From patchwork Tue Aug 29 12:09:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29634 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7AAAC83F17 for ; Tue, 29 Aug 2023 12:09:29 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.15731.1693310966681590976 for ; Tue, 29 Aug 2023 05:09:26 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 05E142F4; Tue, 29 Aug 2023 05:10:05 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1A2003F64C; Tue, 29 Aug 2023 05:09:24 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 1/3] inetutils: fix CVE-2023-40303 Date: Tue, 29 Aug 2023 13:09:21 +0100 Message-Id: <20230829120923.3982702-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Aug 2023 12:09:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186857 From: Ross Burton Backport the patch from upstream. Signed-off-by: Ross Burton --- ...rsh-rshd-uucpd-fix-check-set-id-retu.patch | 283 ++++++++++++++++++ .../inetutils/inetutils_2.4.bb | 1 + 2 files changed, 284 insertions(+) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch new file mode 100644 index 00000000000..42353d147c6 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch @@ -0,0 +1,283 @@ +From 21a6e7be1935c966d7247bdeb7e2a2cec4b63ba9 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Fri, 30 Jun 2023 19:02:45 +0200 +Subject: [PATCH] ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return + values + +Several setuid(), setgid(), seteuid() and setguid() return values +were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially +leading to potential security issues. + +Signed-off-by: Jeffrey Bencteux +Signed-off-by: Simon Josefsson + +CVE: CVE-2023-40303 +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + ftpd/ftpd.c | 10 +++++++--- + src/rcp.c | 39 +++++++++++++++++++++++++++++++++------ + src/rlogin.c | 11 +++++++++-- + src/rsh.c | 25 +++++++++++++++++++++---- + src/rshd.c | 20 +++++++++++++++++--- + src/uucpd.c | 15 +++++++++++++-- + 6 files changed, 100 insertions(+), 20 deletions(-) + +diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c +index 92b2cca5..28dd523f 100644 +--- a/ftpd/ftpd.c ++++ b/ftpd/ftpd.c +@@ -862,7 +862,9 @@ end_login (struct credentials *pcred) + char *remotehost = pcred->remotehost; + int atype = pcred->auth_type; + +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); ++ + if (pcred->logged_in) + { + logwtmp_keep_open (ttyline, "", ""); +@@ -1151,7 +1153,8 @@ getdatasock (const char *mode) + + if (data >= 0) + return fdopen (data, mode); +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); + s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); + if (s < 0) + goto bad; +@@ -1978,7 +1981,8 @@ passive (int epsv, int af) + else /* !AF_INET6 */ + ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; + +- seteuid ((uid_t) 0); ++ if (seteuid ((uid_t) 0) == -1) ++ _exit (EXIT_FAILURE); + if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) + { + if (seteuid ((uid_t) cred.uid)) +diff --git a/src/rcp.c b/src/rcp.c +index 75adb253..cdcf8500 100644 +--- a/src/rcp.c ++++ b/src/rcp.c +@@ -345,14 +345,23 @@ main (int argc, char *argv[]) + if (from_option) + { /* Follow "protocol", send data. */ + response (); +- setuid (userid); ++ ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + source (argc, argv); + exit (errs); + } + + if (to_option) + { /* Receive data. */ +- setuid (userid); ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + sink (argc, argv); + exit (errs); + } +@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[]) + if (response () < 0) + exit (EXIT_FAILURE); + free (bp); +- setuid (userid); ++ ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } + } + source (1, argv + i); + close (rem); +@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[]) + ++errs; + continue; + } +- seteuid (userid); ++ ++ if (seteuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ + #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT + sslen = sizeof (ss); + (void) getpeername (rem, (struct sockaddr *) &ss, &sslen); +@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[]) + #endif + vect[0] = target; + sink (1, vect); +- seteuid (effuid); ++ ++ if (seteuid (effuid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ + close (rem); + rem = -1; + #ifdef SHISHI +@@ -1441,7 +1464,11 @@ susystem (char *s, int userid) + return (127); + + case 0: +- setuid (userid); ++ if (setuid (userid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } ++ + execl (PATH_BSHELL, "sh", "-c", s, NULL); + _exit (127); + } +diff --git a/src/rlogin.c b/src/rlogin.c +index aa6426fb..c543de0c 100644 +--- a/src/rlogin.c ++++ b/src/rlogin.c +@@ -647,8 +647,15 @@ try_connect: + /* Now change to the real user ID. We have to be set-user-ID root + to get the privileged port that rcmd () uses. We now want, however, + to run as the real user who invoked us. */ +- seteuid (uid); +- setuid (uid); ++ if (seteuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); ++ } ++ ++ if (setuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); ++ } + + doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ + +diff --git a/src/rsh.c b/src/rsh.c +index 2d622ca4..6f60667d 100644 +--- a/src/rsh.c ++++ b/src/rsh.c +@@ -276,8 +276,17 @@ main (int argc, char **argv) + { + if (asrsh) + *argv = (char *) "rlogin"; +- seteuid (getuid ()); +- setuid (getuid ()); ++ ++ if (seteuid (getuid ()) == -1) ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } ++ ++ if (setuid (getuid ()) == -1) ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } ++ + execv (PATH_RLOGIN, argv); + error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); + } +@@ -541,8 +550,16 @@ try_connect: + error (0, errno, "setsockopt DEBUG (ignored)"); + } + +- seteuid (uid); +- setuid (uid); ++ if (seteuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, errno, "seteuid() failed"); ++ } ++ ++ if (setuid (uid) == -1) ++ { ++ error (EXIT_FAILURE, errno, "setuid() failed"); ++ } ++ + #ifdef HAVE_SIGACTION + sigemptyset (&sigs); + sigaddset (&sigs, SIGINT); +diff --git a/src/rshd.c b/src/rshd.c +index d1c0d0cd..707790e7 100644 +--- a/src/rshd.c ++++ b/src/rshd.c +@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + pwd->pw_shell = PATH_BSHELL; + + /* Set the gid, then uid to become the user specified by "locuser" */ +- setegid ((gid_t) pwd->pw_gid); +- setgid ((gid_t) pwd->pw_gid); ++ if (setegid ((gid_t) pwd->pw_gid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setegid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } ++ ++ if (setgid ((gid_t) pwd->pw_gid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setgid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } ++ + #ifdef HAVE_INITGROUPS + initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ + #endif +@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) + } + #endif /* WITH_PAM */ + +- setuid ((uid_t) pwd->pw_uid); ++ if (setuid ((uid_t) pwd->pw_uid) == -1) ++ { ++ rshd_error ("Cannot drop privileges (setuid() failed)\n"); ++ exit (EXIT_FAILURE); ++ } + + /* We'll execute the client's command in the home directory + * of locuser. Note, that the chdir must be executed after +diff --git a/src/uucpd.c b/src/uucpd.c +index 107589e1..29cfce35 100644 +--- a/src/uucpd.c ++++ b/src/uucpd.c +@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen) + snprintf (Username, sizeof (Username), "USER=%s", user); + snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user); + dologin (pw, sap, salen); +- setgid (pw->pw_gid); ++ ++ if (setgid (pw->pw_gid) == -1) ++ { ++ fprintf (stderr, "setgid() failed"); ++ return; ++ } + #ifdef HAVE_INITGROUPS + initgroups (pw->pw_name, pw->pw_gid); + #endif +@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen) + fprintf (stderr, "Login incorrect."); + return; + } +- setuid (pw->pw_uid); ++ ++ if (setuid (pw->pw_uid) == -1) ++ { ++ fprintf (stderr, "setuid() failed"); ++ return; ++ } ++ + execl (uucico_location, "uucico", NULL); + perror ("uucico server: execl"); + } +-- +2.34.1 + diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index bcc3a0258e6..9b4c98d63cc 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ + file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \ " inherit autotools gettext update-alternatives texinfo From patchwork Tue Aug 29 12:09:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29636 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6B30C83F16 for ; Tue, 29 Aug 2023 12:09:29 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.15733.1693310966723914060 for ; Tue, 29 Aug 2023 05:09:26 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B67C9FEC; Tue, 29 Aug 2023 05:10:05 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CF61E3F64C; Tue, 29 Aug 2023 05:09:25 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/3] inetutils: don't guess target paths Date: Tue, 29 Aug 2023 13:09:22 +0100 Message-Id: <20230829120923.3982702-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230829120923.3982702-1-ross.burton@arm.com> References: <20230829120923.3982702-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Aug 2023 12:09:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186858 From: Ross Burton inetutils guesses a lot of target paths in cross builds, and warns that some of them are known to be wrong (for example, whether /proc/net/dev exists is guessed as 'no'). Add a post-configure function to check for these warnings, and pass --with-path-* as appropriate to set the paths explicitly. This means we can remove the patch which was setting PATH_PROCNET_DEV, and the autoconf cache value inetutils_cv_path_login. The downside is that these --with-path-* options are not real autoconf options, so the "unknown options" warning is emitted. Losing those is an acceptable compromise, so disable it. Signed-off-by: Ross Burton --- .../inetutils-1.9-PATH_PROCNET_DEV.patch | 37 ------------------- .../inetutils/inetutils_2.4.bb | 18 ++++++++- 2 files changed, 16 insertions(+), 39 deletions(-) delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch deleted file mode 100644 index 460ddf98300..00000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001 -From: Martin Jansa -Date: Wed, 6 Mar 2019 09:36:11 -0500 -Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -this prevents the following compilation error : -system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function) - -this patch comes from : - http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/ - -Upstream-Status: Inappropriate [not author] - -Signed-of-by: Eric BĂ©nard - ---- - ifconfig/system/linux.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c -index e453b46..4268ca9 100644 ---- a/ifconfig/system/linux.c -+++ b/ifconfig/system/linux.c -@@ -53,6 +53,10 @@ - #include "../ifconfig.h" - - -+#ifndef PATH_PROCNET_DEV -+ #define PATH_PROCNET_DEV "/proc/net/dev" -+#endif -+ - /* ARPHRD stuff. */ - - static void diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index 9b4c98d63cc..16e40cc20f8 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb @@ -20,7 +20,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ - file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \ " @@ -42,15 +41,30 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ - inetutils_cv_path_login=${base_bindir}/login \ --with-libreadline-prefix=${STAGING_LIBDIR} \ --enable-rpath=no \ " +EXTRA_OECONF += "--with-path-login=${base_bindir}/login \ + --with-path-cp=${base_bindir}/cp \ + --with-path-uucico=${libexecdir}/uuico \ + --with-path-procnet-dev=/proc/net/dev" + # These are horrible for security, disable them EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" +# The configure script guesses many paths in cross builds, check for this happening +do_configure_cross_check() { + if grep "may be incorrect because of cross-compilation" ${B}/config.log; then + bberror Default path values used, these must be set explicitly + fi +} +do_configure[postfuncs] += "do_configure_cross_check" + +# The --with-path options are not actually options, so this check needs to be silenced +ERROR_QA:remove = "unknown-configure-option" + do_configure:prepend () { export HELP2MAN='true' cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath From patchwork Tue Aug 29 12:09:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29635 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6B6AC6FA8F for ; Tue, 29 Aug 2023 12:09:29 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.15734.1693310968016060719 for ; Tue, 29 Aug 2023 05:09:28 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 775482F4; Tue, 29 Aug 2023 05:10:06 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 8FE9A3F64C; Tue, 29 Aug 2023 05:09:26 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 3/3] inetutils: remove obsolete patches Date: Tue, 29 Aug 2023 13:09:23 +0100 Message-Id: <20230829120923.3982702-3-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230829120923.3982702-1-ross.burton@arm.com> References: <20230829120923.3982702-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 29 Aug 2023 12:09:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186859 From: Ross Burton fix-disable-ipv6.patch: we don't support uclibc, and most libcs don't have optional support for IPv6. inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch and inetutils-1.8-0003-wchar.patch: these don't appear to be needed anymore. inetutils-only-check-pam_appl.h-when-pam-enabled.patch: configure.ac doesn't fail if PAM is disabled anymore. Signed-off-by: Ross Burton --- .../inetutils/fix-disable-ipv6.patch | 85 ------------------- ...rse-pull-in-features.h-for-__GLIBC__.patch | 27 ------ .../inetutils/inetutils-1.8-0003-wchar.patch | 25 ------ ...ly-check-pam_appl.h-when-pam-enabled.patch | 49 ----------- .../inetutils/inetutils_2.4.bb | 7 +- 5 files changed, 1 insertion(+), 192 deletions(-) delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch deleted file mode 100644 index 603d2baf9d2..00000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch +++ /dev/null @@ -1,85 +0,0 @@ -From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001 -From: Jackie Huang -Date: Wed, 6 Mar 2019 09:36:11 -0500 -Subject: [PATCH] Upstream: - http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html - -Upstream-Status: Pending - -Signed-off-by: Jackie Huang - ---- - ping/ping_common.h | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/ping/ping_common.h b/ping/ping_common.h -index 65e3e60..3e84db0 100644 ---- a/ping/ping_common.h -+++ b/ping/ping_common.h -@@ -18,10 +18,14 @@ - You should have received a copy of the GNU General Public License - along with this program. If not, see `http://www.gnu.org/licenses/'. */ - -+#include -+ - #include - #include - #include -+#ifdef HAVE_IPV6 - #include -+#endif - #include - #include - #include -@@ -63,7 +67,12 @@ struct ping_stat - want to follow the traditional behaviour of ping. */ - #define DEFAULT_PING_COUNT 0 - -+#ifdef HAVE_IPV6 - #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN) -+#else -+#define PING_HEADER_LEN (ICMP_MINLEN) -+#endif -+ - #define PING_TIMING(s) ((s) >= sizeof (struct timeval)) - #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */ - -@@ -78,13 +87,20 @@ struct ping_stat - - #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION) - -+#ifdef HAVE_IPV6 - /* FIXME: Adjust IPv6 case for options and their consumption. */ - #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \ - (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)) - -+#else -+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN) -+#endif -+ -+#ifdef HAVE_IPV6 - typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest, - struct sockaddr_in6 * from, struct icmp6_hdr * icmp, - int datalen); -+#endif - - typedef int (*ping_efp) (int code, - void *closure, -@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code, - struct ip * ip, icmphdr_t * icmp, int datalen); - - union event { -+#ifdef HAVE_IPV6 - ping_efp6 handler6; -+#endif - ping_efp handler; - }; - - union ping_address { - struct sockaddr_in ping_sockaddr; -+#ifdef HAVE_IPV6 - struct sockaddr_in6 ping_sockaddr6; -+#endif - }; - - typedef struct ping_data PING; diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch deleted file mode 100644 index 2974bd4f94d..00000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Thu, 18 Nov 2010 16:59:14 -0500 -Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__ - -Upstream-Status: Pending - -Signed-off-by: Mike Frysinger - ---- - lib/printf-parse.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/printf-parse.h b/lib/printf-parse.h -index e7d0f82..d7b4534 100644 ---- a/lib/printf-parse.h -+++ b/lib/printf-parse.h -@@ -28,6 +28,9 @@ - - #include "printf-args.h" - -+#ifdef HAVE_FEATURES_H -+# include /* for __GLIBC__ */ -+#endif - - /* Flags */ - #define FLAG_GROUP 1 /* ' flag */ diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch deleted file mode 100644 index 1ef7e210738..00000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001 -From: Martin Jansa -Date: Wed, 6 Mar 2019 09:36:11 -0500 -Subject: [PATCH] inetutils: Import version 1.9.4 - -Upstream-Status: Pending - ---- - lib/wchar.in.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/wchar.in.h b/lib/wchar.in.h -index cdda680..043866a 100644 ---- a/lib/wchar.in.h -+++ b/lib/wchar.in.h -@@ -77,6 +77,9 @@ - /* The include_next requires a split double-inclusion guard. */ - #if @HAVE_WCHAR_H@ - # @INCLUDE_NEXT@ @NEXT_WCHAR_H@ -+#else -+# include -+# define MB_CUR_MAX 1 - #endif - - #undef _GL_ALREADY_INCLUDING_WCHAR_H diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch deleted file mode 100644 index 2343c03cb48..00000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch +++ /dev/null @@ -1,49 +0,0 @@ -From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001 -From: Kai Kang -Date: Wed, 6 Mar 2019 09:36:11 -0500 -Subject: [PATCH] inetutils: Import version 1.9.4 - -Only check security/pam_appl.h which is provided by package libpam when pam is -enabled. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang - ---- - configure.ac | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 5e16c3a..18510a8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL) - - # See if we have libpam.a. Investigate PAM versus Linux-PAM. - if test "$with_pam" = yes ; then -+ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [ -+#include -+#ifdef HAVE_NETINET_IN_SYSTM_H -+# include -+#endif -+#include -+#ifdef HAVE_NETINET_IP_H -+# include -+#endif -+#ifdef HAVE_SYS_PARAM_H -+# include -+#endif -+]) - AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) - AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) - if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then -@@ -617,7 +630,7 @@ AC_HEADER_DIRENT - AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \ - glob.h memory.h netinet/ether.h netinet/in_systm.h \ - netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ -- security/pam_appl.h shadow.h \ -+ shadow.h \ - stropts.h sys/tty.h \ - sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ - sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index 16e40cc20f8..3cd058e2916 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb @@ -13,23 +13,18 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ - file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ - file://inetutils-1.8-0003-wchar.patch \ + file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \ file://rexec.xinetd.inetutils \ file://rlogin.xinetd.inetutils \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ - file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ - file://0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch \ " inherit autotools gettext update-alternatives texinfo acpaths = "-I ./m4" -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}" - PACKAGECONFIG ??= "ftp uucpd \ ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \