +RDEPENDS:${PN} = "python3-pyparsing python3-six hwdata" inherit meson pkgconfig vala gobject-introspection features_check gtk-doc @@ -59,8 +59,9 @@ do_configure:prepend() { PACKAGECONFIG ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)} smartcard" PACKAGECONFIG[vapi] = "-Dvapi=enabled,-Dvapi=disabled" PACKAGECONFIG[smartcard] = "-Dsmartcard=enabled,-Dsmartcard=disabled,libcacard" +PACKAGECONFIG[webdav] = "-Dwebdav=enabled,-Dwebdav=disabled,phodav libsoup" -EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/usb.ids " +EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/hwdata/usb.ids " EXTRA_OEMESON:append:libc-musl = " -Dcoroutine=libucontext" LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' -Wl,--undefined-version', '', d)}" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch new file mode 100644 index 0000000000..69348030bb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch @@ -0,0 +1,129 @@ +From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Tue, 12 Mar 2024 00:37:23 -0700 +Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer. + +This both saves the buffer for freeing later and saves the packet +pointer and snapend to be restored when packet processing is complete, +even if an exception is thrown with longjmp. + +This means that the hex/ASCII printing in pretty_print_packet() +processes the packet data as captured or read from the savefile, rather +than as modified by the PPP printer, so that the bounds checking is +correct. + +That fixes CVE-2024-2397, which was caused by an exception being thrown +by the hex/ASCII printer (which should only happen if those routines are +called by a packet printer, not if they're called for the -X/-x/-A +flag), which jumps back to the setjmp() that surrounds the packet +printer. Hilarity^Winfinite looping ensues. + +Also, restore ndo->ndo_packetp before calling the hex/ASCII printing +routine, in case nd_pop_all_packet_info() didn't restore it. + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2] +CVE: CVE-2024-2397 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + print-ppp.c | 31 +++++++++++++++++-------------- + print.c | 8 ++++++-- + 2 files changed, 23 insertions(+), 16 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index aba243d..e5ae064 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -42,6 +42,8 @@ + #include <net/if_ppp.h> + #endif + ++#include <stdlib.h> ++ + #include "netdissect.h" + #include "extract.h" + #include "addrtoname.h" +@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo, + u_char *b, *t, c; + const u_char *s; + u_int i, proto; +- const void *sb, *se; + + if (caplen == 0) + return; +@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo, + if (length == 0) + return; + +- b = (u_char *)nd_malloc(ndo, caplen); +- if (b == NULL) +- return; ++ b = (u_char *)malloc(caplen); ++ if (b == NULL) { ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: malloc", __func__); ++ } + + /* + * Unescape all the data into a temporary, private, buffer. +@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo, + } + + /* +- * Change the end pointer, so bounds checks work. +- * Change the pointer to packet data to help debugging. ++ * Switch to the output buffer for dissection, and save it ++ * on the buffer stack so it can be freed; our caller must ++ * pop it when done. + */ +- sb = ndo->ndo_packetp; +- se = ndo->ndo_snapend; +- ndo->ndo_packetp = b; +- ndo->ndo_snapend = t; ++ if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) { ++ free(b); ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: can't push buffer on buffer stack", __func__); ++ } + length = ND_BYTES_AVAILABLE_AFTER(b); + + /* now lets guess about the payload codepoint format */ +@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo, + } + + cleanup: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + return; + + trunc: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + nd_print_trunc(ndo); + } + +diff --git a/print.c b/print.c +index 9c0ab86..33706b9 100644 +--- a/print.c ++++ b/print.c +@@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, + nd_pop_all_packet_info(ndo); + + /* +- * Restore the original snapend, as a printer might have +- * changed it. ++ * Restore the originals snapend and packetp, as a printer ++ * might have changed them. ++ * ++ * XXX - nd_pop_all_packet_info() should have restored the ++ * original values, but, just in case.... + */ + ndo->ndo_snapend = sp + h->caplen; ++ ndo->ndo_packetp = sp; + if (ndo->ndo_Xflag) { + /* + * Print the raw packet data in hex and ASCII. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 803a9bb5f5..b05b832dd8 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -24,6 +24,7 @@ SRC_URI = " \ http://www.tcpdump.org/release/${BP}.tar.gz \ file://add-ptest.patch \ file://run-ptest \ + file://CVE-2024-2397.patch \ " SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" |